Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
611
Views
0
Helpful
1
Replies

CUCM LDAP Sync distinguished user interactive logon

joeharb
Level 5
Level 5

‎06-07-2019 07:39 AM

We have an auditor that is requesting that the ad account that is used for LDAP synchronization have interactive logon deactivated, is this supported.  I have found that this account only needs Read Access to the domain structure, but it also states it needs to be an admin.  Are there any guidelines for restricting access or any type of hardening for this account?

 

Thanks,

 

Joe

 

Labels:
0 Helpful
1 Reply 1

Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎06-07-2019 05:06 PM

The CUCM LDAP sync is read-only so no elevated privileges are required. I believe LDAP bonds fail if you disable the account but this would be easy to test and undo if it breaks. Check both a synchronization and authentication. Ensure you wait until after AD site replication completes or make the change on the same DC as CUCM is pointing at.
0 Helpful
Customers Also Viewed These Support Documents