Cisco Cisco TelePresence Management Suite (TMS) Version 15
Create and manage user accounts
Cisco TMS Provisioning Deployment Guide
Page 22 of 47
Note: When synchronizing folders in the sub-group levels, and after the synchronization is complete on a
sub-group level, a force refresh of the GUI is required. Force refresh must be done to correctly view any
actions (for example moving users between folders) that may have occurred during the operation. Doing
a force refresh of the GUI will return the highlighted cursor to the Root level.
sub-group level, a force refresh of the GUI is required. Force refresh must be done to correctly view any
actions (for example moving users between folders) that may have occurred during the operation. Doing
a force refresh of the GUI will return the highlighted cursor to the Root level.
To import users immediately to this group, return to the root level, then
1. Click the link Click here to import all users from this source.
2. Wait for import to complete.
3. Click OK.
4. Refresh the browser.
2. Wait for import to complete.
3. Click OK.
4. Refresh the browser.
Note: If the user was initially imported by the first synchronization to the root group folder, but the user
also belonged to the AD CN search filter for the Norway group folder, the user will automatically be
moved from the root group folder to the Norway group folder at the next synchronization.
also belonged to the AD CN search filter for the Norway group folder, the user will automatically be
moved from the root group folder to the Norway group folder at the next synchronization.
If AD Security Groups or AD Distribution Lists are used to import users to the Cisco TMS Provisioning
Directory, it is recommended not to use the Relative Search DN field, but instead create a filter in the
Search filter field. For example, and let's assume you require to search on a security group in AD, then
you would enter the Base DN (for example dc=eu, dc=company, dc=com), leave the Relative Search
DN blank and in the Search filter, enter your search, for example memberOf= cn=videoconfusers,
ou=security groups, dc=subdomain, dc=domain.
Directory, it is recommended not to use the Relative Search DN field, but instead create a filter in the
Search filter field. For example, and let's assume you require to search on a security group in AD, then
you would enter the Base DN (for example dc=eu, dc=company, dc=com), leave the Relative Search
DN blank and in the Search filter, enter your search, for example memberOf= cn=videoconfusers,
ou=security groups, dc=subdomain, dc=domain.
Kerberos authentication
To import users using a secure connection, Cisco TMS supports Kerberos authentication towards AD.
To enable and configure, use the
External Source Configuration
pane.
1. Click the Edit button.
2. Check the Kerberos Authentication check box and enter the required settings.
2. Check the Kerberos Authentication check box and enter the required settings.
The required settings are:
n
Kerberos KDC: (Key Distribution Center): The address of the Kerberos KDC server, which is the
address of your Active Directory (AD). The value can either be a fully qualified domain name (FQDN) or
the domain your AD server resides, in which case a DNS SRV lookup is performed to determine the
FQDN.
address of your Active Directory (AD). The value can either be a fully qualified domain name (FQDN) or
the domain your AD server resides, in which case a DNS SRV lookup is performed to determine the
FQDN.
n
Kerberos realm: The realm configured in AD for Kerberos Authentication.
n
Kerberos KDC timeout: The maximum number of milliseconds to wait for a reply from the KDC.