Topic Last Modified: 2012-06-20

To delegate setup, you can grant permissions to the RTCUniversalServerAdmins universal group for a specific Active Directory organizational unit (OU), enabling members of the RTCUniversalServerAdmins group in that OU to install Lync Server 2013 in the specified domain without being members of the Domain Admins group.

The Grant-CsSetupPermission cmdlet grants the RTCUniversalServerAdmins group permissions on an OU, as specified in the following table:

Permissions granted to Objects in the OU

Permissions apply to: Permissions granted are:

RTCUniversalServerAdmins

Special access:

  • Read servicePrincipalName

  • Write servicePrincipalName

  • Delete tree

  • Replicating directory changes

Descendant serviceConnectionPoint objects

Special access:

  • Read permissions

  • Write permissions

  • Create child

  • Delete child

  • List contents

  • Write property

  • Read property

  • Delete tree

Descendant msRTCSIP-Server objects

Special access:

  • Write property

  • Read property

  • Delete tree

Descendant msRTCSIP-WebComponents objects

Special access:

  • Write property

  • Read property

  • Delete tree

Descendant msRTCSIP-MCU objects

Special access:

  • Write property

  • Read property

  • Delete tree

Descendant msRTCSIP-MediationServer objects

Special access:

  • Write property

  • Read property

  • Delete tree

Descendant msRTCSIP-ApplicationServer objects

Special access:

  • Write property

  • Read property

  • Delete tree

Descendant msRTCSIP-ConnectionPoint objects

Special access:

  • Write property

  • Read property

  • Delete tree

Descendant Computer objects

Special access for serviceConnectionPoint:

  • Create child objects

  • Delete child objects

  • Delete tree

Special access for public information:

  • Read property

Special access for DNS host name:

  • Read property