Unity 5.0 with multiple domains

Answered Question
Mar 8th, 2009

Hi,

I have to install a new Unity 5.0 (with failover) UM mode for Exchange 2003 for a customer.

An existing Unity 4 UM is running but I will install both new servers on new hardware servers.

According to what I read, I can do the new installation in parallel of Unity 4 production, extend the AD schema with the unity 5 assistant, and migrate subscribers using GSM and COBRAS tools to finalize the migration.

But I want to receive confirmation from you guys about the AD integration.

Customer has a single forest with two child domains. Currently, subscribers are only on one of both domains but with the new Unity 5.0 infrastructure, subscribers will be from both domains.

What I want to know if it's a supported design: using one unity server (with failover) to manage subscribers from two different domains (but into a single forest).

If it works technically, how? Because Unity servers must be members of an existing domain, but which one should I choose?

Thank you for your help.

Best regards,

Yorick

Correct Answer by navinger about 7 years 11 months ago

Hi,

That is a supported design. We have configurations that have a single forest with multiple peer and/or child domains in our QA test lab. If you've got Exchange servers in the different domains, you'll need to run Permissions Wizard on the different mail stores before installing Unity.

I'm not an AD expert, so I can't explain how it works technically. I'll leave that to somebody else.

As to which domain to add the Unity server to, I don't think it matters.

I was looking through the Unity Design Guide chapter on Exchange (http://www.cisco.com/en/US/docs/voice_ip_comm/unity/5x/design/guide/5xcudg040.html) to see what it has to say on the issue, and the only thing I saw was the following:

"If Cisco Unity subscribers are homed in more than one domain, a DC for each domain must be in the same data center as the Cisco Unity server.

Nancy

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
navinger Sun, 03/08/2009 - 18:11

Hi,

That is a supported design. We have configurations that have a single forest with multiple peer and/or child domains in our QA test lab. If you've got Exchange servers in the different domains, you'll need to run Permissions Wizard on the different mail stores before installing Unity.

I'm not an AD expert, so I can't explain how it works technically. I'll leave that to somebody else.

As to which domain to add the Unity server to, I don't think it matters.

I was looking through the Unity Design Guide chapter on Exchange (http://www.cisco.com/en/US/docs/voice_ip_comm/unity/5x/design/guide/5xcudg040.html) to see what it has to say on the issue, and the only thing I saw was the following:

"If Cisco Unity subscribers are homed in more than one domain, a DC for each domain must be in the same data center as the Cisco Unity server.

Nancy

Yorick Petey Mon, 03/09/2009 - 01:24

Hi Nancy,

Thank you very much for your complete response.

Sounds good for the deployment. Because I can build the new Unity 5.0 servers in parallel of the current 4.x ones, I will try as soon as possible the schema extension and some beta users migrations.

You deserve your 5 points rating ;).

Best regards,

Yorick

samalex22 Thu, 07/23/2009 - 18:44

Nancy,

Is it possible to work a similar scenario but with two separate and distinct domains?.. not at all in the same forest.

If we setup a trust with the domains, will that work?

any thoughts are appreciated.

thanks

-Sam

navinger Fri, 07/24/2009 - 13:11

Hi,

No, this won't work. Unity needs to be in the same AD forest that Exchange and all the subscriber mailboxes are in. You will need a Unity server in each AD forest and configure VPIM networking in between. Here's the link to the Unity Networking Guide for the gory details: http://www.cisco.com/en/US/docs/voice_ip_comm/unity/5x/networking/guide/ex/5xcunetexx.html

A one-way trust and running the GrantUnityAccess tool would allow a user account from one forest to authenticate to the Unity subscriber in a different forest. In this scenario, there is one Unity subscriber with a AD user account for themselves in two different forests. This is what some customers with Unity in the voice-mail-only configuration do. Their users have two mailboxes and AD accounts -- one in the corporate forest for email, and one in the Unity forest for voicemail.

Nancy

Actions

This Discussion