X hits on this document





12 / 123

Administrative Rights and Roles

The following table shows the administrative rights and roles required for each Active Directory preparation task.

User rights required for Active Directory preparation


Required administrative rights or roles

Schema preparation

Member of Schema Admins group or sufficient delegated rights and permissions to modify the schema

Forest preparation

Member of EnterpriseAdmins group for the forest root domain

Domain preparation

Member of EnterpriseAdmins or DomainAdmins group

Custom Container Permissions

If your organization uses custom containers instead of the three built-in containers (that is, Users, Computers, and Domain Controllers), the Authenticated Users group must have read access to the custom containers. If the Authenticated Users group does not have read access to the custom container, run LcsCmd.exe with the CreateLcsOuPermissions action as illustrated below to grant read permissions for each custom container.

lcscmd   /Domain:<Domain FQDN>


/OU:<distinguished name>

/ObjectType:<User | Contact | InetOrgPerson | Computer | AppContact>

where /OU specifies the distinguished name (DN) of the OU, excluding the domain root portion of the DN.

Locked Down Active Directory Requirements

If permissions inheritance is disabled or authenticated user permissions must be disabled in your organization, you must perform additional steps during domain preparation. For details, see Preparing a Locked Down Active Directory Domain Services.

Deciding Where to Store Global Settings

Before you perform the forest preparation step to prepare Active Directory Domain Services (AD DS) for Office Communications Server 2007 R2, you must decide where to store global settings by evaluating several factors.

Document info
Document views483
Page views484
Page last viewedMon Jan 23 15:20:03 UTC 2017