You must install Cisco Directory Connector on a computer with these minimum hardware requirements:

• 8 GB of RAM

• 50 GB of storage

• No minimum for the CPU

If your network is behind a firewall, ensure that your system has HTTPS (port 443) access to the internet.

• To access the Cisco Directory Connector software from Cisco Webex Control Hub, you require a Cisco Webex organization with any paid subscription.

• (Optional) If you want new Webex Teams user accounts to be activated before they sign in for the first time, we recommend that you do the following:

  • Add, verify, and optionally claim domains that contain the user email addresses you want to synchronize into the cloud

  • Do a single sign-on integration of your Identity Provider (IDP) with your Webex organization.

  • Suppress automatic email invites, so that new users won't receive the automatic email invitation to Webex Teams. (You can do your own email campaign.)

    Note	Activated users still appear with an Invite Pending status in Control Hub.

• For a multiple domains environment (either single forest or multiple forests), you must install one Cisco Directory Connector for each Active Directory domain. If you want to synchronize a new domain (B) while maintaining the synchronized user data on another existing domain (A), ensure that you have a separate supported Windows server to install Directory Connector for domain (B) synchronization.

• We do not require an administrative account in Active Directory to install the Cisco Directory Connector. We require a local user account that is the same user as an full admin account in Cisco Webex Control Hub.

  

  This local user must have privileges on that Windows machine to connect to the Domain Controller and read Active Directory user objects. The machine login account should be a computer administrator with privileges to install software on the local machine. (This information also applies to a Virtual Machine login.)

  

• While signing in to the connector, the sign-in account must be the same as the full admin account for Control Hub. By default, the connector uses the local system account to access Active Directory. However, you can use Windows services to configure another account to access Active Directory. (This information also applies to a Virtual Machine login.)

• Make sure that Windows Safe dynamic link library (DLL) search mode is enabled by using this procedure: Check SafeDllSearchMode in Windows Registry.

• If you use AD LDS for multiple domains on a single forest, we recommend that you install Cisco Directory Connector and Active Directory Domain Service/Active Directory Lightweight Directory Services (AD DS/AD LDS) on separate machines.

Before you follow the tasks in Cisco Directory Connector Deployment Task Flow, keep the following requirements and recommendations in mind if you're going to synchronize Active Directory information from multiple domains into the cloud:

• A separate instance of Cisco Directory Connector is required for each domain.

• The Cisco Directory Connector software must run on a host that is on the same domain that it will synchronize.

• We recommend that you verify or claim your domains in Cisco Webex Control Hub. (See Add, Verify, and Claim Domains.)

• If you want to synchronize more than 50 domains, you must open a ticket to get your organization moved to a large org list.

• If desired, you can synchronize room resource information along with user accounts. (See Synchronize On-Premises Room Information to the Cisco Webex Cloud.)

Active Directory groups are used to collect user accounts, computer accounts, and other groups into manageable units. Working with groups instead of with individual users helps simplify network maintenance and administration.

There are two types of groups in Active Directory:​

• Distribution groups—Used to create email distribution lists.​

• Security groups—Used to assign permissions to shared resources.

Consider the following guidelines when creating groups in Active Directory:

• Create a global group for each role, department or service (such as Sales, Marketing, Managers, Accountants, Webex Licensing, and so on).​

• Use standard naming conventions across your organization to make it easy to identify important information about a group. Group names can include details about the group, such as the level of access, type of resource, level of security, group scope, mail capability, and so on. for example, the group name “GSG_Webex_Licensing_EMEAR” refers to a Global Security Group for Webex Licensing EMEAR users.​

• Organize groups in an easy-to-understand way, such as by geography or managerial hierarchy. Use group descriptions to completely describe the purpose of the group.

• Groups should not contain any members at initial synchronization.​ Do not add any user to those groups until you define the Auto License Group Template in Control Hub for those groups. See Set Up Your Automatic License Assignment Template for more information.