Preparing a Locked-Down Active Directory Domain Services
Topic Last Modified: 2010-10-17
Organizations often lock down Active Directory Domain Services (AD DS) to help mitigate security risks. However, a locked-down Active Directory environment can limit the permissions that Microsoft Lync Server 2010 requires. Properly preparing a locked-down Active Directory environment for Lync Server 2010 involves some additional considerations and steps.
Two common ways in which permissions are limited in a locked-down Active Directory environment are as follows:
Authenticated user access control entries (ACEs) are removed from containers.
Permissions inheritance is disabled on containers of User, Contact, InetOrgPerson, or Computer objects.