Shulou(Shulou.com)06/02 Report--

"actual combat training for system engineers"

-09-deploy an instant messaging system

-01-deploy front-end server-4-prepare Active Directory

Author: endless learning

QQ communication group: 454544014

Refer to:

Prepare Active Directory

Https://technet.microsoft.com/en-us/library/dn951386.aspx

Skype for Business Server works closely with Active Directory. You must prepare the Active Directory domain to work with Skype for Business Server. This process is accomplished in the Deployment Wizard and is only done once for the domain. This is because the process creates groups and modifies the domain, and you need to do that only once. You can do steps 1 through 5 in any order. However, you must do steps 6, 7, and 8 in order, and after steps 1 through 5, as outlined in the diagram. Preparing Active Directory is step 4 of 8. For more information about planning for Active Directory, see Environmental requirements for Skype for Business Server 2015.

1. Log in to the server in the forest as a member of the Schema Admins group and with Administrator permissions on the schema host.

Mount-ISO

Cn_skype_for_business_server_2015_x64_dvd_6625574.ISO

two。 Open Skype for Business Server Deployment Wizard

3. Click-prepare Active Directory

4. Step 1: prepare the architecture

a. In step 1: prepare the schema, click run.

b. On the prepare Schema page, click next.

If there is a problem:

Please restart 3 domain controller servers!

011-DC01

012-DC02

013-DC03

c. On the executing commands page, look for Task status: completed, and then click View Log.

d. Expand Schema preparation under the actions column, look for the execution results at the end of each task to confirm that schema preparation has been completed successfully, close the log, and then click finish.

e. Wait for the Active Directory replication to complete, or force the replication.

5. Step 2: verify replication of schema partitions

a. Log in to the domain controller as a member of the Enterprise Admins group.

b. Click start, click Administrative tools, click ADSI Edit to open ADSI Edit.

c. In the Microsoft Management console (MMC) tree, click ADSI Edit (if it is not already selected).

d. On the actions menu, click Connect to.

e. In the connection Settings dialog box, under Select a known naming context, select Schema, and then click OK.

f. Under the schema container, search for "CN=ms-RTC-SIP-SchemaVersion". If this object exists and the value of the rangeUpper property is 1150 and the value of the rangeLower property is 3, the schema update and replication are successful. If this object does not exist, or if the values of the rangeUpper and rangeLower properties are not the specified values, the schema has not been modified or copied.

6. Step 3: prepare the current forest

a. In step 3: prepare the current forest, click run.

b. On the prepare Forest page, click next.

c. On the executing commands page, look for Task status: completed, and then click View Log.

d. Under the actions column, expand Forest preparation, look for the execution results at the end of each task to confirm that the forest is ready to complete successfully, close the log, and then click finish.

e. Wait for Active Directory replication to complete, or force replication to all domain controllers listed in the Active Directory sites and Services snap-in of the forest root domain controller before running domain preparation. Force replication between domain controllers in all Active Directory sites so that replication occurs in the site within minutes.

7. Step 4: confirm to copy the global catalog

To confirm the success of global catalog replication and object creation during forest preparation:

a. On the domain controller in the forest where you are running the forest preparation (preferably at the remote site of another domain controller), open Active Directory users and computers.

b. In Active Directory users and computers, expand the domain name of the forest or subdomain.

c. Click the users container in the left pane and look for the common group CsAdministrators in the right pane. If CsAdministrators is displayed in addition to the other 8 new general groups that begin with Cs, the forest is ready to replicate successfully.

d. If these groups are not displayed, you can force replication or wait 15 minutes before refreshing the right pane. When the group is displayed, it indicates that the replication is complete.

Tip:

If you need to check the log files created by the Lync Server deployment wizard, you can find them on the computer running the deployment wizard in the Users directory of the Active Directory Domain Services user running this step. "for example, if the user logs in as the domain administrator of the domain Contoso.net, the log file is located at:"

C:\ Users\ Administrator.Contoso\ AppData\ Local\ Temp

8. Step 5: prepare the current domain

a. In step 5: prepare the current domain, click run.

b. On the prepare Domain page, click next.

c. On the executing commands page, look for Task status: completed, and then click View Log.

d. Under the actions column, expand Domain preparation, look for the execution results at the end of each task to confirm that the domain is ready to complete successfully, close the log, and then click finish.

e. Wait for Active Directory replication to complete, or force replication to all domain controllers listed in the Active Directory sites and Services snap-in of the forest root domain controller.

9. Step 6: verify replication of the domain

a. Start the Lync Server Management Shell: click start, click all programs, click Microsoft Lync Server 2013, and then click Lync Server Management Shell.

b. In Windows PowerShell, type the following command:

Get-CsAdDomain [- Domain] [- DomainController] [- GlobalCatalog] [- GlobalSettingsDomainController]

For example:

Get-CsAdDomain-Domain domain1.contoso.net-GlobalSettingsDomainController dc01.domain1.contoso.com

Note:

The parameter GlobalSettingsDomainController is used to indicate the location where global settings are stored. If the settings are stored in the system container (as is usually the case in upgrade deployments where global settings have not been migrated to the configuration container), define a domain controller in the root of the Active Directory domain service forest. If global settings are stored in the configuration container (as is usually the case in new deployments or upgraded deployments where settings have been migrated to the configuration container), define any domain controllers in the forest. If this parameter is not specified, cmdlet assumes that the settings are stored in the configuration container and references any domain controller in Active Directory.

If you do not specify the Domain parameter, the value is set to the local domain. If the domain preparation is successful, this cmdlet returns the value of LC_DOMAIN_SETTINGS_STATE_READY.

10. Step 7: add users to provide them with the right to manage the Skype for Business Server control panel

To grant access to Skype for Business Server:

a. Log in as a member of the Domain Admins group or the RTCUniversalServerAdmins group.

b. Open Active Directory users and computers, expand the domain, right-click the users container, and then click Properties.

c. In CSAdministrator Properties, click the members tab.

d. On the members tab, click add. In Select a user, contact, computer, service account, or group, find enter the name of the object you want to select. Type the user name or group name you want to add to the CSAdministrators group. Click OK.

e. On the members tab, verify that the selected user or group exists. Click OK.

Tip:

The Lync Server 2013 Control Panel is a role-based access control tool. Membership in the CsAdministrator group provides users using the Lync Server 2013 dashboard with full control over all configuration features available in the Lync Server 2013 dashboard. Other specialized roles are provided for specific functions. Users do not need to enable Lync Server 2013 to become members of the administrative group.

CsArchiving: members of this group can perform all archiving functions, such as configuring and managing archiving server roles.

CsHelpDesk: members of this group can view the configuration and deployment, including user properties and policies. Members can also perform specific troubleshooting tasks.

CsLocationAdministrator: members have minimum user rights related to management enhanced 9-1-1 (E9-1-1). They can create E9-1-1 location and network identifiers and associate them in deployment.

CsResponseGroupAdministrator: members can manage and configure response group services

CsServerAdministrator: members can manage and monitor all servers running Lync Server 2013 and resolve problems encountered by these servers.

CsUserAdministrator: members can manage, enable, and disable users, and assign existing policies to users.

CsViewOnlyAdministrator: members can view the deployment and configuration of server information. This membership allows members to monitor the health of servers running Lync Server 2010.

CsVoiceAdministrator: members can create, configure, and manage voice-related settings in Lync Server 2013.

To help preserve the integrity of security and role-based access control, add users to groups that define their roles when performing Lync Server 2013 deployment management.

11. Prepare Active Directory- to complete.

This article has been completed!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.