Create RBAC Role for Account Administrators

I had a requirement to give other administrators the ability to manage the Lync users in their department.  Our departments are contained in separate OUs which lends itself to using the Lync RBAC roles.

Reference
Role-Based Access Control

For this task I granted CSUserAdministrator rights to an administrator over a specific OU.  The CSUserAdministrator role “can enable and disable users for Lync Server, move users and assign existing policies to users. Cannot modify policies.”.  Following are the steps I followed to get this setup.

  • Create a new Active Directory universal security group.  Its possible other groups types will work; I’m just following suit of the existing CSUserAdministrator AD group.  I used similar naming by appending the group name to the group name.  e.g. CSUserAdministrator_HR
  • Run New-CsAdminRole cmdlet to create a new Lync role using the CSUserAdministrator role as a template and also set the scope of the role to that department’s OU.

New-CsAdminRole -Identity CSUserAdministrator_HR -Template CSUserAdministrator -UserScopes “OU:ou=HR,dc=domain,dc=com”

  • Populate the AD group with Administrators from that group.
  • Complete.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s