You must create Microsoft Office Communications Server 2007 R2 Group Chat service accounts in Active Directory Domain Services (AD DS). These service accounts require Local Admin permissions on the machine where Group Chat is installed. This includes the following:
- An account for the Lookup service. The Lookup service account
must be enabled for Office Communications Server. For smoothest
operation you should use the name OCSChat when choosing a Session
Initiation Protocol (SIP) Uniform Resource Identifier (URI) for the
Lookup service. If you choose another name, you may need to make
some modifications to the client. For details about modifying the
client, see the
section of the
Office Communications Server 2007 R2 Client Planning and Deployment
If you are installing Group Chat on multiple servers, all Lookup services that are deployed in the same Group Chat pool share a single account.
- An account for the Channel service. Each Channel service
requires a unique service account.
- An account for the Web service.
- An account for the Compliance service.
- An account for managing Group Chat. This account acts as the
first Group Chat administrator. Installation of Group Chat requires
the same permissions as installation of Office Communications
Server, so the user installing it must be a member of the
RTCUniversalServerAdmins group or Domain Admins group.
After you create these accounts, you need to add the Channel service account, Lookup service account, and Compliance service account to the db_owners group of the Group Chat database(s). The Lookup service account needs to be SIP enabled. Use the procedure in this section to create and enable the AD DS accounts for installing and running Group Chat.
To create service accounts in AD DS
On a computer that has Office Communications Server 2007 R2 administrative tools and Active Directory Users and Computers installed, open Active Directory Users and Computers.
In the console tree, right-click the organizational unit (OU) in which you want to add a user account.
Point to New, and then click User.
In the First namebox, type the user's first name.
In the Last namebox, type the user's last name.
In the User logonname box, type the user name, click the UPN suffix in the list, and then click Next.
Note: If the user plans to use a different name to log on to computers that are running Windows 95, Windows 98, or Windows NT, you can change the user logon name as it appears in the User logon name box to the different name.
In the Passwordand Confirmpassword boxes, type the user's password, and then select the appropriate password options.
Important: When you create these accounts, make sure you are aware of any domain password expiration policies that might impact services after deployment.
Repeat this procedure until you have created all required Group Chat service accounts.
Bulk provision the accounts for Office Communications Server.
Add the service account user to the Local Admins user group.