Shoretel AD Integration

Hello,
We had this working fine but something has clearly changed. We think director was upgraded to 18.62.7800.0 which has broke AD integration.
I've re-read all the documents out there and tried the IIS, fix etc.
Before we just used LDAP://servername which worked fine and we can see and click show/sync buttons. They now are greyed out.
Ideas/suggestions?
Thanks
LVL 1
CHI-LTDAsked:
Who is Participating?
 
footechConnect With a Mentor Commented:
My authentication settings are the same as in the document.  All disabled except Windows Integrated.
0
 
footechCommented:
I'm using Build 19.41.5003.0.  I've got my LDAP string set to something like
LDAP://server.domain.com/OU=Users,OU=Org,DC=domain,DC=com
Haven't experienced any issues during before or after any upgrades.
0
 
CHI-LTDAuthor Commented:
Are you using a windows account in the Users OU with permission?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
CHI-LTDAuthor Commented:
and are you native 2008 r2 ?
0
 
footechCommented:
Using a Windows account for what?

Yes, we are 2008 R2 DFL and FFL.
0
 
CHI-LTDAuthor Commented:
to make the connection from director to AD.
0
 
footechCommented:
Unless I'm completely forgetting something, there is no account/setting for this purpose.

If you think there is, please point out exactly where this is set.
0
 
CHI-LTDAuthor Commented:
So we have a windows account (in our case) called 'shoreteldirector', of which is also a manually created account in director with the same name.  We have logged into director and windows with this account in order to enter the string LDAP path.
We also have delegated the director computer account the 2x domain controllers...
0
 
footechCommented:
It doesn't matter what account(s) you specify as having administrator permissions in ShoreTel Director.  They can be either AD users or not.  We have both types in our setup.
0
 
CHI-LTDAuthor Commented:
okay.  well i cannot get this to work whatsoever.
whats odd is that even through the 2x fields arent clickable, the windows auth (for communicator) works fine.
0
 
footechCommented:
I would check to make sure the ShoreTel server's membership to the domain is healthy (secure channel isn't broken).  I don't know if this would affect anything else.

Check your firewalls.  TCP 389 needs to be allowed.
I would start a network capture at the ShoreTel machine with traffic to/from the DCs, then try a "Show from AD" and see if the traffic is getting through.
0
 
CHI-LTDAuthor Commented:
Right, so wireshark is showing a bind success...
must be something else stopping the 2x buttons from showing...
0
 
footechCommented:
I just double-checked something.  It does look like when I log in as an admin user which is just a user defined in ShoreTel Director (not AD), that the AD buttons are grayed out.  I could swear I remember this working but honestly it's been so long since I used that account I could be wrong.  Logging in with my AD user allows me to use the buttons.
0
 
CHI-LTDAuthor Commented:
thats the thing, we now (for whatever reason) do not see the active directory option (on the right of the login page)
0
 
CHI-LTDAuthor Commented:
woudl you be able to send me your iis authentication method screren, as per http://customers.btxchange.com/Manuals/ShoreTel/ShoreTel%20Active%20Directory%20Integration.pdf

thansk
0
 
CHI-LTDAuthor Commented:
edit, think ive fixed it
0
 
CHI-LTDAuthor Commented:
mine wasnt!  i have anonymous enabled also.
The IE auth setting was also wrong.

thanks for help.
0
 
footechCommented:
Glad you got it worked out.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.