[This is pre-release documentation and subject to change in future releases. This topic's current status is: Milestone-Ready]

Topic Last Modified: 2010-07-16

In Microsoft Communications Server 2010, you can use the Communications Server 2010 Deployment Wizard to prepare Active Directory Domain Services (AD DS), or you can use Communications Server Management Shell cmdlets directly.

The Communications Server 2010 Deployment Wizard guides you through each Active Directory preparation task. The Deployment Wizard executes Communications Server Management Shell cmdlets. This tool is useful for environments with a single domain and single forest topology, or other similar topology.

The following figure illustrates the Active Directory preparation page in the Deployment Wizard.


You can use Communications Server Management Shell cmdlets to run tasks remotely or for more complex environments.

Active Directory Preparation Prerequisites

You must run Active Directory preparation steps on a computer running Windows Server 2008 with SP2 (64-bit) or Windows Server 2008 R2 (64-bit).

The following components are required to run Active Directory preparation tasks:

  • Communications Server Core components (OCScore.msi)

  • Microsoft .NET Framework 3.5 with Service Pack 1 (SP1) (64-bit)

    Note:
    Setup automatically installs this prerequisite if it is not already installed on the computer.
  • Remote Server Administrative Tools (RSAT)

    Note:
    RSAT tools are required if you run Active Directory preparation steps on a member server rather than on a domain controller. For Windows Server 2008 and Windows Server 2008 R2, you need the Active Directory Domain Services Tools.
  • Microsoft Visual C++ 2008 Redistributable package (64-bit)

    Note:
    Setup automatically installs this prerequisite if it is not already installed on the computer.
  • Windows Powershell V2 (64-bit)

Administrator Rights and Roles

The following table shows the administrative rights and roles required for each Active Directory preparation task.

User rights required for Active Directory preparation

Procedure Rights or roles

Schema preparation

Member of Schema Admins group for the forest root domain and Administrator rights on the schema master

Forest preparation

Member of EnterpriseAdmins or DomainAdmins group for the forest root domain

Domain preparation

Member of EnterpriseAdmins or DomainAdmins group for the specified domain

Active Directory Preparation Cmdlets

The following table compares the Communications Server Management Shell cmdlets used to prepare AD DS to the LcsCmd commands used to prepare AD DS in Microsoft Office Communications Server 2007 R2.

Cmdlets compared to LcsCmd

Cmdlets LcsCmd

Install-CsAdServerSchema

Lcscmd /forest /action:SchemaPrep /SchemaType:Server

Get-CsAdServerSchema

Lcscmd /forest /action:CheckSchemaPrepState

Enable-CsAdForest

Lcscmd /forest /action:ForestPrep

Disable-CsAdForest

Lcscmd /forest /action:ForestUnprep

Get-CsAdForest

Lcscmd /forest /action:CheckForestPrepState

Enable-CsAdDomain

Lcscmd /domain /action:DomainPrep

Disable-CsAdDomain

Lcscmd /domain /action: DomainUnprep

Get-CsAdDomain

Lcscmd /domain /action:CheckDomainPrepState

Locked Down Active Directory Requirements

If permissions inheritance is disabled or authenticated user permissions must be disabled in your organization, you must perform additional steps during domain preparation. For details, see Preparing a Locked Down Active Directory Domain Services.

Custom Container Permissions

If your organization uses custom containers instead of the three built-in containers (that is, Users, Computers, and Domain Controllers), you must grant read access to the custom containers for the Authenticated Users group. Read access to the containers is required for domain preparation. For details, see Running Domain Preparation.

Schema Batch Import Tool

The Prep Schema step in the Communications Server 2010 Deployment Wizard and the Install-CsAdServerSchema Communications Server Management Shell cmdlet extend the Active Directory schema on domain controllers running a 64-bit operating system. If you need to extend the Active Directory schema on a domain controller running a 32-bit operating system, you can run the Install-CsAdServerSchema cmdlet remotely (recommended approach). If you need to run schema preparation directly on the domain controller, however, you can use the Ldifde.exe tool to import the schema files. The Ldifde.exe tool comes with most versions of the Windows operating system.

If you use Ldifde.exe to import the schema files, you must import all four files, regardless of whether you are migrating from a previous version or performing a clean installation. You must import them in the following sequence:

  1. ExternalSchema.ldf

  2. ServerSchema.ldf

  3. BackCompatSchema.ldf

  4. VersionSchema.ldf

To use Ldifde.exe to import the four schema files on a domain controller that is the schema master, use the following format:

Copy Code
ldifde -i -v -k -s <DCName> -f <Schema filename> -c DC=X <defaultNamingContext> -j logFilePath -b <administrator account> <login domain> <password>

For example:

Copy Code
ldifde -i -v -k -s DC1 -f ServerSchema.ldf -c DC=X "DC=contoso,DC=com" -j C:\BatchImportLogFile -b Administrator contoso password
Note:
Use the -b parameter only if you are logged in as a different user. For details about the required user rights, see Administrative Rights and Roles.

To use Ldifde.exe to import the four schema files on a domain controller that is not the schema master, use the following format:

Copy Code
ldifde -i -v -k -s <SchemaMasterFQDN> -f <Schema filename> -c DC=X <rootDomainNamingContext> -j logFilePath -b <administrator account> <domain> <password>

For details about using Ldifde, see Knowledge Base article 237677, "Using LDIFDE to import and export directory objects to Active Directory," at http://go.microsoft.com/fwlink/?LinkId=132204.

See Also



    Deployment wizard with Active Directory preparation tasks