Requirements for Directory Connector
Windows and Active Directory Requirements
You can install Directory Connector on these supported Windows Servers:
-
Windows Server 2022
-
Windows Server 2019
-
Windows Server 2016
-
Windows Server 2012 R2
-
Windows Server 2012
-
Windows Server 2008 R2
-
Windows Server 2003
![]() Note |
To address a cookie issue, we recommend that you upgrade your domain controller to a release that contains the fix—Windows Server 2012 R2 or 2016. |
Directory Connector is supported with the following Active Directory services:
-
Active Directory 2016
(Directory Connector is supported when using the latest version of Active Directory on Windows Server 2019)
-
Active Directory 2012
-
Active Directory 2008 R2
-
Active Directory 2008
Note the following additional requirements:
-
Directory Connector requires TLS1.2. You must install the following:
-
.NET Framework v3.5 (required for the Directory Connector application. If you run into any issues, use the directions in Enable .NET Framework 3.5 by using the Add Roles and Features Wizard.)
-
.NET Framework v.4.5 (required for TLS1.2)
-
-
Active Directory forest functional level 2 (Windows Server 2003) or higher is required. (See What Are Active Directory Functional Levels? for more information.)
Hardware Requirements
You must install Directory Connector on a computer with these minimum hardware requirements:
-
8 GB of RAM
-
50 GB of storage
-
No minimum for the CPU
Network Requirements
If your network is behind a firewall, ensure that your system has HTTPS (port 443) access to the internet.
Webex Organization Requirements
-
To access the Directory Connector software from Control Hub, you require a Webex organization with a trial or any paid subscription.
-
(Optional) If you want new Webex App user accounts to be Active before they sign in for the first time, we recommend that you do the following:
-
Add, verify, and optionally claim domains that contain the user email addresses you want to synchronize into the cloud.
-
Do a single sign-on (SSO) integration of your Identity Provider (IdP) with your Webex organization.
-
Suppress automatic email invites, so that new users won't receive the automatic email invitation and you can do your own email campaign. (This feature requires the SSO integration.)
-
![]() Note |
For more information, see User Statuses and Actions in Control Hub. |
Installation Requirements
-
For a multiple domain environment (either single forest or multiple forests), you must install one Directory Connector for each Active Directory domain. If you want to synchronize a new domain (B) while maintaining the synchronized user data on another existing domain (A), ensure that you have a separate supported Windows server to install Directory Connector for domain (B) synchronization.
-
For sign in to the connector, we do not require an administrative account in Active Directory. We require a local user account that is the same user as an full admin account in Control Hub.
This local user must have privileges on that Windows machine to connect to the Domain Controller and read Active Directory user objects. The machine login account should be a computer administrator with privileges to install software on the local machine. (This information also applies to a Virtual Machine login.)
-
While signing in to the connector, the sign-in account must be the same as the full admin account for Control Hub. By default, the connector uses the local system account to access Active Directory. However, you can use Windows services to configure another account to access Active Directory. (This information also applies to a Virtual Machine login.)
-
Make sure that Windows Safe dynamic link library (DLL) search mode is enabled by using this procedure: Check SafeDllSearchMode in Windows Registry.
-
If you use AD LDS for multiple domains on a single forest, we recommend that you install Directory Connector and Active Directory Domain Service/Active Directory Lightweight Directory Services (AD DS/AD LDS) on separate machines.
Multiple Domain Requirements
Before you follow the tasks in Cisco directory connector Deployment Task Flow, keep the following requirements and recommendations in mind if you're going to synchronize Active Directory information from multiple domains into the cloud:
-
A separate instance of Directory Connector is required for each domain.
-
The Directory Connector software must run on a host that is on the same domain that it will synchronize.
-
We recommend that you verify or claim your domains in Control Hub. (See Add, Verify, and Claim Domains.)
-
If you want to synchronize more than 50 domains, you must open a ticket to get your organization moved to a large org list.
-
If desired, you can synchronize room resource information along with user accounts. (See Synchronize On-Premises Room Information to the Webex Cloud.)
Active Directory Group Recommendations for Automatic License Assignment
Active Directory groups are used to collect user accounts, computer accounts, and other groups into manageable units. Working with groups instead of with individual users helps simplify network maintenance and administration.
There are two types of groups in Active Directory:
-
Distribution groups—Used to create email distribution lists.
-
Security groups—Used to assign permissions to shared resources.
Consider the following guidelines when creating groups in Active Directory:
-
Create a global group for each role, department or service (such as Sales, Marketing, Managers, Accountants, Webex Licensing, and so on).
-
Use standard naming conventions across your organization to make it easy to identify important information about a group. Group names can include details about the group, such as the level of access, type of resource, level of security, group scope, mail capability, and so on. for example, the group name “GSG_Webex_Licensing_EMEAR” refers to a Global Security Group for Webex Licensing EMEAR users.
-
Organize groups in an easy-to-understand way, such as by geography or managerial hierarchy. Use group descriptions to completely describe the purpose of the group.
-
Before adding users to newly provisioned groups, define the Auto License Group Template in Control Hub for those groups. See Set Up Your Automatic License Assignment Template for more information.