Applications Server
 

Microsoft Lync Server 2013 Front End Server : Active Directory Preparation

1/12/2014 2:26:11 AM

Microsoft Lync Server 2013 heavily leverages Active Directory. This results in tight integration across the Microsoft stack, including Microsoft Exchange and Microsoft SharePoint Server. However, first Active Directory must be prepared before installation can begin. All the Active Directory preparation steps can be performed in either the Deployment Wizard GUI or the Lync Server Management Shell, a customized version of PowerShell.

The first step is to ensure that your Active Directory environment meets the minimum requirements for Lync Server 2013. The requirements are outlined here:

• All domain controllers in the forest where Lync Server 2013 will be deployed must be Windows Server 2003 SP2 or higher.

• All domains where you deploy Lync Server 2013 must have a functional level of Windows 2003 native or higher.

• The functional level for the forest must be Windows 2003 native or higher.

After the Active Directory prerequisites have been met, the next step is to extend the Active Directory schema to support Lync Server 2013. The schema preparation process adds new classes and attributes to Active Directory that are required for Lync Server 2013. This process must be run as a user that is a member of the Schema Admins group and is a local administrator on the server that holds the Schema Master FSMO role.


Note

To run the preparation steps from another domain member server other than the Schema Master, ensure that the remote registry service is running and the appropriate registry key is set on the Schema Master. In addition, the Active Directory Remote Server Administration Tools (AD DS) feature must be installed on the server where the preparation steps will run.


To extend the Active Directory schema using the Lync Server Deployment Wizard, as shown in Figure 1, follow these steps:

1. From the Lync Server 2010 installation media, run Setup.exe.

2. Click Prepare Active Directory.

3. For Step 1: Prep Schema, click Run.

4. At the Prepare Schema screen, click Next. You’ll see the Management Shell command that is being executed, as shown in Figure 2.

5. Ensure that the process was successful and click Finish to close the window.

6. Ensure that the information has replicated to all domain controllers before continuing to the next step.

Image

Figure 1. Lync Server 2013 Deployment Wizard.

Image

Figure 2. Prepare Schema command.

To prepare the Active Directory schema using the Lync Server Management Shell, open the shell and run the Install-CsAdServerSchema cmdlet. The proper syntax for the command is Install-CsAdServerSchema -LDF <full directory path where the ldf files are located>. For example

Install-CsAdServerSchema -LDF "C:\Program Files\Microsoft Lync Server 2013\Deployment\Setup"

The Lync Schema extension process adds the following attributes to Active Directory. The first two are flagged MayContain for every user account.

msExchUserHoldPolicies—Shared with Exchange 2013 and will already be in place if the schema has already been extended for Exchange 2013. It is a multivalue attribute that holds identifiers for user hold policies applied to a given user account.

msRTCSIP-UserRoutingGroupId—Defines the SIP routing group ID. The SIP routing group ID defines which Front End Server a user will register to.

msRTCSIP-MirrorBackEndServer—Used to store the information for the mirrored SQL Server backend used by the front-end pool.

The next step is to prepare the Active Directory Forest. This process must be run by a user of the enterprise admins group or domain admins for the root domain. Forest preparation creates global objects and sets the appropriate permissions and groups to complete the installation process. Note that in a new deployment the global settings are automatically stored in the Configuration partition. If you are upgrading from an older version of Lync Server, you can still store the settings in the System container as was standard during previous versions’ installation. However, although it is not a requirement, it is recommended to move the global settings container from the System partition to the Configuration partition as part of the Lync Server 2013 installation process.

The Deployment Wizard should still be up from the preceding step. If not, run setup.exe and it will pick up where you left off. Follow these steps to prepare the forest:

1. For Step 3: Prepare Current Forest, click Run.

2. At the Prepare Forest screen, click Next. You’ll see the Management Shell command that is being executed, as shown in Figure 3.

Image

Figure 3. Prepare Forest command.

