Polycom 3725-77601-001H manual Directory Operations

Directory Operations

Note

An Active Directory forest with a functional level of Windows 2000 Mixed mode only supports Universal Distribution groups. Windows 2000 Native mode, Windows 2003 Mixed, and Windows 2003 forest functional levels support Universal Security and Distribution groups.

In addition to leveraging Active Directory Universal groups, the CMA system also has Local groups, which you can use to grant a standard set of rights to multiple users or groups. These CMA system Local groups can have as members, CMA system Local users, Active Directory users or Active Directory Universal groups. In this fashion, you can nest a variety of users and groups into a CMA system Local group and assign those users rights through their CMA system Local group membership, simplifying management of rights on the CMA system.

Users

The CMA system supports both local and enterprise user accounts. Local user accounts exist entirely on the CMA system. They can be created and managed whether or not the system is integrated to an enterprise directory. Enterprise user accounts exist in your enterprise Active Directory. The CMA system cannot create or manage Active Directory accounts, except to modify their privileges on the CMA system itself.

If simultaneously using local and enterprise accounts, it is important to avoid duplication of account data. For example, if your Active Directory has a user named John Doe with a username of jdoe, a local account for this user must possess a unique name, such as localjdoe or johndoetest. If duplicate user accounts exist in the same domain or across domains, the user associated with these accounts will not be able to log into a dynamically-managed endpoint.

The CMA system accesses the enterprise directory in a read-only mode. It does not create, modify, or delete Active Directory users or groups in any way.

Once you integrate with an enterprise directory, it's best to minimize your dependency on local users. A single local administrative user account must exist, and it should be used only when there is a problem connecting to the enterprise directory.

This configuration provides flexibility and varying security levels as follows:

•Restricted access: For security reasons, local user accounts do not have access to any data in Active Directory, though they can see the Active Directory users and groups as defined in the CMA system's security.

•Administration: Active Directory users and their Active Directory group memberships are managed through your Active Directory. CMA system local users are managed through the CMA system's web interface.