After the Active Directory preparation steps previously described have been completed, a number of new AD security groups are introduced. The groups can be divided into four primary categories: service groups, administration groups, infrastructure groups, and role-based access control (RBAC) groups. The purpose of each security group is described next.
Lync Server 2013 service groups include the following:
• RTCHSUniversalServices—Includes service accounts that can be used to run the Front End services and grants Lync servers read/write access to Lync Server global settings and Active Directory user objects.
• RTCComponentUniversalServices—Includes service accounts that can be used to run Lync conferencing and web components services.
• RTCProxyUniversalServices—Includes service accounts that can be used to run a Lync proxy service.
• RTCSBAUniversalServices—Grants read access to the Lync deployment for survivable branch appliance installation.
Lync Server 2013 administration groups include the following:
• RTCUniversalServerAdmins—Allows members to manage server and pool settings.
• RTCUniversalUserAdmins—Allows members to manage user settings and move users from one server or pool to another.
• RTCUniversalReadOnlyAdmins—Allows members to read server, pool, and user settings.
• RTCUniversalSBATechnicians—Grants read access to the Lync deployment, as well as local administrative access to a survivable branch appliance during installation.
Lync Server 2013 infrastructure groups include the following:
• RTCUniversalConfigReplicator—Allows Lync servers to participate in replication of the Lync configuration.
• RTCUniversalGlobalWriteGroup—Grants write access to global settings for Lync Server.
• RTCUniversalGlobalReadOnlyGroup—Grants read-only access to global settings for Lync Server.
• RTCUniversalUserReadOnlyGroup—Grants read-only access to Lync Server user settings.
• RTCUniversalServerReadOnlyGroup—Grants read-only access to individual Lync Server settings.
Lync Server 2013 RBAC groups include the following:
• CSAdministrator—Grants full administrative access to the Lync Server 2013 environment.
• CSArchivingAdministrator—Grants access to the archiving-related Lync settings and policies.
• CSHelpDesk—Grants read-only access to Lync user properties and policies, along with access to specific troubleshooting functions.
• CSLocationAdministrator—Grants access to the E911 management functions of Lync.
• CSPersistentChatAdministrator—Grants access to the Lync Persistent Chat admin cmdlets.
• CSResponseGroupAdministrator—Grants access to configure the Response Group application within Lync.
• CSResponseGroupManager—Grants access to manage limited configuration of Lync Response Groups that have been assigned.
• CSServerAdministrator—Grants access to manage, monitor, and troubleshoot Lync servers and services.
• CSUserAdministrator—Grants access to enable, disable, and move Lync users, as well as assign existing policies.
• CSViewOnlyAdministrator—Grants read-only access to the Lync deployment for monitoring purposes.
• CSVoiceAdministrator—Grants access to create, configure, and manage voice-related Lync settings and policies.