Microsoft Office Communications Server relies on Active Directory Domain Services (AD DS) to store global settings and groups that are necessary for the deployment and management of Office Communications Server. The first step in deploying Office Communications Server is to prepare Active Directory Domain Services by extending the schema and then creating and configuring objects. The schema extensions add the Active Directory classes and attributes that are required by Office Communications Server.

Note:
Office Communications Server can be deployed in a locked-down Active Directory environment. For details about deploying Office Communications Server in a locked-down environment, see Preparing a Locked Down Active Directory Domain Servicesin Preparing Active Directory Domain Services for Office Communications Server 2007 R2 in the Deploying Office Communications Server 2007 R2 documentation.

Before you prepare Active Directory Domain Services for Office Communications Server 2007 R2, ensure that your Active Directory infrastructure meets Office Communications Server requirements. This topic describes the supported Active Directory Domain Services topologies. For details about other Active Directory Domain Services prerequisites, such as required operating system, functional level, and naming conventions, see Environmental Requirements.

For details about preparing Active Directory Domain Services for Office Communications Server, see Preparing Active Directory Domain Services for Office Communications Server 2007 R2in the Deploying Office Communications Server 2007 R2 documentation.

Supported Active Directory Topologies

Office Communications Server supports single-forest and multiple-forest Active Directory environments.

The Active Directory topologies supported by Office Communications Server are as follows:

  • Single forest with single domain

  • Single forest with a single tree and multiple domains

  • Single forest with multiple trees and disjoint namespaces

  • Multiple forests in a central forest topology

  • Multiple forests in a resource forest topology

The following figure identifies the icons used in the illustrations in this section.

Figure 1. Key to topology illustrations

Single Forest, Single Domain

The simplest Active Directory topology supported by Office Communications Server, a single domain forest, is a common topology.

The following figure illustrates an Office Communications Server deployment in a single domain Active Directory topology.

Figure 2. Single domain topology

Single Forest, Multiple Domains

Another Active Directory topology supported by Office Communications Server is a single forest that consists of a root domain and one or more child domains. In this type of Active Directory topology, the domain where you create users can be different from the domain where you deploy Office Communications Server. However, an Enterprise pool must be deployed within a single domain. Office Communications Server support for Windows Universal administrator groups enables cross-domain administration.

The following figure illustrates an Office Communications Server deployment in a single forest with multiple domains. In this figure, a user icon shows the domain where the user account is homed, and the arrow points to the domain where the Office Communications Server pool resides. User accounts include the following:

  • User accounts within the same domain as the Office Communications Server pool

  • User accounts in a different domain from the Office Communications Server pool

  • User accounts in a child domain of the domain with the Office Communications Server pool

Figure 3. Single forest with multiple domains

Single Forest, Multiple Trees

A multiple-tree forest topology consists of two or more domains that define independent tree structures and separate Active Directory namespaces.

The following figure illustrates a single forest with multiple trees. In this figure, a user icon shows the domain where the user account is homed, a solid line points to an Office Communications Server pool that resides in the same or a different domain, and a dashed line points to an Office Communications Server pool that resides in a different tree. User accounts include the following:

  • User accounts within the same domain as the Office Communications Server pool

  • User accounts in a different domain from (but the same tree as) the Office Communications Server pool

  • User accounts in a different tree from the Office Communications Server pool

Figure 4. Single forest with multiple trees

Multiple Forests, Central Forest

Office Communications Server 2007 R2 supports multiple forests that are configured in a central forest topology. Central forest topologies use contact or disabled user objects in the central forest to represent users in the other forests. The central forest also hosts user accounts for any users in this forest. A directory synchronization product, such as Microsoft Identity Integration Server (MIIS), manages the life cycle of user accounts within the organization: When a new user account is created in one of the forests or a user account is deleted from a forest, MIIS synchronizes the corresponding contact or disabled user account in the central forest.

A central forest has the following advantages:

  • Office Communications Servers are centralized within a single forest.

  • Users can search for and communicate with other users in any forest.

  • Users can view other users’ presence in any forest.

  • MIIS automates the addition and deletion of contact or disabled user objects in the central forest as user accounts are created and removed.

Before users can use Office Communications Server, the contact or disabled user objects in the central forest must be enabled for the Office Communications Server service.

The following figure illustrates a central forest topology. In this figure, there are two-way trust relationships between the domain that hosts Office Communications Server, which is in the central forest, and each user-only domain, which is in a separate forest. The schema in the separate user forests does not need to be extended.

Figure 5. Central forest topology

Multiple Forests, Resource Forest

In a resource forest topology, one forest is dedicated to running server applications, such as Microsoft Exchange Server and Office Communications Server. The resource forest hosts the server applications and a synchronized representation of the active user object, but it does not contain logon-enabled user accounts. The resource forest acts as a shared services environment for the other forests where user objects reside. The user forests have a forest-level trust relationship with the resource forest. When you deploy Office Communications Server in this type of topology, you create one contact or disabled user object in the resource forest for every user account in the user forests. If Exchange Server is already deployed in the resource forest, the disabled user accounts might already exist. A directory synchronization product, such as MIIS, manages the life cycle of user accounts: When a new user account is created in one of the user forests or a user account is deleted from a forest, MIIS synchronizes the corresponding user representation in the resource forest. Before users can use Office Communications Server, the user accounts in the resource forest must be enabled for the Office Communications Server service.

This topology can be used to provide a shared infrastructure for services in organizations that manage multiple forests or to separate the administration of Active Directory objects from other administration. Companies that need to isolate Active Directory administration for security reasons often choose this topology.

This topology provides the benefit of limiting the need to extend the Active Directory schema to a single forest (the resource forest).

The following diagram illustrates a resource forest topology.

Figure 6. Resource forest topology