Home > Communications > MC Network Administrator Guides > Directory Management > Active Directory Integration

Active Directory Integration



Active Directory Integration on the MC allows administrators to quickly and easily import and sync users from their corporate, on-premises Active Directory server. In addition to the administrators MC phone network, an MX Security Appliance will also be required onsite. With the Active Directory (AD)-based contact integration feature, the MX series uses the Microsoft Light Directory Access Protocol (LDAP) to connect to a Microsoft Domain Controller (DC) and discover the user groups and users in those groups. Administrators can use this feature to sync MC contacts with users and user attributes in these groups.


Supported Architecture


Active Directory integration for MC contacts requires an MX Security Appliance to be installed in the MC environment. The feature can only be supported in the following topology:

  • The Domain Controller is in a VLAN configured on the appliance
  • The Domain Controller is in a subnet for which a static route is configured on the appliance
  • The Domain Controller is accessible through the VPN from the MX.



Before the administrator can configure AD integration, various AD server parameters must be collected and added to Dashboard: 


  • Host: The IP address of the domain controller.
  • Admin Username: A domain administrator account that the MX can use to query the AD server.
  • Password: The password of the domain administrator account.
  • Base DN: Where to import MC users from in the Active Directory tree.
  • Gateway Network: The Meraki MX Security Appliance network. The AD server must be connected to a LAN port of this MX.
  • Number Mappings: Multiple phone numbers can be imported for each AD user depending on what numbers are populated for AD users.
  • Name Mapping
    • Single Field: AD administrators might chose to include the first name and last name in the displayName attribute if display names are different to actual names.
    • A combination of first name and last name: Allows the administrator to mix and match AD attributes to create customized MC contacts.
    • Use the single field if available, otherwise use the first and last name: Check whether the configured single field attribute is populated and if not, use the custom first and last name attributes to create an MC contact name




Protective mechanisms to guard against mass accidental deletion of MC contacts from the MC directory have been built into the AD integration feature. if a change to the Base DN is made and a sync mismatch exists between the MC directory and AD directory, contacts will be queued in the Marked for Deletion state for a week before any contacts are deleted from Dashboard.

Last modified



This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 6075

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community