Staging Guide for Cisco Unified ICM/Contact Center Enterprise & Hosted, Release 10.0(1)
Active Directory for Unified ICM/CCE and Hosted
Downloads: This chapterpdf (PDF - 1.12MB) The complete bookPDF (PDF - 4.21MB) | The complete bookePub (ePub - 1.21MB) | Feedback

Active Directory for Unified ICM/CCE and Hosted

Active Directory for Unified ICM/CCE and Hosted

Active Directory for Unified ICM/CCE and Hosted

Microsoft Windows Active Directory (AD) is a Windows Directory Service that provides a central repository to manage network resources. Unified ICM uses AD to control users' access rights to perform setup, configuration, and reporting tasks. AD also grants permissions for different components of the system software to interact; for example, it grants permissions for a Distributor to read the Logger database.

This document provides details of how the system software uses AD.


Note


This document does not provide detailed information on AD. Unified ICM administrators must be familiar with the Microsoft AD documentation on the Microsoft Windows Server web site.

Note


This guide uses the term “Unified ICM” to generically refer to Unified Contact Center Enterprise/Hosted (Unified CCE/CCH) and Cisco Unified Intelligent Contact Management Enterprise/Hosted.


Active Directory Versions Supported by Unified ICM

Unified ICM supports AD for Windows Server.

For detailed information on supported platforms for Unified ICM, see the Virtualization for Unified CCE and the Compatibility Matrix for Unified CCE pages on the DocWiki.

Benefits of Active Directory

Support for Corporate Domain Installations

Use the existing AD functionality in your network to control access to Unified ICM functions by co-locating Unified ICM in an existing Windows domain (except the domain controller). Control access to functions in an existing Windows domain, including the corporate domain, and utilize the AD functionality your network already supports. Decide where to place the collocate resources in your Organizational-Unit (OU) hierarchy.

Related References

No Domain Administrator Requirement

You only need to be a local machine administrator to belong to the setup group for any VM for which you are installing a component.

You can determine which users in your corporate domain have access rights to perform specific tasks with the Domain Manager.

Related Information

Flexible and Consistent Permissions

The OU hierarchy allows you to define a consistent set of permissions for users to perform configuration, scripting, and reporting tasks.

You can grant these privileges to any trusted AD user.

Streamlined Administration

Unified ICM uses AD to control permissions for all users so that administrators do not need to enter redundant user information. Unified ICM relies on AD for setup, configuration, and reporting permissions; User List tool use is reduced.

Standard Windows Naming Conventions

AD supports standard Windows naming conventions. There are no specific naming requirements for the Unified ICM usernames or the domain name.

Active Directory and Windows Server

Unified ICM/CCE & Hosted supports Active Directory on Windows Server. Unified ICM/CCE & Hosted does not support Read Only Domain Controller (RODC) in its deployments.

Active Directory Domain Services

Active Directory Domain Services form the core area for authentication of user configuration information and also hold information about objects stored in the domain.

RWDC Authentication

The Unified ICM/CCE & Hosted application user must be authenticated if the client machines are connected to RWDC.

RWDC LDAP Read

Unified ICM/CCE & Hosted must be able to perform the LDAP read operation successfully when the client is connected to RWDC. LDAP Read operations happen when Unified ICM/CCE & Hosted Configuration applications read the data from the Active Directory. Unified ICM/CCE & Hosted issues LDAP ADSI calls to perform this.

RWDC LDAP Write

Unified ICM/CCE & Hosted must be able to perform the LDAP Write operation successfully when the client is connected to a RWDC. LDAP Write operations occur when Unified ICM/CCE & Hosted Configuration applications issue LDAP ADSI calls to write the data to the Active Directory.

RWDC Password Change

Unified ICM/CCE & Hosted must be able to change the password for the Unified ICM/CCE & Hosted users through the Configuration application when the clients are connected to RWDC.

Read-Only Domain Controller

Because Unified ICM/CCE & Hosted does not use the Windows Server LDAP library, the calls by default reach only the RWDC and not the RODC, even if the Unified ICM/CCE & Hosted components are connected to RODC. In addition, because all the writable requests route to RWDC through referrals from the RODC, there could be a considerable amount of efficiency impact. This causes Unified ICM/CCE & Hosted operations to slow when connected to RODC. Therefore, considering this impact, Unified ICM/CCE & Hosted does not support RODC in its deployments.

Restartable Active Directory Domain Services

Previously, there was no provision to restart Active Directory separately. As a part of this new enhancement, you can stop and restart the Active Directory Domain Services without restarting the domain controller.

Currently, appropriate error messages are not shown because we do not check the running of Active Directory Domain Services and its dependent services before performing the Active Directory related operations.

Because Unified ICM/CCE & Hosted does not use the Windows Server LDAP library, no error displays when you restart Active Directory Domain Services.