You can grant permissions to delegate Office Communications Server setup or administration to users who are not members of an authorized Active Directory Domain Services (AD DS) group. Delegation allows more administrators to participate in your Office Communications Server deployment without opening up unnecessary access to resources. For example, delegating administration is useful in situations where you want users who are not members of the DomainAdmins group to activate Office Communications Server after the servers are installed.
 Important: |
|---|
| You must specify a global or universal group that already exists when you delegate setup or administration. You cannot use a local group. |
The following table summarizes the delegated roles.
Delegated Roles
| Role | Purpose | Location |
|---|---|---|
|
Setup |
|
Domain where servers will be deployed. |
|
Server administration |
|
Domain where servers are to be administered. |
|
User administration |
|
Domain where users are to be administered. |
|
Read-only server administration |
|
Domain where servers are to be administered. |
You can delegate setup and administration in the following ways:
- To grant setup permissions, you can use either the Setup
(SetupEE.exe or SetupSE.exe) deployment tool or the LcsCmd.exe
command-line tool.
- To grant administration permissions, you must use the
LcsCmd.exe command-line tool to delegate any of the following:
- Server administration
- User administration
- Read-only user administration
- Read-only server administration
- Server administration
|
Note: |
|---|
| Read-only administration is useful for monitoring, troubleshooting, and other activities that do not require changes to the system. |
The topics in this section provide more information about delegating setup and administration.