Configuring Webex Hybrid Directory Service (Lesson 2)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so we are ready to get started in lesson two let me go ahead and pull this up here which is configure WebEx hybrid directory service so let me just get where I need to be all right so I'm starting with hybrid directory service because I'm trying to build these lessons in such a way that it creates an order of operation for you so if you're standing up a new web AK solution this is the order which you'd want to do things obviously when you first set up WebEx setting up a directory character it's not the first thing you want to do we're talking about kind of big picture items directory crack connector is definitely something you want to tackle early on and within this lesson we're going to talk about other things you need to do even prior to that like verifying or even claiming a domain so we will talk about those things as well also let me point out that I would like to do some demos but I'm not sure if we have the time for it I was hoping to be through lesson two already we got a little tied up this morning with making recording work and things like that trying to make sure I get the student guide into your hands so it took a little bit of time to do all those things so we'll see if we have time at the end of the day I may come back and then show you how to do some of this different stuff well let's go ahead and get started this lesson is broken down into the following objectives we're going to talk about deployment models deployment requirements Active Directory configuration and synchronization and WebEx user service assignment so let's begin with deployment models the hybrid directory service connects Microsoft Active Directory and Azur Active Directory to these Cisco WebEx teams and enables users to be able to see all company contacts in the cisco webex team's app so they can click in order to meet message or call one another it also provides user synchronization between Microsoft Active Directory and Cisco WebEx user management hybrid directory service simplifies the administrative experience by automatically synchronizing Microsoft Active Directory users with Cisco WebEx meaning creating updating and deleting users so that users are always current in the Cisco WebEx control hub so the deployment requirements are as follows directory connector provides all of the features of the Cisco WebEx hybrid directory service it is client software which is installed on a local Microsoft Windows server and synchronizes identities between the on-premise Microsoft Active Directory and Cisco WebEx user management systems Microsoft Active Directory acts as the system of record so directory connector communicates with Active Directory then communicates with Cisco WebEx through highly secure api's in order to create update or delete users you can run synchronizations view and monitor synchronization status and configure hybrid directory service using the directory connector user interface customers can download Cisco WebEx hybrid directory service from the Cisco WebEx control hub free of charge the table you see on this slide identifies the Windows and Active Directory requirements in order to support the directory connector integration in addition to the requirements that are listed here the computer or server where the directory connector is installed must also mean certain hardware requirements oh it needs to be running on eight gigs of RAM or more have 50 gigabyte of storage space to be able to download the connector and install it and there must be no minimum for the CPU to access the Cisco directory connector software from cisco webex control hub you require a cisco webex organization with a trial or paid subscription optionally if you want new WebEx teams user accounts to be active before they sign in for the first time Cisco does recommend that you first add their and verify and optionally claim your domains that contain the user email addresses that you want to synchronize in the cloud Cisco aqua also recommends that you do a single sign-on integration of your identity provider with your WebEx organization and we will talk about single sign-on in lesson 9 tomorrow at the end of the day tomorrow and then also Cisco recommends that you suppress automatic email invites so that you new users won't receive the automatic email invitation and then you can you could do your own email campaign right and this Rafi Chur does require the SSO integration be enabled before you can suppress automatic email invitations you can add claim and verify your domain in Cisco WebEx control hub to use the features that require proof of domain ownership ensure the security integrity of your organization and to help with your user management to verify domains Cisco or I guess the WebEx control hub will provide a token which you need to take and go into your DNS server and create a DNS txt record or text record using that key to confirm that you own the domain the webicon troll hub will then check for this token on the dns server you can also claim domains so that new cisco webex teams user accounts are added to your organization automatically instead of just the free consumer organization know where someone can't sign up for WebEx using your company domain if you claim the domain because they will get added automatically into WebEx control hub and then you can prohibit them from there so you need to claim a domain if you want new users with that domain to automatically be created within your organization and then you must convert existing users into your organization before you can claim a domain so if you have users who are using your company domain for WebEx teams and they are not yet added to your organization they have to be converted over first Cisco does recommend configuring auto license templates before claiming a domain because new users are added automatically into WebEx and therefore those license assignments will automatically be applied to them when they're added so you want those templates set up first we'll talk about how to do all that later I kind of feel like I need to show you this part so let me get out of this for a second and the slide you're seeing or the slide the browser window that I'm showing you right now is Dee cloud cisco has a kind of lab environment of sorts that you can have access to if you have a CCO ID to log into Cisco's website if you don't have one you can sign up for one for free so there's no reason you can't use this once you once you have your CCO ID you just go to Dee cloud cisco.com and it'll take you to the login screen then you can log in with your CCO I user name and password which I have mine saved and on my computer so it's easy to get access and that takes you into D cloud now you can go into the catalog and you can search for specific labs here you can check boxes if there's a specific solution you're looking for or you can just type