Posts Tagged ‘active directory’


Hi there,

Here I am once again to deliver another article.

This time we will be covering the mandatory configurations in order to:

  • Integrate CUCM with Microsoft Active Directory – MS AD;
  • Register IP Phones;
  • Associate End User (synced by MS AD) with an IP Phone;

So, today’s article will be focused on the 3 tasks above described.

We will register two IP Phones (one on my laptop and another one on a Virtual Machine). We will be using Cisco IP Communicator – CIPC – as an IP Phone.

Read more about about CIPC here.

I hope you guys have completed the installation of CUCM on your environments from our previous LAB.

This is what we will use on this LAB:

  1. VMware Workstation version 11.1.3
  2. GNS3 version 1.3.11
  3. c3725-adventerprisek9-mz.124-15.T7.bin (IOS – not iOS 🙂 – which we will use on GNS3…GNS3’s Routers don’t come with an IOS, this is why we need at least one for now)
  4. CUCM version 9.1 installed on VMware
  5. Windows Server (any version you like…I used 2012) to use Active Directory
  6. Mozilla Firefox version 42.0
  7. Cisco IP Communicator version


I won’t be providing any of these software. They can be found on the vendors sites for download. The IOS for GNS3 can be found on the Web, just make a Bing Search and you will find them.



So let’s get started.

1. Select Cisco Unified Serviceability on the upper right corner drop-down menu and click “Go”


2. Now select Tools > Service Activation


3. Select the following Services to be activated, click on Save and then press OK on the pop-up warning that will appear

Cisco CallManager
Cisco CTIManager
Cisco TFTP
Cisco AXL Web Service
Cisco DirSync



Quick Quiz:

Cisco CallManager service provides software-only call processing as well as signaling and call control functionality for CUCM.

Cisco CTIManager service contains the CTI components that interface with applications. This service allows applications to monitor/control phones and virtual devices to perform call control functionality.

Cisco TFTP – Cisco Trivial File Transfer Protocol (TFTP) – service builds and serves files that are consistent with the trivial file transfer protocol, a simplified version of FTP. Cisco TFTP serves embedded component executable, ringer files, and device configuration files.

Cisco AXL Web Service allows you to modify database entries and execute stored procedures from client-based applications that use AXL.

Cisco DirSync service ensures that the Cisco Unified Communications Manager database stores all user information. If you use an integrated corporate directory, for example, Microsoft Active Directory or Netscape/iPlanet Directory, with Cisco Unified Communications Manager, the Cisco DirSync service migrates the user data to the Cisco Unified Communications Manager database. The Cisco DirSync service does not synchronize the passwords from the corporate directory.

Read more about these and other services here.


4. Now that we have activated the mandatory services to our system work, return to the Cisco Unified CM Administration Page


5. Let’s remove all the DNS dependency on our system. To do so go to System > Server then replace the hostname with the IP address you configured on your CUCM Server during the installation. Mine is (the same we did on our previous LAB)




6. There are some other configurations (Phone URL Parameters) that are still using the hostname, lets change them to the IP address. Go to System > Enterprise Parameters


You should see “cucm” (or the hostname you configured during the installation process) on the parameters. Change it to the proper IP address:


7. Now let’s make the configurations to allow our system to sync users from our MS Active Directory Server. First go to System > LDAP > LDAP System and then enable the synchronizing from LDAP Server



8. Then go to  System > LDAP > LDAP Authentication and make the proper configuration so that our System can communicate with Microsoft AD



On the distinguished name you can use something like this too:, but I have chosen to use containers.

Observation: is the IP address of my Windows Server 2012, which is my Active Directory Server.


Quick Quiz:

LDAP Manager Distinguished Name is where we indicate the user which has permissions on MS AD

LDAP password is where we put the password of the distinguished user.

LDAP User Search Base is where our System is going to search for users to be synced. If you have placed your users on a difference Organization Unit – OU, then make sure you configure the Containers correctly.


