X hits on this document

273 views

0 shares

0 downloads

0 comments

32 / 123

ou:”OU=usersOU” /objectType:user

3.In the log file, look for <Success> Execution Result at the end of each task to verify that the permissions were set, and then close the log window. Or, you can run the following command to determine whether the permissions were set:

LcsCmd.exe /domain[:<FQDN of domain where the OUs are located>]  /action:CheckLcsOuPermissions  /ou:<DN name for the OU container relative to the domain root container DN>  /objectType:<type of object – user, InetOrgPerson, contact, AppContact

Set Permissions for Computer Objects after Running Domain Preparation

In a locked-down Active Directory environment where permissions inheritance is disabled, domain preparation does not set the necessary ACEs on the containers that hold Computer objects within the domain. In this situation, you must run LcsCmd.exe with the CreateLcsOuPermissions action on each container that has computers running Office Communications Server with permissions inheritance is disabled. The /objecttype parameter specifies the object type.

This procedure adds the required ACEs directly on the specified containers.

User rights equivalent to DomainAdmins group membership are required to perform this procedure. If the authenticated user ACEs have also been removed, you must grant this account read-access ACEs on the relevant containers in the forest root domain as described in Authenticated User Permissions Are Removed or use an account that is a member of the EnterpriseAdmins group.

To set required ACEs for Computer objects

1.Log on to the domain computer with an account that is a member of the DomainAdmins group or that has equivalent user rights.

2.Open a command prompt and then run:

LcsCmd.exe /domain[:<FQDN of domain where the computer OU is located>] /action:CreateLcsOuPermissions  /ou:<DN name for the computer OU container relative to the domain root container DN> /objectType:<computer>

For example:

LcsCmd.exe /domain:resources.corp.woodgrovebank.com  /action:CreateLcsOuPermissions /ou:”OU=computersOU” /objectType:computer

3.In the log file, look for <Success> Execution Result at the end of each task and verify that there are no errors, and then close the log. Or, you can run the following command to determine whether the permissions were set:

Document info
Document views273
Page views274
Page last viewedSat Dec 03 05:06:25 UTC 2016
Pages123
Paragraphs2763
Words27811

Comments