PDF(734.9 KB) View with Adobe Reader on a variety of devices
ePub(743.7 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(1.2 MB) View on Kindle device or Kindle app on multiple devices
Updated:July 20, 2020
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes the procedure to create a new customized Organizational Unit (OU) for special users when you have a primary OU.
Cisco recommends that you have knowledge of Active Directory (AD) server.
The information in this document is based on Cisco Unified Call Manager (CUCM) Release 10.5.2.13900-12.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Configuration on AD server
Step 1. Create a new OU.
Right-click the primary OU and choose New > Organizational Unit.
Step 2. Check the newly created OU. (In this example, the newly created OU is "CIsco_TAC.")
Step 3. Add users in the new OU.
Right-click the new OU and choose New > User.
Step 4. Create a user who will bridge the gap between the AD server and CUCM.
Right-click Users and choose New > User.
The new user is created. This user must be a member of domain admin.
Step 5. Right-click User > Properties.
On the Properties dialog, select the Member Of tab.
On the Member Of tab, click Add.
Step 6. For the "object names to select," enter "domain admin" and click Check Names.
Step 7. Select Domain Admins and click Set Primary Group; then remove Domain Users.
Step 8. Right-click the new OU (Cisco_TAC in this example) and choose Properties.
Step 9. On the Properties dialog, select the Managed By tab and click Change.
Step 10. Enter the object name to select (the user name created to bridge the AD server and CUCM in step 4) and then click Check Names.
Configuration on CUCM
Step 11. Go to System > LDAP > LDAP System.
Step 12. Select the checkbox labeled Enable Synchronizing from LDAP Server.
Step 13. Go to System > LDAP > LDAP Directory.
Step 14. Click Add new.
Note: LDAP Configuration Name: This value is any name of an LDAP Configuration. LDAP Manager Distinguished Name: This value should be the user name of the AD and CUCM bridge user. LDAP Password: This value is the password of the bridge user created in step 4. LDAP User Search Base: To find this value, follow this procedure on the AD server: A) Right-click on the OU and select Properties.
B) On the Properties dialog, select the Attribute Editor tab and find the "distinguishedName" value.
Step 15. Here, keep the LDAP Server IP address and Port.
Step 16. Click Save.
Step 17. Click Perform Full Sync Now.
In order to verify the user on CUCM, navigate to User Management > End User.
There is currently no specific troubleshooting information available for this configuration.