We have 3 clusters of Call Managers running 6.1 and they are not integrated with Active Directory. I am very new to the Cisco PBX and this is a project I am tasked to do. What are the benefits to intergating our CM clusters with AD? We outsource our programming and a few of us have read only rights. Also if anyone can tell me of any "gotchas" about integrating with out current version or upgrading or anything else I would appreciate it. Thanks
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
What benefits integrating CM6.1 with AD?
- Thread starter oscar01
- Start date
What basically happens is when you do LDAP integration is your End Users become synced to the AD. This means in the End Users area, you can no longer create/delete users. Instead your whole company is listed in there. You then find the end user profile and associate their phone to that profile.
Some Pro's off the top of my head:
LDAP authentication means a user can log into the CCMUser web page with their normal AD credentials (no more separate user name and password for them to remember).
Assuming you don't use Application User accounts for CCMAdmin web access, you have a more secure CallManager as your AD password policies now apply to it.
When a user leaves the company and their AD account is removed, their CallManager user account is automatically removed as well (phones are separate and still need to be removed separately).
The Corporate Phone directory on the phones will now list every employee instead of just those with End User profiles added to the CallManager.
Some Cons:
BAT process changes. You can no longer add user accounts, instead you must associate phones to existing user accounts.
If your LDAP phone directory doesn't match your dial plan, the Corporate Phone directory on the phone will not work.
CCMUser web page only works with End Users, not Application users which means logons to this page must happen using AD credentials (can't specify a generic logon account on the CallManager only).
If your current end users logon name doesn't match the AD account logon name, they will be purged when LDAP is enabled. So special steps need to be taken into account for integration.
If extension mobility is used, then the user must log into a phone with an AD account logon name (PINs are still handled separately) which depending on the AD naming schema can be difficult to dial into a phone.
I hope this helps.
Some Pro's off the top of my head:
LDAP authentication means a user can log into the CCMUser web page with their normal AD credentials (no more separate user name and password for them to remember).
Assuming you don't use Application User accounts for CCMAdmin web access, you have a more secure CallManager as your AD password policies now apply to it.
When a user leaves the company and their AD account is removed, their CallManager user account is automatically removed as well (phones are separate and still need to be removed separately).
The Corporate Phone directory on the phones will now list every employee instead of just those with End User profiles added to the CallManager.
Some Cons:
BAT process changes. You can no longer add user accounts, instead you must associate phones to existing user accounts.
If your LDAP phone directory doesn't match your dial plan, the Corporate Phone directory on the phone will not work.
CCMUser web page only works with End Users, not Application users which means logons to this page must happen using AD credentials (can't specify a generic logon account on the CallManager only).
If your current end users logon name doesn't match the AD account logon name, they will be purged when LDAP is enabled. So special steps need to be taken into account for integration.
If extension mobility is used, then the user must log into a phone with an AD account logon name (PINs are still handled separately) which depending on the AD naming schema can be difficult to dial into a phone.
I hope this helps.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question