CUCM LDAP Sync Based on User Group

If you don’t want CUCM to sync your entire LDAP directory, you will need to use a LDAP Custom Filter.  This filter can be used to sync based on AD Security Group.  The filter is:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)) (memberOf=CN=Demo Security Group,OU=SecondOU,OU=FirstOU,DC=DomainName,DC=com))

With this example, the name of my AD Security Group is: Demo Security Group.  Then, you must specify the entire LDAP location string of that security group.  My example would be:

-DomainName.com
–FirstOU
—SecondOU
—-Demo Security Group

Cisco Mobile and Remote Access via Expressway

Deployed Cisco Expressway C & E for a CUCM deployment, and these guides were useful:

Installing the VM on vSphere:
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/install_guide/Cisco-Expressway-Virtual-Machine-Install-Guide-X8-1.pdf

Configuration and Deployment Guide:
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-2/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-2.pdf

Administrator Guide:
http://www.cisco.com/en/US/docs/voice_ip_comm/expressway/admin_guide/Cisco-Expressway-Administrator-Guide-X8-1.pdf

Cluster Creation Guide:
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Cisco-Expressway-Cluster-Creation-and-Maintenance-Deployment-Guide-X8-1.pdf