Managing Permissions on a Domain (Command Line)
Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
In some cases, permissions to Active Directory containers or objects may not have been created or updated properly during the preparation process for AD DS. With the following actions, a user can establish permissions directly on a container for any specified object.
Create Office Communications Server Permissions
The CreateLcsOuPermissions command creates permissions for Office Communications Server groups directly on a specified container, or organizational unit, for a user, contact, InetOrgPerson, or a specific object in the container. The command requires two parameters:
/OU The containers distinguished name relative to the domain root container distinguished name.
/ObjectType The type of Office Communications Server object for which to create permissions. Options are User, Contact, AppContact, InetOrgPerson, and Computer.
Before starting this task, you must be logged on to the domain computer by using Domain Admins credentials for the domain with the organizational unit containers that will receive permissions. Use the following syntax and parameters examples.
LCSCmd.exe /Domain[:{Domain FQDN}] /Action:CreateLcsOuPermissions /OU:<CN=name> /ObjectType:{User | InetOrgPerson | Computer | Contact | AppContact}
Such as:
LCSCmd.exe /Domain /Action:CreateLcsOuPermissions /OU:"OU=Dept1Users,OU=UsersOU" /ObjectType:user
Check Office Communications Server Permissions
The CheckLcsOuPermissions command ascertains whether the CreateLcsOuPermissions action was successful. This action also requires the /OU and /ObjectType parameters. Syntax for the CheckLcsOuPermissions action is as follows.
LCSCmd.exe /Domain[:<Domain FQDN>] /Action:CheckLcsOuPermissions /OU:<distinguished name of container relative to the domain root> /ObjectType:{User | InetOrgPerson | Computer | Contact | AppContact}
Such as:
LCSCmd.exe /Domain /Action:CheckLcsOuPermissions /OU:"OU=Dept1Users,OU=UsersOU" /ObjectType:user
Remove Office Communications Server Permissions
Use the RemoveLcsOuPermissions action to take away permissions for Office Communications Server groups on the specified container for user, contact, InetOrgPerson, or computer objects. This action requires /OU and /ObjectType parameters. Use the following as an example.
LCSCmd.exe /Domain[:<Domain FQDN>] /Action:RemoveLcsOuPermissions /OU:<CN=name> /ObjectType:{User | InetOrgPerson | Computer | Contact | AppContact}
Such as:
LCSCmd.exe /Domain /Action:RemoveLcsOuPermissions /OU:"OU=MyUsers" /ObjectType:user