Delegating Office Communications Server Setup and Administration (2007 R2 Beta)

  • Article

[This is preliminary documentation and is subject to change. Blank topics are included as placeholders.]

You can grant permissions to delegate Office Communications Server setup or administration to users who are not members of an authorized Active Directory Domain Services (AD DS) group. Delegation allows more administrators to participate in your Office Communications Server deployment without opening up unnecessary access to resources. For example, delegating administration is useful in situations where you want users who are not members of the DomainAdmins group to activate Office Communications Server after the servers are installed.

Important

You must specify a global or universal group that already exists when you delegate setup or administration. You cannot use a local group.

The following table summarizes the delegated roles.

Delegated Roles

Role Purpose Location

Setup
  • Install and activate servers
  • User administration

Domain where servers will be deployed

Server administration
  • Read/write global settings
  • Read/write to computer organizational unit (OU) containers
  • Read user OU containers (optional)
  • Full computer administration

Domain where servers are to be administered

User administration
  • Read global settings
  • Read computer OU containers
  • Read/write to user OU containers
  • Member in the RTC Local User Administrators group on all servers in a specified pool
  • ReadOnlyRole on the pool or server RTC and RTCConfig databases

Domain where users are to be administered

Read-only server administration
  • Read global settings
  • Read a specified computer OU container
  • Member in the RTC Local Read-Only Administrators group on all servers in a specified pool or on the local Standard Edition Server
  • ReadOnlyRole on the pool or server RTC and RTCConfig databases

Domain where servers are to be administered

You can delegate setup and administration in the following ways:

  • To grant setup permissions, you can use either the Setup.exe deployment tool or the LcsCmd.exe command-line tool.
  • To grant administration permissions, you must use the LcsCmd.exe command-line tool to delegate any of the following:
    • Server administration
    • User administration
    • Read-only user administration
    • Read-only server administration

Note

Read-only administration is useful for monitoring, troubleshooting, and other activities that do not require changes to the system.

The topics in this section provide detailed instructions for delegating setup and administration.

See Also

Delegating Setup

Delegating Server Administration

Delegating User Administration

Delegating Read-Only Server Administration