3. Ensure that the process was successful and click Finish to close the window.

4. Ensure that the information has replicated to all domain controllers before continuing to the next step.

To prepare the Active Directory Forest using the Lync Server Management Shell, open the shell and run the Enable-CsAdForest cmdlet. The proper syntax for the command is Enable-CsAdForest -GroupDomain <FQDN of the domain to create the universal groups>. For example

Enable-CsAdForest -GroupDomain companyabc.com

The final step is to prepare the active directory domain or domains. You’ll need to run this in every domain where you plan to deploy Lync Server 2013. This step will add to universal groups the necessary ACEs (access control entries). As in the two previous steps, this can be done through the Lync Server Deployment Wizard or the Lync Server Management Shell.

Using the Deployment Wizard, perform the following steps. Note that if you closed the Deployment Wizard you’ll need to run setup.exe again.

1. For Step 5: Prepare Current Domain, click Run.

2. At the Prepare Domain screen, click Next. You’ll see the Management Shell command that is being executed, as shown in Figure 4.

Image

Figure 4. Prepare Domain command.

3. Ensure that the process was successful and click Finish to close the window.

4. Ensure that the information has replicated to all domain controllers before continuing to the next step.

To prepare an Active Directory domain using the Lync Server Management Shell, open the shell and run the Enable-CsAdDomain cmdlet. The proper syntax for the command is Enable-CsAdDomain -Domain <current domain FQDN> -GroupDomain <FQDN of the domain where the Universal groups were created>. For example

Enable-CsAdDomain -Domain companyabc.com -GroupDomain companyabc.com


Note

Note that the PowerShell method is the only way to perform the domain preparation steps when only 32-bit domain controllers are available.


Following is a list of Active Directory Administration groups created by the preparation processes.

Service groups:

RTCHSUniversalServices—Includes service accounts used to run Front End Server and allows servers read/write access to Lync Server global settings and Active Directory user objects.

RTCComponentUniversalServices—Includes service accounts used to run conferencing servers, Web Services, Mediation Server, Archiving Server, and Monitoring Server.

RTCProxyUniversalServices—Includes service accounts used to run Lync Server Edge Servers.

RTCUniversalConfigReplicator—Includes Lync servers that participate in Central Management Store replication.

RTCSBAUniversalServices—Grants read-only permission to Lync server settings and allows for the configuration of survival branch appliance devices.

Administration groups:

RTCUniversalServerAdmins—Allows members to manage server and pool settings.

RTCUniversalUserAdmins—Allows members to manage user settings and move users from one server or pool to another.

RTCUniversalReadOnlyAdmins—Allows members to read server, pool, and user settings.

Infrastructure groups:

RTCUniversalGlobalWriteGroup—Grants write access to global setting objects for Lync Server.

RTCUniversalGlobalReadOnlyGroup—Grants read-only access to global setting objects for Lync Server.

RTCUniversalUserReadOnlyGroup—Grants read-only access to Lync Server user settings.

RTCUniversalServerReadOnlyGroup—Grants read-only access to Lync Server settings. This group does not have access to pool-level settings, only to settings specific to an individual server.

RTCUniversalSBATechnicians—Grants read-only permission to the Lync Server configuration, and members of this group are placed in the local administrator group of the survivable branch appliance during installation.

Forest preparation then adds service and administration groups to the appropriate infrastructure groups, as described here:

RTCUniversalServerAdmins is added to RTCUniversalGlobalReadOnlyGroup, RTCUniversalGlobalWriteGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.

RTCUniversalUserAdmins is added as a member of RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.

RTCHSUniversalServices, RTCComponentUniversalServices, and RTCUniversalReadOnlyAdmins are added as members of RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.