in keywords like CCM for example and then it'll show you all the labs that are relevant to that I guess that didn't that wasn't a good things to search for so like I am for instant messaging and and then you'll see all the different labs available here and you can schedule these labs up I've created some a lab already if I go back to my hub under sessions you see this Cisco WebEx enablement lab this is all things WebEx great lab to go into and play around in a test bed that's not going to mess up any production environment now once you have a lab scheduled it'll save you so you can get access to it and you can click on info and if you come down a little bit in the info section you have some anyconnect credentials right here you can point any connect to this URL and then log in with this username and password and then you have VPN access into the pod and you can access all of the different servers if you don't want to use any connect you can just click on View and you will see a topology here of all the different devices that are included in this specific lab again each lab is a little different so the servers available will be different as well and then instead of doing an anyconnect VPN I can use the web portal to access the pod by coming over here to one of these workstations click that blue drop down arrow and I get this flyout window here and I just click on remote desktop it opens up a new browser into a remote desktop session and now I I can use this remote computer to access anything I want in the lab pod right there thing I have available so I'm gonna open up a browser and I'll show you here all you have to do to get to the WebEx control hub is type in admin dot WebEx dot-com I don't know what happened there that was weird I'm in oh I put a min admin why is my D not working on my computer this happened earlier I was sending a message to someone and the D key wasn't working for me I'm having internet connectivity issues here there we go admin dot WebEx comm should take you to this screen and then you can log in with your user also by the way under details go down a little further you'll see a domain this domain is assigned to eat each specific pod you schedule has a unique domain assigned to it so you'll want to look and see what that domain is I've already wrote this down so I can it's easy for me to remember but you'll use that domain to sign in to your WebEx related devices so for example see Holland is my administrator so I'm gonna sign in as C Holland at whatever that domain is right CB 197 dot DC tax zero one comm and it'll prompt me for my password passwords are the same throughout all of D clouds lowercase D uppercase C L owe you d one two three bank or exclamation mark and that will take me into the WebEx control hub where I can configure my other settings now what we're talking about here what I wanted to show you I had to give you a quick introduction to D cloud in case you haven't heard of it before surprisingly a lot of people have not but I wanted to show you this because I want to come in and show you how to verify a domain and so for that I'm gonna come down here in my menus you see on the left column and will come down to settings and then I want to scroll down to the section right here section heading called domain here it is domains and the first thing I need to do is add a domain right so I click add a domain whatever my domain is in this case it's CB 197 dot DC tech 0 1 com it pre-populated it here because that was set up when this account was first set up for me and then I can click Add that's where I get that token you'll see here in just a second and added the domain and what I can do is right here edit sub domain view update history tasks is not it hold on sorry let's try this again I just lost my domain here you should be see used to be a link that said verify token and now there it is lost my domains oh here we go so it says under domains it says pending and then I just click on these three dots you see out here to the right and I can retrieve that verification token this token that you see right here this is the token that I want to set up in a txt file in my DNS server right so I'm going to copy that information I'm gonna go over to my DNS server I'm going to set create a txt file and put that token in there and then once I've built that in DNS which it's already done for you in the D cloud environment then what I can do is click the 3 buttons again and come down and select verify domain so you got to add the domain you got to retrieve the verification token and build your txt file and then you got to come back and verify the domain so I'm going to click verify domain and then click verify and as long as WebEx can go out to DNS and it can see that token in that txt file in your DNS server then it will show you right here verified if not you'll get some other air warning and then you got to reconcile that right but now it does show verified and I'll show you back here under the three dots now I can come down and claim the verified domain if I wanted to as well I'm not gonna claim the domain here but you can also claim that I mean it's not really required to claim a domain it's just extra security for your protection if you do claim a verified domain but you must verify it first before you claim it claim just means no one else can use that domain if anybody tries to they get added to your webmix automatically and then you can block them that's all that is okay but verify is very important definitely need to verify your domains okay I showed you that let's go back to the PowerPoint here alright so for a multiple domain environment either a single forest or multiple forests you must install one Cisco directory connector for each Active Directory domain if you want to synchronize a new domain while maintaining the synchronized user data of an already existing domain you need to ensure that you have separate supported Windows servers to install the directory connector for the second domain synchronization for excuse me for sign into the connector whether you're doing a single domain or multiple domain Cisco does not require an administrative account in Active Directory they do require a local user account that's the same user as a full admin in account in cisco webex control hub so when web access first set up that's typically the user you already have in there the local user must have privileges on the Windows machine where the directory connector is installed in order to connect the domain controller and read Active Directory user objects the machine login account should be a computer administrator with privileges to install software on that local machine and this information also applies to any virtual machine login while signing into the connector the sign in account must be the same as the full admin account for the control hub by default the connector uses the local system account to access Active Directory however you