Delegating Office Communications Server Setup and Administration
You can grant permissions to delegate Office Communications Server setup or administration to users who are not members of an authorized Active Directory Domain Services (AD DS) group. Delegation allows more administrators to participate in your Office Communications Server deployment without opening up unnecessary access to resources. For example, delegating administration is useful in situations where you want users who are not members of the DomainAdmins group to activate Office Communications Server after the servers are installed.
You must specify a global or universal group that already exists when you delegate setup or administration. You cannot use a local group.
The following table summarizes the delegated roles.
Install and activate servers.
Domain where servers will be deployed.
Read/write global settings.
Read/write to computer organizational unit (OU) containers.
Read user OU containers (optional).
Full computer administration.
Domain where servers are to be administered.
Read global settings.
Read computer OU containers.
Read/write to user OU containers.
Member in the RTC Local User Administrators group on all servers in a specified pool.
ReadOnlyRole on the pool or server RTC and RTCConfig databases.
Domain where users are to be administered.