Step 3 Populating the Required Attributes for Office Communications Server
Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Table 4 shows the attributes that must be mapped from a user object in the user forest to a corresponding disabled user object in the resource forest using the example user, User A.
Attributes on the User and Contact Objects
Table 4 The attributes on the User and Contact objects
Attribute | User A in User Forest | Disabled user account for User A in a Resource Forest |
---|---|---|
Cn |
Dylan |
Dylan |
ObjectSID Note In a deployment that includes Microsoft Exchange Server, set the ObjectSID attribute to the value from the msExchMasterAccountSID attribute. |
sidDylan |
|
ms-RTC-SIP-OriginatorSID |
|
sidDylan |
ms-RTC-SIP-TargetHomeServer |
|
|
telephoneNumber |
555-1234 |
555-1234 |
displayName |
Dylan Miller |
Dylan Miller |
givenName |
Dylan |
Dylan |
Surname |
Miller |
Miller |
physicalDeliveryOfficeName |
4500 |
4500 |
l (city) |
Redmond |
Redmond |
st (state) |
WA |
WA |
Country |
U.S.A |
U.S.A |
Title |
Director |
Director |
dylan@contoso.com |
dylan@contoso.com |
|
Company |
Contoso |
Contoso |
Note
In resource forest deployments with Microsoft Exchange Server, all attributes are already populated except for the ones beginning with the ms-RTC-SIP prefix. Populate these attributes using the SID Mapping Tool.
In resource forest deployments without Exchange Server, you must manually populate the required attributes on each disabled user account in your resource forest. This method can introduce problems that are difficult to fix. In these deployments, use the Central Forest topology instead. For more information, see Part 1: Deploying Office Communications Server in a Central Forest Topology earlier in this document.
Using the SIP Mapping Tool to Populate Attributes in a Resource Forest
To allow single sign-in when a disabled user account is enabled for an Exchange Server mailbox, use the SID Mapping Tool to map the SID (security identifier) of a disabled user account in the resource forest to the corresponding primary user account in the user forest. The SID Mapping Tool is delivered as part of the Microsoft Office Communications Server 2007 Resource Kit.
To run the SID Mapping Tool
Log on to a server joined to an Active Directory domain in the resource forest using an account that is a member of the DomainAdmins group.
If necessary, install the Microsoft Office Communications Server 2007 Resource Kit. You can download the resource kit from the same Web site you used to download Office Communications Server 2007. For more information, see Microsoft Office Communications Server 2007 Resource Kit Readme.
At the command prompt, run the following command to configure the Microsoft Windows® operating system Scripting Host to use cscript.
wscript //h:cscript
In the confirmation box, click OK.
Change the path of the command prompt by running the following command:
cd "%programfiles%\Office Communications Server 2007\Reskit\LCSSync"
Review the resource forest accounts that will be updated by running the following command:
sidmap.wsf /OU:<DN of container with disabled user accounts> /query
where:
/OU specifies the distinguished name (DN) of the container with the disable user accounts. To represent the DN, use the following format:
OU=<name>,DC=<domain name>,DC=<subdomain name>
For example, OU=Accounting,DC=contoso,DC=com
/query limits the SID Mapping Tool to only query the resource forest and not populate the attributes.
The command returns a list of disabled user accounts in the resource forest.
Populate the attributes in the resource forest by running the following command:
sidmap.wsf /OU:<DN of container with disabled user accounts> [/logfile:<path\filename>]
Where /logfile is an optional parameter that saves the results of your operation to a file for your records. This log file is automatically populated with a list of logon-disabled and Office Communications Server-enabled users.