Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Assign a Kerberos Authentication Account to a Site


Topic Last Modified: 2010-11-08

To successfully complete this procedure you should be logged on as a user who is a member of the RTCUniversalServerAdmins group.

After creating the Kerberos account, you must assign it to a site. This is a Lync Server 2010 site, not an Active Directory site. You can create multiple Kerberos authentication accounts per deployment, but you can assign only one account to a site. Use the following procedure to assign a previously created Kerberos authentication account to a site. For details about creating the Kerberos account, see Create a Kerberos Authentication Account.

  1. As a member of the RTCUniversalServerAdmins group, log on to a computer in the domain running Lync Server 2010 or on to a computer where the administrative tools are installed.

  2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.

  3. From the command line, run the following two commands:

    New-CsKerberosAccountAssignment -UserAccount "Domain\UserAccount" -Identity "site:SiteName"

    For example:

    New-CsKerberosAccountAssignment -UserAccount "contoso\kerbauth" -Identity "site:redmond"
    You must specify the UserAccount parameter by using the Domain\User format. The User@Domain.extension format is not supported for referring to the computer objects created for Kerberos authentication purposes.
    After making any changes to Kerberos authentication, such as adding an account or removing an account, you must run Enable-CsTopology from the Lync Server Management Shell command prompt.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2015 Microsoft