For more information about rbac groups see role based

Info icon This preview shows pages 14–16. Sign up to view the full content.

View Full Document Right Arrow Icon
For more information about RBAC groups, see Role-Based Access Control (RBAC) . Access Control Entries (ACEs) and Inheritance Forest preparation creates both private and public ACEs and, adding ACEs for the universal groups it creates. It creates specific private ACEs on the global settings container used by Lync Server. This container is used only by Lync Server and is located either in the Configuration container or the System container in the root domain, depending on where you store global settings. 10
Image of page 14

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Microsoft Lync Server 2010 Security Guide The domain preparation step adds the necessary access control entries (ACEs) to universal groups that grant permissions to host and manage users within the domain. Domain preparation creates ACEs on the domain root and three built-in containers: User, Computers, and Domain Controllers. For details about the public ACEs created and added by forest preparation and domain preparation, see Changes Made by Forest Preparation and Changes Made by Domain Preparation in the Deployment documentation. Organizations often lock down Active Directory Domain Services (AD DS) to help mitigate security risks. However, a locked-down Active Directory environment can limit the permissions that Lync Server 2010 requires. This can include removal of ACEs from containers and OUs and disabling of permissions inheritance on User, Contact, InetOrgPerson, or Computer objects. In a locked down Active Directory environment, permissions must be set manually on containers and OUs that require them. For details, see Preparing a Locked-Down Active Directory Domain Services in the Deployment documentation. Server Information During activation, Lync Server 2010 publishes server information to the three following locations in Active Directory Domain Services: A service connection point (SCP) on each Active Directory computer object corresponding to a physical computer on which Lync Server 2010 is installed. Server objects created in the container of the msRTCSIP-Pools class. Trusted servers specified in Topology Builder. Service Connection Points Each Lync Server 2010 object in Active Directory Domain Services has an SCP called RTC Services, which in turn contains a number of attributes that identify each computer and specify the services that it provides. Among the more important SCP attributes are serviceDNSName , serviceDNSNameType , serviceClassname , and serviceBindingInformation . Third-party asset management applications can retrieve server information across a deployment by querying against these and other SCP attributes. Active Directory Server Objects Each Lync Server 2010 server role has a corresponding Active Directory object whose attributes define the services provided by that role. Also, when a Standard Edition server is activated, or when an Enterprise Edition pool is created, Lync Server 2010 creates a new msRTCSIP-Pool object in the msRTCSIP-Pools container. The msRTCSIP-Pool class specifies the fully qualified
Image of page 15
Image of page 16
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern