[cisco-voip] Directory Integration

Ryan Ratliff rratliff at cisco.com
Wed Dec 21 22:35:01 EST 2005 

Biggest issues I see with AD integrations are referrals and DNS  
issues, and the two go hand-in-hand a lot of the time.  The scripts  
we use for CCMAdmin and various web pages are sensitive to delays and  
referral hop count.

Lots of people have to point CM to the root of the domain and with AD  
2003 this leaves you to the whim of DNS for forestdnszones and  
domaindnszones lookups.  Inevitably it seems if one DC in your forest  
is down that is the one that CM will pick out the ones returned by  
DNS to contact for your referral, and next thing you know it takes 5  
minutes to search your global directory and EM just plain doesn't work.

Regarding the centralized PIN if you mean between CM and Unity this  
isn't true.   You do get the advantage of synched CCMUser and AD  
passwords for users.

-Ryan

On Dec 21, 2005, at 6:31 PM, Corbett Enders wrote:

I read something to that effect regarding hiding accounts from the  
Call Manager, by setting a custom field entry.

I have also noted an issue with regards to Exchange 2000, not sure  
yet if it applies to Exchange 2003 (iNetOrgPerson class).

Slight twist on my original question:  Have you performed the AD  
Integration and regretted it?  Did it break something you were trying  
to do elsewhere?  And on the flip side, did anyone not perform the AD  
Integration and now wish that you had?

Pros:  Single directory (the model everyone pitches, yet not often  
used), Simplified Management (AD Users & Computers?)
Cons: Increased dependency on AD domain controllers, possible latency  
for some of the call flow (lookups).


From: Lelio Fulgenzi [mailto:lelio at uoguelph.ca]
Sent: Wednesday, December 21, 2005 4:15 PM
To: Voll, Scott; Corbett Enders; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Directory Integration

I really wish that there was more to offer with AD integration than  
just that. perhaps display name for a DN?

I also think AD integration gives you centralized PIN.

Chris Adams is on the list - Chris, can you remind me of that one  
problem you had where you had to populate a different field for  
something to work b/c the integration broke it?
------------------------------------------------------------------------ 
--------
Lelio Fulgenzi, B.A.
Network Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
"I had a coffee and Coke at lunch today...and now, I've got more  
jitter than an
IP phone on a long haul 10base2  
connection"                                           LFJ
----- Original Message -----
From: Voll, Scott
To: Corbett Enders ; cisco-voip at puck.nether.net
Sent: Wednesday, December 21, 2005 6:11 PM
Subject: RE: [cisco-voip] Directory Integration

Pros with AD integration.  One username and password.



Con’s: if your AD goes down, no one can log in.



You’re very reliant on a stable AD.  If you have lots of AD  
instability, don’t integrate.



Works fine for us.



Scott



From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip- 
bounces at puck.nether.net] On Behalf Of Corbett Enders
Sent: Tuesday, December 20, 2005 11:29 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Directory Integration



Is there a general best practice around integration with Windows  
Active Directory?  I'm thinking it is a good idea, but I'm wondering  
if anyone has precautions or reasons NOT to use this model?

Regards,
Corbett Enders.



_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

More information about the cisco-voip mailing list