11-08-2012 02:54 AM - edited 03-19-2019 05:51 AM
Hi all,
We want to do an AD sync with CUCM 8.6 but don't want to use the default domain administrator account. Is there a guide as to what permissions/memberships the user needs to have on AD to be able to work properly for the integration?
Thanks
Sean
Solved! Go to Solution.
11-08-2012 03:50 AM
The CN= is not the username. Use ADSI Edit or AD Users and Computers with Advanced mode enabled to see what the CN attribute for that user account is.
Please remember to rate helpful responses and identify helpful or correct answers.
11-08-2012 03:27 AM
It's a read-only account. Default Domain User permissions will do it but you can delegate 'read all attributes' for good measure if you want.
Please remember to rate helpful responses and identify helpful or correct answers.
11-08-2012 03:31 AM
Hi Jonathan,
I have created a new user and managed to get it to work for the "LDAP Directory" and it connects sucessfully and syncs users, however in the "LDAP Authentication", using this user gives an "Error connecting" message, but using the domain "administrator" account works. Are there other permissions I need to use for authentication?
Thanks for your help
Sean
11-08-2012 03:33 AM
Nope. What format is the Bind DN in? It needs to be CN=blah blah,OU=People,DC=domain,DC=com not domain\user or user@domain.com.
Please remember to rate helpful responses and identify helpful or correct answers.
11-08-2012 03:43 AM
I have created a new user (Lab) and am trying to use this for the AD sync. When I change the user in LDAP Directory, it connects and syncs. When I change the user in Authentication, it doesn't work, but the admin account works. Screenshots attached.
Thanks
Sean
11-08-2012 03:50 AM
The CN= is not the username. Use ADSI Edit or AD Users and Computers with Advanced mode enabled to see what the CN attribute for that user account is.
Please remember to rate helpful responses and identify helpful or correct answers.
11-08-2012 04:01 AM
Thanks a lot Jonathan. I'm new to AD and hadn't realised the username and CN were different. The CN was "lab 1" and all is now working.
Thanks again
Sean
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide