<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1491" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>Thanks Marcus!</DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=Marcus.Lundbom@addpro.se
href="mailto:Marcus.Lundbom@addpro.se">Marcus Lundbom</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=lelio@uoguelph.ca
href="mailto:lelio@uoguelph.ca">Lelio Fulgenzi</A> ; <A
title=cisco-voip@puck.nether.net
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Monday, April 04, 2005 3:05
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> RE: [cisco-voip] CCM & AD
(or LDAP) Integration</DIV>
<DIV><BR></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=756595806-04042005>See answers below.</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV><!-- Converted from text/plain format -->
<P><FONT size=2>/M </FONT></P>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV><FONT
size=2></FONT><FONT size=2></FONT><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> <A
href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</A>
[mailto:cisco-voip-bounces@puck.nether.net] <B>On Behalf Of </B>Lelio
Fulgenzi<BR><B>Sent:</B> Sunday, April 03, 2005 10:24 AM<BR><B>To:</B> <A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR><B>Subject:</B>
[cisco-voip] CCM & AD (or LDAP) Integration<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV>Just wondering what you get when you integrate either AD or
LDAP/Netscape/Sun directories with CallManager. We're looking at doing it, but
I want to make sure the advantages outweigh any complexity and or problems
that might come up. </DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV>For example:</DIV>
<UL>
<LI>Does it give you CCMuser access with synchronized userid/password with
your corporate directory? <SPAN class=756595806-04042005><FONT
face=Arial color=#0000ff size=2> </FONT></SPAN></LI></UL>
<DIV><SPAN class=756595806-04042005><FONT face=Arial color=#0000ff
size=2>Yes.</FONT> </SPAN></DIV>
<UL>
<LI>What other fields are you able to integrate? Will we still have to fill
out the Call Display field on the DN config page? <SPAN
class=756595806-04042005><FONT face=Arial color=#0000ff
size=2> </FONT></SPAN></LI></UL>
<DIV><SPAN class=756595806-04042005><FONT face=Arial color=#0000ff size=2>Call
Display must still be entered. Basically, what you integrate is the
obvious parts of what you see on the User-page in
CCMAdmin.</FONT> </SPAN></DIV>
<UL>
<LI>Are you still able to create local userID/passwords or will we have to
create a ccmadministrator and craadmin account in the corporate
directory? <SPAN class=756595806-04042005><FONT face=Arial
color=#0000ff size=2> </FONT></SPAN></LI></UL>
<DIV><SPAN class=756595806-04042005><FONT face=Arial color=#0000ff size=2>The
CRAAdmin will be picked from your directory. CCMAdmin is a local user on
the CCM-server (exception of MLA, I'm not quite sure of the implications of
using MLA in such setup), you cannot create local telephony-related accounts,
but of course - it's possible to create local windows-accounts (i.e.
for CCMAdmin)</FONT> </SPAN></DIV>
<UL>
<LI>How do you prevent certain people from accessing the userpages?<SPAN
class=756595806-04042005><FONT face=Arial color=#0000ff
size=2> </FONT></SPAN></LI></UL>
<DIV><SPAN class=756595806-04042005><FONT face=Arial color=#0000ff size=2>To
my knowledge; you don't.</FONT> <FONT face=Arial color=#0000ff size=2>I
believe it could be possible to restrict the access in IIS, however, that
would most likely require that you also make the CCM-server a member of the
domain, which in turn has several other disadvantages.</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=756595806-04042005><FONT face=Arial color=#0000ff size=2>It
is my strongest recommendation, if you are considering AD-integration that you
do NOT make the server a member of the domain, keep it in a workgroup instead,
it will make your life at lot easier. It is supported to bring it into the
domain, but you will have to remove the server from the domain everytime you
are doing an upgrade and so on, plus it will make life a living hell if you do
not have the proper GPO-planning and so on.</FONT></SPAN></DIV>
<DIV><SPAN class=756595806-04042005><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=756595806-04042005><FONT face=Arial color=#0000ff size=2>Best
regards,</FONT></SPAN></DIV></BLOCKQUOTE></BODY></HTML>