[cisco-voip] Directory Integration

Ryan Ratliff rratliff at cisco.com
Wed Dec 21 23:51:29 EST 2005 

By default you aren't allowed to add or delete users via CCMAdmin web  
page with an AD integration.

If you look at a global directory page for a user everything above  
user locale (except for pin) is pulled from AD.  The first time you  
modify a user via CCMAdmin it will create a profile and CCN-profile  
in a sub-container of the Cisco ou you create in AD.  These profiles  
are where all of the Cisco specific information is stored.

-Ryan

On Dec 21, 2005, at 10:49 PM, Corbett Enders wrote:

In the case of adding users or removing users, I assume the AD
Integration offers some benefit there as well?  Does the assignment of
user extensions, etc, all occur within AD Users and Computers or do we
still have to resort to the web interface (I think the guide spoke
somewhat to this).

We're a simple AD domain, and a single OU for our "normal" users
(non-admin type of accounts) so we'd probably point it at that.

But it sounds like I'm hearing that there aren't enough advantages
(reasons) to go with an Integrated design?

-----Original Message-----
From: Ryan Ratliff [mailto:rratliff at cisco.com]
Sent: Wednesday, December 21, 2005 8:35 PM
To: Corbett Enders
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Directory Integration

Biggest issues I see with AD integrations are referrals and DNS issues,
and the two go hand-in-hand a lot of the time.  The scripts we use for
CCMAdmin and various web pages are sensitive to delays and referral hop
count.

Lots of people have to point CM to the root of the domain and with AD
2003 this leaves you to the whim of DNS for forestdnszones and
domaindnszones lookups.  Inevitably it seems if one DC in your forest is
down that is the one that CM will pick out the ones returned by DNS to
contact for your referral, and next thing you know it takes 5 minutes to
search your global directory and EM just plain doesn't work.

Regarding the centralized PIN if you mean between CM and Unity this
isn't true.   You do get the advantage of synched CCMUser and AD
passwords for users.

-Ryan

On Dec 21, 2005, at 6:31 PM, Corbett Enders wrote:

I read something to that effect regarding hiding accounts from the Call
Manager, by setting a custom field entry.

I have also noted an issue with regards to Exchange 2000, not sure yet
if it applies to Exchange 2003 (iNetOrgPerson class).

Slight twist on my original question:  Have you performed the AD
Integration and regretted it?  Did it break something you were trying to
do elsewhere?  And on the flip side, did anyone not perform the AD
Integration and now wish that you had?

Pros:  Single directory (the model everyone pitches, yet not often
used), Simplified Management (AD Users & Computers?)
Cons: Increased dependency on AD domain controllers, possible latency
for some of the call flow (lookups).


From: Lelio Fulgenzi [mailto:lelio at uoguelph.ca]
Sent: Wednesday, December 21, 2005 4:15 PM
To: Voll, Scott; Corbett Enders; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Directory Integration

I really wish that there was more to offer with AD integration than just
that. perhaps display name for a DN?

I also think AD integration gives you centralized PIN.

Chris Adams is on the list - Chris, can you remind me of that one
problem you had where you had to populate a different field for
something to work b/c the integration broke it?
------------------------------------------------------------------------
--------
Lelio Fulgenzi, B.A.
Network Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
"I had a coffee and Coke at lunch today...and now, I've got more jitter
than an IP phone on a long haul 10base2
connection"                                           LFJ
----- Original Message -----
From: Voll, Scott
To: Corbett Enders ; cisco-voip at puck.nether.net
Sent: Wednesday, December 21, 2005 6:11 PM
Subject: RE: [cisco-voip] Directory Integration

Pros with AD integration.  One username and password.



Con's: if your AD goes down, no one can log in.



You're very reliant on a stable AD.  If you have lots of AD instability,
don't integrate.



Works fine for us.



Scott



From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-
bounces at puck.nether.net] On Behalf Of Corbett Enders
Sent: Tuesday, December 20, 2005 11:29 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Directory Integration



Is there a general best practice around integration with Windows
Active Directory?  I'm thinking it is a good idea, but I'm wondering
if anyone has precautions or reasons NOT to use this model?

Regards,
Corbett Enders.



_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip


_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

More information about the cisco-voip mailing list