can use Windows services to configure another account to access Active Directory so make sure that Windows safe dynamic link library or DD app DLL search mode is enabled and if you use ad LDS for multiple domains on a single forest Cisco recommends that you install the Cisco directory connector and Active Directory domain service Active Directory lightweight directory service ATS ad DS or ad LDS on separate machines right so make sure that's done also alright so what does all that mean if I go to users in my WebEx control hub you'll see I have a single user here he is not synchronized from Active Directory this is just the user we set up originally with this WebEx installation and if I select this user and I come down to administrator roles you can see that this user has full administrative privileges all we're saying is when this user sets up the directory connector it needs to be on a machine where this user who has full administrative privileges in the WebEx control hub also has administrative access to that computer so they can download an application to it and they'll have the authority to be able to log in using this administrator account those are the things you're looking for okay that this user does not have to have full administrative privileges to Active Directory though someone hold on a second we read a couple of these comments here someone's having audio issues hopefully everybody else can hear me okay someone said not all the labs work correctly indeed cloud that is true you're absolutely right I write labs not 4d cloud by Wright labs using D cloud for Cisco partners and I make sure all of my laps work if they don't work I don't use them so but you're right if you just go to D cloud and download a lab sometimes they don't work so you do have to watch out for that yes labs are free to use on D cloud there is no cost to them someone said some the password to the system does not work or expired and does not let you go beyond that because yeah sometimes that well what happens is they use Active Directory for all the user synchronisation Cindy cloud and sometimes when these systems load up because they're all virtual machines they don't load correctly and their scripts that run in the background the scripts don't always run and so what happens is the user is trying to log in and authenticate its credentials but a T's not syncing up or it's not working right and so the passwords don't seem to work with situations like that there is a Help option in D cloud where you can reach out to support and someone can help you reset servers and that sort of thing also you have access to do that yourself in D cloud if you go to servers right here I can go into any one of these servers and I can reboot it or reset it which reset it sets it back to the settings that's supposed to be at when the VM first sets up so you can do this yourself or you can contact support and they can help you I don't usually reach out to support so I'm trying to remember how to do that there's a link on here somewhere oh it's up here up top I think where it used to be edit and info in points there used to be a link right at the top that resources here under resources more help right here you can go in there and then and then reach out to someone on the D cloud team and they can help you support this stuff so so there are ways to support that someone said your screen share seems to be minimized tough to see compared to the earlier session I'm not sure what you're referring to if anybody else is having that issue put it in the chat window so that I can try to address that sherry also said there's no audio on her end hopefully that's fixed itself is is there anybody that can hear me I guess I should ask that if you can't hear me you're not gonna say anything audio is good okay alright some people can hear me alright so if you're having audio issues I mean you probably won't hear me say this but if you are having audio issues it's probably on your end just connect your audio reconnect it and that should resolve those issues all right good lots people are hearing audio fine so that's great okay so anyways I just wanted to show you that administrator just needs full administrator access and then they can they can do what they need to do to be able to download and install the directory connector yeah that's gentry that's right they probably lost their audio during lunch and never reconnected so that's possibility all right oops all right so let's move on Active Directory configuration and synchronization here are the steps to install and setup the directory synchronization so the first three steps that you see listed here downloading and installing the directory connector opening and signing into the directory connector and object selection are all mandatory steps you have to do those or it's not going to work right but the next step adding avatars that's an optional step you don't have to set up avatars you can do directory synchronization without avatars avatars is just that little picture of everybody you see next to their name in WebEx then it's always a good idea to perform a dry run to ensure everything set up correctly before enabling and running synchronization you don't have to do a dry run it's not a mandatory step but it's really good idea so I would consider it not optional in in most scenarios right once the synchronization process is complete or what you will want to verify that everything was performed the way it was supposed to so the next few slides after that will detail the specifics of each of these steps used to perform each of the tasks that are outlined here so let's begin with installing the directory connector cisco webex control hub initially shows directory synchronization as disabled so to turn on directory synchronization for your organization you must install and configure the Cisco directory connector and then successfully perform a full synchronization that will enable it automatically all right um someone oh sherry said something I don't know if it'd be helpful but we can't see the chat from the participants and the questions they're asking only you can I can't chat with everyone up just so you guys know in the chat window there's a setting you can set it to send it to just me or to all of the panelists or you can send it to all participants if you want other people to see your chat messages you may want to change it to all participants in fact let me just get out of this for a second make sure you guys have that privilege set up I'm gonna have to stop sharing here hold on so I can get to my other menus participants privileges communication ah I didn't have a box checked for all attendees you guys should be able to change who you're chatting with to all attendees so everybody can see it sherry did bring that to my attention so thank you for that sherry yeah oh hmm Justin you're seeing it in full-screen now you weren't before that's interesting let me go back