<div>The article indicates that the ADAM server will function as a proxy, which I believe should resolve the issue, but the technote is based on a multi-forest deployment. I am not sure if there are any caveats to be aware of related to a single forest deployment before we recommend an new service for the AD team to support. Tac came back with the same response.</div>
<div><br></div><div>SR 616689529<br clear="all"></div><div><br></div><div><br></div><div>thanks again,</div><div><br></div>Best Regards,<br><br>Mike Lydick<br><br><br>
<br><br><div class="gmail_quote">On Sat, Jan 29, 2011 at 12:28 PM, Wes Sisk <span dir="ltr"><<a href="mailto:wsisk@cisco.com">wsisk@cisco.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div text="#000000" bgcolor="#ffffff">
Mike,<br>
<br>
Honestly my AD is a bit fuzzy. If the article doesn't answer the
question then let me know the case number and I will get it
re-opened so we can get the right answer.<br>
<br>
Regards,<br><font color="#888888">
Wes</font><div><div class="h5"><br>
<br>
On 1/29/2011 10:03 AM, Mike Lydick wrote:
<blockquote type="cite">Thanks Wes
<div><br>
</div>
<div>So all the domain we are working with are in the same forest.
Does will ADAM provide the referral process to each domain. I
believe from what I have read it will but wanted to confirm that
this is still recommended for a single forest environment.</div>
<div><br>
</div>
<div><br clear="all">
Best Regards,<br>
<br>
Mike Lydick<br>
<br>
<br>
<br>
<br>
<div class="gmail_quote">On Sat, Jan 29, 2011 at 9:18 AM, Wes
Sisk <span dir="ltr"><<a href="mailto:wsisk@cisco.com" target="_blank">wsisk@cisco.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">
<div text="#000000" bgcolor="#ffffff"> The supported method
is Microsoft ADAM:<br>
<br>
<a href="http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a0080b2b103.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a0080b2b103.shtml</a><br>
<br>
Regards,<br>
Wes
<div>
<div><br>
<br>
On 1/29/2011 1:10 AM, Dennis Heim wrote: </div>
</div>
<blockquote type="cite">
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11pt;color:rgb(31, 73, 125)">You need some sort
of LDAP proxy of sorts, that companies
multiple LDAP directories together and
presents that unified directory as a single
directory to CallManager. I know that ANDtek
make a metadirectory application that does
exactly this.</span></p>
<p class="MsoNormal"><span style="font-size:11pt;color:rgb(31, 73, 125)"> </span></p>
<p class="MsoNormal"><span style="font-size:10pt;color:rgb(31, 73, 125)">Dennis Heim<br>
Network Voice Engineer<br>
CDW Advanced Technology Services<br>
11711 N. Meridian Street, Suite 225<br>
Carmel, IN 46032<br>
<br>
317.569.4255 Single Number Reach<br>
</span><span style="font-size:10pt;color:black">317.569.4201 Fax</span></p>
<p class="MsoNormal"><span style="font-size:11pt;color:rgb(31, 73, 125)"><a href="mailto:dennis.heim@cdw.com" title="mailto:dennis.heim@berbee.com" target="_blank">dennis.heim@cdw.com</a><br>
</span><span style="color:rgb(31, 73, 125)"><a href="http://www.cdw.com/content/solutions/unified-communications/" target="_blank">cdw.com/content/solutions/unified-communications/</a></span></p>
<p class="MsoNormal"><span style="font-size:11pt;color:rgb(31, 73, 125)"> </span></p>
<p class="MsoNormal"><b><span style="font-size:10pt">From:</span></b><span style="font-size:10pt"> <a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>
[<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">mailto:cisco-voip-bounces@puck.nether.net</a>]
<b>On Behalf Of </b>Mike Lydick<br>
<b>Sent:</b> Saturday, January 29, 2011 12:45
AM<br>
<b>To:</b> Paul<br>
<b>Cc:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> Re: [cisco-voip] UCM 8x. LDAP
Filters with group members</span></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">TAC is saying that filtering
on Group membership in multiple Domains is not
possible. There is also a referance in the UCM
8x SRND that states that indicates its not
supported. So the real problem how you import CM
users with Active Directory forest that contain
more than 5 domains? This seems to be a serious
limitation for enterprise environments.</p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">From the SRND:</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span style="font-size:10pt">A synchronization agreement for a
domain will not synchronize users outside of
that domain nor within a child domain
because Unified CM does not follow AD
referrals during the synchronization
process. The example in Figure 16-9 requires
three synchronization agreements to import
all of the users. Although Search Base 1
specifies the root of the tree, it will not
import users that exist in either of the
child domains. Its scope is only VSE.LAB,
and separate agreements are configured for
the other two domains to import those users.</span></p>
<p class="MsoNormal"><span style="font-size:10pt"> </span></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-bottom:12pt">Best Regards,<br>
<br>
Mike Lydick<br>
<br>
<br>
<br>
</p>
<div>
<p class="MsoNormal">On Tue, Jan 18, 2011 at
10:27 AM, Paul <<a href="mailto:asobihoudai@yahoo.com" target="_blank">asobihoudai@yahoo.com</a>>
wrote:</p>
<p class="MsoNormal">according to this URL<br>
<a href="http://www.petri.co.il/ldap_search_samples_for_windows_2003_and_exchange.htm" target="_blank">http://www.petri.co.il/ldap_search_samples_for_windows_2003_and_exchange.htm</a><br>
<br>
It certainly appears you can filter out
users according to group membership in<br>
an LDAP filter.<br>
<br>
<br>
<br>
<br>
________________________________<br>
From:Mike Lydick <<a href="mailto:mike.lydick@gmail.com" target="_blank">mike.lydick@gmail.com</a>><br>
<a href="mailto:To%3Acisco-voip@puck.nether.net" target="_blank">To:cisco-voip@puck.nether.net</a><br>
Sent: Mon, January 17, 2011 7:46:51 PM<br>
Subject: [cisco-voip] UCM 8x. LDAP Filters
with group members</p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12pt"><br>
<br>
Is it possible to use group membership
as element in a LDAP filter?<br>
<br>
We are working with an AD LDAP forest
that has 6 domains. We need to
selectively<br>
<br>
import user from LDAP as we migrate to
the cluster.<br>
<br>
The thought is to set the root path to
the top level Domain OU, the use the
ldap<br>
<br>
to filter on iphone=* and member of
group. We will add members to this group<br>
with a script as we migrate.<br>
<br>
mike<br>
<br>
<br>
</p>
</div>
</div>
</div>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
</div>
<pre>_______________________________________________
cisco-voip mailing list
<div><a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>
</div><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
</pre> </blockquote>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div></div></div>
</blockquote></div><br>