05-24-2012 07:45 PM - last edited on 03-25-2019 09:03 PM by ciscomoderator
As per the release notes located here:
http://www.cisco.com/en/US/docs/telepresence/cts_manager/1_8/release/ctm_rn1_8.html#wp72803
It says that CTS-MAN supports multiple Active Directory forests since 1.6.x.
Maybe I am being paranoid, but I am interpreting this to mean that I can set up multiple "users" each with a totally different root domain.
So I would have a user in domain A (dc=domainA,dc=com), another user in domain B (dc=domainB,dc=com), and yet a 3rd user in domain C (dc=domainC, dc=com).
I'm asking because I've deployed this server dozens of times, but I've never had a multiple domain (not subdomain, that is different) solution, and I am just making sure that I am covered.
Solved! Go to Solution.
05-25-2012 03:53 PM
Unfortunately, no, that is not what multiforest means regarding CTS-Manager. Domain is different than forest in Microsoft-speak.
You can configure CTS-Manager with multiple domains in the *same* forest simply by adding each domain under the User Container field. In that case, you still only have one forest. For example:
Forest: company.com
Domain: us.company.com, eu.company.com, apac.company.com
Default Context: DC=company,DC=com
User Containers: DC=us,DC=company,DC=com, DC=eu,DC=company,DC=com, DC=apac,DC=company,DC=com
If you want to specify user containers within each domain, using the above scenario, then the configuration would be similiar to below (depending on the existing AD deployment, of course):
User Containers: CN=Users,DC=us,DC=company,DC=com, CN=Users,DC=eu,DC=company,DC=com, CN=Usere,DC=apac,DC=company,DC=com
I believe in the 1.7 documentation they are called peer domains:
http://www.cisco.com/en/US/partner/docs/telepresence/cts_manager/1_7/admin/ctm_cfg.html#wp1092434
Caveat: we have run into authentication issues using the above scenario if the account configured under CTM for Exchange doesn't have needed rights/permissions to access resources in the other domains, especially true in large organizations. However, the above can work.
For multiforest, Microsoft supports two deployment methods - cross-forest and resource-forest. For CTS-Manager, we only support the resource-forest model - in one forest, you have Exchange resources (rooms) and another you have an authentication forest (users). There are disabled user accounts in the Exchange resource forest that are linked to users in the authentication forest.
More information can be found here:
http://technet.microsoft.com/en-us/library/aa998031.aspx
For CTM configuration, the first, and hence Default, LDAP server in CTM must contain the Exchange resource forest, and the second LDAP server in CTM contains the authentication forest. The Exchange server configured in CTM must be the forest where, of course, Exchange is installed. All of this should already be set up on the customer's back end before deploying CTS-Manager.
05-25-2012 03:53 PM
Unfortunately, no, that is not what multiforest means regarding CTS-Manager. Domain is different than forest in Microsoft-speak.
You can configure CTS-Manager with multiple domains in the *same* forest simply by adding each domain under the User Container field. In that case, you still only have one forest. For example:
Forest: company.com
Domain: us.company.com, eu.company.com, apac.company.com
Default Context: DC=company,DC=com
User Containers: DC=us,DC=company,DC=com, DC=eu,DC=company,DC=com, DC=apac,DC=company,DC=com
If you want to specify user containers within each domain, using the above scenario, then the configuration would be similiar to below (depending on the existing AD deployment, of course):
User Containers: CN=Users,DC=us,DC=company,DC=com, CN=Users,DC=eu,DC=company,DC=com, CN=Usere,DC=apac,DC=company,DC=com
I believe in the 1.7 documentation they are called peer domains:
http://www.cisco.com/en/US/partner/docs/telepresence/cts_manager/1_7/admin/ctm_cfg.html#wp1092434
Caveat: we have run into authentication issues using the above scenario if the account configured under CTM for Exchange doesn't have needed rights/permissions to access resources in the other domains, especially true in large organizations. However, the above can work.
For multiforest, Microsoft supports two deployment methods - cross-forest and resource-forest. For CTS-Manager, we only support the resource-forest model - in one forest, you have Exchange resources (rooms) and another you have an authentication forest (users). There are disabled user accounts in the Exchange resource forest that are linked to users in the authentication forest.
More information can be found here:
http://technet.microsoft.com/en-us/library/aa998031.aspx
For CTM configuration, the first, and hence Default, LDAP server in CTM must contain the Exchange resource forest, and the second LDAP server in CTM contains the authentication forest. The Exchange server configured in CTM must be the forest where, of course, Exchange is installed. All of this should already be set up on the customer's back end before deploying CTS-Manager.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: