X hits on this document

311 views

0 shares

0 downloads

0 comments

103 / 123

Read/write permissions to a user OU

Member in the RTC Local User Administrators group on all servers within a specified pool

ReadOnlyRole on the pool or server RTC and RTCConfig databases

To delegate user administration

1.Log on to a computer in the domain where you want to grant permissions. Use an account that is a member of the DomainAdmins groups or that has equivalent user rights.

2.Open a command prompt and then type the following command:

LcsCmd.exe /Domain[:<domain FQDN>] /Action:CreateDelegation  /Delegation:UserAdmin /TrusteeGroup:<name of the universal group that you will delegate to> /TrusteeDomain:<FQDN of the domain where the trustee group resides> /ServiceAccount:<RTC service account name> /ComponentServiceAccount:<RTC component service account name> /ComputerOU:<DN of the OU or container where the computer objects that run Office Communications Server reside> /UserOU:<DN of the OU or container where the Office Communications Server user objects reside> /UserType:{User | Contact | InetOrgPerson} /PoolName:<Name of a Standard Edition server or an Enterprise pool>

Where:

TrusteeGroup is the group to which you are granting permissions.

TrusteeDomain is the domain in which you are granting permissions.

ServiceAccount is the Real-time Communications (RTC) service account name.

ComponentServiceAccount is the RTC component service account name.

ComputerOU is the distinguished name (DN) of the OU containing the computer running the Office Communications Server Front End Server that hosts the users the trustee group will administer. The OU that is specified by the /Computer OU parameter and the OU that is specified by the /UserOU parameter must reside in the same domain. If you want to delegate the administration of users in a domain other than the domain where Office Communications Server is installed, the organizational unit that is specified by the /Computer OU parameter still must reside in the same domain as the OU that is specified by the /UserOU parameter.

UserOU specifies the DN of the OU containing the users that the trustee group will administer. The OU that is specified by the /Computer OU parameter and the OU that is specified by the /UserOU parameter must reside in the same domain.

UserType is the type of user object that the trustee group will have permissions to administer. Valid values are User, Contact, or InetOrgPerson.

PoolName is the name of the Standard Edition server or Enterprise pool in which the trustee group can administer users, and adds the trustee group to the Local Administrators group of each computer in the pool and to the ReadOnlyRole of the SQL

Document info
Document views311
Page views312
Page last viewedTue Dec 06 12:27:33 UTC 2016
Pages123
Paragraphs2763
Words27811

Comments