This document describes procedure to create a new customised Organizational Unit (OU) for special users, when you have a master OU.
Cisco recommends that you have knowledge of Active Directory (AD) server.
The information in this document is based on Cisco Unified call manager 10.5.2.13900-12
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Configuration on AD server
Step 1. Create a new OU.
Right Click master OU and select New > Organizational Unit.
Step 2. Check the newly created OU. (Here OU=CIsco_TAC)
Step 3. Add users in OU.
Step 4. Create user who will bridge the gap between AD server and CUCM.
Right click User > New > User.
Step 5. New User is created.This user must be a part of domain admin.
Right click User > Properties > Select “Member of”
Click Add, as shown in the image.
Enter the object name to select as Domain Admin and Click Check Names.
Step 6. Next you need to set Domain Admins as Set Primary Group and remove Domain User.
Step 7. Right Click Organizational Unit > Cisco_TAC > Select Properties
Click Manage By Tab and Select Change
Enter the object name to select (This is a user name created to bridge the AD server and CUCM in step 5) and then Click Check Names.
Configuration on CUCM
Step 6. Navigate to System > LDAP > LDAP System
Step 7. Check the checkbox for Enable Synchronizing from LDAP Server
Step 8. Naviagte to System > LDAP > LDAP Directory
Step 9. Click Add new
Note: The user is confused for the LDAP Directory configuration. The detailed description of all fields is: LDAP Configuration Name: This is a simply any name of LDAP Configuration LDAP Manager Distinguished Name: It should be the user name of AD and CUCM bridge user. LDAP Password: The password of the bridge user created in step 4. LDAP User Search Base: This is you can find it by thid procedure on AD server: Right click on OU and select Properties.
Click Attribute Editor tab. You can find the distinguished name.
Step 10. Here keep the LDAP Server IP address and Port.
Step 11. Click Perform Full Sync Now.
Now Click Perform Full Sync Now.
In order to verify the user on CUCM, navigate to User Management > End User.
There is currently no specific troubleshooting information available for this configuration.