Topic Last Modified: 2010-07-16
In Microsoft Communications Server 2010, you can use the Communications Server 2010 Deployment Wizard to prepare Active Directory Domain Services (AD DS), or you can use Communications Server Management Shell cmdlets directly.
The Communications Server 2010 Deployment Wizard guides you through each Active Directory preparation task. The Deployment Wizard executes Communications Server Management Shell cmdlets. This tool is useful for environments with a single domain and single forest topology, or other similar topology.
The following figure illustrates the Active Directory preparation page in the Deployment Wizard.
You can use Communications Server Management Shell cmdlets to run tasks remotely or for more complex environments.
Active Directory Preparation Prerequisites
You must run Active Directory preparation steps on a computer running Windows Server 2008 with SP2 (64-bit) or Windows Server 2008 R2 (64-bit).
The following components are required to run Active Directory preparation tasks:
- Communications Server Core components (OCScore.msi)
- Microsoft .NET Framework 3.5 with Service Pack 1 (SP1)
(64-bit)
Note: Setup automatically installs this prerequisite if it is not already installed on the computer. - Remote Server Administrative Tools (RSAT)
Note: RSAT tools are required if you run Active Directory preparation steps on a member server rather than on a domain controller. For Windows Server 2008 and Windows Server 2008 R2, you need the Active Directory Domain Services Tools. - Microsoft Visual C++ 2008 Redistributable package (64-bit)
Note: Setup automatically installs this prerequisite if it is not already installed on the computer. - Windows Powershell V2 (64-bit)
Administrator Rights and Roles
The following table shows the administrative rights and roles required for each Active Directory preparation task.
User rights required for Active Directory preparation
Procedure | Rights or roles |
---|---|
Schema preparation |
Member of Schema Admins group for the forest root domain and Administrator rights on the schema master |
Forest preparation |
Member of EnterpriseAdmins or DomainAdmins group for the forest root domain |
Domain preparation |
Member of EnterpriseAdmins or DomainAdmins group for the specified domain |
Active Directory Preparation Cmdlets
The following table compares the Communications Server Management Shell cmdlets used to prepare AD DS to the LcsCmd commands used to prepare AD DS in Microsoft Office Communications Server 2007 R2.
Cmdlets compared to LcsCmd
Cmdlets | LcsCmd |
---|---|
Install-CsAdServerSchema |
Lcscmd /forest /action:SchemaPrep /SchemaType:Server |
Get-CsAdServerSchema |
Lcscmd /forest /action:CheckSchemaPrepState |
Enable-CsAdForest |
Lcscmd /forest /action:ForestPrep |
Disable-CsAdForest |
Lcscmd /forest /action:ForestUnprep |
Get-CsAdForest |
Lcscmd /forest /action:CheckForestPrepState |
Enable-CsAdDomain |
Lcscmd /domain /action:DomainPrep |
Disable-CsAdDomain |
Lcscmd /domain /action: DomainUnprep |
Get-CsAdDomain |
Lcscmd /domain /action:CheckDomainPrepState |
Locked Down Active Directory Requirements
If permissions inheritance is disabled or authenticated user permissions must be disabled in your organization, you must perform additional steps during domain preparation. For details, see Preparing a Locked Down Active Directory Domain Services.
Custom Container Permissions
If your organization uses custom containers instead of the three built-in containers (that is, Users, Computers, and Domain Controllers), you must grant read access to the custom containers for the Authenticated Users group. Read access to the containers is required for domain preparation. For details, see Running Domain Preparation.
Schema Batch Import Tool
The Prep Schema step in the Communications Server 2010 Deployment Wizard and the Install-CsAdServerSchema Communications Server Management Shell cmdlet extend the Active Directory schema on domain controllers running a 64-bit operating system. If you need to extend the Active Directory schema on a domain controller running a 32-bit operating system, you can run the Install-CsAdServerSchema cmdlet remotely (recommended approach). If you need to run schema preparation directly on the domain controller, however, you can use the Ldifde.exe tool to import the schema files. The Ldifde.exe tool comes with most versions of the Windows operating system.
If you use Ldifde.exe to import the schema files, you must import all four files, regardless of whether you are migrating from a previous version or performing a clean installation. You must import them in the following sequence:
- ExternalSchema.ldf
- ServerSchema.ldf
- BackCompatSchema.ldf
- VersionSchema.ldf
To use Ldifde.exe to import the four schema files on a domain controller that is the schema master, use the following format:
Copy Code | |
---|---|
ldifde -i -v -k -s <DCName> -f <Schema filename> -c DC=X <defaultNamingContext> -j logFilePath -b <administrator account> <login domain> <password> |
For example:
Copy Code | |
---|---|
ldifde -i -v -k -s DC1 -f ServerSchema.ldf -c DC=X "DC=contoso,DC=com" -j C:\BatchImportLogFile -b Administrator contoso password |
Note: |
---|
Use the -b parameter only if you are logged in as a different user. For details about the required user rights, see Administrative Rights and Roles. |
To use Ldifde.exe to import the four schema files on a domain controller that is not the schema master, use the following format:
Copy Code | |
---|---|
ldifde -i -v -k -s <SchemaMasterFQDN> -f <Schema filename> -c DC=X <rootDomainNamingContext> -j logFilePath -b <administrator account> <domain> <password> |
For details about using Ldifde, see Knowledge Base article 237677, "Using LDIFDE to import and export directory objects to Active Directory," at http://go.microsoft.com/fwlink/?LinkId=132204.