Managing Permissions on a Domain
Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
In some cases, permissions to Active Directory containers/Objects may not have been created or updated properly during the preparation process for Active Directory. With the following actions, a user can establish permissions directly on a container for any specified object.
The following actions are used to augment permissions management:
| Action | Description |
|---|---|
CreateLcsOuPermissions |
Creates permissions for Office Communications Server groups. |
CheckLcsOuPermissions |
Ascertains whether a CreateLcsOuPermissions action was successful. |
RemoveLcsOuPermissions |
Removes permissions from Office Communications Server groups. |
When you run LCSCmd.exe, the command automatically discovers the global catalog server and primary domain controllers. If you experience problems because these servers are unavailable or network connectivity is poor, you can use optional parameters to specify the global catalog server or domain controllers to use instead. For more information, see Optional LCSCmd.exe Parameters for Domain Controller and Global Catalog Server Discovery later in this document.
CreateLcsOuPermissions Action
The CreateLcsOuPermissions command creates permissions for Office Communications Server groups directly on a specified container, or Organizational Unit (OU), for a user, contact, InetOrgPerson, or a specific object in the container. The command requires the /OU and /ObjectType parameters (/OU specifies the container's distinguished name relative to the domain root container distinguished name, while /ObjectType indicates the type of Office Communications Server object for which to create permissions). An optional /RefDomain command can be used to create the permissions on the container to groups in a specific domain, rather than to groups on the default domain.
Before starting this task, log on to the domain computer using Domain Admins credentials for the domain with the organizational unit containers that will receive permissions and then use the following syntax and parameters examples:
LCSCmd.exe /Domain[:{Domain FQDN}] /Action:CreateLcsOuPermissions /OU:<CN=name> /ObjectType:{User | InetOrgPerson | Computer | Contact} [/RefDomain:<domain FQDN>]
Such as:
LCSCmd.exe /Domain /Action:CreateLcsOuPermissions /OU:OU=Dept1Users,OU=UsersOU /ObjectType:user
CheckLcsOuPermissions Action
The CheckLcsOuPermissions command ascertains whether the preceding CreateLcsOuPermissions action was successful. This action also requires the /OU and /ObjectType parameters. Syntax for the CheckLcsOuPermissions action is as follows:
LCSCmd.exe /Domain[:<Domain FQDN>] /Action:CheckLcsOuPermissions /OU:<distinguished name of container relative to the domain root> /ObjectType:{User | InetOrgPerson | Computer | Contact} [/RefDomain:<domain FQDN>]
Such as:
LCSCmd.exe /Domain /Action:CheckLcsOuPermissions /OU:OU=Dept1Users,OU=UsersOU /ObjectType:user
RemoveLcsOuPermissions Action
Use the RemoveLcsOuPermissions action to remove permissions for Office Communications Server groups on the specified container for User, Contact, InetOrgPerson, or computer-type objects. This action requires /OU and /ObjectType parameters. Use the following as an example:
LCSCmd.exe /Domain[:<Domain FQDN>] /Action:RemoveLcsOuPermissions /OU:<CN=name> /ObjectType:{User | InetOrgPerson | Computer | Contact} [/RefDomain:<domain FQDN>]
Such as:
LCSCmd.exe /Domain /Action:RemoveLcsOuPermissions /OU:OU=MyUsers /ObjectType:user