CUCM LDAP Sync Based on User Group

If you don't want CUCM to sync your entire LDAP directory, you will need to use a LDAP Custom Filter.  This filter can be used to sync based on AD Security Group. The filter is:

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)) (memberOf=CN=Demo Security Group,OU=SecondOU,OU=FirstOU,DC=DomainName,DC=com))

With this example, the name of my AD Security Group is: Demo Security Group. Then, you must specify the entire LDAP location string of that security group.  My example would be:

-DomainName.com
--FirstOU
---SecondOU
----Demo Security Group

This will allow you to only sync users to CUCM that are members of the Demo Security Group.