Implementing Active Directory Integration with ShoreTel 11
October 16th, 2010
Historically I have recommended that the ShoreTel server not be a computer in your domain. To many times, an Active Directory administrator will create a new Group Policy and forget about the ShoreTel user account. The end result is a down ShoreTel server and a call to TAC support! I still feel strongly about this, but you can still integrate Active Directory authentication for your ShoreTel users.
Generally, ShoreTel users do not actually log in and log out of their Call Managers, or their Communicators as ShoreTel has renamed them in Version 11. Most implementations have the ShoreTel desktop application launched automatically when the user starts up their desktop computers. Most users do not even know that they are in fact logging into ShoreTel. Active Directory administrators however, most certainly know that a login has occurred. With ShoreTel 11 Active Directory integration has matured and the reasons for implementing active directory user authentication are increasingly more obvious. For example, now that ShoreTel has a complete Call Manager application running within your favorite internet browser, users will become aware that they are logging in as they will need to provide credentials each time they access the web application (see previous video this subject).
ShoreTel Active Directory integration is relatively straight forward, stress-free integration. Once implemented, ShoreTel system administrators have the opportunity to determine which users will require AD authentication as it is possible, using this integration that they can remain authenticated by the ShoreTel directory system. The Version 11 web based Call Manager, for example, provides two links: one for the ShoreTel authentication and one for AD authentication. It is important that you first create a user in ShoreTel that has both ShoreTel administration privileges and an AD user account in your domain. You will also need to have the LDAP directory URL for your domain.
For those of us that are not Microsoft wizards, you might need some help locating the LDAP directory URL. We were able to locate a tool from Softerra that can be of great help in searching your AD for user information. You can locate this very useful tool at http://www.softerra.com/portfolio_ldap-browser.htm and you can download a free versions. Once in ShoreTel Director you will navigate to System Parameters and to the Option page. Check the enable box and enter your AD LDAP URL and your are done. The next time you login to ShoreTel you will use your Active Directory credentials. You will notice that the Shoreware Directory login screen has changed, and each of your user accounts has a new field for Active Directory login credentials that can be synchronized with your domain based LDAP directory. The video clip shows you how this process is executed. As always we welcome your feedback!