Creatin new user in OCS 2007 but in different domain

All replies

• 

  

  0

  Sign in to vote

  Hi,
  
  Are you referring to external domain or Forest domain?
  
  If is external domain, you'll just need to add the sip address space at the Forest Configuration at your Front-end Pool
  
  For Edge - are the users going to login outside of your network?
  
  Thanks

  Friday, September 25, 2009 11:40 AM
• 

  

  0

  Sign in to vote

  Hi there!
  
  The second domain is an external domain and we have trust relationship between this two domains if that helps.

  ---

  bostjan - halcom d.d.

  Friday, September 25, 2009 11:50 AM
• 

  

  0

  Sign in to vote

  You'll also need to add the sip domain name for the new domain to the Subject Alternate Name in the certificate used for your frontend server/cluster.

  Friday, September 25, 2009 2:55 PM
• 

  

  0

  Sign in to vote

  I wanted some clarification on your question. Do you want users with the second domain use the SIPAddress from as on your Access Edge.
  i.e Use the credentials from Domain2, but be able to have access to OC using Domain1

  Friday, September 25, 2009 4:30 PM
• 

  

  0

  Sign in to vote

  Hi there!
  
  Let me say I'm more or less beginner with this OCS.
  
  In our first domain, which has 100 users, we already have Communicator 2007.
  This users uses sip adress from our first domain.
  example:
  
  bostjan.cvelbar@company.com
  
  I want to publish the users in our second domain, that they will use their name of domain2.
  example:
  
  someoneinotherdomain@company2.com
  
  I colleague saids, that we have trust relationship between this to domains. Let me also mention that the server in our company, where the OCS 2007 is installed is our backup DC, and that the users which are in other domain are also added in our first domain as contacts in active directory.
  
  If I open the AD on our server and go to ENABLE USERS FOR OCS, this users which has only contacts in our domain1 are unable to be added. I hope I make any sense.
  
  Can someone tell me the noob step-by-step what-exactlly-to-do in first domain and second, to make this users connect on our OCS server.
  
  Thanks.

  ---

  bostjan - halcom d.d.

  Monday, September 28, 2009 7:20 AM
• 

  

  0

  Sign in to vote

  Hi,
  
  Basically when OCS 2007 R2 extend the schema of a specific forest, it enables and adds additional 'tables' into the Active Directory schema.
  
  Hence, although you've a trust between 2 different forests, it OCS is unable to recognized the partner domain as there're no additional entries for the users to enable the partner accounts.
  
  To solve your current request, there're 2 ways and it depends on the effort and of course your appliable license:
  
  1. Establish a Child Domain to your existing domain and migrate the users over to the child domain; alternatively, if you can migrate them into the same domain if there's no business complication/conflict
  
  2. Create the users at the domain that you're currently hosting the OCS services.
  
  (This is assuming that you've site-to-site VPN established)
  
  Meanwhile, I would strongly RECOMMEND that to have the OCS server dedicated and no collocate it with a second domain controller in the environment. We wouldn't want multiple impacts on the server wouldn't we ;)
  
  By the way, how were the contacts being created? You've a ILM/IIFP in the environment to run the co-existence?
  
  Thanks.

  • Proposed as answer by Gavin-ZhangModerator Monday, October 5, 2009 8:37 AM
  • Unproposed as answer by Gavin-ZhangModerator Monday, October 5, 2009 8:52 AM

  Monday, September 28, 2009 7:33 AM
• 

  

  0

  Sign in to vote

  Hi there.
  
  Ok, I talked with my boss and he said that migrating from one domain to our primary is not a solution.
  
  2 Questions:
  
  -Is the OCS capable to recognize that we have trust relationship between domains?
  -I checked on the server and saw that we dont have ocs 2007 R2, but this version: 3.0.6362.0 (Volume). What are the advantages to upgrade to R2.
  
  james - i didn't understand your answer, why would we need to migrate users from one domain to second if we have trust relationship betwwen domains or why would we create another user in our first domain?
  
  thanks for patience and answers
  
  
  

  ---

  bostjan - halcom d.d.

  Monday, September 28, 2009 7:54 AM
• 

  

  0

  Sign in to vote

  Ok, since my last post I did this.
  I have connected on our OCS 2007 server under the forest - DOMAIN1.local I went on global properties/general tab and added this second domain.
  If I go to Active directory from this computer where ocs 2007 is installed in Domain1 I can right-click on user and see the option to enable user for OCS2007, but if i connect to the domain2 this schema does not give me the availiability when i right click on user, to enable him for OCS. How can i extend this schema?
  
  
  

  ---

  bostjan - halcom d.d.

  Monday, September 28, 2009 8:48 AM
• 

  

  0

  Sign in to vote

  Hi,
  
  From your 1st Post:
  Ok, don't get the wrong idea when there's a trust relationship between different forest. Yes, although it allows you to view and grant access towards to resources e.g. File shares, however, take note that it doesn't allow cross-services sharing e.g. Exchange Services, Office Communications Servers 2007 as each domains holds is own unique SIDs, covering from user objects to machines within the environment.
  
  For information about changes to the schema by OCS 2007: http://technet.microsoft.com/en-us/library/dd425088(office.13).aspx
  
  Some key features that you may be interested to know: http://technet.microsoft.com/en-us/magazine/2009.03.ocsr2.aspx?pr=blog :)
  
  As per my earlier posting, the reason why I've suggesting to migrate the users over is to allow the enable the users to have the capability to use OCS, since they're residing under the forest that has OCS enabled.
  
