Revoke-CsSetupPermission

 

Topic Last Modified: 2012-03-27

Revokes the Microsoft Lync Server 2010 setup rights that have been granted on an Active Directory organizational unit (OU).

Syntax

Revoke-CsSetupPermission -ComputerOu <String> [-Confirm [<SwitchParameter>]] [-Domain <Fqdn>] [-DomainController <Fqdn>] [-Force <SwitchParameter>] [-GlobalCatalog <Fqdn>] [-Report <String>] [-WhatIf [<SwitchParameter>]]

Detailed Description

The domain preparation that takes place when you install Lync Server 2010 does not automatically add the rights that enable members of the RTCUniversalServerAdmins group to run the Enable-CsTopology cmdlet. That means that, by default, you must be a domain administrator in order to enable a topology. To give members of the RTCUniversalServerAdmins group the right to enable a topology, you must run the Grant-CsSetupPermissions cmdlet. In addition, you will need to run this cmdlet against each Active Directory container that hosts computers running Lync Server.

Rights granted by using Grant-CsSetupPermission can later be removed by using Revoke-CsSetupPermission. If you run that cmdlet, the RTCUniversalServerAdmins group will no longer have Lync Server setup rights for the specified Active Directory container. In that case, you will need to be an enterprise administrator or a domain administrator in order to enable a Lync Server topology.

Who can run this cmdlet: You must be a domain administrator in order to run the Revoke-CsSetupPermission cmdlet locally. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Revoke-CsSetupPermission"}

Parameters

Parameter Required Type Description

ComputerOU

Required

Active Directory right

Distinguished name (DN) of the OU that contains the accounts for the computers where Lync Server will be (or has been) installed. For example: -ComputerOU "ou=CsServers,dc=litwareinc,dc=com".

If you prefer you can leave off the domain portion of the distinguished name when specifying the OU. For example:

-ComputerOU "ou=CsServers"

Domain

Optional

String

Name of the domain where the OU is located. If this parameter is not included, then Revoke-CsSetupPermission will look for the OU in the current domain.

DomainController

Optional

String

Fully qualified name of the domain controller to be contacted when assigning the policy. For example: -DomainController atl-dc-001.litwareinc.com.

If not specified, Revoke-CsSetupPermission will contact the nearest available domain controller when assigning the policy.

GlobalCatalog

Optional

String

Fully qualified name of the global catalog server to be contacted when assigning the policy. For example: -GlobalCatalog atl-dc-001.litwareinc.com.

If not specified, Revoke-CsSetupPermission will contact the nearest available global catalog server when assigning the policy.

Force

Optional

Switch Parameter

Suppresses the display of any non-fatal error message that might occur when running the command.

Report

Optional

String

Enables you to specify a file path for the log file created when the cmdlet runs. For example: -Report "C:\Logs\OUPermissions.html"

WhatIf

Optional

Switch Parameter

Describes what would happen if you executed the command without actually executing the command.

Confirm

Optional

Switch Parameter

Prompts you for confirmation before executing the command.

Input Types

None. Revoke-CsSetupPermission does not accept pipelined input.

Return Types

None.

Example

-------------------------- Example 1 ------------------------

Revoke-CsSetupPermission -ComputerOU "ou=CsServers,dc=litwareinc,dc=com"

The command shown in Example 1 revokes the setup rights applied to the CsServers OU in the domain litwareinc.com.