• Article

Active Directory Domain Services

Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

Office Communications Server relies on Active Directory Domain Services to store global settings and groups necessary for the deployment and management of Office Communications Server.

Active Directory Prerequisites

Before you prepare Active Directory for Office Communications Server 2007, ensure that your Active Directory infrastructure meets the following prerequisites.

  • Domain controllers are running Microsoft Windows® 2000 Server, SP4 (Service Pack 4) or Microsoft Windows Server® 2003 SP1, or Windows Server 2003 R2 operating systems.

  • Global catalog servers are running Windows 2000 Server SP4, Windows Server 2003 SP1 or Windows Server 2003 R2.

  • All domains in which you deploy Office Communications Server are using Windows 2000 native mode or higher. You cannot deploy Office Communications Server in a mixed mode domain. For more information about raising your domain functional level to Windows 2000 native mode or higher, go to https://r.office.microsoft.com/r/rlidOCS?clid=1033&p1=revdomain.

  • Global catalogs are recommended in each Office Communications Server domain to optimize performance of Communications Servers and to ensure inter-domain IM, presence and conferencing scenarios operate properly.

  • Office Communications Server 2007 supports Active Directory and Windows 2000 Server 2000 and Windows Server 2003 validation rules for domain name components, which mostly aligns with DNS naming rules. All Active Directory recommendations also apply. There are certain cases where deviations from DNS RFC naming is allowed by Active Directory and Windows DNS Servers, as long as they are appropriately configured. Active Directory team recommends against this, since they may lead to various potential DNS problems including incompatibility with non-Windows DNS servers. The specific cases for this scenario include underscores and/or at least one extended or Unicode character, in the domain name component.

  • You must run Active Directory preparation steps on a computer running Windows Server 2003 SP1 or later, Windows Server 2003 R2 or later. You cannot run Active Directory preparation from a Windows 2000 Server and earlier versions or any client versions of the Windows operating system.

Supported Active Directory Topologies

Office Communications Server 2007 supports the same server topologies as Live Communications Server 2005 with SP1 with the additional of support for disjoint DNS namespaces. This section presents a high-level view of each of these supported topologies.

Active Directory can exist in the following structures:

  • Single forest

  • Multiple forests

Enterprises can deploy a single forest for their entire infrastructure, or can deploy a separate forest for each business unit. A multiple-forest deployment allows each unit to maintain network administrative autonomy.

Single Forest Topologies

Office Communications Server 2007 supports three types of single forest topologies:

  • Single domain

  • Single tree with multiple domains

  • Multiple trees with disjoint namespaces

Single Domain

The most basic topology that is supported by Office Communications Server 2007 features a single domain in a single Active Directory tree. This topology is common among smaller organizations and is shown in the following figure.

Figure 15   Single-forest topology

97ba2852-9889-4791-a818-06aa0d0b3636

Single Forest with Multiple Domains

A more complex Active Directory structure is the single forest consisting of a root domain and one or more child domains. You can deploy servers in different domains from the domain where you create users. An Enterprise pool must be deployed across a single domain. Office Communications Server 2007 support for Windows Universal administrator groups enables cross-domain administration.

Figure 16   A single Forest with multiple domains

10d0c108-a916-4404-a943-fe61a4e283dd

Single Forest with Multiple Trees

Another complex Active Directory structure is the single forest with multiple trees and disjoint DNS namespaces. This configuration consists of a root domain and one or more child domains. You can deploy servers in different domains from the domain where you create users.

Figure 17   Single Forest with multiple trees

ecfd3d6b-934d-45d0-999f-abfcf8d96dbb

Multiple Forest Topologies

Larger organizations that have multiple business units may prefer to deploy a separate Active Directory forest for each unit, thereby providing autonomy for with respect to schemas and security. Each business unit can extend its schema without affecting other business units, and administrators in one business unit cannot be administrators in another business unit.

Office Communications Server supports two distinct multiple-forest topologies, resource forest topologies and central forest topologies.

Resource Forest

The resource forest topology is used by Microsoft Exchange Server. This topology dictates that one of the forests in the organization is dedicated for server applications only (for example, Microsoft Exchange Server). Users from other forests are represented as disabled user accounts in the resource forest. These disabled user accounts are then enabled for a mailbox on the Exchange Servers. Office Communications Server 2007 takes advantage of the investment in this particular topology. In the same way that disabled user accounts in the resource forest are enabled for Exchange Server, they can also be enabled for Office Communications Server. This provides the benefit of only extending the Active Directory schema in a single forest (the resource forest) and leveraging the existing Active Directory.

Figure 18   A resource forest topology

a5516be7-6c0f-43a3-a318-b80b4f360e79

Central Forest

The central forest topology is a variation of the resource forest. Instead of using disabled user accounts to represent users from other forests, Active Directory Contact objects represent users in forests other than the central forest. MIIS (Microsoft Identity Integration Server) is required to synchronize users as Contact and Group objects in the central forest. The use of MIIS automates the lifecycle management of users within the organization when new employees are hired or other employees leave the company. Additionally, the use of Active Directory Contact and Group objects is more lightweight than Active Directory User objects. Finally, users within the central forest are not restricted from being enabled for Office Communications Server 2007.

Figure 19   Central forest topology

c99be324-a3e0-4e24-838a-5f7422e7b0f2