cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
972
Views
15
Helpful
7
Replies

Search group in AD

Bruno Rangel
Spotlight
Spotlight

When I  set my research base for the whole root.
DC =  mydomain, DC = com, DC = br

Show me all  users in Active Directory.

But I have to  look at the following group
Telefonia_Cisco  cn =, ou = Global!, ou = Groups, ou = EscritorioCentral, ou = mydomain,  dc = mydomain, dc = com, dc = br

Is it  possible?

Cheers
Bruno Rangel
Please remember to rate helpful responses using the star bellow and identify helpful or correct answers
2 Accepted Solutions

Accepted Solutions

Your only option is to add an LDAP filter. This is easy in UCM 8.0 and later; however, there is no GUI for this in earlier versions. You essentially have to filter against a specific attribute. The most common example is filtering on the ipPhone field not being null which was covered in this thread: https://supportforums.cisco.com/message/1068263

View solution in original post

Bruno,

Based on your second screen shot, it appears you are trying to establish a user search base starting with the actual AD group CN.  This will not work.

Yes, in 7.1.3 the only way you can customize the LDAP filter is to modify the table directly using the AXL/SOAP API.  The AXL Query Toolkit is one pre-built interface to the API.  In 8.0 and later you will have a nice GUI to make the mod.  But until then, this is what you have.

I suggest you read the Cisco SRND for CUCM 7.x (www.cisco.com/go/srnd).  There is a whole section on LDAP integration that will help you grasp the basics.  There are some fundamental components I don't think you have accounted for.

HTH.


Regards,
Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

View solution in original post

7 Replies 7

Jonathan Schulenberg
Hall of Fame
Hall of Fame

Cisco UCM does not utilize synchronize objects from LDAP, only user objects. What are you trying to accomplish by looking at a group object?

need and  seek only registered users in a specifiable gupo!

What would be the alternative for this task?


Cheers
Bruno Rangel
Please remember to rate helpful responses using the star bellow and identify helpful or correct answers

Your only option is to add an LDAP filter. This is easy in UCM 8.0 and later; however, there is no GUI for this in earlier versions. You essentially have to filter against a specific attribute. The most common example is filtering on the ipPhone field not being null which was covered in this thread: https://supportforums.cisco.com/message/1068263

I did a write up on this topic here:

http://www.netcraftsmen.net/resources/blogs/axl-sql-toolkit-part-3-updating-cucm-dirsync-ldap-filter-by-example.html

You may need to read part 1 and 2 of the series as well.  Part 2 would be a definite pre-req for part 3 (which is referenced above).  You can pick most any attribute you wish to filter on.  Though, I have not tested DirSync to see if it will dereference group memberships.  You may want to look at ipPhone (as Jonathan stated) or you may want to use something like employeeID (for example).  There are plenty of attributes to pick from, you just need to ensure that you are aware of current user provisioning processes in your organization.

HTH.

Regards,
Bill

Please remember to rate helpful posts.

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

Sorry


But to say that after I  have created this group in AD. I can not see only  those registered user?
The  figures below is the test that was done


In Figure 1 I search all domain but do  not want that?
In figure 2 the group that was  created in AD to be synchronized.


I read the Blog Post in discussion and it was made, but I do  not know use this type of resource AXL / SOAP, this would be the only  alternative:
My CUCM 7.1.3 is

Cheers
Bruno Rangel
Please remember to rate helpful responses using the star bellow and identify helpful or correct answers

Bruno,

Based on your second screen shot, it appears you are trying to establish a user search base starting with the actual AD group CN.  This will not work.

Yes, in 7.1.3 the only way you can customize the LDAP filter is to modify the table directly using the AXL/SOAP API.  The AXL Query Toolkit is one pre-built interface to the API.  In 8.0 and later you will have a nice GUI to make the mod.  But until then, this is what you have.

I suggest you read the Cisco SRND for CUCM 7.x (www.cisco.com/go/srnd).  There is a whole section on LDAP integration that will help you grasp the basics.  There are some fundamental components I don't think you have accounted for.

HTH.


Regards,
Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

OK

Thanks all  !!!

Cheers
Bruno Rangel
Please remember to rate helpful responses using the star bellow and identify helpful or correct answers