ShoreTel AD integration is pretty simple, just a couple of important steps to remember:
To use AD integration, check "Enable AD Integration" under System Parameters -> Other
ShoreTel is a top-level LDAP reader, so you do not need to specify certain OUs. Your LDAP string should look like this:
At least one system administrator account has to be AD enabled for ShoreTel to use and perform LDAP lookups. To use the "Test" or "Sync" buttons on an AD enabled user, you must be logged in with an administrator account that is AD enabled.