Directory synchronization allows for centralized user management and enables CUCM to leverage users already configured in a corporate-wide directory. It is entirely possible to be requested to do this in the voice lab as well. Lets break it down into a few simple steps.
Ensure within CUCM Serviceability, the Directory Service is activated and running.
Log onto the Active Directory Server to access Active Directory Users and Computers to determine the user search base (the path of where the users required exist).
In this case our domain controller (DC) is proctorlabs.com and our organizational unit (OU) is Users.
We first need to enable synchronization and choose the LDAP server type and matching attribute.
In this example, we will us the sAMAccountName.
Next is to set up the Directory Replication Agreement.
Populate information as listed below with the information you gained from the Active Directory. In this example, we used the Active Directory administrator account as our distinguished name. This is the access account used for synchronization. It may be necessary in most environments to set up a new account for security purposes.
Populate the LDAP Server Information and Save.
Once added click on the following to perform synchronization:
To verify: In CUCM, Go to User Management > End User to receive following user output.
Once users are synchronized from LDAP into the Unified CM database, if there were any end user entries prior that do not match up to what was in AD, they be marked inactive in the CUCM end-user database. Garbage collection will subsequently remove those users if not corrected.
Let’s now take this just one more step further. The steps above enabled synchronization, where the users and associated attributes are shared but passwords for CUCM End Users are maintained locally within CUCM. If we are being asked to centrally manage passwords, then we must also set up LDAP Authentication. Once completed, the users, attributes and passwords will be shared with AD. The End User pin (as used for Extension Mobility) will still be managed locally by CUCM.
To complete this final step, in CUCM go to: System>LDAP>LDAP Authentication and populate information as below.
At this stage, you are now ready to modify your End Users in CUCM as required. Happy Labbing!
Amy Ryan – CCIE #24677 (Voice)
Technical Instructor – IPexpert, Inc.