Polycom RealPresence Resource Manager System Operations Guide Working with Management Roles and
332 Polycom, Inc.
When the RealPresence Resource Manager system is integrated with an
enterprise directory, the system manages only three pieces of group
information: the provisioning profile assigned to the group, the roles assigned
to the group, and whether or not the group is Directory Viewable (that is,
displayed in endpoint directories) or included in an address book. The
remaining group information is pulled from the enterprise directory.
Prepare to Use Active Directory
To take full advantage of the RealPresence Resource Manager system, the
enterprise Microsoft Active Directory must:
• Have Global Catalog turned ON. The Global Catalog enables searching for
Active Directory objects in any domain without the need for subordinate
referrals, and users can find objects of interest quickly without having to
know what domain holds the object.
• Use universal groups. The Global Catalog stores the member attributes of
universal groups only. It does not store local or global group attributes.
• Have a login account that has read access to all domains in the Active
Directory that the RealPresence Resource Manager system can use. We
recommend an account with a administrative username and a
non-expiring password.
• Have the Active Directory Domain Name Service correctly configured.
For more information about Active Directory design and deployment, see
the Microsoft best practices guides at http://technet.microsoft.com.
For system and endpoint directory performance purposes, two best practices
in regards to enterprise groups are:
• Do not import more than 500 enterprise groups into a RealPresence
Resource Manager system.
• Do not mark more than 200 enterprise groups as Directory Viewable.
Working with Management Roles and Permissions
You must decide which users will have management roles. Users with
management roles can perform tasks on the RealPresence Resource Manager
system, such as device management or conference scheduling. Management
roles can be system-wide or area-restricted. A user must be assigned a
management role in order to access the management system interface.
Participant users who can be scheduled into conferences do not need to be
assigned a management role, unless that particular user also needs to perform
system management tasks.
For more information about area roles, see “User Roles within a
Multi-Tenancy Environment” on page 495.
