Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1241
Views
5
Helpful
3
Replies

Create Custom LDAP Filter CUCM 12.5

Go to solution
tcmckay
Level 1
Level 1

‎08-17-2020 09:09 AM

My current LDAP is set to pull every new user into CUCM. When the system was setup (prior to me) this wasn't an issue because the company was smaller and used less service accounts. Now, however, we are larger and use many service accounts that are setup as users. In order to reduce the number of users that are pulled into CUCM I would like to create a custom LDAP filter. I have not done this before but know the process just not the syntax. 

 

The only users that should be pulled into the CUCM are user with text in the IP Phone field in AD. I think the correct filter is

(IP phone=*)

Can anyone confirm this or suggest the correct way of getting just the information that I want without getting the Server Engineers to change their AD structure!

 

Cheers!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Maren Mahoney
VIP
VIP

‎08-17-2020 09:46 AM

The default filter for LDAP includes user accounts, but not computers, and only those user accounts that are not disabled in Active Directory. It looks like this:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

It is the "(!(UserAccountControl:1.2.840.113556.1.4.803:=2)" part that excludes disabled accounts, so if you want to include them delete that statement.

So for a custom filter that will import only active user accounts where the ipPhone field is populated you would use the following:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(ipPhone=*))

Let us know if you have questions.

Maren

 

 

 

 

View solution in original post

3 Replies 3

Go to solution
Maren Mahoney
VIP
VIP

‎08-17-2020 09:46 AM

The default filter for LDAP includes user accounts, but not computers, and only those user accounts that are not disabled in Active Directory. It looks like this:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

It is the "(!(UserAccountControl:1.2.840.113556.1.4.803:=2)" part that excludes disabled accounts, so if you want to include them delete that statement.

So for a custom filter that will import only active user accounts where the ipPhone field is populated you would use the following:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(ipPhone=*))

Let us know if you have questions.

Maren

 

 

 

 

Go to solution
tcmckay
Level 1
Level 1
In response to Maren Mahoney

‎08-17-2020 12:48 PM

Thank you this seemed to created the desired outcome. I appreciate your time.

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to tcmckay

‎08-19-2020 02:32 AM - edited ‎08-19-2020 02:36 AM

Although technically not providing a different result, other than possibly a cleaner looking filter I would format it like this.

(&(objectclass=user)(ipPhone=*)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

It's a matter of preference on how you'd want the AND statement to be formed. Below picture is how it would look in an LDAP filter builder, like Softerra LDAP Browser that I use for this.
Snag_a68d83.png



Response Signature


0 Helpful
Customers Also Viewed These Support Documents