If you're planning to use CallManager and Active Directory in your enterprise you have a lot of decisions to make...
because there are a lot of options. The first big one is whether you want to have your telephony systems "access" Active Directory or "be integrated" with it.
Many administrators may not realize that there is a difference, but it is substantial. Accessing is simply a lookup. For instance, an IP Phone can send a last name of a subscriber to the LDAP server with a request, and the server can return the phone number of that subscriber. This requires very little configuration. Integration, on the other hand, involves modifying and extending your Active Directory schema as well as considerable configuration. Of course, for some organizations, the rewards are worth the effort.
If you do go the integration route, your users' information will reside in your LDAP directory, not just CallManager's local SQL Server. This leads to another decision. Do you want to be able to add and delete users from CallManager Administration?
The answer to this decision will generally revolve around your how your organization is structured, but by default, this ability is restricted. If you would like to enable it, you can do so with a registry hack. Find the key
HKEY_LOCAL_MACHINE, SOFTWARE, Cisco Systems, Inc., Directory Configuration, DIRACCESS.
Change the value from FALSE to TRUE and restart IIS Admin.
WARNING: as always, be extremely careful when working with the Windows registry, and always back up your system completely beforehand.
Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.