Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
820
Views
0
Helpful
3
Replies

AD sysnc with the forrest @ CUCM 9.0

Sean Poure
Level 4
Level 4

‎12-26-2012 01:34 PM - edited ‎03-19-2019 06:03 AM

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/8x/directry.html#wp1045381

According to the above link

A synchronization agreement for a domain will not synchronize users  outside of that domain nor within a child domain because Unified CM does  not follow AD referrals during the synchronization process. The example  in Figure 16-9 requires three synchronization agreements to import all of the users.  Although Search Base 1 specifies the root of the tree, it will not  import users that exist in either of the child domains. Its scope is  only VSE.LAB, and separate agreements are configured for the other two  domains to import those users.

I 'd like to know if we could do a sync and authenticate with AD Forrest in CUCM 9.0 with Child Domains.

For example

LA.VSE.LAB

SD.VSE.LAB

LA and SD being child domain to VSE.LAB

Your help is greatly appreciated.

Labels:
0 Helpful
3 Replies 3

Chris Deren
Hall of Fame
Hall of Fame

‎12-26-2012 11:49 PM

If your ldap integration is configured to synch with global catalog it will synch all domains from within a Forrest, if there are multiple forests you will need separate integrations, you can have up to 5 of them. If you needier than 5 you will need LDS or ADAM integration.

Chris

Sent from Cisco Technical Support iPhone App

0 Helpful

Sean Poure
Level 4
Level 4
In response to Chris Deren

‎12-27-2012 08:53 AM

I think I was not clear in my question. There are 2 process in the sync.

  • Directory synchronization
    • Different OUs, Domains, Forests, etc.
    • Up to (10) I believe is the limit
  • LDAP Authentication
    • Any login required for CUCM users features

               Limited to a single Domain/Forest

Take the example

joe.smith@cisco.com

joe.smith@ibm.com

I know that I could sync both for Directory, but CUCM does not understand how to Authenticate if I try to use the account for CCMuser. It seems authentication part is only from one source (one single domain/forest.)

This has been the case in 8.x. I am simply asking if it has changed in 9.x

0 Helpful

Chris Deren
Hall of Fame
Hall of Fame
In response to Sean Poure

‎12-27-2012 08:57 AM

You are correct authentication is limited to a single integration, but not a single domain, if you point to GC not such DC and the top of the forest you it will integrate to multiple domains. If you require multiple forests integration then your only options are LDS or ADAM.

HTH,

Chris

0 Helpful
Customers Also Viewed These Support Documents