Required Active Directory Permissions
This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.
When Office Communications Server is deployed, the first step is to prepare Active Directory, which occurs with the application of the Prep Schema, Prep Forest, and Prep Domain steps. During the Prep Forest step, a number of universal groups are created within Active Directory, including RTCUniversalServerAdminsand RTCComponentsUniversalServices. During the Prep Domain step, access control entries (ACEs) are added to the universal groups created during the Prep Forest step. These ACEs grant permissions to host and manage users within the domain.
Administrators and developers who intend to build, provision, and configure a Unified Communications Managed API 2.0 Core SDK application that runs as an Office Communications Server trusted service must be members of the appropriate universal group so that they can carry out their intended tasks. In addition, the application must belong to a different universal group so that it is trusted by Active Directory.
Universal group membership
Application Administrator or Developer
Administrators and developers must be members of the RTCUniversalServerAdminsuniversal group. Membership in this group allows administrators and developers to activate and configure the application.
The account under which the application is running must be a member of the RTCComponentsUniversalServicesuniversal group. Membership in this group permits the application to read configuration data from Active Directory.
For more information about these universal groups, see Active Directory Domain Service. For more information about deploying Office Communications Server, see Office Communications Server 2007 Standard Edition Deployment Guide and Office Communication Server 2007 Enterprise Edition Deployment Guide.