- Overview
- Active Directory Preparation
- Installation
- Configuration
- Administration
- Troubleshooting
- Best Practices
Active Directory Preparation
Lync Server leverages Active Directory more than any previous version of Communications Server. This results in tight integration across the Microsoft stack, including Microsoft Exchange and Microsoft SharePoint Server. However, first Active Directory must be prepared before installation can begin. All the Active Directory preparation steps can be performed either in the Deployment Wizard GUI or the Lync Server Management Shell, a customized version of PowerShell. This chapter reviews both methods.
The first step is to ensure that your Active Directory environment meets the minimum requirements for Lync Server. The requirements are outlined here:
- All domain controllers in the forest where Lync Server is deployed must be Windows Server 2003 SP2 or higher.
- All domains where you deploy Lync Server must have a functional level of Windows 2003 native or higher.
- The functional level for the forest must be Windows 2003 native or higher.
After the Active Directory prerequisites have been met, the next step is to extend the Active Directory schema to support Lync Server. The schema preparation process adds new classes and attributes to Active Directory that are required for Lync Server. This process must be run as a user that is a member of the Domain Admins and Schema Admins groups.
Figure 5.1 displays the Lync Server preparation steps main page.
Figure 5.1 Lync Server Deployment Wizard
To extend the Active Directory schema using the Lync Server Deployment Wizard, follow the steps that follow:
- From the Lync Server installation media, run Setup.exe.
- For Step 1: Prep Schema, click Run.
- At the Prepare Schema screen, click Next. You can see the Management Shell command that is executed, as shown in Figure 5.2.
Figure 5.2 Schema Prep Command
- Ensure the process is successful, and then click Finish to close the window.
- Ensure the information replicated to all domain controllers before continuing to the next step.
To prepare the Active Directory schema using the Lync Server Management Shell, open the shell and run the Install-CSADServerSchema cmdlet. The proper syntax for the command is Install-CsAdServerSchema –LDF <full directory path where the LDF files are located>. For example:
Install-CsAdServerSchema –LDF "C:\Program Files\Microsoft Lync Server\Deployment\Setup"
Prepare the Active Directory Forest
The next step is to prepare the Active Directory forest. A user of the Enterprise Admins group for the root domain must run this process. Forest preparation creates global objects and sets the appropriate permissions and groups to complete the installation process.
The Deployment Wizard should still be open from the last step. If not, run setup.exe and it picks up where you left off. Follow the steps that follow to prepare the forest:
- For Step 3: Prepare Current Forest, click Run.
- At the Prepare Forest screen, click Next.
- Specify the location where the OCS universal security groups are created. By default, this is the local domain, but you can also select the FQDN for the domain where you want the groups to be created. Then click Next. You can see the management shell command that is executed, as shown in Figure 5.3.
Figure 5.3 Prepare Forest Command
- Ensure the process is successful and then click Finish to close the window.
- Ensure the information replicates to all domain controllers before continuing to the next step.
To prepare the Active Directory forest using the Lync Server management shell, open the shell and run the Enable-CsAdForest cmdlet. The proper syntax for the command is Enable-CsAdForest –GroupDomain <FQDN of the domain to create the universal groups>. For example:
Enable-CsAdForest –GroupDomain companyabc.com
The final step is to prepare the Active Directory domain or domains. You need to run this in every domain where you plan to deploy Lync Server. This step adds the necessary ACEs (access control entries) to universal groups. Like the two previous steps, this can be done through the Lync Server Deployment Wizard or the Lync Server management shell.
Using the Deployment Wizard, perform the following steps.
- For Step 5: Prepare Current Domain, click Run.
- At the Prepare Domain screen, click Next. You can see the management shell command that is executed, as shown in Figure 5.4.
Figure 5.4 Prepare Domain Command
- Ensure the process is successful, and then click Finish to close the window.
- Ensure the information replicates to all domain controllers before continuing to the next step.
To prepare an Active Directory domain using the Lync Server management shell, open the shell and run the Enable-CsAdDomain cmdlet. The proper syntax for the command is Enable-CsAdDomain –Domain <current domain FQDN> -GroupDomain <FQDN of the domain where the Universal groups were created>. For example:
Enable-CsAdDomain –Domain companyabc.com –GroupDomain companyabc.com
Active Directory Administration Groups
Following is a list of Active Directory Administration groups created by the preparation processes. They are referenced throughout the book and it is good to be familiar with them.
The service groups are
- RTCHSUniversalServices—Includes service accounts used to run the Front End Server and allows servers read/write access to Lync Server global settings and Active Directory user objects
- RTCComponentUniversalServices—Includes service accounts used to run conferencing servers, web services, the Mediation Server, the Archiving Server, and the Monitoring Server
- RTCProxyUniversalServices—Includes service accounts used to run Lync Server Edge Servers
The administration groups are
- RTCUniversalServerAdmins—Allows members to manage server and pool settings
- RTCUniversalUserAdmins—Allows members to manage user settings and move users from one server or pool to another
- RTCUniversalReadOnlyAdmins—Allows members to read server, pool, and user settings
Infrastructure groups include
- RTCUniversalGlobalWriteGroup—Grants write access to global setting objects for Lync Server.
- RTCUniversalGlobalReadOnlyGroup—Grants read-only access to global setting objects for Lync Server.
- RTCUniversalUserReadOnlyGroup—Grants read-only access to Lync Server user settings.
- RTCUniversalServerReadOnlyGroup—Grants read-only access to Lync Server settings. This group does not have access to pool-level settings; it can access only settings specific to an individual server.
Forest preparation then adds service and administration groups to the appropriate infrastructure groups, as follows:
- RTCUniversalServerAdmins is added to RTCUniversalGlobalReadOnlyGroup, RTCUniversalGlobalWriteGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.
- RTCUniversalUserAdmins is added as a member of RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.
- RTCHSUniversalServices, RTCComponentUniversalServices, and RTCUniversalReadOnlyAdmins are added as members of RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.
Forest preparation also creates the following role-based access control (RBAC) groups:
- CSAdministrator
- CSArchivingAdministrator
- CSBranchOfficeTechnician
- CSHelpDesk
- CSLocationAdministrator
- CSResponseGroupAdministrator
- CSRoleAdministrator
- CSServerAdministrator
- CSUserAdministrator
- CSViewOnlyAdministrator
- CSVoiceAdministrator