[cisco-voip] CUCM 8.5 AD integration question or two

Lelio Fulgenzi lelio at uoguelph.ca
Thu Feb 23 09:44:07 EST 2012 

In theory, it should work. But you should probably read the documentation and test afterwards. Some questions come to mind: 

    • what requirements are there? same forest? same tree? do they even use that terminology anymore? ;) 
    • how does it handle updates to duplicate userIDs? it's inevitable there will be a jsmith at AD1 and jsmith at AD2. can the system handle this? 
    • how does auth handle multiple systems? 



these may be question only answered in testing to be sure. 

--- 
Lelio Fulgenzi, B.A. 
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1 
(519) 824-4120 x56354 (519) 767-1060 FAX (ANNU) 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
Cooking with unix is easy. You just sed it and forget it. 
- LFJ (with apologies to Mr. Popeil) 


----- Original Message -----
From: "Chris Axelsson" <invectus at gmail.com> 
To: "Lelio Fulgenzi" <lelio at uoguelph.ca> 
Cc: "Gr" <grccie at gmail.com>, cisco-voip at puck.nether.net 
Sent: Thursday, February 23, 2012 8:49:55 AM 
Subject: Re: [cisco-voip] CUCM 8.5 AD integration question or two 

hi 

While you are at the subject, I must interject the question, what if you have to synch/auth from several different AD enviroments? 

Thanks 

regards 
Chris 


On Thu, Feb 23, 2012 at 2:28 PM, Lelio Fulgenzi < lelio at uoguelph.ca > wrote: 




No problem. 


Also, take a read of the admin section re: LDAP sync. It mentions which services you need to have enabled. DirSync I believe. 

Sent from my iPhone... 


"There's no place like 127.0.0.1" 



On Feb 23, 2012, at 8:26 AM, Gr < grccie at gmail.com > wrote: 






Thanks Lelio - made life easier. Good on you buddy! 

Sent from my iPhone 

On 24/02/2012, at 12:10 AM, Lelio Fulgenzi < lelio at uoguelph.ca > wrote: 







As far as I know, you do not need special licenses. However, there are license requirements on the AD side for authentication, etc. Make sure to speak to your AD team to ensure you are in compliance. 

Correct in saying the CUCM configuration is simple, the hardest thing I found was doing things with SSL. You need to download the certificate from your root certificate server and install on your publisher. If you're using plaintext synch/auth, you're good to go. 

I think the initial load took significantly longer than subsequent syncs. We had about 40,000 users and it took around an hour I think. Once you press perform full sync button, it will change to cancel until it's completed. You can refresh the page, or go back to the list of servers and select one and check to see that it's changed back. You can also get a pseudo-status by going to the end users list and seeing how many are imported. 

Somethings to consider: 

    • all current local end users will be deleted, make sure you don't need them 
    • AD users will need a last name. users without a last name will not be imported 
    • take note of what is updated with syncs and what is not, you'll be surprised 



that's about it. 

--- 
Lelio Fulgenzi, B.A. 
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1 
(519) 824-4120 x56354 (519) 767-1060 FAX (ANNU) 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
Cooking with unix is easy. You just sed it and forget it. 
- LFJ (with apologies to Mr. Popeil) 



From: "gr11" < grccie at gmail.com > 
To: cisco-voip at puck.nether.net 
Sent: Thursday, February 23, 2012 7:55:25 AM 
Subject: [cisco-voip] CUCM 8.5 AD integration question or two 

Hi List, 


Just a quick one regards to AD integration with CUCM 8.5, i believe it should be fairly simple? 


1) I am sure we do not need any special license to do that, but just wanted to confirm as i am pushed into some urgent integration at the last moment. 
2) CUCM conifguration is fairly simple, do we need to do configure anything in AD, assuming users are already there??? 
3) How long normally will take to sync around 4000 users? 
4) Anything to be careful of? 


Sorry last email just got sent by mistake, before i could finish. 


Thanks, 
GR 
_______________________________________________ 
cisco-voip mailing list 
cisco-voip at puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-voip 

_______________________________________________ 
cisco-voip mailing list 
cisco-voip at puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-voip 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20120223/7761a310/attachment.html>

More information about the cisco-voip mailing list