and share my desktop again hopefully it's still in full screen for you when I share it pull my participant and chat windows back over to my other screen so you guys can send your messages to everybody but just so you know I mentioned this earlier and I'll mention it again I am going to make all of the chat messages available to everybody so even if you sent chat messages to me privately I'm going to send out a document and everybody should be able to see that now but I think it is important you guys see the questions each other asking so when you send questions to me in the chat window just make sure that in the sin 2 drop-down menu that you select all participants or all attendees either all participants or all attendees and that way everybody can see your question it's better if you put all participants because that includes panelists and attendees so if you do just all attendees I may not see your questions so make sure you do all participants all right so let's go back to the presentation so we're talking about installing the directory connector and for a new installation of the cisco directory connector you always want to go to the WebEx control hub to get the latest version of the software so that you're using the latest features and bug fixes after you install the software upgrades are reported through the software and automatically installed whenever available that way it stays current but when you're first installing it always make sure you have a fresh install you must install one connector for each Active Directory domain as I mentioned before a single Cisco directory connector instance can only serve a single domain so the diagram on this slide will help you understand the flow for multiple domain synchronization the following steps outline how to download install a single directory connector so step one from the admin web XCOM web interface you want to go to the users menu click on the manage users button in the top right corner and then click enable directory synchronization that's the link you see on this slide in the first image that'll take you to this next screen you see here so then you just want to click Next and it takes you to the next screen or slide of picture I guess graphic you see right here then you want to click the download and install link to save the latest version of the cisco directory connector zip file to your Windows server PC VM wherever you're installing it right so make sure whatever wherever you want it installed that's where you're downloading it from you want to go into that computer where you're going to install it log in to admin dot Cisco comm and then download it again you must have full administrative access to the WebEx control hub organization in order for this software to work then on VMware or Windows Server wherever you are you want to unzip and run the MSI MSI file that's in the setup folder in order to launch the Cisco directory connector setup wizard then you click Next check the box to accept the license agreement this is just your normal installation stuff click next you'll see the account type screen you want to choose the type of service account that you want to use perform then stand then perform the installation with your admin account and you can do local system which is the default option you choose this option if you have a proxy configure through your internet explorer or you do domain account and you use this option if your computer is part of a mein right then you want to click install after the network test runs you want to enter your proxy basic credentials if you're prompted to do so click OK and then click finish and that installs it right so it's just your normal basic installation a lot of words I don't want it to be confusing the main part of this right here is when you go to the users link in the WebEx control hub you come up to manage users right here and you select that and then under active directory then notice it says disabled you want to turn on directory synchronization it's you get this welcome thing right here you just click Next and then click download and install right once you download the file you don't need to click Next or anything else you're done with this right go ahead and close it if you go back into manage user it still shows disabled that will change to enabled once you set up the directory connector then you just go in wherever you're downloaded files are you install the directory connector and now you're ready to use it right that's it you just follow the installation steps nothing real special there so I used a lot of big fancy words just to say download and install it right real easy to do then what do you do once the directory connector has been installed you want to open the application and sign in with that cisco webex administrator login credentials of the administrator used I just showed you in this case Charles Holland and then perform the initial setup so the initial setup you want to open the directory connector and add the ID broker dot WebEx comm to your list of trusted sites if it prompts you to do so in most cases that probably won't okay someone said is there any way to run scripts in WebEx environment for example enabling certain licenses for bulk users unfortunately there's no way for you to run those scripts that's all done on the back end and like I use WebEx all the time they even gave me the ability to create my own custom I say WebEx I meant D cloud I use D cloud all the time I can create my own custom oh you said WebEx though I'm sorry I misread your question let me read that again is there any way to run scripts in WebEx environment for bulk users well sort of you can do CSV files for bulk users and there is a back-end to WebEx so technically there's an API back-end you can if you know how to create scripts and all that you can create and run those scripts as well absolutely what Cisco recommends for bulk users is to use the CSV files but again it's not the only way to do it because there is a API back in if you know rest api's sure you could write a script and run that absolutely in fact that's what they do indeed cloud for a lot of this these labs when they first boot up is they create these API scripts that when a lab pod boots up the scripts run and it does certain things for you it creates these accounts that adds Charles Hall into it it installs the the directory connector on the Charles PC for you automatically it does all of these things for you in the backend so if they can do it for D cloud you can definitely do it for in a production environment absolutely so a good question sorry I'm missing to read that at first so the next thing you want to do is confirm your organization and domain so if you choose a DDS check LDAP over SSL to use the secure LDAP or LDAP S as the connection protocol choose a domain that you want to synchronize from and then click confirm after Cisco directory connector confirm organization screen appears