UCServer user management and schema extension for Microsoft Active Directory with estos Active Directory tools
Update status | May 2023 |
---|---|
Product relevance | ProCall 8 Enterprise ProCall 7 Enterprise |
This article explains what you need to consider when using estos Active Directory tools for schema extension if the users for the UCServer are managed in Microsoft Active Directory and a schema extension is to be made there.
You can find the estos Active Directory Tools in the ProCall Enterprise installation package. In the package there is a folder named "Addons" and in it the MSI file "UCServer_Tools_for_Active_Directory...".
When you run this MSI, you will be given the choice between installing the schema extension and the SnapIn.
The schema extension is used to extend the Active Directory with fields that are used for ProCall Enterprise. Without the schema extension, ProCall writes its information into already existing Active Directory fields. Which fields are used is described on the following pages:
The SnapIn creates a graphical user interface in the domain controller. This allows the configurations concerning the user, the groups, or the computers to be made directly in the Active Directory. The SnapIn can be used, for example, if no write access to the Active Directory is permitted from the UCServer.
Notes on schema extension
Performing a schema extension requires detailed IT expertise and administrator privileges.
Once a schema extension is installed, it cannot be undone!
- The AD schema extension must be installed on the schema master server (role schema master).
- Extending the schema extension requires administrative privileges (a member of the schema admins group).
- For connections via remote desktop, the admin parameter is necessary (command mstsc /admin).
- If the schema extension is used later, the user administration objects must be exported before and imported again after the extension, whereby the attributes from version 5.1.110.44241 onwards are automatically transferred after a server restart (please export and save data beforehand).
Schema extension: Yes or No?
Extend the schema | Do not extend the schema |
The schema extension complies with Microsoft recommendations. Applications that are integrated into Active Directory should store their settings in fields that are specifically reserved for this application with a schema extension. | The schema extension is not mandatory. The settings are then stored in an existing field. |
With the extended schema, compatibility with other applications is ensured. If the schema is not extended, the same reserved field can possibly be used by another application for corresponding settings. | If other Active Directory integrated applications are not used, there will be no problems even without schema extension. Check where the settings are saved by other applications used. |
Notes on the SnapIn
In contrast to the schema extension, the SnapIn can also be uninstalled again.
It can be installed on any domain controller. It does not have to, but can be installed on the schema master.
The use of the SnapIn is recommended whenever a configuration of the ProCall users, groups, or computers in the Active Directory itself is necessary. An example already mentioned above is when the UCServer should not be allowed write access to the Active Directory.