Export (0) Print
Expand All

Delegating Office Communications Server Setup and Administration

Communications Server 2007 R2

Topic Last Modified: 2009-01-23

You can grant permissions to delegate Office Communications Server setup or administration to users who are not members of an authorized Active Directory Domain Services (AD DS) group. Delegation allows more administrators to participate in your Office Communications Server deployment without opening up unnecessary access to resources. For example, delegating administration is useful in situations where you want users who are not members of the DomainAdmins group to activate Office Communications Server after the servers are installed.

Dd441199.important(en-us,office.13).gifImportant:
You must specify a global or universal group that already exists when you delegate setup or administration. You cannot use a local group.

The following table summarizes the delegated roles.

Delegated Roles

RolePurposeLocation

Setup

  • Install and activate servers.
  • User administration.

Domain where servers will be deployed.

Server administration

  • Read/write global settings.
  • Read/write to computer organizational unit (OU) containers.
  • Read user OU containers (optional).
  • Full computer administration.

Domain where servers are to be administered.

User administration

  • Read global settings.
  • Read computer OU containers.
  • Read/write to user OU containers.
  • Member in the RTC Local User Administrators group on all servers in a specified pool.
  • ReadOnlyRole on the pool or server RTC and RTCConfig databases.

Domain where users are to be administered.

Read-only server administration

  • Read global settings.
  • Read a specified computer OU container.
  • Member in the RTC Local Read-Only Administrators group on all servers in a specified pool or on the local Standard Edition server.
  • ReadOnlyRole on the pool or server RTC and RTCConfig databases.

Domain where servers are to be administered.

You can delegate setup and administration in the following ways:

  • To grant setup permissions, you can use either the Setup (SetupEE.exe or SetupSE.exe) deployment tool or the LcsCmd.exe command-line tool.
  • To grant administration permissions, you must use the LcsCmd.exe command-line tool to delegate any of the following:
    • Server administration
    • User administration
    • Read-only user administration
    • Read-only server administration
Dd441199.note(en-us,office.13).gifNote:
Read-only administration is useful for monitoring, troubleshooting, and other activities that do not require changes to the system.

The topics in this section provide more information about delegating setup and administration.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft