CUCM and Active Directory Integration

When completing a fresh installation of CUCM it will use its own embedded LDAP directory to store End User information. In most cases it is preferred to integrate CUCM with a corporate LDAP directory such as Micrsoft Active Directory rather than managing two separate user databases. This becomes even more apparent when there are multiple CUCM clusters as they can share the same corporate directory.

Step 1 – In CUCM Serviceability > Tools > Service Activation the Cisco DirSync box must be checked and the service Activated.

Step 2 – Go to Cisco Unified CM Administration > System > LDAP > LDAP System to identify what type of LDAP system to synchronize with and how to reference the users. Enable Synchronizing from LDAP Server must be checked. The attribute sAMAccountName refers to the logon name for the domain.

Step 3 – Click on System > LDAP > LDAP Directory and click Add New. In this example the Active Directory domain in my lab is ccie.local and the IP address of the Domain controller is 142.100.64.18. The LDAP Manager Distinguished Name in this case is the default Windows system administrator account for my domain (administrator) but best-practice in a production deployment would be to use an isolated user account different than the default administrator account so it’s setup specifically for CUCM and Active Directory integration.  The LDAP User Search Base uses two attributes to make up a dn (distinguished name). This includes the cn (common name) and the dc (domain component). The rules of LDAP define the most significant part of the distinguished name is furthest to the right.  In this case it is dc=local. The last thing to note for this step is that synchronization occurs once per day at 6:00 AM. The smallest window of time to synchronize is six hours.

Step 4 – Click on System > LDAP > LDAP Authentication. This will authenticate CUCM End Users using Active Directory instead of the embedded CUCM directory.

Page 1 of 4 | Next page