click confirm and then if you're already bound if you have already bound a DDS a TLDs the confirm organization screen appears for that and then you can click confirm there as well to move on to the next screen then you want to choose one depending on the number of Active Directory domains you want to bind to the directory connector if you have a single domain that is ad LDS bind to the existing existing ad LDS source and then click confirm if you have a single domain that is a TDs either bind to the existing domain or to a new domain and if you choose bind to a new domain then you just click Next and because the existing source source type is a TDs you cannot select ad LDS for the new binding so there's no way to go back on that if you have more than one domain choose an existing domain from the list or bind to a new domain and then click Next and then again because you have more than one domain the existing source type must be a TDs and you can't go back to ad LDS to get the latest features bug fixes and security updates make sure you're always downloading the latest software version and there is a way you can go in and change the menus so that it automatically searches for updates and keeps your directory connector current so to do that you can go to configuration general click the automatic upgrade to new Cisco directory connector version click apply and then save your changes and then new versions of the connector are automatically installed as soon as they're available you do not have to be logged in for that to occur now you've got to do your object selection so by default Cisco directory connector synchronizes all users that are not computers and all groups that are not critical system objects for a domain for more control over what objects get synchronized you can select specific users to synchronize and specify LDAP filters by using the object selection page in the Cisco directory connector so from Cisco directory connector you want to go to configuration and then click object selection in the object type section you can check users or groups and consider limiting the number of searchable containers for your users so you can control you know who's actually being imported if you want to synchronize just users in a certain group such as you may want to enter an LDAP filter in the user LDAP filter field if you want to sync users that are that are in the example manager group for example use a filter there's actually in your student guide an example of what you'd want to put in there so it's like open parentheses ampere Stan open parentheses Sam account name equals star close parentheses right and then you can do an open parentheses member of equals CN for container equals example manager because that's the name of the group comma oh you for organizational unit equals example oh you equals security group DC equals company right and so use kind of it's just LDAP thing held up language if you're used to working with it it it's familiar if not it's foreign but if you don't work with it you don't really need to know it so don't worry about it then what you want to do is check your identify room to separate room data from user data use a setting if you want to synchronize on-premise route information from Active Directory into the WebEx cloud after you synchronize the room information the on-premise room device devices with configured map sip addresses show up as searchable entries on cloud registered room devices so you can synchronize not just users but devices as well then you want to check your groups if you want to synchronize your Active Directory user group to the cloud do not add a user sync LDAP filter to the groups field you should only use the group's field to sync the group data itself to the cloud groups for hybrid data security deployments in cisco directory connector you must check groups if you're using the hybrid data security to configure a trial group for pilot users the Cisco directory connector setting does not affect other synchronize users in the cloud then you want to configure the LDAP filters you can add extended filters by providing a valid valid LDAP filter then you want to specify the on-premise base the ends to synchronize by clicking select to see the tree structure of your active directories you see in the left side of the screen right here from here you can select or deselect which containers to search within and then check that the objects you want to add for this configuration and then click select you can select individual or parent containers to use for synchronization select a parent container to enable all child containers if you select a child container the parent container shows a gray checkmark that indicates a child has been checked you can select or click select to accept the Active Directory container that you checked if your organization places all users and groups in the users container then you do not have to search any other containers if your organization is divided out into organizational units or OU's make sure that you select oh use then after you've made all your selections you want to click apply to save the changes three options will appear when you click apply and you can choose any one of the three you can apply config changes you can do a dry run or you can cancel which will just default everything back right then optionally you can do avatar again the previous slide that's kind of mandatory this one this is optional you can synchronize your users avatars to the cloud so that each users avatars appear when they sign into their application you can synchronize avatars from an Active Directory attribute or a resource server use this procedure to synchronize raw avatar data from an Active Directory attribute so step one from the directory connector you want to go to configuration and then click avatar and then check the Enable box for get avatar from choose ad attribute and then choose the avatar attribute that contains the raw avatar data that you want to synchronize to the cloud then you want to verify the avatar is [Music] accessed correctly so enter a user's email address and click get users avatar and if the avatar appears to the right then you know it's working the way it's supposed to after you verify that the avatar appeared correctly you can click apply to save your changes the images that are synchronized become the default avatar for users in the cisco webex team's app users are not allowed to set their own avatar after this feature has been enabled from the cisco directory connector the user avatar synchronized over to both cisco webex teams and any matching accounts on the WebEx site so WebEx meetings anything like that depending on what services you've provided to them once you've completed all the setup steps the next thing you want to do is perform a dry run right so there's a couple of different ways you can do a dry run there's also different opportunities you can do it I like to