Filter
Top Products
Directory Operations
Polycom, Inc. 357
In addition to leveraging Active Directory Universal groups, the CMA system
also has Local groups, which you can use to grant a standard set of rights to
multiple users or groups. These CMA system Local groups can have as
members, CMA system Local users, Active Directory users or Active Directory
Universal groups. In this fashion, you can nest a variety of users and groups
into a CMA system Local group and assign those users rights through their
CMA system Local group membership, simplifying management of rights on
the CMA system.
Users
The CMA system supports both local and enterprise user accounts. Local user
accounts exist entirely on the CMA system. They can be created and managed
whether or not the system is integrated to an enterprise directory. Enterprise
user accounts exist in your enterprise Active Directory. The CMA system
cannot create or manage Active Directory accounts, except to modify their
privileges on the CMA system itself.
If simultaneously using local and enterprise accounts, it is important to avoid
duplication of account data. For example, if your Active Directory has a user
named John Doe with a username of jdoe, a local account for this user must
possess a unique name, such as localjdoe or johndoetest. If duplicate user
accounts exist in the same domain or across domains, the user associated with
these accounts will not be able to log into a dynamically-managed endpoint.
The CMA system accesses the enterprise directory in a read-only mode. It does
not create, modify, or delete Active Directory users or groups in any way.
Once you integrate with an enterprise directory, it's best to minimize your
dependency on local users. A single local administrative user account must
exist, and it should be used only when there is a problem connecting to the
enterprise directory.
This configuration provides flexibility and varying security levels as follows:
• Restricted access: For security reasons, local user accounts do not have
access to any data in Active Directory, though they can see the Active
Directory users and groups as defined in the CMA system's security.
• Administration: Active Directory users and their Active Directory group
memberships are managed through your Active Directory. CMA system
local users are managed through the CMA system's web interface.
Note
An Active Directory forest with a functional level of Windows 2000 Mixed mode only
supports Universal Distribution groups. Windows 2000 Native mode, Windows
2003 Mixed, and Windows 2003 forest functional levels support Universal Security
and Distribution groups.