locked
OCS Standard Multiforest Deployments RRS feed

  • Question

  •  

    Do you have to run the Schema, Domain, and Forests Preps in each of the domains/forests that will be using the single OCS server?
    Tuesday, February 12, 2008 5:27 PM

All replies

  • Only where you will have OCS-enabled users and OCS servers.  If OCS resides in forest A and users are in forest B, you schema/forest/domain prep forest A then create disabled accounts or contacts in that same forest.  You'll need a trust between the forests and then you'll map the MSRTCSIP-OriginatorSID to the SID of the user object in forest B.

    Tuesday, February 12, 2008 5:34 PM
    Moderator
  •  

    I have a multi forest deployment working however sip addresses only get automatically populated in the client in the Central Forest. If a user tries to log in in a User Forest they must type in their sign in name to sign in. I figured it was because the active directory schema in the User Forest is missing the msRTCSIP-PriamyUserAddress atribute. Is there any way to get the client to auto populate the sign in addresses?
    Wednesday, February 13, 2008 3:16 PM
  • Thought I'd join in in this discussion.

     

    I have setup a resource forest and can log onto accounts created in the resource forest prior to synchronising the msRTCSIP-OriginatorSid attribute. The second I assign the msRTCSIP-OriginatorSid to the user object in the resource forest, I can longer access the account from either the resource forest or the user forest.

     

    After I assign the msRTCSIP-OriginatorSid attribute, I am obviously meant to log on using the SIP address and passthrough should 'just work'. It however always prompts me for my SIP login, username and password and does not accept either username/password from the resource domain or user domain.

     

    Is it mandatory for the resource account to be disabled and must all attibutes match? Ie. Display name, etc. I don't see why it would matter so long as the msRTCSIP-OriginatorSid attribute matches.

     

     

     

    Attribute

    User A  in User Forest

    Disabled user account  for User A in a Resource Forest

    Cn

    Dylan

    Dylan

    ObjectSID

    Note   In a deployment that includes Microsoft Exchange Server, set the ObjectSID attribute to the value from the msExchMasterAccountSID attribute.

    sidDylan

     

    ms-RTC-SIP-OriginatorSID

     

    sidDylan

    ms-RTC-SIP-TargetHomeServer

     

     

    telephoneNumber

    555-1234

    555-1234

    displayName

    Dylan Miller

    Dylan Miller

    givenName

    Dylan

    Dylan

    Surname

    Miller

    Miller

    physicalDeliveryOfficeName

    4500

    4500

    l (city)

    Redmond

    Redmond

    st (state)

    WA

    WA

    Country

    U.S.A

    U.S.A

    Title

    Director

    Director

    Mail

    dylan@contoso.com

    dylan@contoso.com

    Company

    Contoso

    Contoso

     

    Any help would be much appreciated.

    Tuesday, March 4, 2008 12:13 PM
  • It seems by removing kerberos as a method of authentication, users are able to login. Is there any way to do it with kerberos enabled?

     

     

    Wednesday, March 5, 2008 2:49 AM