Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN-10233 June 2009



Similar documents
ShorePhone IP 8000 Conference Phone Configuration Guide

Application Note. IP8000 Conference Phone Configuration Guide. Table of Contents. Overview. Requirements. ST October 25, 2007

Security Assertion Markup Language (SAML) Site Manager Setup

Defender Token Deployment System Quick Start Guide

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

For Active Directory Installation Guide

IIS, FTP Server and Windows

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.

Delegated Administration Quick Start

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

Windows 7 Hula POS Server Installation Guide

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

NSi Mobile Installation Guide. Version 6.2

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

How To Set Up Chime For A Coworker On Windows (Windows) With A Windows 7 (Windows 7) On A Windows 8.1 (Windows 8) With An Ipad (Windows).Net (Windows Xp

HOTPin Integration Guide: DirectAccess

ShoreTel Converged Conferencing ShoreTel Converged Conferencing V5.6.2b Quick Start Guide

Using Internet or Windows Explorer to Upload Your Site

CA Nimsoft Service Desk

Publish Cisco VXC Manager GUI as Microsoft RDS Remote App

BusinessObjects Enterprise XI Release 2

Management Utilities Configuration for UAC Environments

QUANTIFY INSTALLATION GUIDE

ProxySG TechBrief LDAP Authentication with the ProxySG

ECA IIS Instructions. January 2005

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

CLEO NED Active Directory Integration. Version 1.2.0

NTP Software File Auditor for Windows Edition

Active Directory Integration

Configuring IBM Cognos Controller 8 to use Single Sign- On

Implementing a SAS Metadata Server Configuration for Use with SAS Enterprise Guide

Technical Note. Configuring Outlook Web Access with Secure WebMail Proxy for eprism

InfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x

Managing User Accounts

CA Unified Infrastructure Management Server

Managing User Accounts

Accessing the Media General SSL VPN

Integrating LANGuardian with Active Directory

ShoreTel Contact Center Using ShoreWare Agent Toolbar

Configure Single Sign on Between Domino and WPS

The cloud server setup program installs the cloud server application, Apache Tomcat, Java Runtime Environment, and PostgreSQL.

SolarWinds Technical Reference

How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

Entrust Managed Services PKI Administrator Guide

ShoreTel Enterprise Contact Center Using Agent Toolbar

Entrust Managed Services PKI

Virto Password Reset Web Part for SharePoint. Release Installation and User Guide

Using etoken for Securing s Using Outlook and Outlook Express

Using the DataDirect Connect for JDBC Drivers with the Sun Java System Application Server

ShoreTel & AMTELCO Infinity Console via SIP Trunking (Native)

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Quick Start Guide Using OneDisk with the Tappin Service

Install SQL Server 2014 Express Edition

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet

ShoreTel 13 Conferencing User Guide. Part Number

PRiSM Security. Configuration and considerations

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy

How to Install and Configure ArchiveOne Express

Client configuration and migration Guide Setting up Thunderbird 3.1

Using LifeSize systems with Microsoft Office Communications Server Server Setup

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

Configuring User Identification via Active Directory

Active Directory integration with CloudByte ElastiStor

ShoreTel Enterprise Contact Center 8 Using Agent Toolbar

APIS CARM NG Quick Start Guide for MS Windows

Table of Contents. Cisco Unable to Access Productivity Services from Services on Cisco IP Phone

OrgPublisher EChart Security

Active Directory Integration

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

File Auditor for NAS, Net App Edition

FirePass SSLVPN Client Software Deployment Guide For Windows Mobile 5 and 6 Devices MAN

Personal Call Manager. User Guide

LAB 1: Installing Active Directory Federation Services

How to Secure a Groove Manager Web Site

NT Authentication Configuration Guide

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

Enterprise Self Service Quick start Guide

Cloud Services ADM. Agent Deployment Guide

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

Citrix and Windows Servers

How to Connect to Berkeley College Virtual Lab Using Windows

MICROSOFT STEP BY STEP INTERACTIVE VERSION 3.0 ADMINISTRATION GUIDE

Creating a generic user-password application profile

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Setting and Checking LISTSERV www Interface Permissions Windows Server 2012 with IIS 8.x Last Updated: 20 Mar 2014

How to configure the DBxtra Report Web Service on IIS (Internet Information Server)

Installation Troubleshooting Guide

Multi-Tech FaxFinder IP

Single Sign On. Configuration Checklist for Single Sign On CHAPTER

FileMaker Server 14. FileMaker Server Help

Creating Home Directories for Windows and Macintosh Computers

User Management Guide

LDAP Authentication and Authorization

Transcription:

Application Note AN-10233 June 2009 ShoreTel 9: Active Directory Integration This application note outlines the configuration required to prepare a customer s Microsoft Active Directory environment for use with ShoreTel 9 or later. To effectively understand and implement this application note, the reader must have a working knowledge of both Microsoft Active Directory and ShoreWare Director. Integration checklist When a customer chooses to use the Microsoft Active Directory feature in ShoreTel 9 or later, they must have a fully functional Microsoft Active Directory deployment with a populated user database. Step 1 : Identify user as ShoreWare System Administrator From the Microsoft Active Directory administration console, identify (or create if required) the user in Microsoft Active Directory whose identity is to be associated with the system administrator role in ShoreWare Director. In the following example, a user with the login name of ittest1 will be a ShoreWare System Administrator. ShoreTel 9: Active Directory Integration Application Note AN-10233 Page 1

Please note that starting with ShoreTel 9.1, ShoreWare can be installed on the Windows 2008 Server. This version of the operating system introduced a new User Account Control (UAC) security configuration that causes problems with ShoreWare Director access for Microsoft Active Directory users configured as members of the local administrators group on the HQ server. Active Directory domain administrators and the default local administrator account are not affected and they can continue to access ShoreWare Director as they normally would. Two solutions are available to mitigate this problem: a) The ShoreWare Director desktop shortcut now provides the option to Run As Administrator for these users, so they will need to do this before launching Director. ShoreTel 9: Active Directory Integration Application Note AN-10233 Page 2

b) Alternatively, the system can be set up to always run the ShoreWare Director shortcut as an administrator by changing the configuration of the shortcut in the Advanced Properties dialog: Step 2: Defining Server for ShoreWare From the Microsoft Active Directory administration console, identify (or create if required), the server in Microsoft Active Directory that will act as the HQ Server for the ShoreTel system. Define the necessary delegation rights to this computer. On the HQ server computer, right click to select Properties, click the Delegation tab, make the appropriate radio button selections similar to the diagram below, then Add to bring up the Add Services window. Next, click Users or Computers to bring up the Select Users or Computers window, and fill in the name of the Domain Controller in the box of Enter the object name to select. ShoreTel 9: Active Directory Integration Application Note AN-10233 Page 3

Next, click the Check Names button to check the name, then click OK : now the Add Services window is populated with all the services, so select LDAP service. In this example, the server HQSERV is the ShoreWare HQ Server, defined as a trusted entity for the LDAP service with respect to the Domain Controller pacific. Step 3: Define system administrator in ShoreWare Director In ShoreWare Director, create the user to be associated with the user identified in Step 1, and assign that user with system administrative privileges. Make sure this user s Client User ID matches the Microsoft Active Directory User Logon Name. Note: as with previous ShoreWare releases, creating a user with system administrator privileges in ShoreWare Director will remove the default admin/changeme account. ShoreTel 9: Active Directory Integration Application Note AN-10233 Page 4

Step 4: Define LDAP path In ShoreWare Director, [System Parameters/Other], define the path to the Microsoft Active Directory server. This path defines both the domain controller and the scope of data that ShoreWare Director can access for user lookup. The path must be chosen with the customer s Microsoft Active Directory hierarchy in mind. Please note, the domain controller specified in Step 2 to define, the delegation trust relationship (in this case pacific ), should be specified in this step as well. Upon Save, a warning message is displayed that the LDAP path cannot be verified (which is normal) and the current ShoreWare Director admin login session will be terminated. At this point the ShoreTel system is enabled for Microsoft Active Directory integration, i.e., the ShoreWare Director no longer allows anonymous login. This is shown in Figure 1a. Figure 1a IIS screen (Windows 2003 Server) ShoreTel 9: Active Directory Integration Application Note AN-10233 Page 5

In Windows 2008, the IIS screen appears as shown in Figure 1b and 1c. Figure 1b IIS screen (Windows 2008 Server) Figure 1c IIS screen (Windows 2008 Server) ShoreTel 9: Active Directory Integration Application Note AN-10233 Page 6

Please note that at this point, the individual user ittest1 in ShoreWare Director is not yet configured as a Microsoft Active Directory User, i.e., Single Sign On for ittest1 is not yet available. Step 5: Login to ShoreWare Director and configure administrative user as Microsoft Active Directory User Launch a new IE browser window, access ShoreWare Director using the explicit IP address of the HQ server, e.g., http://192.168.1.1/shorewaredirector/login.asp, and the following prompt should appear: Authenticate with the user ittest1. The ShoreWare Login page will then display. ShoreTel 9: Active Directory Integration Application Note AN-10233 Page 7

Login with ittest1 and the password, and navigate to the User Edit page, and enable ittest1 as a Microsoft Active Directory user. Login with ittest1 and the password, and navigate to the User Edit page, and enable ittest1 as a Microsoft Active Directory user. Now ittest1 is a Microsoft Active Directory user. Log off from ShoreWare Director. From this point on, Single Sign On is available for ittest1. The user ittest1 will automatically be logged in upon accessing ShoreWare Director using a URL such as: http://hqserv/shorewaredirector/login.asp Please note that different URL formats may require authentication: http://hqserv/shorewaredirector/login.asp http://hqserv.mydomain.com/shorewaredirector/login.asp http://192.168.1.1/shorewaredirector/login.asp In the above example, the first format is considered Local Intranet, while the second and third format are of the type Internet. ShoreTel 9: Active Directory Integration Application Note AN-10233 Page 8

With the ShoreWare administrator now being a Microsoft Active Directory User, the option to fetch user properties from Microsoft Active Directory is now available. The Show From AD button fetches the attributes of user domain\ittest1. Issue Author Reason for Change Date 1.0 Dieter Rencken Initial Release April 9, 2009 2.0 Dieter Rencken Updated with Windows 2008 Server information June 23, 2009 To receive regular updates and news on ShoreTel products, email shorecareadmin@shoretel.com 960 Stewart Drive Sunnyvale, CA 94085 USA Phone +1.408.331.3300 +1.877.80SHORE Fax +1.408.331.3333 www.shoretel.com Copyright 2009 ShoreTel. All rights reserved. ShoreTel, the ShoreTel Logo, ShoreCare, ShoreGear, ShoreWare, ShorePhone, ControlPoint and Office Anywhere are trademarks or registered trademarks of ShoreTel, Inc. All other marks are the property of their respective owners. Specifications are subject to change without notice. AN-10233

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information