Topic Last Modified: 2010-11-08
To successfully complete this procedure you should be logged on as a user who is a member of the RTCUniversalServerAdmins group.
After creating the Kerberos account, you must assign it to a site. This is a Lync Server 2010 site, not an Active Directory site. You can create multiple Kerberos authentication accounts per deployment, but you can assign only one account to a site. Use the following procedure to assign a previously created Kerberos authentication account to a site. For details about creating the Kerberos account, see Create a Kerberos Authentication Account.
To assign a Kerberos
authentication account to a site
-
As a member of the RTCUniversalServerAdmins group, log on to a computer in the domain running Lync Server 2010 or on to a computer where the administrative tools are installed.
-
Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
-
From the command line, run the following two commands:
Copy CodeNew-CsKerberosAccountAssignment -UserAccount "Domain\UserAccount" -Identity "site:SiteName"
Copy CodeEnable-CsTopology
For example:
Copy CodeNew-CsKerberosAccountAssignment -UserAccount "contoso\kerbauth" -Identity "site:redmond"
Copy CodeEnable-CsTopology
Note:You must specify the UserAccount parameter by using the Domain\User format. The User@Domain.extension format is not supported for referring to the computer objects created for Kerberos authentication purposes. 
Important:After making any changes to Kerberos authentication, such as adding an account or removing an account, you must run Enable-CsTopology from the Lync Server Management Shell command prompt.