Friday, November 18, 2011

Lab Setup Windows 2008 AD Server for Dirsync to CUCM via LDAP

Sometimes it's useful to have a Windows Active Directory server in your lab. I'm everything else than a Microsoft expert and I was curious if I could get this to work. Target is to get a couple of users in a hierarchic structure with different characteristics to test search base settings and LDAP filters. Screenshots are in German, sorry for that. Had no other version to test but I tried to translate the important parts.

I started with the installation of a Windows 2008 Server where then DNS & AD where activated. There is a pretty straightforward guide at:
http://www.petri.co.il/installing-active-directory-windows-server-2008.htm
There are several other equal good guides around.

When I verified the installation in Server Manager I saw a warning:



The Replication Service was stopped. I tried o start it manually but it would not start. I think DFS Replication is used now. Anyway it seems to work without that service.


Next step is to verify the AD User setup. So go via Start -> Administration and click Active Directory - Users & Computers.





This opens your User administration:



I've added some OU's to get a structure in it. You can create these via the button the arrow points to.
Now we are only missing some users to get some life into this. Because I'm lazy, if possible, I will add them by batch. So I opened a DOS prompt on my DC and entered the following lines:

dsadd user CN="John Adams,OU=MITTE,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn John -ln Adams -pwd .C1sc0uc. -display "John Adams" -samid John.Adams -iptel 2800 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email John.Adams@lab.local
dsadd user CN="Helmut Meier,OU=MITTE,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Helmut -ln Meier -pwd .C1sc0uc. -display "Helmut Meier" -samid Helmut.Meier -iptel 2801 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Helmut.Meier@lab.local
dsadd user CN="Sabine Mueller,OU=MITTE,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Sabine -ln Mueller -pwd .C1sc0uc. -display "Sabine Mueller" -samid Sabine.Mueller -iptel 2802 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Sabine.Mueller@lab.local
dsadd user CN="Hermann Meier,OU=MITTE,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Hermann -ln Meier -pwd .C1sc0uc. -display "Hermann Meier" -samid Hermann.Meier -iptel 2803 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Hermann.Meier@lab.local
dsadd user CN="Ernst Maier,OU=MITTE,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Ernst -ln Maier -pwd .C1sc0uc. -display "Ernst Maier" -samid Ernst.Maier -iptel 2804 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Ernst.Maier@lab.local
dsadd user CN="Manfed Meyer,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Manfed -ln Meyer -pwd .C1sc0uc. -display "Manfed Meyer" -samid Manfed.Meyer -iptel 2805 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Manfed.Meyer@lab.local
dsadd user CN="Sebastian Meier,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Sebastian -ln Meier -pwd .C1sc0uc. -display "Sebastian Meier" -samid Sebastian.Meier -iptel 2806 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Sebastian.Meier@lab.local
dsadd user CN="Gustav Tretpohl,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Gustav -ln Tretpohl -pwd .C1sc0uc. -display "Gustav Tretpohl" -samid Gustav.Tretpohl -iptel 2807 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Gustav.Tretpohl@lab.local
dsadd user CN="Hans Duck,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Hans -ln Duck -pwd .C1sc0uc. -display "Hans Duck" -samid Hans.Duck -iptel 2808 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Hans.Duck@lab.local
dsadd user CN="Helmut Kohl,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Helmut -ln Kohl -pwd .C1sc0uc. -display "Helmut Kohl" -samid Helmut.Kohl -iptel 2809 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Helmut.Kohl@lab.local
dsadd user CN="Andre Morgenstern,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Andre -ln Morgenstern -pwd .C1sc0uc. -display "Andre Morgenstern" -samid Andre.Morgenstern -iptel 2810 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Andre.Morgenstern@lab.local
dsadd user CN="Andre Stello,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Andre -ln Stello -pwd .C1sc0uc. -display "Andre Stello" -samid Andre.Stello -iptel 2811 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Andre.Stello@lab.local
dsadd user CN="Andreas Gustav,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Andreas -ln Gustav -pwd .C1sc0uc. -display "Andreas Gustav" -samid Andreas.Gustav -iptel 2812 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Andreas.Gustav@lab.local
dsadd user CN="Frank Eickhoff,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Frank -ln Eickhoff -pwd .C1sc0uc. -display "Frank Eickhoff" -samid Frank.Eickhoff -iptel 2813 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Frank.Eickhoff@lab.local
dsadd user CN="Sebastian Stahlhut,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Sebastian -ln Stahlhut -pwd .C1sc0uc. -display "Sebastian Stahlhut" -samid Sebastian.Stahlhut -iptel 2814 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Sebastian.Stahlhut@lab.local
dsadd user CN="Hans-Hernmann Sawade,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Hans-Hernmann -ln Sawade -pwd .C1sc0uc. -display "Hans-Hernmann Sawade" -samid Hans-Hernmann.Sawade -iptel 2815 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Hans-Hernmann.Sawade@lab.local
dsadd user CN="David Wenk,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn David -ln Wenk -pwd .C1sc0uc. -display "David Wenk" -samid David.Wenk -iptel 2816 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email David.Wenk@lab.local
