5.5, Active Directory, VMware

Integrate VMware vCenter Single Sign-On (SSO) with Active Directory

Single Sign-On (SSO) is a part of vCenter Installation and important step in Authentication and Authorization
once you install vCenter you would have a “vSphere.local” Domain in your server, it would be better if you could integrate your existing Microsoft Active Directory (AD) environment with your organizational structure of groups and users.

So before we start with the configuration i will login with my Domain User and check that i can see anything (vCenter, Datacenter or Hosts)
And as you can see under my vCenter there is nothing of my Datacenter or Hosts
So to start as my luck i added my server to a domain already in my Earlier Blog
so to complete the steps here and add give permission to users
Go to Administrator – Single Sign-on – users and groups
so to give a permission for my self
From drop down i can change the “vsphere.local” to “mynaghi.com”
i put in the search my name so it will not list the whole organization
and if you go under Adminstration – Single Sign-on – Configuration – identity Sources

you see from were you get your configuration
for my case i already added my server to the domain4
so to configure the user and give him access so in Home Page
vCenter – vCenter Servers – Then Select the VC-CCIEROOT.Mynaghi.com
then click on “Manage Tab” – Permission – +
Select the Assigned role as Administrator
I change the Domain to “Mynaghi” and in the Search bar i put my name and Click Add 7
Now I press OK8
As you can see now it show under the permissions9
Now let me login using my Domain Username & Password again
and as you can see i can see under the vCenter my vCenter Servers, My Data Center and My Hosts11





Configure DHCP on Windows

In Earlier post i Show you how to add a DHCP on IOS Router with Option 150 to provide the TFTP IP Address for the IP Phone https://ccieroot.com/2016/03/10/configure-dhcp-on-ios/

Today i will show you how to configure a DHCP it in Windows Server 2008
First in Server Manager i go to Roles and Add New Roles

2I Choose DHCP Server3

Define the DNS4
Define the DHCP Scope5
Define the Credentials for Authorize the DHCP6
Last is the Installation Confirmation7
Now when i start the DHCP it will show an Arrow Sign to Down
I Have to Authorize it
and Like that the DHCP is ready
Since this Scope will support Both Data and VOIP i should add a new option 150 to support the phone and provide them  with their TFTP IP Address
First go to IPv4 and Set Predefined Option
Add the New option
Name: Cisco
Data Type: IP Address
Check Mark on Array
Description:Cisco IP Phone
Now Right Click on your Scop and Choose Configure options15
Check Mark on the Option that you Add and Select the Write the IP Address of your TFTP
in out Case it’s which is our Publisher
Now Define a VLAN in the Core Switch17
and configure a Veritual  Interface for the Same Vlan and Define the DHCP by the Command “IP Helper-Address”
Last Configure the Port were the User PC and IP Phone is Connected
Now COnfirm the PC is taking the IP Address from the Same VLAN


And Also the IP Phone is taking the Correct IP Address and VLAN and the TFTP ConfigurationPhoto Mar 10, 6 47 40 PMPhoto Mar 10, 6 48 52 PM

Photo Mar 10, 7 35 04 PM.jpg

Active Directory, CUCM

CUCM integration with Active Directory

When you first finish installing the CUCM the Call Manager use it’s own LDAP Directory of End Users which is nice to use, but in case you work in a company with more than 1000 people it’s insane to add them all. so the preferred way is to integrate CUCM with a corporate LDAP weather it was Linux, OS or Windows. in our case i will show you how to integrate CUCM with Windows Active Directory

from Windows Side all what you need is a user with Administrator Right so you will be able to access the Active Directory

now back to CUCM

first activate the service that help you to Sync Between LDAP and CUCM



Then Go to Cisco Unified CM Administration > System > LDAP > LDAP System to identify what type of LDAP









Check the Box to Enable Sync from the LDAP Server








Now Go Click on System > LDAP > LDAP Directory and click Add New

in this example the Active Directory is my Domain CCIEROOT.COM
the admin user is : aysar.mohamed@ccieroot.com and i put the password for the authenticate with the LDAP
my LDAP Search Base is where i save the user it could be simple as under users. in my case i sync all the user in my domain

and my LDAP ip address is





















Click on System > LDAP > LDAP Authentication. This will authenticate CUCM End Users using Active Directory instead of the embedded CUCM directory.














at this point your CUCM is ready to Sync so go back to System > LDAP > LDAP Directory and Perform Full Sync10




After performing the synchronization the users which were created in Active Directory are now appearing in the CUCM End User



Open one of the users





That is it

Note. for the users that been created on the CUCM before the Sync they will be Disabled. to Solve this issue you need to create users for them in the LDAP Directory and Sync again and they will be hilighted.