[This is preliminary documentation and is subject to change. Blank topics are included as placeholders.]

Grants Microsoft Communications Server “14” management permissions on an Active Directory organizational unit.

Syntax


Grant-CsOUPermission -ObjectType <User \| Computer \| InetOrgPerson \| Contact \| AppContact \| Device> -OU <String> [-Confirm [<SwitchParameter>]] [-Domain <Fqdn>] [-DomainController <Fqdn>] [-Force <SwitchParameter>] [-GlobalCatalog <Fqdn>] [-Report <String>] [-WhatIf [<SwitchParameter>]]

Grant-CsOUPermission -ObjectType <User | Computer | InetOrgPerson | Contact | AppContact | Device> -OU <String> [-Confirm [<SwitchParameter>]] [-Domain <Fqdn>] [-DomainController <Fqdn>] [-Force <SwitchParameter>] [-GlobalCatalog <Fqdn>] [-Report <String>] [-WhatIf [<SwitchParameter>]]

Parameters

Parameter	Required	Type	Description
OU	Required	Active Directory distinguished name	Distinguished name of the OU where permissions are to be granted. For example: -OU "ou=Redmond,dc=litwareinc,dc=com".Note that you can only grant permissions to a single OU per command.
ObjectType	Required	String	Type of object covered by these permissions. Valid values are: User Computer Contact AppContact InetOrgPerson To assign multiple object types in the same command, separate the object types by using commas: -ObjectType "user","computer","contact".
Domain	Optional	String	Name of the domain where the OU is located. If this parameter is not included, then Grant-CsOUPermission will look for the OU on the current domain.
DomainController	Optional	String	Enables administrators to specify the fully qualified domain name of the domain controller to be used when running Grant-CsOUPermission. If not specified, the cmdlet will use the first available domain controller.
GlobalCatalog	Optional	String	Fully qualified domain name of a global catalog server in your domain. This parameter is not required if you are running Grant-CsOUPermission on a computer with an account in your domain.
Force	Optional	Switch Parameter	Suppresses the display of any non-fatal error message that might arise when running the command.
Report	Optional	String	Enables you to specify a file path for the log file created when the cmdlet runs. For example: -Report "C:\Logs\OUPermissions.xml"
WhatIf	Optional	Switch Parameter	Describes what would happen if you executed the command without actually executing the command.
Confirm	Optional	Switch Parameter	Prompts you for confirmation before executing the command.

Detailed Description

If you have locked down your Active Directory domain (that is, if you have disabled permission inheritance) then the domain preparation which takes place when you install Microsoft Communications Server will not be able to add the permissions needed to manage users, computers, contacts, application contacts, and InetOrg persons. (Domain administrators will still be able to manage these objects, but members of the RTCUniversalServerAdmins group will not.) In that case, you will need to use the Grant-CsOUPermission to give RTCUniversalServerAdmins the required permissions. This must be done on a container-by-container basis.

Note that this cmdlet only grants permissions to the RTCUniversalServerAdmins group; the cmdlet cannot be used to grant permissions to other security groups or to individual users.

Permissions granted by using Grant-CsOUPermission can later be removed using Revoke-CsOUPermission. If you run that cmdlet then the RTCUniversalServerAdmins group will no longer have management permissions for Communications Server (at least not for the specified Active Directory container). In that case, you will need to be an enterprise administrator or a domain administrator in order to manage Communications Server or one of its components.

Return Types

Examples

-------------------------- Example 1 ------------------------

	Copy Code
Grant-CsOUPermission -OU "ou=Redmond,dc=litwareinc,dc=com" -ObjectType "user"

The command shown in Example 1 grants user management permissions (-ObjectType "user") on the Redmond OU in the domain litwareinc.com.

-------------------------- Example 2 ------------------------

	Copy Code
Grant-CsOUPermission -OU "ou=Redmond,dc=litwareinc,dc=com" -ObjectType "user","contact","inetOrgPerson"

In Example 2, management permissions are granted for three different objects (user, contact, inetOrgPerson) for the Redmond OU in the domain litwareinc.com.

-------------------------- Example 3 ------------------------

	Copy Code
$x = "ou=Redmond,dc=litwareinc,dc=com", "ou=Dublin,dc=litwareinc,dc=com", "ou=Tokyo,dc=litwareinc,dc=com" foreach ($i in $x) {Grant-CsOUPermission -OU $i -ObjectType "user"}

In the preceding example, user management permissions are simultaneously granted for three different OUs: Redmond, Dublin, and Tokyo. To carry out this task, the first command in the example creates an array variable named $x; this variable holds the distinguished names of the three Active Directory OUs where permissions will be granted. In the second command, a foreach loop is created that takes each OU stored in the array and runs the Grant-CsOUPermission cmdlet against that organizational unit. In turn, that command gives the RTCUniversalServerAdmins group user management permissions for each OU in the array.