Polycom 3725-76302-001LI

DMA OperationsGuide Microsoft Active Directory Integration

170 Polycom, Inc.

2In the Polycom DMA system, replace the default local administrative

user with your own user account that has the same user roles. See “Users

Procedures” on page333.

3Log into the Polycom DMA system as the local user you created in step2

and go to Admin > Integrations > Microsoft Active Directory.

4Check Enable integration with Microsoft® Active Directory Server and

complete the information in the Active Directory Connection section.

aUnless you have a single domain environment and no global catalog,

select Auto-discover from FQDN and enter the DNS domain name.

bFor Domain\user name, enter the domain and user ID of the account

you created in step1.

cLeave Base DN set to the default, All Domains. Don’t edit the User

LDAP filter expression unless you understand LDAP filter syntax

(see RFC 2254) and know what changes to make.

dSpecify the time each day that you want the Polycom DMA system to

check the Active Directory for changes.

eSelect the territory whose cluster should perform the integration and

daily updates.

5To generate conference room IDs for the enterprise users, complete the

Enterprise Conference Room ID Generation section.

Skip this step if you don’t want the system to create conference rooms

(virtual meeting rooms) for the enterprise users.

Note

If you have a Polycom RealPresence Resource Manager or CMA system, be aware

that the machine account used for AD integration by the RealPresence Resource

Manager or CMA system and the service account used for AD integration by the

DMA system have different requirements. Don’t try to use the same account for

both purposes. In particular, the whitelist of machines that the Polycom

RealPresence Resource Manager or CMA system is allowed to log into should

contain only the RealPresence Resource Manager or CMA system, while the

whitelist of machines the Polycom DMA system is allowed to log into should contain

only the domain controllers.

If you use Active Directory attributes that aren’t replicated across the enterprise via

the Global Catalog server mechanism, the system must query each domain for the

data. Make sure that the whitelist for this service account is correct and that it can

connect to all the LDAP servers in each domain.

Note

We don’t recommend using the IP address or host name option in a multi-domain

environment. If you must, enter the host name or IP address of a specific global

catalog server, not the DNS domain name.