Active Directory Integration

Overview

The Active Directory (AD) integration connects the Virtual-Call Cloud PBX with your organization's on-premises Microsoft Active Directory. Once configured, it provides one-way synchronization of AD users, organizational units, and groups to the PBX—automatically creating and managing extensions and allowing synced users to log in to the Virtual-Call UC Client using their AD domain credentials.

This integration is ideal for organizations running an on-premises Windows Server Active Directory environment that want to centrally manage their phone system users without duplicating data entry.

What the Integration Provides

• User Synchronization: Users, organizational units (OUs), and groups from Active Directory are synchronized to the Cloud PBX. Extensions are created and assigned automatically for synced users.
• Automatic Extension Management: When a new user is added to Active Directory, their PBX extension is automatically created. When a user is removed or disabled in AD, their extension can be automatically deleted.
• AD Domain Login: Synced users can log in to the Virtual-Call UC Client using their AD domain account credentials, without needing a separate PBX password.
• One-Way Sync: Changes made in Active Directory (name, email, organizational unit) are automatically reflected in the PBX at the next synchronization interval.

Prerequisites

• A Windows Server Active Directory environment reachable from the internet (or via a secure tunnel)
• An AD domain account with read access to the directory—the account's credentials must be entered as a Distinguished Name (DN) or User Principal Name (UPN)
• The AD account must have sufficient permissions to read user, group, and OU information from the desired directory scope
• Administrator access to the Virtual-Call Cloud PBX web portal

Setup Overview

The integration is configured entirely within the Cloud PBX web portal. You will need the connection details of your Active Directory domain controller.

Part 1: Connect the PBX to Active Directory

1. Log in to the Cloud PBX web portal as an administrator.
2. Go to Integrations > Active Directory.
3. Enter your AD connection details:
   • Server Address: The IP address or hostname of your AD domain controller
   • Port: Typically 389 (LDAP) or 636 (LDAPS, for encrypted connections)
   • Username: The Distinguished Name (DN) or User Principal Name (UPN) of the AD account used for directory access (e.g., CN=svc-pbx,OU=ServiceAccounts,DC=example,DC=com)
   • Password: The password for the above account
   • Base DN: The starting point in your directory tree for the sync scope (e.g., DC=example,DC=com)
4. Click Test Connection to verify that the PBX can reach your AD server and authenticate successfully.
5. Click Save.

Part 2: Configure the Synchronization Scope

1. Under User Synchronization, specify which users to import:
   • All Users: Synchronize all users found under the Base DN
   • Specific OUs or Groups: Limit the sync to one or more organizational units or security groups
2. Configure the Extension Assignment Rule to define how PBX extension numbers are assigned to synchronized users (e.g., automatic sequential numbering, or mapped from an AD attribute).
3. Optionally, configure the Auto-Delete setting to automatically remove a user's PBX extension when they are disabled or deleted in Active Directory.
4. Click Save.

Part 3: Run the First Synchronization

1. Click Sync Now to trigger the initial synchronization.
2. The PBX will connect to your Active Directory, retrieve the configured users, and create their extensions.
3. Review the sync log to confirm all users were imported correctly.

After the initial sync, subsequent synchronizations run automatically at regular intervals. Any changes in Active Directory will be reflected in the PBX accordingly.

AD Domain Login for UC Client

Once users are synchronized, they can use their AD domain account to log in to the Virtual-Call UC Client:

• On the UC Client login screen, select Domain Account Login (or similar, depending on the client version).
• Enter the AD username (UPN format, e.g., user@example.com) and the AD password.
• The PBX will authenticate the credentials against Active Directory and log the user in.

New Features from Version 84.23.0.24

Avatar Synchronization

A new mapping field Avatar is now available in the synchronization configuration. When enabled, user avatars are automatically synced from Microsoft Active Directory to the PBX extensions.

Direct Editing of Synced Extensions

Extension information of synced users can now be edited directly on the PBX. If you disable the mapping for specific fields, the corresponding information will no longer be synchronized and can be adjusted manually.

Troubleshooting

• Test Connection fails.
  Verify the server address, port, and account credentials. Ensure your AD domain controller is reachable from the PBX (check firewall rules). If using LDAPS (port 636), ensure the server's SSL certificate is valid.
• Only some users are synchronized.
  Check the base DN and synchronization scope configuration. Users outside the specified OU or group will not be included. Verify the service account has read access to all relevant OUs.
• Extensions are not being created automatically.
  Review the extension assignment rule configuration. Ensure there are available extension numbers in the configured range.
• AD domain login fails for users.
  Ensure the user's AD account is enabled and not locked. Confirm the UPN format is used for login. Check that the user was successfully synchronized (visible in the PBX user list).