X hits on this document





100 / 123

S-1-5-21-4264192570-  CONTOSO\RTCSetupDelegate                          S-1-5-21-4264192570-  CONTOSO\CERTSVC_DCOM_ACCESS Alias                 S-1-5-21-4264192570-

To use LcsCmd.exe to grant permissions

1.Log on to a computer running Office Communications Server in the domain where you want to grant permissions. Use an account that is a member of the Domain Admins group or that has equivalent credentials.

2.Open a command prompt and then type the following command:

LCSCmd.exe /Domain[:<domain FQDN>]  /Action:CreateDelegation /Delegation:SetupAdmin  /TrusteeGroup:<name of the universal group that you will delegate to>  /TrusteeDomain:<FQDN of the domain where the trustee group resides> /ServiceAccount:<RTC service account name> /ComponentServiceAccount:<RTC component service account name> /ComputerOU:<DN of the OU or container where the computer objects that will run Office Communications Server reside>


TrusteeGroup is the group to which you are granting permissions.

TrusteeDomain is the domain in which the trustee group resides.

ServiceAccount is the Real-time Communications (RTC) service account name

ComponentServiceAccount is the RTC component service account name.

ComputerOU specifies the DN of the OU containing the computers on which the trustee group can run Office Communications Server setup tasks.

3.Add the new trustee group to the Local Administrators group of each computer where you want to install Office Communications Server and the computer running the SQL Server back-end database server for any Enterprise pools.

4.If, in your organization, Authenticated Users security group permissions have been removed from Active Directory Domain Services (AD DS), you must either add the new trustee group for setup tasks to RTCUniversalServerAdmins or manually grant Read permissions to the trustee group for the following containers in the forest root:

Forest root domain

Forest root domain System container

Configuration container

Root of the domain where permissions is delegated

Parent containers of computer objects and service account objects

Open a command prompt and then type whoami.exe /all to verify the user has appropriate permissions. The output should be similar to the following:

Everyone                                           Well-known

Document info
Document views497
Page views498
Page last viewedTue Jan 24 20:00:20 UTC 2017