  For Your 2nd Post:
  By adding the additional domain into the Global Settings, it only allows OCS to support additional SIP domains. For example: my company holds to different address space which is publicly known, MyDomain.com and MyUC.com. Both of this namespace is registered under the Public DNS, hence, I've 2 users, James@MyDomain.com & Jack@MyUC.com, both of this users are located under the same Active Directory forest called MyCompany.local.
  
  So, when someone attempts to sign-in from the outside or inside, it'll refer to the SRV records that the DNS server holds, allowing the SIP traffic to be directed to the OCS Infrastructure.
  
  You may extend the schema at your other child company and host a seperate OCS Server, however, you may not be able to extend and get the users at the other end to leverage on your current OCS infrastructure.
  
  Hope this clarifies your enquiries above.

  • Proposed as answer by Gavin-ZhangModerator Monday, October 5, 2009 8:36 AM
  • Unproposed as answer by Gavin-ZhangModerator Monday, October 5, 2009 8:52 AM

  Monday, September 28, 2009 9:54 AM
• 

  

  0

  Sign in to vote

  Are this two domains within the same forest or in a different forests?

  Monday, September 28, 2009 2:44 PM
• 

  

  0

  Sign in to vote

  hi
  
  James gave a good suggestion.
  And there is another way to achieve your target.
  Per your description, you have two domains which in the different forests, and one of your domain has OCS 2007 installed, and another domain users want to use the OCS 2007 server in the existed domain. Right?
  So i think it is about how to deploy OCS 2007 in a Multiple Forest Environment.
  It is complex to deploy the OCS 2007 for Multiple Forest Environment, you'd better learn more informaton refer to below link firstly.
  
  http://technet.microsoft.com/en-us/library/dd627273.aspx 
  
  You can deploy the OCS 2007 in the Central Forest Topology for the users in the other Forest.
  If you run into any issue, you can publish them in here.
  
  Regards!

  • Edited by Gavin-ZhangModerator Monday, October 5, 2009 10:08 AM

  Monday, October 5, 2009 8:37 AM

  Moderator
• 

  

  0

  Sign in to vote

  Hi there!
  
  I did not have the time yet to finish this. I will try by the end of this weekend and let you all know.
  
  with best regards,
  
  B

  ---

  bostjan - halcom d.d.

  Monday, October 5, 2009 8:52 AM
• 

  

  0

  Sign in to vote

  Still can't solve this problem. Can anyone help.

  ---

  bostjan - halcom d.d.

  Wednesday, October 28, 2009 10:42 AM
• 

  

  0

  Sign in to vote

  Ok. We did this.
  We have two domains in different forests. We have trust relationship between these two forest.
  We have extended schema on the domain, that we want to use their users.
  But if i go in our active directory and choose to connect to this other domain, and then i right-click on one user, i dont recieve eNABLE USER FOR OCS.
  I have also installed admin tool on this other domain.
  any sugestions?

  ---

  bostjan - halcom d.d.

  Wednesday, October 28, 2009 12:07 PM
• 

  

  0

  Sign in to vote

  The only way I see the sollution is:
  You need to set-up new OCS environment in the other domain.
  Both domain must also have EDGE server.
  Then you can configure the federation between those domains on the EDGE servers.
  
  This still does not solve the contacts between domains, but I believe that you have already done that for Exchange server purposes, with some sort of Sync (eg. using MIIS or some othe sollution).
  The contacts should also have populated some attributes for OCS to recognise it.
  I think that Jeff already wrote something about, but if you need more info I can take a look in our environment.
  
  Greetings from SI, Ljubljana :)

  • Proposed as answer by Herbert Knavs Tuesday, November 3, 2009 10:07 AM
  • Marked as answer by Gavin-ZhangModerator Tuesday, November 3, 2009 10:17 AM

  Wednesday, October 28, 2009 12:44 PM
• 

  

  0

  Sign in to vote

  herbert. Thanks for the answer. Yes, it is sunny in Ljubljana and we are working.
  
  If I understand you right, if we have this kind of topology (2 different forest), we need 2-times installation of Office Communication Server which also means, that we would need two licenses? I never thought this will be soo tough join one more domain and its users to work with our OCS :(

  ---

  bostjan - halcom d.d.

  Wednesday, October 28, 2009 12:50 PM
• 

  

  0

  Sign in to vote

  Yes, since you have two completely different forest domains with active user accounts in the respective domains you'll need to deploy two separate OCS deployments (using two unique SIP domains) and then configure Federation via Edge Servers.  This is not a typical Resource Forest configuration in that a Resource Forest only has the OCS server components installed in it, with each of the user's accounts located in a different forest domain altogether.

  ---

  Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS

  • Proposed as answer by Gavin-ZhangModerator Tuesday, November 3, 2009 9:43 AM
  • Marked as answer by Gavin-ZhangModerator Tuesday, November 3, 2009 10:17 AM

  Wednesday, October 28, 2009 12:58 PM

  Moderator
• 

  

  0

  Sign in to vote

  Hey Jeff, I beat you for 9 minutes. and I still owe you a beer ot two :) (I am joking, but not about beer)
  I have some more quetions for even more beer... but this will go to another topic, when I will find a time to breathe.
  
  Boštjan, I know how you feel, since I am in Ljubljana too. :)

  Wednesday, October 28, 2009 1:04 PM