Showing results for 
Search instead for 
Did you mean: 
Walkthrough Wednesdays

Unable to login to CCMuser site for new user from a new domain.

We have CUCM 6.1.  We want to add new users from new domain. 

I have added LDAP directory for this new domain and has been able to pull the new users from this new domain.

I went to “User Management > End User” and found the new users from the new domain. So CUCM is able to see the users.

I have associated the user with one of the phone and then assign the Primary Extension, and then in the permission information, I added the “Standard CCM End Users” for this user which will give the user Roles as “Standard CCM End User” and “Standard CCMUSER Administration”

When the user go to the CCM user page, the user got “Log on failed - Invalid User ID or Password”

I have the user from the existing/old domain that is already with CUCM and the user is able to login fine. Seems to be only from the users from the new domain.

It seems that it has an Authentication issue.  Can someone give me an idea how to fix this?


Chris Deren
Hall of Fame Master

Did you create new LDAP authentication for the new domain in CM beside just the LDAP search?


I was thinking the same thing but I do not see where can I create a new LDAP authentication.

I go to "CCMadmin > System>LDAP authentication" and I see that is "LDAP authentication for End User". Currently it is for the old/existing domain that has already been setup with CUCM. but i do not see there an option to add another one.

How/Where can we create another "LDAP authentication for End User"?

or am i missing something?

Jaime Valencia
Hall of Fame Cisco Employee

You cannot create another, you can only configure 1.

LDAP Authentication

To enable authentication, a single authentication agreement may be defined for the entire cluster.

If you're going to migrate all to the new domain just delete and recreate, if not read the section:

Additional Considerations for Microsoft Active Directory

contained in the above doc.



If this helps, please rate



if this helps, please rate

It seems that it is only working on the Parent-Child Domain situation which we can point the LDAP Authentication on the parent domain.

In our environment, we do not have Parent-Child Domain.  Each domain is in each forest.  So in this case, our users got imported but they would not be authenticated.

Can someone confirm or have any advice on this?


I had a quick look at the SRND (the link that Java posted), and as far as I could see, you can authenticate against the GC, but need to sync on the UPN instead of the userid..??

Content for Community-Ad

Spotlight Awards 2021