Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 3 – Active Directory structure
Appendix 3 – Active Directory structure
The diagram below shows an example Active Directory tree structure for corporation.int:
corporation.int
useraccounts groups
region2
vcs_user
vcs_admin_rw
vcs_admin_ro vcs_auditor
region1
marketing
sales
it
systems
member1
member2
memberN
vcs
j.smith p.brown r.ladd
Part of the Cisco VCS configuration required for connecting to an LDAP server includes the
specification of a set of distinguished names (DNs). DNs comprise the following elements:
cn
specification of a set of distinguished names (DNs). DNs comprise the following elements:
cn
common name (leaves of the tree – usually, see Note below)
ou
organizational unit (branches)
dc
domain content (top of tree)
These elements are listed in a single line as comma separated values. No space should be placed
immediately before or immediately after the comma, but spaces are valid within the common names,
organizational unit names and domain content names.
immediately before or immediately after the comma, but spaces are valid within the common names,
organizational unit names and domain content names.
Using this example Active Directory structure you would define the VCS bind DN as:
cn=vcs,ou=systems,ou=region1,ou=useraccounts,dc=corporation,dc=int
To support region 1 staff, the Base DN for accounts would be:
ou=region1,ou=useraccounts,dc=corporation,dc=int
To support worldwide staff, the Base DN for accounts would be:
ou=useraccounts,dc=corporation,dc=int
The Base DN for groups would be:
ou=groups,dc=corporation,dc=int
VCS Deployment Guide: Authenticating VCS accounts using LDAP (VCS X5.1)
Page 14 of 21