enable synchronization it'll prompt you to do a dry run then and then go ahead and do the dry run at that time but again there's different ways you can do it oh let's see that's all I really know so when you do a dry run I do want to say this it'll provide a results page for you and there's usually two options you'll see depending on whether using a single domain or multiple domains so in single domain you need to decide whether you want to keep the mismatched users if you want to keep them choose no retain objects if you don't choose yes delete objects after you do these steps and manually run a full sync so that there's an exact match between the premise and cloud Cisco directory connector will automatically enable scheduled auto sync tasks if you have multiple domains for an organization with say domain a and domain B first do a dry run on domain a then if you want to keep mismatched users choose no retain objects again if you want to delete choose yes delete objects and if you keep the users run a full sync for domain a first and then do a dry run on domain B if they're still mismatched users you can add those users in Active Directory and before you do the full sync for domain B when there's an exact match between the premise and cloud Cisco directory connector automatically enable scheduled auto sync tasks so in the confirm dry run prompt you want to click yes to redo the dry run synchronization and view the dashboard to see the results any accounts that were successfully synchronized in the dry run appear under the objects matched if a user in the cloud doesn't have a corresponding user with the same email in Active Directory the entry is listed under users delete it to avoid this delete flag you can add a user in Active Directory with the same email address to view the details of the items that were synchronized click the corresponding tab for specific items or objects matched and then to save the summary information click save results to file once you've done your dry run now you want to enable and run synchronization so assuming your results are as expected you can go do the Actions menu under synchronization mode select enable synchronization and then click the enable and now to do a manual synchronization and put Cisco directory connector in manual mode at this point after doing a synchronization on the last Active Directory domain in your multiple domain environment you must enable automatic mode for Cisco directory connector you can enable automatic mode only when the objects are completely matched between the Cisco WebEx cloud and all on-premise active directories when you run a full synchronization the connector service sends all filtered objects from your Active Directory to the cloud the connector service then updates the identity store with your ad entries if you created an auto assign license template you can assign that to the newly synchronized users if you have multiple domains you must do this step on each of the Cisco directory connector instances you installed for each Active Directory domain Cisco directory connector synchronizes the user account state in Active Directory any users that are marked as disabled also appear inactive in the cloud after first time sign-in if the dry run is complete and looks correct for all domains click enable now to allow automatic synchronization to occur from Cisco directory connector go to the dashboard click sync now full to start a full synchronization confirm the start of your synchronization during the synchronization the dashboard shows the synchronization process and this may include the type of synchronization the time it started and what phase in which the synchronization is currently running after the synchronization the last synchronization and clouds the statistics section are updated with the new information user data is synchronized to the cloud you do want to verify synchronization was complete and there's two wait places you can verify this the status for directory synchronization updates from will update the field from disabled to operational on the settings page in the WebEx control hub so that's one indicator you have that synchronization was successful when all data is matched between on-premise and cloud Cisco directory connector changes the Cisco directory connector changes from manual mode to automatic synchronization mode unless you integrate single sign-on verify domains and optionally claim domains for email accounts that you synchronized and suppress automated emails the Cisco WebEx teams user accounts remain in a not verified state in the WebEx control hub until users sign into the WebEx teams for the first time to confirm their accounts if you have multiple domains do this step on any other cisco directory connector that you've also installed and after synchronization the users on all domains you added should be listed in the webex control hub if you integrated single sign-on with the Cisco WebEx and suppressed email notifications the email invitations will not be sent out to the newly synchronized users you cannot manually add users in WebEx control hub after the directory connector is enabled so once enabled user management is performed from Cisco directory connector and Active Directory is the single source of truth if errors occur during the synchronization the status indicator ball will turn red you can click refresh if you want to update the status of the synchronization for information about air select the launch event viewer menu from the actions toolbar in order to view the different error logs also you can verify synchronization was successful from the control hub either click on the users menu or refresh the users page if you're already navigated there verify all the users have been imported that you expected to be imported at the top of the page a counter will identify how many users exist in the WebEx database if you included Avatar information as well then each user should have a picture to the left of their name and once all the information has been verified successfully then you can go back and close your directory connector and you've completed the process all right so let's take a look at this I think I have time for this I'm gonna log back into the WebEx control hub real quick see Holland at CB 197 dot Tex erewan com and will sign in lips fat fingers alright so just to verify we only had one user and there wasn't a lot of information about that user in the WebEx control hub so we go to users menu we see Charles Holland but there's no avatar no first name no last name and the display name and email address are the same all right so now what we want to do is install and run the directory connector which is actually already installed on this computer so I go down to the windows screen and type in oops sis code I can't type today my D is not working for some reason like half the time okay Cisco directory connector again we want to sign in with our administrator user information so see Holland and CB 197 dot d see tech zero one comm and password D Cloud 1 2 3 bang and we're gonna choose a DDS we could choose LDAP over SSL I'm not worried about that for my demo here I clicked on the load domains button and then select D cloud dot Cisco comm then we click confirm give it just a second here would you like to automatically upgrade to the latest directory connector when it's available yes so I get the prompt makes it easy right do I want to do a dry run at this time I don't really if I do a dry run right now it's gonna try to import all the users in Active Directory and I don't want do that so I'm going to say not now and then I'm going to come up here to the configuration tab and under object selection I want to specify what objects I want to import so I don't want to import any groups I just want to import users and the users I'm going to import specifically if I click select then here's that hierarchy of everything in my active directory I'm gonna select or unselect this parent folder and watch what happens to all these child folders when I unselect it they all get unselected as well because I don't want all of these I only want one of these I want D cloud in this case right so I'm going to choose the select button after I've checked that and now I have my path here setup oh you which is my organizational unit equals D cloud under the domain D C domain controller D Cloud domain controller cisco domain controller com so it's D Cloud not cisco comm basically alright and then I could click apply settings but I'm actually going to go over to Avatar and do some avatars as well so I'm going to choose the enable box which gives me all of the settings here and I have to put in my avatar URL pattern where are my avatars located and so hopefully whoever's managing all this for you will be able to answer that information for you but if I look at my desktop here I have a pattern dot txt file and this is where my avatars are located so I'm gonna copy that information close that and come back here and paste that information in the Avatar URL pattern now I'll come down and click apply and notice I can do a dry run at this point if I want to and it'll tell me what information is going to be imported I'm not going to do it yet I'll just click apply changes just to those settings get committed and then I'm going to come back to dashboard and under actions I'm going to choose synchronization mode enable synchronization right now it's good idea to do a dry run before you enable synchronization I could have just said sync and dry sync dry run right here - and I believe under actions I have a dry run option - which is not going to let me select but when this pop-up window comes up would you like to perform a dry run now now I'm gonna say yes it's gonna do a dry run check meaning it's not actually doing the synchronization but it's showing me what items would be synchronized if I did it right and I can see right here seven objects will be added one I have one object matched because see Holland already exists in there but he also exists in Active Directory right and so I can come up here at the top you see all these tabs I can see admins deleted users deleted groups deleted objects added matched and rooms deleted so those are all the different settings I was talking about before and I can click between them if I want but this is my expected outcome so this is all I need to worry about here I'm gonna click done and then it's gonna say because I said enable synchronization are you ready to enable synchronization now yep let's enable synchronization and notice the status changed from disabled to idle the mode also changed from manual to automatic so now I'm gonna force a synchronization I could wait whatever times are preset in here for when synchronization occurs it will happen at that point in time but I can also force it to go ahead and do a synchronization now I'm gonna go to actions sync now and then just do a full synchronization I have to confirm that that's what I want to do and then under phase right here you're gonna see some information here's the number of users that are uploaded and processed and the number of avatars uploaded and processed and so we've got to wait for this to complete shouldn't have any issues sometimes you may have synchronization issues especially if you have a lot of users and this could take a really long time if you have a lot of users if that's the case you may want to do incremental syncs or you can just refresh it and and just if you do a full sync and you get an error message just refresh it run it again usually on the second run everything works a lot smoother so it's finished and we can see now under last synchronization box that our status changed to no errors and it did the full synchronization I can see when it started and finished and all of that so there's my verification from the directory connector what's my verification from the WebEx control hub I want to refresh this page watch see Hollens information change he had no avatar no first name no last name and the display name and email were the same now when I look at Charles Holland all this information got populated using the active directory and notice that not only is he active but all the other users are surprisingly showing verified not active but verified because I verified the domain and their domain for their email matches the domain that I verified so that's why it's showing up is verified right so I just wanted to show you that real quick it's a pretty easy process to run through so I just wanted to display that for you let's go ahead and come back here and look at WebEx user service assignments there's two ways to methods for doing service assignment so after you complete full user synchronization from the directory connector into the WebEx control hub you can use Cisco WebEx control hub to assign the same Cisco WebEx service licenses to all of your users at once or add additional licenses to new you if you've already configured an auto assign license template so when you assign a license to the WebEx team user that user receives an email confirming the assignment by default the email is sent by a notification service in cisco webex control hub and if you integrated single sign-on though you can suppress automatic email notifications and in that case they won't receive the email to auto assign user services to all of your users the first thing you want to do and the users menu is click manage users and then click setup auto assign template link in the license section right so up here Active Directory this is where we set up our downloaded directory connector right below that licenses click on the setup auto assign template takes you a page that looks like this you want to check the box beside the services that should be assigned to all users the following messaging and meeting options are available under messaging this is Cisco's