cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
935
Views
0
Helpful
6
Replies

Creating new account for AD sync

Sean McQuade
Level 5
Level 5

Hi all,

We want to do an AD sync with CUCM 8.6 but don't want to use the default domain administrator account. Is there a guide as to what permissions/memberships the user needs to have on AD to be able to work properly for the integration?

Thanks

Sean

1 Accepted Solution

Accepted Solutions

The CN= is not the username. Use ADSI Edit or AD Users and Computers with Advanced mode enabled to see what the CN attribute for that user account is.

Please remember to rate helpful responses and identify helpful or correct answers.

View solution in original post

6 Replies 6

Jonathan Schulenberg
Hall of Fame
Hall of Fame

It's a read-only account. Default Domain User permissions will do it but you can delegate 'read all attributes' for good measure if you want.

Please remember to rate helpful responses and identify helpful or correct answers.

Hi Jonathan,

I have created a new user and managed to get it to work for the "LDAP Directory" and it connects sucessfully and syncs users, however in the "LDAP Authentication", using this user gives an "Error connecting" message, but using the domain "administrator" account works. Are there other permissions I need to use for authentication?

Thanks for your help

Sean

Nope. What format is the Bind DN in? It needs to be CN=blah blah,OU=People,DC=domain,DC=com not domain\user or user@domain.com.

Please remember to rate helpful responses and identify helpful or correct answers.

I have created a new user (Lab) and am trying to use this for the AD sync. When I change the user in LDAP Directory, it connects and syncs. When I change the user in Authentication, it doesn't work, but the admin account works. Screenshots attached.

Thanks

Sean

The CN= is not the username. Use ADSI Edit or AD Users and Computers with Advanced mode enabled to see what the CN attribute for that user account is.

Please remember to rate helpful responses and identify helpful or correct answers.

Thanks a lot Jonathan. I'm new to AD and hadn't realised the username and CN were different. The CN was "lab 1" and all is now working.

Thanks again

Sean