cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1339
Views
5
Helpful
3
Replies

Create Custom LDAP Filter CUCM 12.5

tcmckay
Level 1
Level 1

My current LDAP is set to pull every new user into CUCM. When the system was setup (prior to me) this wasn't an issue because the company was smaller and used less service accounts. Now, however, we are larger and use many service accounts that are setup as users. In order to reduce the number of users that are pulled into CUCM I would like to create a custom LDAP filter. I have not done this before but know the process just not the syntax. 

 

The only users that should be pulled into the CUCM are user with text in the IP Phone field in AD. I think the correct filter is

(IP phone=*)

Can anyone confirm this or suggest the correct way of getting just the information that I want without getting the Server Engineers to change their AD structure!

 

Cheers!

1 Accepted Solution

Accepted Solutions

The default filter for LDAP includes user accounts, but not computers, and only those user accounts that are not disabled in Active Directory. It looks like this:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

It is the "(!(UserAccountControl:1.2.840.113556.1.4.803:=2)" part that excludes disabled accounts, so if you want to include them delete that statement.

So for a custom filter that will import only active user accounts where the ipPhone field is populated you would use the following:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(ipPhone=*))

Let us know if you have questions.

Maren

 

 

 

 

View solution in original post

3 Replies 3

The default filter for LDAP includes user accounts, but not computers, and only those user accounts that are not disabled in Active Directory. It looks like this:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

It is the "(!(UserAccountControl:1.2.840.113556.1.4.803:=2)" part that excludes disabled accounts, so if you want to include them delete that statement.

So for a custom filter that will import only active user accounts where the ipPhone field is populated you would use the following:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(ipPhone=*))

Let us know if you have questions.

Maren

 

 

 

 

Thank you this seemed to created the desired outcome. I appreciate your time.

Although technically not providing a different result, other than possibly a cleaner looking filter I would format it like this.

(&(objectclass=user)(ipPhone=*)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

It's a matter of preference on how you'd want the AND statement to be formed. Below picture is how it would look in an LDAP filter builder, like Softerra LDAP Browser that I use for this.
Snag_a68d83.png



Response Signature