9. Now go to System > LDAP > LDAP Directory and basically we will be configuring the same things we did on LDAP Authentication

Click “Add New” then configure LDAP Configuration Name, LDAP Manager Distinguished Name, LDAP Password, LDAP User Search Base and IP Address of the LDAP Server.

After making the configuration, click on “Save” and then click on “Perform Full Sync Now




10. These are the users I have on the Organization Unit “Users” on my MS AD


11. After some seconds, go to User Management > End User and we should see there all our synced users



If you are getting 0 results hit “Find” button as it works as a “refresh”.

All right folks, we managed to finish the synchronization of CUCM with Microsoft Active Directory.


12. Now we will add all our users to the Stantard CCM End User Group so they can have access to the User Web Page. To that, Go to User Management > User Setting > Access Control Group (on older versions of CUCM the path is User Management > User Group)


13. Click on Standard CCM End User


14. Click on “Add End Users to Group


15. Select the Users and then press “Add Selected


On my LAB here, User “Kaiyden Vuma” will be the owner of the first CIPC (installed on my Laptop) and User “Raquel Raimundo” will be the owner of the second CIPC (installed on my Windows Server 2012 VM).

So, what we have to do is to associate those Users with the CIPC Phones we will be using on the LAB.

But first, we need to register those CIPC Phones on our System.

16. Go to “Preferences” on CIPC 1 (physical laptop), then configure the TFTP Server with the IP address of the CUCM, then give a proper Device Name for easy identification (you can leave it with the default name if you want to)


17. Now go to Device > Phone and then click on “Add New


18. Select “Cisco IP Communicator” and “SCCP” on both drop-down Menus on the screen


Quick Quiz:

SCCP (Skinny Client Control Protocol) is a lightweight IP-based protocol for session signaling with Cisco Unified Communications Manager.

The term “skinny” reflects that SCCP is a simple and uncomplicated (“lightweight”) protocol requiring relatively little computer processing.

Read more here.


19. Configure Device Name (which must be the same Device Name we configured on our CIPC phone), set Device Pool as Default, choose any Phone Button Template you like on Phone Button Template for your CIPC (I like the buttons of the Cisco IP Phone 7962 as it gives me 8 lines) and finally set Device Security Profile to “Cisco IP Communicator – Standard SCCP Non-Secure” and then click “Save



20. Now click on “Line 1” then give a DN (Directory Number) for this CIPC phone and hit “Save



21. After this step go ahead and restart your CIPC Phone and once it finishes restarting we should see it registered successfully


22. Follow the same steps for registering the CIPC 2 phone (I used DN 1002 on CIPC 2)


Now we have 2 things missing on today’s LAB:

  • Associate the Users with the CIPC Phones
  • Call tests between the CIPC Phones.


23. To Associate the CIPC Phones with the Users, first go the End User page (User Management > End User) then click on your first User

If you are getting 0 results hit “Find” button as it works as a “refresh”.

As I said before, the owner of my CIPC 1 Phone will be User “Kaiyden Vuma” and the owner of my CIPC 2 Phone will be User “Raquel Raimundo”.

So, I clicked on my first User and then I selected “Device Association


24. Select the desired CIPC Phone to be associated with this user and click “Save Selected


Do the same for the Second User and associate him with CIPC 2 Phone.

25. Now go to the Phones page (Devices > Phone), click on CIPC 1 Phone then click on the configured DN (which is 1001)

If you are getting 0 results hit “Find” button as it works as a “refresh”).


26. Scroll down until you find and click “Associate End Users” button


27. Select the User who is going to control this DN and click “Add Selected


Congratulations if you made it this far. Now is time to make the final tests between both CIPC phones on our physical and virtual machines.

28. Call from one phone to another




As we can see on the 2 pictures above…it WORKED!!!



So, this is it….its over…for now. See you on OUR next article.

Any doubts, you can post your comments below as it can be somebody else’s doubt or you can send me an

Don’t forget the motto: EVERYONE TEACH ONE

See you soon



Cisco Learning Network Store

Warm regards,

Edson Vuma