Enabling the Resource Mailbox Account in Active Directory

The conference room mailbox account created previously by Exchange is a disabled user object in Active Directory. LRS cannot sign-in or authenticate by using Kerberos/NTLM authentication if the account is disabled in Active Directory. The LRS client must be able to authenticate against Exchange Web Services to retrieve calendar settings, and must also be able to send email with whiteboard contents.

Therefore, you must enable this account in Active Directory by doing the following:

  1. In Active Directory, run the following cmdlet to enable account log on:

Set-ADAccountPassword –Identity LRS01

Running this cmdlet will prompt you to enter the current password, and then to reenter the password twice for confirmation.

  1. Once the password is set, run the following cmdlet to enable the account:

Enable-ADAccount –Identity LRS01

Alternatives to Enabling a Resource Mailbox Account in Active Directory

If you cannot enable the account in Active Directory, LRS supports the following alternatives to enabling an account in Active Directory for log on:

·         If your domain is running at Windows 2008 R2 functionality level, you can create a managed service account (MSA) corresponding to each conference room where you deploy LRS. In this case, LRS will sign in to Lync Server and Exchange Server by using its identity (for example, LRS01@contoso.com), but by using the MSA credentials for authentication.

·         If you do not have Windows 2008 R2 Active Directory, you can use a machine account as the authenticating identity, as long as you intend to join the LRS appliance PC to the domain. LRS will continue to sign in by using its identity (for example, LRS01@contoso.com), but it will use the machine account credentials for authentication.

·         You can create a second user account for a conference room, and then use that account as the authenticating identity, similarly to both of the previous options.

*    Important:

For all these options, you must delegate to the authenticating identity (MSA, machine account, or another user account) full access to management of the resource mailbox account in Exchange. This will allow those identities’ credentials to be used by LRS to obtain calendar data.