3.In the log file, look for <Success> Execution Result at the end of each task to verify that the permissions were set, and then close the log window. Or, you can run the following command to determine whether the permissions were set:
LcsCmd.exe /domain[:<FQDN of domain where the OUs are located>] /action:CheckLcsOuPermissions /ou:<DN name for the OU container relative to the domain root container DN> /objectType:<type of object – user, InetOrgPerson, contact, AppContact
Set Permissions for Computer Objects after Running Domain Preparation
In a locked-down Active Directory environment where permissions inheritance is disabled, domain preparation does not set the necessary ACEs on the containers that hold Computer objects within the domain. In this situation, you must run LcsCmd.exe with the CreateLcsOuPermissions action on each container that has computers running Office Communications Server with permissions inheritance is disabled. The /objecttype parameter specifies the object type.
This procedure adds the required ACEs directly on the specified containers.
User rights equivalent to DomainAdmins group membership are required to perform this procedure. If the authenticated user ACEs have also been removed, you must grant this account read-access ACEs on the relevant containers in the forest root domain as described in or use an account that is a member of the EnterpriseAdmins group.
To set required ACEs for Computer objects
1.Log on to the domain computer with an account that is a member of the DomainAdmins group or that has equivalent user rights.
2.Open a command prompt and then run:
LcsCmd.exe /domain[:<FQDN of domain where the computer OU is located>] /action:CreateLcsOuPermissions /ou:<DN name for the computer OU container relative to the domain root container DN> /objectType:<computer>
LcsCmd.exe /domain:resources.corp.woodgrovebank.com /action:CreateLcsOuPermissions /ou:”OU=computersOU” /objectType:computer
3.In the log file, look for <Success> Execution Result at the end of each task and verify that there are no errors, and then close the log. Or, you can run the following command to determine whether the permissions were set: