This document describes the relationship between the Unified Contact Center Enterprise (UCCE) service accounts on the distributor server and the Active Directory (AD) Security groups.
Unified Intelligent Contact Manager (ICM) and UCCE services, such as Logger or Distributor, execute under the context of a domain user account commonly known as a service account. The Service Account Manager (SAM) tool handles creation and maintenance of service accounts.Web Setup uses the SAM command line interface in order to silently create service accounts.
What is the relation between UCCE Distributor Service Account and Active Directory user group?
During Administrative Workstation (AW) installation, the websetup adds the config, service, and setup user groups to the Microsoft SQL Server (SQL) as Figure 1 shows. These are actually user groups in AD.
If you go to the Service Account Manager and click Edit Service Account, you can find the actual user UCCEUCCEDistributorW2K8SPRWLRA which the distributor uses in order to login to SQL. See Figure 2.
Note: Cisco recommends you not change the password from Windows Service Manager as the service account is auto created and it is an AD user. Use SAM in order to edit the user account as this also updates AD when you check the Update Active Directory checkbox.
Active Directory Users and Computers shows that UCCEUCCEDistributorW2K8SPRWLRA is a member of the service security group. See Figure 3.
The users are put into the correct user groups by websetup. Alternatively you can run SAM later in order to fix the group membership or edit the service account.
As Figure 2 shows, the Windows service account name is UCCE.COM\UCCE-DISTRIB-54C4574. The actual username is found in the SAM and is UCCEUCCEDistributorW2K8SPRWLRA.
This user is an AD user and a member of the Service security group. The service security group has SQL access under the same name (geotel dbadmin role).
This explains how the distributor uses the AD user group in order to login to SQL. The same user relationship applies for logger service accounts as well.
Note: The recreation of awdb has no effect on SQL users. The users are recreated from scratch if you remove the Distributor and add again with websetup.