Topic Last Modified: 2011-03-16

Microsoft Lync Server 2010 introduces role-based access control (RBAC) groups to enable you to delegate administrative tasks while maintaining high standards for security. These groups are created during forest preparation. For details about forest preparation, see Active Directory Domain Services. For details about the specific groups created by forest preparation, see Changes Made by Forest Preparation in the Deployment documentation.

With RBAC, administrative privilege is granted by assigning users to pre-defined administrative roles, including the 11 predefined roles that cover many common administrative tasks. Each role is associated with a specific list of Lync Server Management Shell cmdlets that users in that role are allowed to run. You can use RBAC to follow the principle of "least privilege," in which users are given only the administrative abilities that their jobs require. For details, see Role-Based Access Control in the Planning documentation.