dsadd user CN="Andreas Leppin,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Andreas -ln Leppin -pwd .C1sc0uc. -display "Andreas Leppin" -samid Andreas.Leppin -iptel 2817 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Andreas.Leppin@lab.local
dsadd user CN="Guenther Walter,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Guenther -ln Walter -pwd .C1sc0uc. -display "Guenther Walter" -samid Guenther.Walter -iptel 2818 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Guenther.Walter@lab.local
dsadd user CN="Michael Kaenner,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Michael -ln Kaenner -pwd .C1sc0uc. -display "Michael Kaenner" -samid Michael.Kaenner -iptel 2819 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Michael.Kaenner@lab.local
dsadd user CN="Thomas Gottschalk,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Thomas -ln Gottschalk -pwd .C1sc0uc. -display "Thomas Gottschalk" -samid Thomas.Gottschalk -iptel 2820 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Thomas.Gottschalk@lab.local
dsadd user CN="Guenther Jauch,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Guenther -ln Jauch -pwd .C1sc0uc. -display "Guenther Jauch" -samid Guenther.Jauch -iptel 2821 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Guenther.Jauch@lab.local
dsadd user CN="Anne Will,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Anne -ln Will -pwd .C1sc0uc. -display "Anne Will" -samid Anne.Will -iptel 2822 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Anne.Will@lab.local
dsadd user CN="Helmut Schmidt,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Helmut -ln Schmidt -pwd .C1sc0uc. -display "Helmut Schmidt" -samid Helmut.Schmidt -iptel 2823 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Helmut.Schmidt@lab.local
dsadd user CN="Harald Schmidt,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Harald -ln Schmidt -pwd .C1sc0uc. -display "Harald Schmidt" -samid Harald.Schmidt -iptel 2824 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Harald.Schmidt@lab.local
dsadd user CN="Sebastian Seine,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Sebastian -ln Seine -pwd .C1sc0uc. -display "Sebastian Seine" -samid Sebastian.Seine -iptel 2825 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Sebastian.Seine@lab.local
dsadd user CN="Hartmut Hubertus,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Hartmut -ln Hubertus -pwd .C1sc0uc. -display "Hartmut Hubertus" -samid Hartmut.Hubertus -iptel 2826 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Hartmut.Hubertus@lab.local
dsadd user CN="Manfred Deutschland,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Manfred -ln Deutschland -pwd .C1sc0uc. -display "Manfred Deutschland" -samid Manfred.Deutschland -iptel 2827 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Manfred Deutschland@lab.local
dsadd user CN="Joseppe Krug,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Joseppe -ln Krug -pwd .C1sc0uc. -display "Joseppe Krug" -samid Joseppe.Krug -iptel 2828 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Joseppe.Krug@lab.local
dsadd user CN="Jose Roemer,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Jose -ln Roemer -pwd .C1sc0uc. -display "Jose Roemer" -samid Jose.Roemer -iptel 2829 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Jose.Roemer@lab.local
dsadd user CN="Mark Gottschalk,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Mark -ln Gottschalk -pwd .C1sc0uc. -display "Mark Gottschalk" -samid Mark.Gottschalk -iptel 2830 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Mark.Gottschalk@lab.local
dsadd user CN="Kai Schroeder,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Kai -ln Schroeder -pwd .C1sc0uc. -display "Kai Schroeder" -samid Kai.Schroeder -iptel 2831 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Kai.Schroeder@lab.local
dsadd user CN="Uwe Koenig,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Uwe -ln Koenig -pwd .C1sc0uc. -display "Uwe Koenig" -samid Uwe.Koenig -iptel 2832 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Uwe.Koenig@lab.local
dsadd user CN="Hardo Koenig,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Hardo -ln Koenig -pwd .C1sc0uc. -display "Hardo Koenig" -samid Hardo.Koenig -iptel 2833 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Hardo.Koenig@lab.local
dsadd user CN="Maik Buchholz,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Maik -ln Buchholz -pwd .C1sc0uc. -display "Maik Buchholz" -samid Maik.Buchholz -iptel 2834 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Maik.Buchholz@lab.local
dsadd user CN="Jan Buchholz,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Jan -ln Buchholz -pwd .C1sc0uc. -display "Jan Buchholz" -samid Jan.Buchholz -iptel 2835 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Jan.Buchholz@lab.local
dsadd user CN="Clara Schmidt,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Clara -ln Schmidt -pwd .C1sc0uc. -display "Clara Schmidt" -samid Clara.Schmidt -iptel 2836 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Clara.Schmidt@lab.local
dsadd user CN="Sabine Schroeder,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Sabine -ln Schroeder -pwd .C1sc0uc. -display "Sabine Schroeder" -samid Sabine.Schroeder -iptel 2837 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Sabine.Schroeder@lab.local
dsadd user CN="Manfred Buchholz,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Manfred -ln Buchholz -pwd .C1sc0uc. -display "Manfred Buchholz" -samid Manfred.Buchholz -iptel 2838 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Manfred.Buchholz@lab.local
dsadd user CN="Hendrik Schiene,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Hendrik -ln Schiene -pwd .C1sc0uc. -display "Hendrik Schiene" -samid Hendrik.Schiene -iptel 2839 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Hendrik.Schiene@lab.local
