Verifies that the required permissions needed to manage users, computers, and other objects have been set on the specified Active Directory container.
Syntax
Test-CsOUPermission -ObjectType <User | Computer | InetOrgPerson | Contact | AppContact> -OU <String> [-Domain <Fqdn>] [-Report <String>] |
Parameters
Parameter | Required | Type | Description |
---|---|---|---|
Domain |
Optional |
String |
Name of the domain where the OU to be checked is located. If this parameter is not included, then Test-CsOUPermission will look for the OU on the current domain. |
OU |
Required |
Active Directory distinguished name |
Distinguished name of the OU to be checked. For example: -OU "ou=Redmond,dc=litwareinc,dc=com". Note that you can only check a single OU per command. |
ObjectType |
Required |
ObjectType object |
Type of object to be checked. Valid values are: User Computer Contact AppContact InetOrgPerson To check multiple objects in the same kind, separate the object types by using commas: -ObjectType "user","computer","contact". |
Report |
Optional |
String |
Enables you to specify a file path for the log file created when the cmdlet runs. For example: -Report "C:\Logs\OUPermissions.xml". If this file already exists, it will be overwritten when you run the cmdlet. |
Verbose |
Optional |
String |
Reports detailed activity to the screen as the cmdlet runs. |
Detailed Description
If you have locked down your Active Directory domain (that is, if you have disabled permission inheritance) then the domain preparation which takes place when you install Microsoft Communications Server will not be able to add the permissions needed to manage users, computers, contacts, application contacts, and InetOrg persons. (Domain administrators will still be able to manage these objects, but members of the RTCUniversalServerAdmins group will not.) In that case, you will need to use the Grant-CsOUPermission to grant RTCUniversalServerAdmins the appropriate permissions. In addition, you will need to do this on a container-by-container basis.
The Test-CsOUPermission cmdlet enables you to determine whether or not the requisite permissions have been added to a given Active Directory container. Test-CsOUPermission returns True if the correct permissions have been applied, and False if the correct permissions have not been applied. If the cmdlet returns False, you will then need to run Grant-CsOUPermission in order to make the necessary changes.
Return Types
Test-CsOUPermission returns an instance of the Microsoft.Rtc.SyntheticTransactions.TaskOutput object.
Examples
-------------------------- Example 1 ------------------------
Copy Code | |
---|---|
Test-CsOUPermission -OU "ou=Redmond,dc=litwareinc,dc=com" -ObjectType "user" |
The command shown in Example 1 verifies that user permissions have been set on the Redmond OU in the litwareinc.com domain.