cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
601
Views
0
Helpful
4
Replies

Unity 5.0 with multiple domains

Yorick Petey
Level 4
Level 4

Hi,

I have to install a new Unity 5.0 (with failover) UM mode for Exchange 2003 for a customer.

An existing Unity 4 UM is running but I will install both new servers on new hardware servers.

According to what I read, I can do the new installation in parallel of Unity 4 production, extend the AD schema with the unity 5 assistant, and migrate subscribers using GSM and COBRAS tools to finalize the migration.

But I want to receive confirmation from you guys about the AD integration.

Customer has a single forest with two child domains. Currently, subscribers are only on one of both domains but with the new Unity 5.0 infrastructure, subscribers will be from both domains.

What I want to know if it's a supported design: using one unity server (with failover) to manage subscribers from two different domains (but into a single forest).

If it works technically, how? Because Unity servers must be members of an existing domain, but which one should I choose?

Thank you for your help.

Best regards,

Yorick

1 Accepted Solution

Accepted Solutions

navinger
Level 3
Level 3

Hi,

That is a supported design. We have configurations that have a single forest with multiple peer and/or child domains in our QA test lab. If you've got Exchange servers in the different domains, you'll need to run Permissions Wizard on the different mail stores before installing Unity.

I'm not an AD expert, so I can't explain how it works technically. I'll leave that to somebody else.

As to which domain to add the Unity server to, I don't think it matters.

I was looking through the Unity Design Guide chapter on Exchange (http://www.cisco.com/en/US/docs/voice_ip_comm/unity/5x/design/guide/5xcudg040.html) to see what it has to say on the issue, and the only thing I saw was the following:

"If Cisco Unity subscribers are homed in more than one domain, a DC for each domain must be in the same data center as the Cisco Unity server.

Nancy

View solution in original post

4 Replies 4

navinger
Level 3
Level 3

Hi,

That is a supported design. We have configurations that have a single forest with multiple peer and/or child domains in our QA test lab. If you've got Exchange servers in the different domains, you'll need to run Permissions Wizard on the different mail stores before installing Unity.

I'm not an AD expert, so I can't explain how it works technically. I'll leave that to somebody else.

As to which domain to add the Unity server to, I don't think it matters.

I was looking through the Unity Design Guide chapter on Exchange (http://www.cisco.com/en/US/docs/voice_ip_comm/unity/5x/design/guide/5xcudg040.html) to see what it has to say on the issue, and the only thing I saw was the following:

"If Cisco Unity subscribers are homed in more than one domain, a DC for each domain must be in the same data center as the Cisco Unity server.

Nancy

Hi Nancy,

Thank you very much for your complete response.

Sounds good for the deployment. Because I can build the new Unity 5.0 servers in parallel of the current 4.x ones, I will try as soon as possible the schema extension and some beta users migrations.

You deserve your 5 points rating ;).

Best regards,

Yorick

Nancy,

Is it possible to work a similar scenario but with two separate and distinct domains?.. not at all in the same forest.

If we setup a trust with the domains, will that work?

any thoughts are appreciated.

thanks

-Sam

Hi,

No, this won't work. Unity needs to be in the same AD forest that Exchange and all the subscriber mailboxes are in. You will need a Unity server in each AD forest and configure VPIM networking in between. Here's the link to the Unity Networking Guide for the gory details: http://www.cisco.com/en/US/docs/voice_ip_comm/unity/5x/networking/guide/ex/5xcunetexx.html

A one-way trust and running the GrantUnityAccess tool would allow a user account from one forest to authenticate to the Unity subscriber in a different forest. In this scenario, there is one Unity subscriber with a AD user account for themselves in two different forests. This is what some customers with Unity in the voice-mail-only configuration do. Their users have two mailboxes and AD accounts -- one in the corporate forest for email, and one in the Unity forest for voicemail.

Nancy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: