Preparing a Locked-Down Active Directory Domain Services
Topic Last Modified: 2012-05-14
Organizations often lock down Active Directory Domain Services (AD DS) to help mitigate security risks. However, a locked-down Active Directory environment can limit the permissions that Lync Server 2013 requires. Properly preparing a locked-down Active Directory environment for Lync Server 2013 involves some additional considerations and steps.
Two common ways in which permissions are limited in a locked-down Active Directory environment are as follows:
Authenticated user access control entries (ACEs) are removed from containers.
Permissions inheritance is disabled on containers of User, Contact, InetOrgPerson, or Computer objects.