IT tutorials
 
Applications Server
 

Microsoft Lync Server 2013 : Dependent Services and SQL - Active Directory (part 2) - Forest Prep, Domain Prep, Lync Server 2013 Security Groups

12/14/2014 8:23:19 PM
- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire

Forest Prep

After the schema has been updated, the Deployment Wizard enables the remaining AD preparation steps. The next step is to prepare the forest for the Lync Server installation, which creates global configuration settings and universal security groups required for the Lync deployment. The forest prep step must be performed by a user that is currently a member of the Enterprise Admins group. Continuing with the Deployment Wizard, the following steps are used to prepare the forest:

1. Click Run on Step 3: Prepare Current Forest. The Prepare Forest task launches, as shown in Figure 3. Click Next.

Image

Figure 3. Preparing the forest.

2. At the Universal Group Location screen, the option is presented to create the Lync security groups in another domain in the forest. Either choose the Domain FQDN option and enter the fully qualified name of another domain, or keep the default setting to create the groups in the local domain. When finished, click Next. This action invokes the Install-CSAdForest PowerShell command, which creates the global configuration settings and universal security groups required by Lync.


Tip

By default, the Lync installer will create the Lync universal security groups in the domain where the wizard is being run. However, for some organizations it may make sense to select an alternate domain to host these groups. For example, some organizations use an empty placeholder domain as the AD forest root domain. In this situation, one of the child domains would likely be selected to host the Lync security groups to maintain organizational policy.


3. When the command has finished executing, click View Log to review the log file and ensure that no errors or warnings were generated during forest preparation.

4. When finished, click Finish to complete the procedure and return to the Deployment Wizard.

5. Verify that the changes introduced during Forest Prep have replicated throughout the AD forest before continuing with the next step.


Tip

Replication of the forest prep changes can be verified by simply using the Active Directory Users and Computers console to determine whether the Lync security groups have been created. In the Users container at the root of the domain chosen in step 2, 11 new groups named with the “CS” prefix should be present, for example, CSAdministrator.

Domain Prep

After the forest is prepared, the final AD preparation task is to prepare the domain for Lync Server. Unlike the previous two steps, domain prep must be performed on every domain that will host either Lync servers or Lync users. The domain prep step configures the permissions required for the universal security groups created in the previous step, and must be performed by a user that is currently a member of the Domain Admins group for the domain that the tool is run against. Continuing with the Deployment Wizard, the following steps are used to prepare the domain:

1. Click Run on Step 5: Prepare Current Domain.

2. Click Next. This action will invoke the Install-CSAdDomain PowerShell command, which creates the security group access control entries required by Lync.

3. When the command has finished executing, click View Log to review the log file and ensure that no errors or warnings were generated during domain preparation.

4. When finished, click Finish to complete the procedure and return to the Deployment Wizard.

5. Verify that the changes introduced during domain prep have replicated throughout the AD forest before installing the first Lync Server into the environment.


Tip

Replication of the domain prep changes can be verified using the Lync Server Management Shell, using the following command: Get-CsAdDomain. If the domain prep changes have replicated successfully, the cmdlet returns a value of LC_DOMAIN_SETTINGS_STATE_READY.

Lync Server 2013 Security Groups

After the Active Directory preparation steps previously described have been completed, a number of new AD security groups are introduced. The groups can be divided into four primary categories: service groups, administration groups, infrastructure groups, and role-based access control (RBAC) groups. The purpose of each security group is described next.

Lync Server 2013 service groups include the following:

RTCHSUniversalServices—Includes service accounts that can be used to run the Front End services and grants Lync servers read/write access to Lync Server global settings and Active Directory user objects.

RTCComponentUniversalServices—Includes service accounts that can be used to run Lync conferencing and web components services.

RTCProxyUniversalServices—Includes service accounts that can be used to run a Lync proxy service.

RTCSBAUniversalServices—Grants read access to the Lync deployment for survivable branch appliance installation.

Lync Server 2013 administration groups include the following:

RTCUniversalServerAdmins—Allows members to manage server and pool settings.

RTCUniversalUserAdmins—Allows members to manage user settings and move users from one server or pool to another.

RTCUniversalReadOnlyAdmins—Allows members to read server, pool, and user settings.

RTCUniversalSBATechnicians—Grants read access to the Lync deployment, as well as local administrative access to a survivable branch appliance during installation.

Lync Server 2013 infrastructure groups include the following:

RTCUniversalConfigReplicator—Allows Lync servers to participate in replication of the Lync configuration.

RTCUniversalGlobalWriteGroup—Grants write access to global settings for Lync Server.

RTCUniversalGlobalReadOnlyGroup—Grants read-only access to global settings for Lync Server.

RTCUniversalUserReadOnlyGroup—Grants read-only access to Lync Server user settings.

RTCUniversalServerReadOnlyGroup—Grants read-only access to individual Lync Server settings.

Lync Server 2013 RBAC groups include the following:

CSAdministrator—Grants full administrative access to the Lync Server 2013 environment.

CSArchivingAdministrator—Grants access to the archiving-related Lync settings and policies.

CSHelpDesk—Grants read-only access to Lync user properties and policies, along with access to specific troubleshooting functions.

CSLocationAdministrator—Grants access to the E911 management functions of Lync.

CSPersistentChatAdministrator—Grants access to the Lync Persistent Chat admin cmdlets.

CSResponseGroupAdministrator—Grants access to configure the Response Group application within Lync.

CSResponseGroupManager—Grants access to manage limited configuration of Lync Response Groups that have been assigned.

CSServerAdministrator—Grants access to manage, monitor, and troubleshoot Lync servers and services.

CSUserAdministrator—Grants access to enable, disable, and move Lync users, as well as assign existing policies.

CSViewOnlyAdministrator—Grants read-only access to the Lync deployment for monitoring purposes.

CSVoiceAdministrator—Grants access to create, configure, and manage voice-related Lync settings and policies.


 
Others
 
- Microsoft Lync Server 2013 : Dependent Services and SQL - Active Directory (part 1) - Schema Extensions
- Administering Active Directory 2008 : Creating and Managing Active Directory Objects (part 4) - Moving, Renaming, and Deleting Active Directory Objects , Resetting an Existing Computer Account
- Administering Active Directory 2008 : Creating and Managing Active Directory Objects (part 3) - Understanding Groups, Filtering and Advanced Active Directory Features
- Administering Active Directory 2008 : Creating and Managing Active Directory Objects (part 2) - Managing Object Properties
- Administering Active Directory 2008 : Creating and Managing Active Directory Objects (part 1) - Overview of Active Directory Objects
- Sharepoint 2010 : Windows PowerShell Remoting (part 2) - Entering a Remote Session, Running SharePoint 2010 Cmdlets Remotely
- Sharepoint 2010 : Windows PowerShell Remoting (part 1)
- Sharepoint 2010 : Windows PowerShell Scripts (part 3) - Writing Comment-Based Help Topics in Scripts,Using Functions in Scripts , Customizing Windows PowerShell with Profile Scripts
- Sharepoint 2010 : Windows PowerShell Scripts (part 2) - Executing Scripts, Using Parameters in Scripts
- Sharepoint 2010 : Windows PowerShell Scripts (part 1) - Setting the Execution Policy
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS