Export (0) Print
Expand All

Active Directory Universal Service and Administration Groups

Communications Server 2007

Prep Forest also creates universal groups based on the domain you specify to host universal groups and adds access control entries (ACEs) for these groups. Prep Forest creates the following:

  • Universal groups in the User containers of the domain you specify to host universal groups that are used by Office Communications Server. These groups are listed in the following sections.

  • RTCHSUniversalServices
  • RTCComponentUniversalServices
  • RTCArchivingUniversalServices
  • RTCProxyUniversalServices
  • RTCUniversalGuestAccessGroup grants users access to meeting content for conferences. This group is used by internal users with Active Directory credentials who are connecting remotely, as well as anonymous users who do not have Active Directory credentials.

  • RTCUniversalServerAdmins allows members to manage server and pool settings.
  • RTCUniversalUserAdmins allows members to manage user settings and move users from one server or pool to another
  • RTCUniversalReadOnlyAdmins allows members to read server, pool, and user settings.

  • RTCUniversalGlobalWriteGroup grants write access to global setting objects for Office Communications Server.
  • RTCUniversalGlobalReadOnlyGroup grants read-only access to global setting objects for Office Communications Server.
  • RTCUniversalUserReadOnlyGroup grants read-only access to Office Communications Server user settings.
  • RTCUniversalServerReadOnlyGroup grants read-only access to Office Communications Server settings. This group does not have access to pool level settings only settings specific to an individual server.

Prep Forest also adds the administrator groups to the correct infrastructure groups:

  • RTCUniversalServerAdmins is added to RTCUniversalGlobalReadOnlyGroup, RTCUniversalGlobalWriteGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.
  • RTCUniversalUserAdmins is added as a member of RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.
  • RTCHSUniversalServices, RTCComponentUniversalServices and RTCUniversalReadOnlyAdmins are added as members of RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.

Prep Forest creates private ACEs on the global settings container used by Office Communications Server 2007. This container is used by Office Communications Server only and is located in the System container in the root domain or the configuration container (depending on the options you specify). The public ACEs created by Prep Forest are listed in the following table.

Table 1.   ACEs added by Prep Forest

  RTCUniversalGlobalReadOnlyGroup

Read root domain System Container (not inherited) *

X

Read Configuration’s DisplaySpecifiers container

(not inherited)

X

*ACEs that are not inherited do not grant access to child objects under these containers. ACEs that are inherited grant access to child objects under these containers.

Prep Forest performs the following tasks on the configuration container, under the configuration naming context.

  • Adds an entry {AB255F23-2DBD-4bb6-891D-38754AC280EF} for the RTC property page under the adminContextMenu and adminPropertyPages attributes of the language display specifier for users, contacts, and InetOrgPersons (for example, CN=user-Display,CN=409,CN=DisplaySpecifiers).
  • Adds an RTCPropertySet object of type controlAccessRight under Extended-Rights that applies to the User and Contact classes.
  • Adds an RTCUserSearchPropertySet object of type controlAccessRight under Extended-Rights that applies to User, Contact, OU, and DomainDNS classes.
  • Adds msRTCSIP-PrimaryUserAddress under the extraColumns attribute of each language organizational unit display specifier (for example, CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers) and copies the values of the extraColumns attribute of the default display (for example, CN=default-Display, CN=409,CN=DisplaySpecifiers).
  • Adds msRTCSIP-PrimaryUserAddress, msRTCSIP-PrimaryHomeServer, and msRTCSIP-UserEnabled filtering attributes under the attributeDisplayNames attribute of each language display specifier for Users, Contacts, and InetOrgPerson objects (for example, in English: CN=user-Display,CN=409,CN=DisplaySpecifiers).
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft