Lync 2010 & Active Directory Schema Changes and Object additions summary

Lync Server 2010 requires several new classes and attributes and modifies some existing classes and attributes. In addition, much configuration information for Lync Server 2010 is stored in the Central Management store instead of in AD DS as in previous versions. The following information is still stored in AD DS in Lync Server 2010:

  • Schema extensions:
    • User object extensions
    • Extensions for Office Communications Server 2007 and Office Communications Server 2007 R2 classes to maintain backward compatibility with supported previous versions
  • Data(stored in Lync Server extended schema and in existing schema classes):
    • User SIP Uniform Resource Identifier (URI) and other user settings
    • Contact objects for applications such as Response Group and Conferencing Attendant
    • A pointer to the Central Management store
    • Kerberos Authentication Account (an optional computer object)

Classes Added by Lync Server 2010

Class Description
msRTCSIP-ConnectionPoint Generic service connection point (SCP) to specify the computer as a server running Lync Server.
msRTCSIP-GlobalTopologySetting The global topology setting object.
msRTCSIP-GlobalTopologySettings Container to hold global topology setting objects.

 

Attributes Added by Lync Server 2010

Attribute Description
msRTCSIP-AcpInfo This attribute stores user audio conferencing provider information.
msRTCSIP-DeploymentLocator This attribute is used in a split domain topology and contains a fully qualified domain name (FQDN).
msRTCSIP-GroupingID This attribute is a unique identifier of a group, used to group address book entries.
msRTCSIP-OwnerUrn This attribute is the Uniform Resource Name (URN) of the owner for the application contact.
msRTCSIP-PrivateLine This attribute contains the device ID of a private line device.
msRTCSIP-TargetUserPolicies This attribute stores name value pairs for target policies for a Lync Server user.
msRTCSIP-TenantId This attribute stores the unique identifier of the tenant. This identifier should be unique across all tenants.
msRTCSIP-UserPolicies This attribute stores name value pairs for user policies.
msExchUCVoiceMailSettings This multi-valued attribute holds voice mail settings. This attribute is shared with Exchange Unified Messaging (UM).

 

Classes Modified by Lync Server 2010

Class Change Class or Attribute
Organizational-Unit add: mayContain msRTCSIP-TenantId
User add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

msRTCSIP-AcpInfo

msRTCSIP-GroupingID

msRTCSIP-OwnerUrn

msRTCSIP-TargetUserPolicies

msRTCSIP-TenantId

msRTCSIP-UserPolicies

msRTCSIP-DeploymentLocator

msRTCSIP-PrivateLine

Contact add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

msRTCSIP-AcpInfo

msRTCSIP-GroupingID

msRTCSIP-OwnerUrn

msRTCSIP-TargetUserPolicies

msRTCSIP-TenantId

msRTCSIP-UserPolicies

msRTCSIP-DeploymentLocator

msRTCSIP-PrivateLine

Group add: mayContain

add: mayContain

msRTCSIP-GroupingID

msRTCSIP-TenantId

msRTCSIP-GlobalTopologySetting add: mayContain

add: mayContain

add: mayContain

msRTCSIP-BackEndServer

msRTCSIP-ExtensionData

msRTCSIP-ServerVersion

Mail-Recipient* add: mayContain msExchUCVoiceMailSettings

 

Objects created during install of Lync Server 2010                                                      

Service groups:

  • RTCHSUniversalServices – includes service accounts used to run Front End Server and allows servers read/write access to Lync Server global settings and Active Directory user objects.
  • RTCComponentUniversalServices – includes service accounts used to run A/V Conferencing Servers, Web Services, Mediation Server, Archiving Server, and Monitoring Server.
  • RTCProxyUniversalServices – includes service accounts used to run Lync Server Edge Servers.

 

Administration groups:

  • RTCUniversalServerAdmins – allows members to manage server and pool settings.
  • RTCUniversalUserAdmins – allows members to manage user settings and move users from one server or pool to another.
  • RTCUniversalReadOnlyAdmins – allows members to read server, pool, and user settings.

 

Infrastructure groups:

  • RTCUniversalGlobalWriteGroup – grants write access to global setting objects for Lync Server.
  • RTCUniversalGlobalReadOnlyGroup – grants read-only access to global setting objects for Lync Server.
  • RTCUniversalUserReadOnlyGroup – grants read-only access to Lync Server user settings.
  • RTCUniversalServerReadOnlyGroup – grants read-only access to Lync Server settings. This group does not have access to pool level settings, only to settings specific to an individual server.

Forest preparation then adds service and administration groups to the appropriate infrastructure groups, as follows:

  • RTCUniversalServerAdmins is added to RTCUniversalGlobalReadOnlyGroup, RTCUniversalGlobalWriteGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.
  • RTCUniversalUserAdmins is added as a member of RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.
  • RTCHSUniversalServices, RTCComponentUniversalServices and RTCUniversalReadOnlyAdmins are added as members of RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.

Forest preparation also creates the following role-based access control (RBAC) groups:

  • CSAdministrator
  • CSArchivingAdministrator
  • CSBranchOfficeTechnician
  • CSHelpDesk
  • CSLocationAdministrator
  • CSResponseGroupAdministrator
  • CSServerAdministrator
  • CSUserAdministrator
  • CSViewOnlyAdministrator
  • CSVoiceAdministrator
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s