dsadd user CN="Heinz Stahlhut,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Heinz -ln Stahlhut -pwd .C1sc0uc. -display "Heinz Stahlhut" -samid Heinz.Stahlhut -iptel 2840 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Heinz.Stahlhut@lab.local
dsadd user CN="Wilhelm Sprick,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Wilhelm -ln Sprick -pwd .C1sc0uc. -display "Wilhelm Sprick" -samid Wilhelm.Sprick -iptel 2841 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Wilhelm.Sprick@lab.local
dsadd user CN="Klaus Landree,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Klaus -ln Landree -pwd .C1sc0uc. -display "Klaus Landree" -samid Klaus.Landree -iptel 2842 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Klaus.Landree@lab.local
dsadd user CN="Magnus Landree,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Magnus -ln Landree -pwd .C1sc0uc. -display "Magnus Landree" -samid Magnus.Landree -iptel 2843 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Magnus.Landree@lab.local
dsadd user CN="Siegrid Schaekel,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Siegrid -ln Schaekel -pwd .C1sc0uc. -display "Siegrid Schaekel" -samid Siegrid.Schaekel -iptel 2844 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Siegrid.Schaekel@lab.local
dsadd user CN="Marlies Salge,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Marlies -ln Salge -pwd .C1sc0uc. -display "Marlies Salge" -samid Marlies.Salge -iptel 2845 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Marlies.Salge@lab.local
dsadd user CN="Ernst Mueller,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Ernst -ln Mueller -pwd .C1sc0uc. -display "Ernst Mueller" -samid Ernst.Mueller -iptel 2846 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Ernst.Mueller@lab.local
dsadd user CN="Friedrich Mueller,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Friedrich -ln Mueller -pwd .C1sc0uc. -display "Friedrich Mueller" -samid Friedrich.Mueller -iptel 2847 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Friedrich.Mueller@lab.local
dsadd user CN="Tanja Meier,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Tanja -ln Meier -pwd .C1sc0uc. -display "Tanja Meier" -samid Tanja.Meier -iptel 2848 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Tanja.Meier@lab.local
dsadd user CN="Bjoern Meyer,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Bjoern -ln Meyer -pwd .C1sc0uc. -display "Bjoern Meyer" -samid Bjoern.Meyer -iptel 2849 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Bjoern.Meyer@lab.local
dsadd user CN="Mona Haeberle,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Mona -ln Haeberle -pwd .C1sc0uc. -display "Mona Haeberle" -samid Mona.Haeberle -iptel 2850 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Mona.Haeberle@lab.local
dsadd user CN="Thomas Hilbig,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Thomas -ln Hilbig -pwd .C1sc0uc. -display "Thomas Hilbig" -samid Thomas.Hilbig -iptel 2851 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Thomas.Hilbig@lab.local
dsadd user CN="Wolfgang Maximo,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Wolfgang -ln Maximo -pwd .C1sc0uc. -display "Wolfgang Maximo" -samid Wolfgang.Maximo -iptel 2852 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Wolfgang.Maximo@lab.local
dsadd user CN="Sina Sattel,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Sina -ln Sattel -pwd .C1sc0uc. -display "Sina Sattel" -samid Sina.Sattel -iptel 2853 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Sina.Sattel@lab.local
dsadd user CN="Judith Sattel,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Judith -ln Sattel -pwd .C1sc0uc. -display "Judith Sattel" -samid Judith.Sattel -iptel 2854 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Judith.Sattel@lab.local
dsadd user CN="Silke Hubertus,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Silke -ln Hubertus -pwd .C1sc0uc. -display "Silke Hubertus" -samid Silke.Hubertus -iptel 2855 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Silke.Hubertus@lab.local
dsadd user CN="Kira Roemer,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Kira -ln Roemer -pwd .C1sc0uc. -display "Kira Roemer" -samid Kira.Roemer -iptel 2856 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Kira.Roemer@lab.local
dsadd user CN="Wolfgang Rolf,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Wolfgang -ln Rolf -pwd .C1sc0uc. -display "Wolfgang Rolf" -samid Wolfgang.Rolf -iptel 2857 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Wolfgang.Rolf@lab.local
dsadd user CN="Peter Worms,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Peter -ln Worms -pwd .C1sc0uc. -display "Peter Worms" -samid Peter.Worms -iptel 2858 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Peter.Worms@lab.local
dsadd user CN="Hans Eichel,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Hans -ln Eichel -pwd .C1sc0uc. -display "Hans Eichel" -samid Hans.Eichel -iptel 2859 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Hans.Eichel@lab.local
dsadd user CN="Ferdinand Eichel,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Ferdinand -ln Eichel -pwd .C1sc0uc. -display "Ferdinand Eichel" -samid Ferdinand.Eichel -iptel 2860 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Ferdinand.Eichel@lab.local
dsadd user CN="Clemens Fuchs,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Clemens -ln Fuchs -pwd .C1sc0uc. -display "Clemens Fuchs" -samid Clemens.Fuchs -iptel 2861 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Clemens.Fuchs@lab.local
dsadd user CN="Walter Rudolf,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Walter -ln Rudolf -pwd .C1sc0uc. -display "Walter Rudolf" -samid Walter.Rudolf -iptel 2862 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Walter.Rudolf@lab.local