free WebEx team's messaging client the offers messaging and presence and there are two options available under this service service assignment WebEx teams and jabber team messaging mode notice in this example jabber team messaging mode is grayed out because that service has not been enabled in setup yet when we talk about that one later I believe tomorrow or I can't remember which lesson that is might be today then you'll see they actually see that service change it will be grayed out any more meetings includes all meeting capabilities through WebEx solution so the options available here may depend on what services a company's subscribed in order to have there are three options possibilities available you have WebEx team meetings these are meetings hosted by personal WebEx teams accounts you have WebEx Enterprise Edition these are WebEx meeting centers meaning Center hosted meetings participants may connect to these meetings directly to the cloud or through the WebEx video mesh node if it's been configured then there's WebEx collaboration meeting rooms and this is the same as the WebEx Enterprise Edition with the inclusion of the ability for cisco telepresence endpoints to be able to join the meeting so when the WebEx Enterprise Edition option is selected this other option will automatically be selected as well calling no options will appear for calling services in the setup Auto assigned template because there's additional settings that have to be configured on an individual user basis for this feature however calling can be set up for multiple users with a CSV file once all the required services have been selected click on the next button and a confirmation page will appear verify the information is correct and then click Save and that's it the templates been created if single sign-on is not being used then these template settings will not be applied to the user account until they login and verify their account for the first time so if I set up templates and then I look at a user I'm not going to see those settings applied to the user but if SSO was set up prior to the template being set up then these settings will be applied to that user account immediately if the company is planning to use SSO then this template should be set up before setting up single sign-on one single sign-on is set up the template will be applied to all users immediately and all accounts will show as active whether they verify their account or not if there are already active users in the WebEx control hub and you want to modify the auto assign services then from the Eck's control hub portal and you want to go to the users menu click manage users choose the modify all synchronized users option and then click Next if you suppress email notifications read the prompt that appears in the screen and then click Next again and on sync status click the Refresh arrow to upload the list click Next and then choose one of the following options you can check the Cisco WebEx service that you want to apply initially to all of the synchronized users or if the license template has already been configured and activated Cisco WebEx service services from the template are applied to the newly synchronized users so you can apply to new users or current users basically you can also manually assign user services administrators may choose to modify specific user services on a case-by-case basis by going into the users menu and selecting a specific user and then in the configuration flyout window that appears on the right of the screen next to the service section they can click on edit link the services enabled for users window will appear and this window has the same appearance as the set up auto assigned template page then they select or change the services for that user and then click on the Save button and then the services have been changed then for that individual user so let me show you that one real quick and that finishes out this lesson so two ways to do this you can do auto assigned templates or manually assign services so auto assigned template you click on manage users I selected Taylor bard somehow don't remember doing that manage users and under licenses see how it says setup auto assign template that hasn't been set up before so I click on that hyper and all the services available will show up on this page notice jabber team messaging mode is grayed out because it hasn't been configured yet but I'll give all users and this is just an attempt 'let I'll give them WebEx teams WebEx team meeting and then watch what happens when I click WebEx Enterprise Edition WebEx collaboration meeting rooms also get selected automatically I can go back and unselect that if I want I don't know why I'd want to do that so might as well just leave it all checked right or you can kind of modify maybe you don't want everybody to have a WebEx license but everybody gets a teams meeting license right so maybe I don't select this one it's really entirely up to you notice calling doesn't have any options available again you can't set up calling with the auto assign template so then I click Next it gives me a confirmation screen I click Save and that creates that template for everybody but these users have not signed in and activated their accounts yet so watch what happens if I select Anita Perez and I go to services and I click Edit nothing is selected here now if I go back and verify and need as a count and then come back in here everything I checked before you will see selected here as well right but in this case it's not so what do I need to do on an individual user basis I can manually assign settings so I can manually give her WebEx teams WebEx teams meetings WebEx Enterprise Edition and if I wanted to now I can give her WebEx calling I can give her enterprise calling or basic calling right I'm not going to enable that for her in this case but it is an option on a manual basis on a case by case basis but not an option on a template basis so I can just save those settings and then they've been applied to Anita right so that's it now if you did want to do a CSV file you could come down to CSV file add or modify users export the user list mod by it upload it back into the WebEx control hub and then it would apply that template to all of your different users okay so that's it for chapter lesson two

Info

Channel: Collab Crush

Views: 6,686

Rating: undefined out of 5

Keywords: Cisco collaboration, Cisco collaboration videos, cisco collaboration training videos, cisco collaboration lab, 300-801 CLCOR, 300-801, CLCOR, collab crush, collabcrush, cisco, webex, webex solutions, webex on-prem, cisco on-prem, webex on prem, webex training, webex teams, webex meetings, training for webex, 300-820 CLCEI, 300-820, CLCEI, webex clcii, webex 300-820, Jason ball, Jason ball cisco, webex hybrid directory, hybrid directory webex

Id: jUZP-JcS9hQ

Channel Id: undefined

Length: 72min 58sec (4378 seconds)

Published: Mon Mar 23 2020