Revoke-CsSetupPermission
Topic Last Modified: 2012-03-27
Revokes the Microsoft Lync Server 2010 setup rights that have been granted on an Active Directory organizational unit (OU).
Syntax
Revoke-CsSetupPermission -ComputerOu <String> [-Confirm [<SwitchParameter>]] [-Domain <Fqdn>] [-DomainController <Fqdn>] [-Force <SwitchParameter>] [-GlobalCatalog <Fqdn>] [-Report <String>] [-WhatIf [<SwitchParameter>]]
Detailed Description
The domain preparation that takes place when you install Lync Server 2010 does not automatically add the rights that enable members of the RTCUniversalServerAdmins group to run the Enable-CsTopology cmdlet. That means that, by default, you must be a domain administrator in order to enable a topology. To give members of the RTCUniversalServerAdmins group the right to enable a topology, you must run the Grant-CsSetupPermissions cmdlet. In addition, you will need to run this cmdlet against each Active Directory container that hosts computers running Lync Server.
Rights granted by using Grant-CsSetupPermission can later be removed by using Revoke-CsSetupPermission. If you run that cmdlet, the RTCUniversalServerAdmins group will no longer have Lync Server setup rights for the specified Active Directory container. In that case, you will need to be an enterprise administrator or a domain administrator in order to enable a Lync Server topology.
Who can run this cmdlet: You must be a domain administrator in order to run the Revoke-CsSetupPermission cmdlet locally. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt:
Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Revoke-CsSetupPermission"}
Parameters
| Parameter | Required | Type | Description |
|---|---|---|---|
ComputerOU |
Required |
Active Directory right |
Distinguished name (DN) of the OU that contains the accounts for the computers where Lync Server will be (or has been) installed. For example: -ComputerOU "ou=CsServers,dc=litwareinc,dc=com". If you prefer you can leave off the domain portion of the distinguished name when specifying the OU. For example: -ComputerOU "ou=CsServers" |
Domain |
Optional |
String |
Name of the domain where the OU is located. If this parameter is not included, then Revoke-CsSetupPermission will look for the OU in the current domain. |
DomainController |
Optional |
String |
Fully qualified name of the domain controller to be contacted when assigning the policy. For example: -DomainController atl-dc-001.litwareinc.com. If not specified, Revoke-CsSetupPermission will contact the nearest available domain controller when assigning the policy. |
GlobalCatalog |
Optional |
String |
Fully qualified name of the global catalog server to be contacted when assigning the policy. For example: -GlobalCatalog atl-dc-001.litwareinc.com. If not specified, Revoke-CsSetupPermission will contact the nearest available global catalog server when assigning the policy. |
Force |
Optional |
Switch Parameter |
Suppresses the display of any non-fatal error message that might occur when running the command. |
Report |
Optional |
String |
Enables you to specify a file path for the log file created when the cmdlet runs. For example: -Report "C:\Logs\OUPermissions.html" |
WhatIf |
Optional |
Switch Parameter |
Describes what would happen if you executed the command without actually executing the command. |
Confirm |
Optional |
Switch Parameter |
Prompts you for confirmation before executing the command. |
Input Types
None. Revoke-CsSetupPermission does not accept pipelined input.
Return Types
None.
Example
-------------------------- Example 1 ------------------------
Revoke-CsSetupPermission -ComputerOU "ou=CsServers,dc=litwareinc,dc=com"
The command shown in Example 1 revokes the setup rights applied to the CsServers OU in the domain litwareinc.com.