Assign a Kerberos Authentication Account to a Site
Topic Last Modified: 2010-11-08
To successfully complete this procedure you should be logged on as a user who is a member of the RTCUniversalServerAdmins group.
After creating the Kerberos account, you must assign it to a site. This is a Lync Server 2010 site, not an Active Directory site. You can create multiple Kerberos authentication accounts per deployment, but you can assign only one account to a site. Use the following procedure to assign a previously created Kerberos authentication account to a site. For details about creating the Kerberos account, see Create a Kerberos Authentication Account.
As a member of the RTCUniversalServerAdmins group, log on to a computer in the domain running Lync Server 2010 or on to a computer where the administrative tools are installed.
Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
From the command line, run the following two commands:
New-CsKerberosAccountAssignment -UserAccount "Domain\UserAccount" -Identity "site:SiteName"
New-CsKerberosAccountAssignment -UserAccount "contoso\kerbauth" -Identity "site:redmond"
Note: You must specify the UserAccount parameter by using the Domain\User format. The User@Domain.extension format is not supported for referring to the computer objects created for Kerberos authentication purposes. Important: After making any changes to Kerberos authentication, such as adding an account or removing an account, you must run Enable-CsTopology from the Lync Server Management Shell command prompt.