We have a single Forest with Multiple Domain Trees.
We want to configure both LDAP authentication and LDAP synchronization to support Cisco UC endpoints (Cisco UC Manager, Rel. 8.x). I understand that if we had multiple Forests in our environment we would need to implement AD LDS. However, because we a single Forest we have the option not to use AD LDS.
My question is if do use AD LDS, does it allow is greater flexiblity in terms of user id?
According to this document: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/8x/directry.html#wp1133454
In order to support LDAP authentication with multiple Trees (Figure 16-14), the UserPrincipalName (UPN) attribute must be used as the user ID.
However, if I configure AD LDS, I can pull user accounts from my different domain trees into a single target DN. This configuration would then give me the flexibility of:
a) not needing to point to a global catalog because the single AD LDS would solve any delays due to a geograhpically distributed domain architecture
b) allow me to choose uid, mail, employeeNumber, telephoneNumber, or userPrincipalName as the User Id field
Should I configure AD LDS in my single Forest environment based on the above arguement?