UCCX Join MS domain

Answered Question
Jan 8th, 2010
User Badges:

Hi all,


I have uccx 7 integrated with cucm 7. My uccx servers were not placed in a network domain but now after all of the configuration is done my customer is asking me if we could place those servers in MS AD Domain.


Could that be done without problems?

Correct Answer by Soman Nair about 7 years 4 months ago

Hi Hatem,


IPCCX 7 doesn't support MS Domain, indeed it should be always kept in a workgroup. Do not join these servers to domain. Explain to your customer that this is in not joined to network domain as per design specification.

If you check Installation Guide, you can find "If the server on which you will install Cisco Unified CCX is in a Microsoft Active Directory domain, move the server from the domain to a local workgroup and reboot the server before you begin the installation".



Regards,

Soman Nair.

(Pls rate if helpful)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
Loading.
Correct Answer
Soman Nair Fri, 01/08/2010 - 02:02
User Badges:

Hi Hatem,


IPCCX 7 doesn't support MS Domain, indeed it should be always kept in a workgroup. Do not join these servers to domain. Explain to your customer that this is in not joined to network domain as per design specification.

If you check Installation Guide, you can find "If the server on which you will install Cisco Unified CCX is in a Microsoft Active Directory domain, move the server from the domain to a local workgroup and reboot the server before you begin the installation".



Regards,

Soman Nair.

(Pls rate if helpful)

Yorick Petey Fri, 08/20/2010 - 03:15
User Badges:

Hi Soman,


When you say "is not supported", do you mean it won't work or it's just because support team don't want to deal with GPO issues?


I have issues to export correctly the backup files out of the UCCX servers because authentication is not well managed by Windows not in a domain. Moreover, customer has some backup and monitoring agents that are mandatory to achieve this project...


I am looking for someone already having joined a domain with UCCX nodes.

Thanks for your feedback.


Yorick

Aaron Harrison Fri, 08/20/2010 - 03:52
User Badges:
  • Super Bronze, 10000 points or more
  • Community Spotlight Award,

    Member's Choice, May 2015

Hi


You can be sure it's pretty much down to Cisco wanting to avoid GPO and authentication problems.


That said:


- If you do have problems, you may want/need Cisco's help and if it's in a domain, you'll be asked to remove it. They'll be more likely to suggest you do something drastic like rebuild the box or something if that hangs over your support case

- I've seen many upgrades/patches and installs refuse to run if you are in a domain, so you often have to remove it to do maintenance. messy...

- You may be lucky, but most places have seperate AD/MS teams to the UC teams; it's nice to have complete control..


Re: management agents... it can be a problem. Some need domain membership, most can be configured in an alternate way - most organisations have some servers that are outside MS domains. Another problem is that the canned-CSA for UCCX can often interrupt what these things do...


I've not had any issues with exporting backups from UCCX to Windows domain shares; specify username\domain, full share path (adding to hosts if necessary).


Regards


Aaron

joesnyde Fri, 08/20/2010 - 11:59
User Badges:
  • Cisco Employee,

Another reason not to have the server on the domain is that MS patches are often pushed to the servers. Cisco IPT OS does not support auto updates by Microsoft. Cisco tests and certifies MS patches and then releases a new updates to the IPT OS through an SR.


Regards,


Joe

joesnyde Mon, 12/27/2010 - 06:42
User Badges:
  • Cisco Employee,

Hi Tony,


We can support the server on the domain, however, if you were to apply a patch you would need to remove from the domain first. If backup is not working correctly with the NT credentials then I would suggest that you add the user that is configured for the backup in UCCX to be a local or domain administrator on the distination server. Allow that user to have read / write access to the destination source. Also, the path of the destination server should include the drive letter of the mapped drive as well, i.e. \C$\backup.


Monitoring agents would not have any affect if the server is on the domain or not. It might be that you need to use SPAN instead of desktop based monitoring and recording.


Joe

Actions

This Discussion