MVA Jump Start

Module 3
Configuring Users and Rights
Module Overview
Managing Lync Server 2013
Introduction to Role Based Access Control (RBAC)
Lesson 1: Managing Lync Server 2013
Lync Server Control Panel
Lync Server Management Shell
Using PowerShell 3.0
Lync Server Control Panel
Lync Server Management Shell
Lync Server Management Shell
Built on Microsoft Windows PowerShell

2.0
Contains more than 550 product-specific cmdlets
Example cmdlet:
New-CsUserReplicatorConfiguration
Using PowerShell 3.0
PowerShell syntax
Verb-dash-noun
Get-Help
Parameters
Limit scope of cmdlet
Get-Service DisplayName Windows
Wildcards
* and ?
Get-Service -DisplayName windows*
Lesson 2: Introduction to Role Based Access Control
Overview of Role Based Access Control (RBAC)
Predefined Role Based Access Control roles
Whats new in Lync Server 2013 RBAC
Overview of Role Based Access Control (RBAC)
Role Based Access Control is a method of granting a specific group
of users the ability to execute specific management tasks
Administrative privilege are granted by assigning users to
administrative roles
Managed exclusively via PowerShell
a role is enabled to use a list of cmdlets, designed to be useful for a
certain type of administrator or technician
A scope is the set of objects which the cmdlets defined in a role can
operate on.
The objects that scope affects can be either user accounts (grouped
by organizational unit) or servers (grouped by site).
Predefined Role Based Access Control roles
Role Tasks allowed
CsAdministrator Can perform all administrative tasks and modify all settings, including creating roles and assigning users
to roles. Can expand a deployment by adding new sites, pools, and services.
CsUserAdministrator Can enable and disable users for Lync Server, move users and assign existing policies to users. Cannot
modify policies.
CsVoiceAdministrator Can create, configure, and manage voice-related settings and policies.
CsServerAdministrator Can manage, monitor, and troubleshoot servers and services. Can prevent new connections to servers,
stop and start services, and apply software updates. Cannot make changes with global configuration
impact.
CsViewOnlyAdministrator Can view the deployment, including user and server information, in order to monitor deployment health.
CsHelpDesk Can view the deployment, including user's properties and policies. Can run specific troubleshooting tasks.
Cannot change user properties or policies, server configuration, or services.
CsArchivingAdministrator Can modify archiving configuration and policies.
CsResponseGroupAdministrator Can manage the configuration of the Response Group application within a site.
CsLocationAdministrator Lowest level of rights for Enhanced 9-1-1 (E9-1-1) management, including creating E9-1-1 locations and
network identifiers, and associating these with each other. This role is always assigned with a global
scope.
CsResponseGroupManager Can manage specific response groups.
CsPersistentChatAdministrator Can manage the Persistent Chat feature and specific Persistent Chat rooms.
Creating/Modify Custom RBAC roles
A new custom role can be created using PowerShell cmdlets
A predefined role can be used as a starting template
To make a new role, you use the New-CsAdminRole cmdlet. Before
running New-CsAdminRole, you must first create the underlying
security group that will be associated with this role.
You can modify the list of cmdlets and scripts that a role can run
RBAC Scope
Template Use a predefined administrative template to create a
new CSAdminRole
User Scope Limit the scope of users that can be managed via
organizational unit
ConfigScope Limit the scope of servers that can be managed via
Lync site
Cmdlets Specific cmdlet(s) available to a user role
ScriptModules Ability to create and specify custom scripts
available to the user role (C:\Program Files\Common Files\Microsoft Lync Server
2013\AdminScripts)
Custom RBAC Examples/Demo

Create AD Universal Security Group named CsOnpremAdmin

New-CsAdminRole -Identity CsOnpremAdmin" -Template

"CsUserAdministrator" -UserScopes
"OU:ou=Accounts,DC=onprem,DC=local

Add User to Group

Whats new in Lync Server 2013 RBAC
1. New custom role creation
2. New Predefined Roles:
Response Group Manager role
Persistent Chat Manager role
Module Review and Takeaways
Review Question(s)
Real-world Issues and Scenarios
Tools
2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be
registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the
current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be
interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this
presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.