Domain Joining Considerations

You can join the LRS appliance PC to the Active Directory domain or leave it in a Workgroup. Consider the following points before making this decision.

If you plan to join LRS machines to the domain, to avoid joining LRS machine inadvertently to an unintended OU, which may not be free from GPOs, ensure you join by using the following cmdlet from the LRS machine. This will ensure that the LRS machine joins in the correct OU and does not receive GPOs that might block LRS functionality.

$username = "contso.local\LRS01"
$password = ConvertTo-SecureString "password123” -AsPlainText -Force
$myCred = New-Object System.Management.Automation.PSCredential $username, $password

Add-Computer -DomainName contoso.local -Credential $mycred –OUPath “OU=LyncRoomSystem,OU=Resources,DC=CONTOSO,DC=LOCAL”


Even if you create a separate OU and block inheritance, there are some policies which are could cause issues at a higher level. A Group Policy with No Override setting beats an OU with a Block Policy Inheritance setting. For more information, see the article “No Override as Compared to Block Policy Inheritance” in the Group Policy documentation at

You may have multiple approaches to solving these problems. We advise you to consult with your Active Directory experts to ensure you are provided with an OU that is free of GPO settings, or at least an OU in which the previously described policies do not exist.