An example of this is the RTCUserSearchPropertySet, which

An example of this is the RTCUserSearchPropertySet, which is located in the Extended Rights container. The Extended Rights container is a subordinate of the Configuration container for the forest. The RTCUserSearchPropertySet contains information about the user, including the user s name and SIP URI. This object is used by administrators and end-users alike. The well-known security principle Authenticated Users has a default read ACL assigned to it. This is what allows users to search for other LCS-enabled users in the forest. The search methodology differs slightly where the Address Book Service has been deployed. In addition to allowing users to search for other SIP-enabled users, this key also allows the server to search for users and their SIP URI, enabling users to authenticate. Because the domain global groups used to administer LCS implementations in the domain are not from a well-known GUID, do not rename the group or move it out of the Users container. If, for whatever reason, one of the global groups is deleted accidentally, insert the LCS 2005 with SP1 CD, and rerun the Prep Domain command. If a group is missing, then the Prep Domain command will not have the checkmark. Instead, it will be blue and can be selected. Optionally, you can use the command-line tool: :SetupI386>LcsCmd /domain /action:DomainPrep. This command will rerun the Prep Domain, creating the missing groups; and it will re-apply the domain ACLs and ACEs to that group. Local permissions may need to be changed. Implementing Domain Add to Forest Root Whenever a forest contains multiple domains, the Domain Add to Forest Root procedure needs to be performed. This function sets permissions for the child domain to enable access to objects in the forest root domain. This process grants permissions in the forest root to child domain administrators, child domain servers and Enterprise pools, and message queues to be able to access Live Communications Server information stored in the root. To perform the Domain Add to Forest Root, you must have Domain Admins access in the child domain and Enterprise Admins access in the forest root domain. The Domain Add to Forest Root function is available through the deployment tool. Optionally, the command-line tool, LcsCmd.exe, can be used to perform the Domain Add to Forest Root. Note that in the following example, forest.local signifies the forest domain and domain.forest.local signifies the child domain: :SetupI386>LcsCmd/domain:forest.local/action:DomainAdd/refdomain:domain .forest.local Working with Resource Forest and Multi-Forest Scenarios Some organizations maintain several forests used primarily for resources, with one of the forests being utilized for user accounts. Generally these are found in larger organizations. These forests are remnants of upgraded NT4 domains and the domains have not been collapsed. Some organizations make the conscious choice to keep their applications and their user accounts separate. Either way, it works well for the organization and Microsoft has recognized this. While this is not relevant to the Prep Domain, it is important to mention that in some hosted LCS scenarios, or scenarios in which access to some domains in an enterprise forest are restricted, some papers may advise adding a Deny to the Authenticated Users ACL. Do not add a Deny to the ACL, as a Deny is explicit and could both prevent users from logging in and prevent administrators from making changes. 74 Chapter 4

Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services

Bookmark the permalink.

Comments are closed.