Write back to Active Directory LDAP#

For Microsoft Active Directory LDAP Servers, and option is available to enable write back as a part of the Quick Add Subscriber process: both Quick Add Subscriber for Unified CM and Microsoft Quick Subscriber.

To use this feature, the following are requirements:

  1. At the required hierarchy for the LDAP Server:

    1. Server Type is microsoft_active_directory.

    2. Port is 636.

    3. Encryption Method is Use SSL Encryption.

    4. Enable Write Operations is enabled.

  2. Add an LDAP User Sync instance at the required hierarchy:

    1. Select the relevant LDAP Server.

    2. Select a LDAP Write Back Template - see: LDAP Write Back Template.

    3. If the LDAP Write Back Only checkbox is enabled, users are only synced in for write-back purposes and other user updates are not carried out.

      This should only be used for a Microsoft Only type scenario where users are being synced in initially from MS365 or MSTeams and the LDAP Write Back option is configured to write back to Active Directory for the purpose of Syncing to Azure.

    At the end of the Quick Add Subscriber workflow, write-back is then carried out for target model type device/ldap/user using this LDAP User Sync instance.

  3. When saving LDAP User Sync, a Data Sync instance is created that applies when a sync is carried out from Sync & Purge > LDAP Users.

  4. When Quick Add Subscriber or Microsoft Quick Subscriber is run, the LDAP user is updated in accordance with the LDAP write-back template.

LDAP Write Back Template#

An LDAP Write Back Template is a configuration template for target model type device/ldap/user that contains named macros that will be applied during write-back when the Quick Add Subscriber or Microsoft Quick Subscriber task is carried out.

For example, the following macros can be used in the Configuration Template selected in LDAP Write Back Template.

  • LDAP username: {{macro.DISPLAY_GET_USERNAME}} - writes back username

  • LDAP user first name: {{macro.DISPLAY_NAME_GET_FNAME}} - writes back user first name

  • LDAP user last name: {{macro.DISPLAY_NAME_GET_LNAME}} - writes back user last name

  • Telephone Number: {{macro.DISPLAY_GET_FIRST_LINE}} - write back the first line added to a subscriber when running Quick Add Subscriber.

  • Telephone Number: {{macro.DISPLAY_GET_FIRST_LINE_E164}} - write back the first E164 line added to a subscriber when running Quick Add Subscriber.

Note

  • When writing back to Active Directory for the purpose of syncing to Microsoft Entra ID for Microsoft Teams provisioning, the LDAP Authentication Attribute on the LDAP User configuration must be to userPrincipalName and the Username mapping on the User Field Mapping page must be set to userPrincipalName for the specific LDAP Server.

  • The configuration template is automatically created for each LDAP Server; at the same level of the hierarchy as the LDAP server when Enable Write Operations is set to True. There can only be one Write Back configuration template per LDAP Server.