Loading…

Andrew J. Price | Technical Blog

Office Servers and Services MVP | Founder of UC and Cloud Day | Founder of Microsoft Cloud User Group

Note from the field: Installing Microsoft Lync 2013 without Domain Admin Permissions

Hello Readers

In this blog post I will be looking at the process of installing Lync 2013 without Domain Admin Permissions. I will be installing Lync 2013 Enterprise Edition on Windows 2012 R2. First and foremost you will need local admin rights to the Front End Servers otherwise you wont be able to progress with the installing phrases.

The next important step in my book will be to install the perquisites via my good friend Pat Richard’s Script. You can find Pat’s script at http://www.ehloworld.com/1697 (If you haven’t heard of this script before make sure you look at The UC Architects Podcast) We regularly discuss cool tools we have used in the field when deploying Microsoft Lync and Exchange.

Hopefully you now have;

  • Admin Rights to the Local FEs
  • Perquisites are fully installed

Now at this stage it is expected the customer will perform this task to allow you to make the necessary changes in AD when installing Lync 2013 (with maybe your assistance) and I will using a Service Account called svc.lync to install Lync 2013 but require the Lync Security Groups before I can install Lync 2013. So on the Lync Server the customer would have to log on as the Administrator that has Schema Admin and Enterprise or Domain Admin Rights and do the following;

  • Insert the Lync 2013 Media
  • Run Setup.exe from D:\Setup\amd64\
  • Press “Yes” to Install Microsoft Visual C++ 2012 x64

image

 

 

 

 

 

  • Click “Install

image

  • Tick “I Accept” and Press “OK
  • Once the Core Components have installed you should be welcomed by Microsoft Lync Deployment Wizard

image

  • Now Press “Prepare Active Directory
  • Press “Run” on Step 1 to “Prepare Schema

image

  • Press “Next

Hopefully the task should complete successfully. If it doesn’t then you might not have Schema Master Rights as referenced in a previous blog post http://lyncme.co.uk/microsoft-lync-server-2013/quick-tips-using-service-accounts-to-install-lync-2013/

  • Press “Finish

Step 2 is very much a manual process and depends on your environment. If you have Domain with more than 1 DC then Replication may take up to an hour.

image

Step 3

  • Press “Run
  • Press “Next
  • You can specify “Local Domain” or “Specific Domain” as I have only the one Domain, I left the default of Local Domain and Press “Next

Hopefully the task should complete successfully. If it doesnt then Replication hasnt completed or you may have an issue I experienced in a previous blog post http://lyncme.co.uk/microsoft-lync-server-2013/error-when-installing-lync-2013-object-reference-not-set-to-an-instance-of-an-object/

  • Press “Finish

Step 4 again is another manual process

Step 5

  • Press “Run
  • Press “Next

Hopefully the task should complete successfully.

  • Press “Finish

Step 6 and 7 again is another manual process but Step 7 is important as we will be using the “CSAdministrator” and “RTCUniverisalServerAdmins” group that has been created for the Non-Domain Admin Account.

Now in Active Directory add “CSAdministrator” and “RTCUniverisalServerAdmins” to the Service Account you will be using to install Lync 2013, once completed go back to the Lync FE Server and open Lync Management Shell as Administrator.

The following command you need is;

Grant-CsSetupPermission -ComputerOU <DN of the OU where the Lync server exists>

So in my case I used the following command;

Grant-CsSetupPermission -ComputerOU “OU=Servers,OU=LyncME,DC=lyncme,DC=local”

image

Once this command has completed we will need to apply security permissions to the OU so again from the Lync Management Shell

The command you need is;

Grant-CsOUPermission -OU <DN of the OU where the Lync server exists> -ObjectType “user”

So in my case I used the following command;

Grant-CsOUPermission -OU “OU=Servers,OU=LyncME,DC=lyncme,DC=local” -ObjectType “user”

image

We will now be able to install Lync 2013 via a Service Account that doesnt have Domain Admin Rights.

If you want more information about the Grant Commands Jens Trier Rasmussen from Microsoft did a good write up, see the following link

Grant-CsSetupPermission and Grant-CsOuPermission

Regards

Andrew Price

 

One thought on “Note from the field: Installing Microsoft Lync 2013 without Domain Admin Permissions

Leave a Reply