Configure the Enterprise Group for CUCM & IM/P

Available Languages

Download Options

  • PDF     (230.7 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (221.1 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Updated:July 15, 2016
Document ID:200574

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes the feature by which we can administer groups in Microsoft Active Directory and can take benefits of being able to perform group search through jabber or other IM clients.

Prerequsites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software  versions:

  • Cisco Unified Communications Manager version 11.0
  • Cisco Unified IM and Presence version 11.0
  • Microsoft Active Directory
  • Cisco Jabber Client

Note: This document assumes that you already have users created in Active directory, and it has been synchronised with the CUCM.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Background Information

As a CUCM administration, it requires enhanced functionality on Directory sync service to be able to sync only distribution groups and the association of the Users with the Groups from the AD LDAP server, so that you can take benefit of being able to perform group search through Jabber or other IM clients.

With Cisco Unified Communications Manager Release 11.0, Cisco Jabber users can search for groups in
Microsoft Active Directory and add them to their contact lists. If a group that is already added to the contact
list is updated, the contact list gets automatically updated. Cisco Unified Communications Manager synchronizes
its database with Microsoft Active Directory groups at specified intervals.

End users (Jabber users) could then add those groups to their roster and immediately be able to see each members presence or send them IMs, add them to groupchats etc.

These groups would be 'read only' groups and would not be editable from the client.

Any changes made to groups in AD should be reflected in the clients view of that group.

Configure

Step1. Create a new group in Active Directory (AD), as shown in the image. Ensure that you create the group type as Distribution.

Right click on the group and select properties and then click on Attribute Editor Tab. You can confirm the group type as 2, as shown in the image.

Once the group is created, add the respective users to the above group.

Step 2. Navigate to System -- LDAP-- LDAP Directory

Select Users and Groups radio button, as shown in the image, to synchronise users and groups in the Microsoft Active Directory with CUCM database.

Note: The Users Only and User and Groups radio buttons are available only if you are using Microsoft Active Directory as the corporate directory.

Once it is synchronized,

From Cisco Unified CM Administration, navigate to User Management > User Settings > User Group, as shown i nthe image.
The Find and List User Groups window appears.

You can see the new group which was created in step 1.

 Once you click on User Group, you can see the group that is created.

To view a list of users that belong to a user group, click on the required user group.
The User Group Configuration window is displayed

Enter search criteria and click Find.
A list of users that match the search criteria is displayed as shown in the image:


A new enterprise parameter Directory Group Operations on Cisco IM and Presence is added in the
Enterprise Parameter Configuration window. This parameter allows you to enable or disable the AD Groups
Sync feature. These steps are used to enable the AD Groups Sync feature.

From Cisco Unified CM Administration, navigate to System > Enterprise Parameters.
The Enterprise Parameters Configuration window is displayed.


Step 3. In the User Management Parameters section, select Enabled from the Directory Group Operations on
Cisco IM and Presence drop-down list as shown in the image:

Jabber Client enhancements

Jabber Client is enhanced to support these Enterprise Group functionalities:

  • Add an Existing Directory Group into the contact list.
  • Delete an Existing Directory Group from the Contact list
  • Displaying Presence updates of Directory Group members in the contact list.
  • Displaying dynamic updates to the Directory Group or the Members made within the AD server to the Groups without the User having to log in or out.
  • Group features supported on clients when the User is logged in through Multiple resources.

Navigate to  Menu> New> Directory Group as shown in the image:

Now enter the name of the group, as shown in the image:

Verify

Use this section in order to confirm that your configuration works properly.

After the group is added successfully, you can see all the members along with their presence as shown in the image:

Only the group members that are assigned to the IM and Presence Service nodes can be added to the
contact list. Other group members are discarded.


If you disable the Enterprise Groups feature, Cisco Jabber users are then not able to search Microsoft Active
Directory groups or see the groups that they already added to their contact lists. If a user is already logged in
when you disable the Enterprise Groups feature, the group is visible until the user logs out. When the
user logs in again, the group is not be visible.

Troubleshoot

This section provides information you can use in order  to troubleshoot your configuration.

  1. If Groups don't sync from AD server to CUCM then check these:
  • In LDAP Directory page navigate to sync agreement page and check whether Users and Groups radio button is selected or not, as shown in the image:

  

  • Check if the Group created as Security Group in AD (only Distribution Groups are supported).
  1. In Jabber client, if there is no option to add the Directory Group then navigate to Enterprise parameter page and check if Directory Group Operations on Cisco IM and Presence field is set to Enabled.
  2. In Jabber client if directory group is not getting added then check this:
  • Navigate to usergroup page in CUCM and check if the status of that ADGroup is Inactive, if status is Inactve then it is not added.
  • If the Roster limit is exceeded more than the assigned value in IM/P server admin page Presence à Settings à Standard Configuration

  • If the Presence of the AD Group member is not shown then check if the AD Group members count is more than 100. If it is more than 100 then the presence for that AD Group is blocked as the maximum limit is 100 for each AD Group

Limitations

These limitations are applied to Enterprise Groups feature:


• The Enterprise Groups feature allows you to synchronize only distribution groups. Synchronization of
security groups is not supported in this release.

• In the User Group Configuration window, filters are available only for users. No filters are available
for user groups.

• Multilevel grouping is not allowed for the group sync.

• When a user group and users are present in the same search base, group-only synchronization is not
allowed. Instead, the user group as well as the users are synchronized.

• You can synchronize a maximum of 15000 user groups from Microsoft Active Directory server to the
Unified Communications Manager database. Each user group can include a maximum of 100 users.

• If a user group is moved from one organization unit to another, you must perform a full sync on the
original unit followed by a full sync on the new unit.

• Local groups are not supported. Only groups synchronized from Microsoft Active Directory are supported.

• Group members that are not assigned to IM and Presence Service nodes display in the contact list with
the presence bubble greyed out. However, these members are considered when calculating a maximum
numbers of users allowed in the contact list.

• During migration from Microsoft Office Communication Server, the Enterprise Groups feature is not
supported until users are fully migrated to the IM and Presence Service node.

• If you change the synchronization option in the LDAP Directory Configuration window while the
synchronization is in progress, the existing synchronization remains unaffected. For example, if you
change the synchronization option from Users and Groups to Users Only when the synchronization
is in progress, the users and groups synchronization still continues.

Revision History

Revision Publish Date Comments
1.0
18-Jul-2016
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Somnath Gupta
    Cisco TAC Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products