Let's check if this worked:



So far so good. Now I add a user which I will use to authenticate the dirsync to CUCM:



Settings:




Password should never expire and user doesn't need to change it.

Now the CUCM needs to be prepared for Dirsync. Remember that all localy administered end users will be deactivated / deleted after a LDAP dirsync. First step is to enable the Dirsync service in CUCM Serviceability. Then go to System -> LDAP System Configuration and enable the LDAP Sync:



After doing and verfying that go to System -> LDAP Directory:



When you are done click save and subsequently Perform Full Sync Now.
Maybe you get this error after trying to save:



This doesn't neccesarily mean that there is "null" connection. This shows also up when there is an authentication error. I started with a quick view to Wireshark:



Error code is:
80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
The problem is that CUCM only speaks LDAP simple and with that you have to enter the username for LDAP (distinguished Name) in the format of an email address. I think that's new in Windows 2008 server. In the case that you are running CUCM and AD in the same Vmware System, like I do, you might not be able to sniff the traffic on the LAN. You could still use CUCM packet capture:

http://uc-b.blogspot.com/2011/08/cisco-cucm-troubleshooting-with-cucm.html

Anyway, if everything went well the end users start  appearing now:



A nice tool for checking the LDAP functionality is an LDAP browser. I would highly recommend  LDAP Admin for that. Stable, flexible and usually enough features. You can get it from here: http://ldapadmin.sourceforge.net/



 As always, feel free to comment, ask or suggest ...