Forest preparation also creates the following role-based access control (RBAC) groups:

CSAdministrator

CSArchivingAdministrator

CSBranchOfficeTechnician

CSHelpDesk

CSLocationAdministrator

CSResponseGroupAdministrator

CSPersistentChatAdministrator

CSServerAdministrator

CSUserAdministrator

CSViewOnlyAdministrator

CSVoiceAdministrator

CSResponseGroupManager

 
Others
 
- Sharepoint 2013 : Understanding SharePoint app model architecture (part 7) - Working with app user-interface entry points - Building UI custom actions
- Sharepoint 2013 : Understanding SharePoint app model architecture (part 6) - Working with app user-interface entry points - Building app part
- Sharepoint 2013 : Understanding SharePoint app model architecture (part 5) - Setting the start page URL, Understanding the app web
- Sharepoint 2013 : Understanding SharePoint app model architecture (part 4) - Reviewing the app manifest
- Sharepoint 2013 : Understanding SharePoint app model architecture (part 3) - Understanding app hosting models
- Sharepoint 2013 : Understanding SharePoint app model architecture (part 2) - Understanding app code isolation
- Sharepoint 2013 : Understanding SharePoint app model architecture (part 1) - Working with app service applications
- Sharepoint 2013 : Introducing SharePoint Apps - Understanding the new SharePoint app model
- Exchange Server 2013 : Extending Exchange - Choosing the Right API for Exchange Development in Exchange 2013
- Exchange Server 2013 : Extending Exchange - Accessing Exchange Programmatically
- Active Directory 2008 : Configuring Active Directory Certificate Services (part 4) - Configuring Additional CA Server Settings
- Active Directory 2008 : Configuring Active Directory Certificate Services (part 3) - Revoking Certificates
- Active Directory 2008 : Configuring Active Directory Certificate Services (part 2) - Enrolling User and Computer Certificates
- Active Directory 2008 : Configuring Active Directory Certificate Services (part 1)
- Active Directory 2008 : Monitoring and Troubleshooting Active Directory Replication
- Sharepoint 2013 : Organizing and managing information - Associating document templates with content types
- Sharepoint 2013 : Organizing and managing information - Creating a new content type
- Architecting an Enterprise-Level Exchange Server 2013 Environment (part 3) - Designing Exchange Server Infrastructure
- Architecting an Enterprise-Level Exchange Server 2013 Environment (part 2) - Designing Exchange Server Roles in an Exchange Server Environment
- Architecting an Enterprise-Level Exchange Server 2013 Environment (part 1) - Designing Active Directory for Exchange Server 2013
 
 
Most View
 
- Exchange Server 2013 : Exploring useful EMS examples (part 2) - Creating a report in HTML
- Sharepoint 2013 : Navigate Through a SharePoint Site (part 3) - Use the Breadcrumbs, Use the Navigate Up Breadcrumbs
- Personalizing Windows 8 : Protecting Yourself with Windows Firewall - Advanced Firewall Configuration
- Microsoft Project 2010 : Strategic Importance of Project 2010
- Microsoft Excel 2010 : Working with Graphics - Inserting WordArt, Using Smart Art in Excel
- Taking Microsoft Project 2010 for a Test Drive (part 7) - How Long Will All These Tasks Take?
- Windows 8 : Disks and Storage Devices - Optical Discs, USB Flash Drives
- Windows 8 : Creating a Windows Network - Installing Network Adapters
- Sharepoint 2013 : Customizing a SharePoint Site - Open the Site Settings Page
- Microsoft Visio 2010 : Distributing Templates and Stencils (part 2) - Creating a Separate Stencil for Shape and Code Delivery
 
 
Top 10
 
- Sharepoint 2013 : Working with media - Working with video files (part 3) - Use a picture from a web address as a thumbnail, Associate related content to a video file
- Sharepoint 2013 : Working with media - Working with video files (part 2) - Use an image from your computer as a thumbnail
- Sharepoint 2013 : Working with media - Working with video files (part 1) - Capture a thumbnail from the video
- Sharepoint 2013 : Working with media - Organizing by using keywords and metadata
- Sharepoint 2013 : Working with media - Tagging media files
- Sharepoint 2013 : Working with media - Uploading and tagging media files
- Sharepoint 2013 : Working with media - Introducing the Asset Library app
- Microsoft Word 2010 : Creating Mail Merge Documents - Creating a Data Document
- Microsoft Word 2010 : Creating Mail Merge Documents - Importing Data from Outlook
- Microsoft Word 2010 : Creating Mail Merge Documents - Importing Data from a Database