Active Directory (AD) is a Windows Directory Service that provides a central
repository to manage network resources. Unified ICM uses AD to control users'
access rights to perform setup, configuration, and reporting tasks. AD also
grants permissions for different components of the system software to interact;
for example, it grants permissions for a Distributor to read the Logger
provides details of how the system software uses AD.
does not provide detailed information on AD. Unified ICM administrators must be
familiar with the Microsoft AD documentation on the
Server web site.
This guide uses
the term “Unified ICM” to generically refer to Unified Contact Center
Enterprise/Hosted (Unified CCE/CCH) and Cisco Unified Intelligent Contact
Versions Supported by Unified ICM
Use the existing AD functionality in your network to control access to
Unified ICM functions by co-locating Unified ICM in an existing Windows domain
(except the domain controller). Control access to functions in an existing Windows domain, including the
corporate domain, and utilize the AD functionality your network already
supports. Decide where to place the collocate
resources in your Organizational-Unit (OU) hierarchy.
The OU hierarchy allows you to define a consistent set of
permissions for users to perform configuration, scripting, and
You can grant these privileges to any trusted AD user.
Unified ICM uses AD
to control permissions for all users so that administrators do not need to
enter redundant user information. Unified ICM relies on AD for setup,
configuration, and reporting permissions; User List tool use is reduced.
Standard Windows Naming Conventions
AD supports standard Windows naming conventions. There are no specific
naming requirements for the Unified ICM usernames or the domain name.
Active Directory and
& Hosted supports Active Directory on Windows Server. Unified ICM/CCE &
Hosted does not support Read Only Domain Controller (RODC) in its deployments.
Active Directory Domain Services form the core area for
authentication of user configuration information and also hold
information about objects stored in the domain.
The Unified ICM/CCE
& Hosted application user must be authenticated if the client machines are
connected to RWDC.
& Hosted must be able to perform the LDAP read operation successfully when
the client is connected to RWDC. LDAP Read operations happen when Unified
ICM/CCE & Hosted Configuration applications read the data from the Active
Directory. Unified ICM/CCE & Hosted issues LDAP ADSI calls to perform this.
& Hosted must be able to perform the LDAP Write operation successfully when
the client is connected to a RWDC. LDAP Write operations occur when Unified
ICM/CCE & Hosted Configuration applications issue LDAP ADSI calls to write
the data to the Active Directory.
& Hosted must be able to change the password for the Unified ICM/CCE &
Hosted users through the Configuration application when the clients are
connected to RWDC.
ICM/CCE & Hosted does not use the Windows Server LDAP library, the calls by
default reach only the RWDC and not the RODC, even if the Unified ICM/CCE &
Hosted components are connected to RODC. In addition, because all the writable
requests route to RWDC through referrals from the RODC, there could be a
considerable amount of efficiency impact. This causes Unified ICM/CCE &
Hosted operations to slow when connected to RODC. Therefore, considering this
impact, Unified ICM/CCE & Hosted does not support RODC in its deployments.
Directory Domain Services
was no provision to restart Active Directory separately. As a part of this new
enhancement, you can stop and restart the Active Directory Domain Services
without restarting the domain controller.
appropriate error messages are not shown because we do not check the running of
Active Directory Domain Services and its dependent services before performing
the Active Directory related operations.
ICM/CCE & Hosted does not use the Windows Server LDAP library, no error
displays when you restart Active Directory Domain Services.