Active Directory Integration with ShoreTel

Integrating with Microsoft Active Directory is simple and quickly accomplished in ShoreWare Server 11Rather than use the ShoreTel internal directory to authenticate users you can use the Active Directory. Any changes in Active Directory will synchronize with ShoreTel and you can bulk provision accounts. With ShoreTel Active Directory Integration enabled, access to Communicator is available to all system users, including those without domain accounts or not configured as ShoreTel AD users. However, users are not required to re-enter their username or password each time they open ShoreTel Communicator. Active Directory integration is off by default in ShoreTel Server version 11. Once enabled, only users with Administrative privileges can log into ShoreWare Director. Before you go into System Parameters and edit them to turn on the integration, it is critical that you ensure you have a user defined in ShoreTel with administrator rights that also has an account in Active Directory or you will be unable to log in.

This is accomplished in ShoreWare Director through System Parameters > Administrative Permissions then creating a new administrator. The drop down menu will allow you to select System Administrator as the role. To complete the integration, you will need your LDAP directory URL. LDAP URL names begin with LDAP:// and are followed by the server and a modified DN that identifies the object (the ShoreTel directory needs to know in which container to find your users on the Active Directory so it will sync correctly). Enabling AD is a simple matter of going to the System Parameters and scrolling to the menu option ‘Other,’ once the checkbox has been selected and the LDAP URL is inserted, the software will bring up a warning and will log off the current session. To log back into Director you will use AD credentials. Once Microsoft Active Directory integration is turned on there are several changes to the view:

The log in interface for Director is different and has options for logging into the ShoreTel directory or Active Directory; The client Name, User ID and Password in Director is grayed; Each user will have a field that shows their AD User ID and buttons to show and sync AD information; The new AD field has a checkbox that identifies a user as an AD user. If it is not selected, that user is not in the Active Directory and is solely a part of the ShoreTel directory.