Thanks Wes<div><br></div><div>So all the domain we are working with are in the same forest. Does will ADAM provide the referral process to each domain. I believe from what I have read it will but wanted to confirm that this is still recommended for a single forest environment.</div>

<div><br></div><div><br clear="all">Best Regards,<br><br>Mike Lydick<br><br><br>

<br><br><div class="gmail_quote">On Sat, Jan 29, 2011 at 9:18 AM, Wes Sisk <span dir="ltr"><<a href="mailto:wsisk@cisco.com">wsisk@cisco.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">

  <div text="#000000" bgcolor="#ffffff">

    The supported method is Microsoft ADAM:<br>

    <br>

<a href="http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a0080b2b103.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a0080b2b103.shtml</a><br>

    <br>

    Regards,<br>

    Wes<div><div></div><div class="h5"><br>

    <br>

    On 1/29/2011 1:10 AM, Dennis Heim wrote:

    </div></div><blockquote type="cite"><div><div></div><div class="h5">

      <div>

        <p class="MsoNormal"><span style="font-size:11pt;color:rgb(31, 73, 125)">You need some sort of LDAP proxy of sorts, that

            companies multiple LDAP directories together and presents

            that unified directory as a single directory to CallManager.

            I know that ANDtek make a metadirectory application that

            does exactly this.</span></p>

        <p class="MsoNormal"><span style="font-size:11pt;color:rgb(31, 73, 125)"> </span></p>

        <p class="MsoNormal"><span style="font-size:10pt;color:rgb(31, 73, 125)">Dennis Heim<br>

            Network Voice Engineer<br>

            CDW  Advanced Technology Services<br>

            11711 N. Meridian Street, Suite 225<br>

            Carmel, IN  46032<br>

            <br>

            317.569.4255 Single Number Reach<br>

          </span><span style="font-size:10pt;color:black">317.569.4201

            Fax</span><span style="font-size:10pt;color:rgb(31, 73, 125)"></span></p>

        <p class="MsoNormal"><span style="font-size:11pt;color:rgb(31, 73, 125)"><a href="mailto:dennis.heim@cdw.com" title="mailto:dennis.heim@berbee.com" target="_blank">dennis.heim@cdw.com</a><br>

          </span><span style="color:rgb(31, 73, 125)"><a href="http://www.cdw.com/content/solutions/unified-communications/" target="_blank">cdw.com/content/solutions/unified-communications/</a></span></p>

        <p class="MsoNormal"><span style="font-size:11pt;color:rgb(31, 73, 125)"> </span></p>

        <p class="MsoNormal"><b><span style="font-size:10pt">From:</span></b><span style="font-size:10pt">

            <a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>

            [<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">mailto:cisco-voip-bounces@puck.nether.net</a>] <b>On Behalf Of

            </b>Mike Lydick<br>

            <b>Sent:</b> Saturday, January 29, 2011 12:45 AM<br>

            <b>To:</b> Paul<br>

            <b>Cc:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>

            <b>Subject:</b> Re: [cisco-voip] UCM 8x. LDAP Filters with

            group members</span></p>

        <p class="MsoNormal"> </p>

        <p class="MsoNormal">TAC is saying that filtering on Group

          membership in multiple Domains is not possible. There is also

          a referance in the UCM 8x SRND that states that indicates its

          not supported. So the real problem how you import CM users

          with Active Directory forest that contain more than 5 domains?

          This seems to be a serious limitation for enterprise

          environments.</p>

        <div>

          <p class="MsoNormal"> </p>

        </div>

        <div>

          <p class="MsoNormal">From the SRND:</p>

          <p class="MsoNormal"> </p>

          <p class="MsoNormal"><span style="font-size:10pt">A

              synchronization agreement for a domain will not

              synchronize users outside of that domain nor within a

              child domain because Unified CM does not follow AD

              referrals during the synchronization process. The example

              in Figure 16-9 requires three synchronization agreements

              to import all of the users. Although Search Base 1

              specifies the root of the tree, it will not import users

              that exist in either of the child domains. Its scope is

              only VSE.LAB, and separate agreements are configured for

              the other two domains to import those users.</span></p>

          <p class="MsoNormal"><span style="font-size:10pt"> </span></p>

          <p class="MsoNormal"> </p>

          <p class="MsoNormal" style="margin-bottom:12pt">Best

            Regards,<br>

            <br>

            Mike Lydick<br>

            <br>

            <br>

            <br>

            </p>

          <div>

            <p class="MsoNormal">On Tue, Jan 18, 2011 at 10:27 AM, Paul

              <<a href="mailto:asobihoudai@yahoo.com" target="_blank">asobihoudai@yahoo.com</a>>

              wrote:</p>

            <p class="MsoNormal">according to this URL<br>

              <a href="http://www.petri.co.il/ldap_search_samples_for_windows_2003_and_exchange.htm" target="_blank">http://www.petri.co.il/ldap_search_samples_for_windows_2003_and_exchange.htm</a><br>

              <br>

              It certainly appears you can filter out users according to

              group membership in<br>

              an LDAP filter.<br>

              <br>

              <br>

              <br>

              <br>

              ________________________________<br>

              From:Mike Lydick <<a href="mailto:mike.lydick@gmail.com" target="_blank">mike.lydick@gmail.com</a>><br>

              <a href="mailto:To%3Acisco-voip@puck.nether.net" target="_blank">To:cisco-voip@puck.nether.net</a><br>

              Sent: Mon, January 17, 2011 7:46:51 PM<br>

              Subject: [cisco-voip] UCM 8x. LDAP Filters with group

              members</p>

            <div>

              <div>

                <p class="MsoNormal" style="margin-bottom:12pt"><br>

                  <br>

                  Is it possible to use group membership as element in a

                  LDAP filter?<br>

                  <br>

                  We are working with an AD LDAP forest that has 6

                  domains. We need to selectively<br>

                  <br>

                  import user from LDAP as we migrate to the cluster.<br>

                  <br>

                  The thought is to set the root path to the top level

                  Domain OU, the use the ldap<br>

                  <br>

                  to filter on iphone=* and member of group. We will add

                  members to this group<br>

                  with a script as we migrate.<br>

                  <br>

                  mike<br>

                  <br>

                  <br>

                  </p>

              </div>

            </div>

          </div>

          <p class="MsoNormal"> </p>

        </div>

      </div>

      </div></div><pre><fieldset></fieldset>

_______________________________________________

cisco-voip mailing list

<div class="im"><a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>

</div><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a>

</pre>

    </blockquote>

  </div>

</blockquote></div><br></div>