Topic Last Modified: 2010-07-16
Domain preparation is the final step in preparing Active Directory Domain Services (AD DS) for Communications Server 2010. The domain preparation step adds to universal groups the necessary access control entries (ACEs) that grant permissions to host and manage users within the domain. Domain preparation creates ACEs on the domain root and three built-in containers: User, Computers, and Domain Controllers (DCs).
|If you are migrating from Office Communications Server 2007 R2 to Communications Server 2010, the Deployment Wizard may indicate that domain preparation is already complete. You do not need to run domain preparation again. Permissions were not changed from Office Communications Server 2007 R2 to Communications Server 2010.|
You can run domain preparation on any computer in the domain where you are deploying Communications Server. You must prepare every domain that will host Communication Servers or users.
If permissions inheritance is disabled or authenticated user permissions are disabled in your organization, you must perform additional steps during domain preparation. For details, see Preparing a Locked Down Active Directory Domain Services.
If your organization uses custom containers instead of the three built-in containers (that is, Users, Computers, and Domain Controllers), you must grant read access to the custom containers for the Authenticated Users group. Read access to the containers is required for domain preparation. If the Authenticated Users group does not have read access to the custom container, run the Grant-CsOuPermission cmdlet as illustrated below to grant read permissions for each custom container.
Grant-CsOuPermission -ObjectType <User | InetOrgPerson | Contact | AppContact.> -OU <DN of the OU, excluding the domain root portion of the DN>
|For details about the access control entries (ACEs) created on the domain root and in the Users, Computers, and Domain Controllers containers, see Changes Made by Domain Preparation.|