X hits on this document





34 / 123

Active Directory Domain Services Attributes and Descriptions

Changes Made by Forest Preparation

This section describes the global settings and objects, and the universal service and administration groups that are created by the forest preparation step.

Active Directory Global Settings and Objects

If you decide to store global settings in the System container, forest preparation adds a new Microsoft container under the root domain System container and adds a new RTC Service object under the System\Microsoft object. If you decide to store global settings in the Configuration container, forest preparation uses the existing Services container and adds a new RTC Service object under the Configuration\Services object. Under the RTC Service object, forest preparation adds a global settings object of type msRTCSIP-GlobalContainer. The global settings object holds all the settings that apply to the Office Communications Server deployment.

Forest preparation also adds a new msRTCSIP-Domain object for the root domain in which the procedure is run.

Active Directory Universal Service and Administration Groups

Forest preparation creates universal groups based on the domain that you specify and adds access control entries (ACEs) for these groups. This step creates the universal groups in the User containers of the domain that you specify. The following groups are added:

Service groups:

RTCHSUniversalServices — includes service accounts used to run Front-End Server and allows servers read/write access to Office Communications Server global settings and Active Directory user objects.

RTCComponentUniversalServices — includes service accounts used to run conferencing servers, Web Components Server, Mediation Server, Archiving Server, and Monitoring Server.

RTCProxyUniversalServices — includes service accounts used to run Office Communications Server Edge Servers.

RTCUniversalGuestAccessGroup — grants users access to meeting content for conferences. This group is used by internal users who have Active Directory credentials and are connecting remotely, as well as by anonymous users who do not have Active Directory credentials.

Administration groups:

RTCUniversalServerAdmins — allows members to manage server and pool settings.

RTCUniversalUserAdmins — allows members to manage user settings and move users from one server or pool to another.

RTCUniversalReadOnlyAdmins — allows members to read server, pool, and user settings.

Document info
Document views482
Page views483
Page last viewedMon Jan 23 14:38:50 UTC 2017