Lync Server leverages Active Directory more than any
previous version of Communications Server. This results in tight
integration across the Microsoft stack, including Microsoft Exchange and
Microsoft SharePoint Server. However, first Active Directory must be
prepared before installation can begin. All the Active Directory
preparation steps can be performed either in the Deployment Wizard GUI
or the Lync Server Management Shell, a customized version of PowerShell.
The first step is to ensure that
your Active Directory environment meets the minimum requirements for
Lync Server. The requirements are outlined here:
- All domain controllers in the forest where Lync Server is deployed must be Windows Server 2003 SP2 or higher.
- All domains where you deploy Lync Server must have a functional level of Windows 2003 native or higher.
- The functional level for the forest must be Windows 2003 native or higher.
After the
Active Directory prerequisites have been met, the next step is to extend
the Active Directory schema to support Lync Server. The schema
preparation process adds new classes and attributes to Active Directory
that are required for Lync Server. This process must be run as a user
that is a member of the Domain Admins and Schema Admins groups.
Note
To run the preparation steps
from another domain member server other than the Schema Master, ensure
that the remote registry service runs and the appropriate registry key
is set on the Schema Master. In addition, the Active Directory Remote
Server Administration Tools (AD DS) feature must be installed on the
server where the preparation steps will run.
Figure 1 displays the Lync Server preparation steps main page.
To extend the Active Directory schema using the Lync Server Deployment Wizard, follow the steps that follow:
1. | From the Lync Server installation media, run Setup.exe.
|
2. | For Step 1: Prep Schema, click Run.
|
3. | At the Prepare Schema screen, click Next. You can see the Management Shell command that is executed, as shown in Figure 2.
|
4. | Ensure the process is successful, and then click Finish to close the window.
|
5. | Ensure the information replicated to all domain controllers before continuing to the next step.
|
To prepare the Active
Directory schema using the Lync Server Management Shell, open the shell
and run the Install-CSADServerSchema cmdlet. The proper syntax for the
command is Install-CsAdServerSchema –LDF <full directory path where
the LDF files are located>. For example:
Install-CsAdServerSchema –LDF "C:\Program Files\Microsoft Lync Server\Deployment\Setup"
Prepare the Active Directory Forest
The next step is to prepare the
Active Directory forest. A user of the Enterprise Admins group for the
root domain must run this process. Forest preparation creates global
objects and sets the appropriate permissions and groups to complete the
installation process.
Note
In a new deployment,
the global settings are automatically stored in the Configuration
partition. If you are upgrading from an older version of Communications
Server, you might still store the settings in the System container as
was standard during previous versions of the installation. However,
although it is not a requirement, it is recommended that the global
settings container be moved from the System partition to the
Configuration partition as part of the Lync Server installation process.
The Deployment Wizard should
still be open from the last step. If not, run setup.exe and it picks up
where you left off. Follow the steps that follow to prepare the forest:
1. | For Step 3: Prepare Current Forest, click Run.
|
2. | At the Prepare Forest screen, click Next.
|
3. | Specify
the location where the OCS universal security groups are created. By
default, this is the local domain, but you can also select the FQDN for
the domain where you want the groups to be created. Then click Next. You can see the management shell command that is executed, as shown in Figure 3.
|
4. | Ensure the process is successful and then click Finish to close the window.
|
5. | Ensure the information replicates to all domain controllers before continuing to the next step.
|
To prepare the Active
Directory forest using the Lync Server management shell, open the shell
and run the Enable-CsAdForest cmdlet. The proper syntax for the command
is Enable-CsAdForest –GroupDomain <FQDN of the domain to create the
universal groups>. For example:
Enable-CsAdForest –GroupDomain companyabc.com
The final step is to prepare the
Active Directory domain or domains. You need to run this in every domain
where you plan to deploy Lync Server. This step adds the necessary ACEs
(access control entries) to universal groups. Like the two previous
steps, this can be done through the Lync Server Deployment Wizard or the
Lync Server management shell.
Using the Deployment Wizard, perform the following steps.
Note
If you closed the Deployment Wizard, you need to run setup.exe again.
1. | For Step 5: Prepare Current Domain, click Run.
|
2. | At the Prepare Domain screen, click Next. You can see the management shell command that is executed, as shown in Figure 4.
|
3. | Ensure the process is successful, and then click Finish to close the window.
|
4. | Ensure the information replicates to all domain controllers before continuing to the next step.
|
To prepare an Active
Directory domain using the Lync Server management shell, open the shell
and run the Enable-CsAdDomain cmdlet. The proper syntax for the command
is Enable-CsAdDomain –Domain <current domain FQDN> -GroupDomain
<FQDN of the domain where the Universal groups were created>. For
example:
Enable-CsAdDomain –Domain companyabc.com –GroupDomain companyabc.com
Active Directory Administration Groups
Following
is a list of Active Directory Administration groups created by the
preparation processes.
The service groups are
RTCHSUniversalServices—
Includes service accounts used to run the Front End Server and allows
servers read/write access to Lync Server global settings and Active
Directory user objects
RTCComponentUniversalServices—
Includes service accounts used to run conferencing servers, web
services, the Mediation Server, the Archiving Server, and the Monitoring
Server
RTCProxyUniversalServices— Includes service accounts used to run Lync Server Edge Servers
The administration groups are
RTCUniversalServerAdmins— Allows members to manage server and pool settings
RTCUniversalUserAdmins— Allows members to manage user settings and move users from one server or pool to another
RTCUniversalReadOnlyAdmins— Allows members to read server, pool, and user settings
Infrastructure groups include
RTCUniversalGlobalWriteGroup— Grants write access to global setting objects for Lync Server.
RTCUniversalGlobalReadOnlyGroup— Grants read-only access to global setting objects for Lync Server.
RTCUniversalUserReadOnlyGroup— Grants read-only access to Lync Server user settings.
RTCUniversalServerReadOnlyGroup—
Grants read-only access to Lync Server settings. This group does not
have access to pool-level settings; it can access only settings specific
to an individual server.
Forest preparation then adds service and administration groups to the appropriate infrastructure groups, as follows:
RTCUniversalServerAdmins
is added to RTCUniversalGlobalReadOnlyGroup,
RTCUniversalGlobalWriteGroup, RTCUniversalServerReadOnlyGroup, and
RTCUniversalUserReadOnlyGroup.
RTCUniversalUserAdmins
is added as a member of RTCUniversalGlobalReadOnlyGroup,
RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.
RTCHSUniversalServices,
RTCComponentUniversalServices, and RTCUniversalReadOnlyAdmins are added
as members of RTCUniversalGlobalReadOnlyGroup,
RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.
Forest preparation also creates the following role-based access control (RBAC) groups:
