Configuring users and rights in Lync Server 2013

 Jan 28, 2014

Just like any other server products, Lync Server 2013 offers a Role Based Access Control (RBAC) solution. RBAC is a method of granting a specific group of users the ability to execute specific management tasks. Lync Server 2013 includes a rich set of built-in administrative roles. You can also create new roles and specify a custom list of cmdlets for each new role, and you can add scripts of cmdlets to the allowed tasks of both predefined and custom RBAC roles. An important point to note is that RBAC restrictions work only for administrators working remotely, using either the Lync Server Control Panel or Lync Server Management Shell. A user sitting at a server running Lync Server is not restricted by RBAC. Therefore, physical security of your Lync Server is important to preserve RBAC restrictions. Lync Server 2013 offers predefined roles such as CsAdministrator, CsUserAdministrator, CsVoiceAdministrator, and CsServerAdministrator to name a few. These roles come with predefined functions, for instance, the CsAdministrator role can perform all administrative tasks and modify all settings. Members with this role can also expand a deployment by adding sites, pools and services. Two new predefined roles in Lync Server 2013 are the Response Group Manager Role and Persistent Chat Manager Role. Users who are given the Response Group Manager role can manage specific Response Group queues in your organisation. Users given the Persistent Chat Manager role can manage specific Persistent Chat rooms in your organisation, but not necessarily have management rights for other rooms or the Persistent Chat feature as a whole. As I said earlier, Lync Server 2013 allows you to create new roles. To do this, you'll have to use the New-CsAdminRole cmdlet. Before running New-CsAdminRole, you'll need to create the underlying security group that will be associated with this role. The following cmdlet serves as an example of a creating a new role called MyHelpDeskScriptRole. The new roles have the abilities of the predefined CsHelpDesk role, and can additionally run the functions in a script named, “MyScript”.
New-CsAdminRole -Identity "MyHelpDeskScriptRole" -Template CsHelpDesk -ScriptModules @{Add=" MyScript.ps1"}
For this cmdlet to work, you must first create the security group, MyHelpDeskScriptRole. After you run this cmdlet, you can assign users directly to this role where they'll have a global scope. Alternatively, you create a scope based on this role. RBAC is one of the many features that Lync Server 2013 has to offer and in my opinion; I would recommend that organisations make the switch to Lync Server 2013. If you haven't already done so, take a look at my previous blog post (What's New in Lync Server 2013) to learn more about the other great features available.

How do your Excel skills stack up?   

Test Now  

About the Author:

San Roy  

San is a highly skilled IT Infrastructure professional with over 15 years experience in a technical training capacity. Throughout his career as a technical training consultant San Has been responsible for the development of numerous IT professionals, providing knowledge and expertise in the areas of Server Operating Systems, Database Management Systems, Messaging and Collaboration. San primarily specialises in delivering training in Microsoft products including Windows Server OS, Windows Client OS, SQL Server, SharePoint Server and Exchange Server. Through his years of practical experience as a technical trainer he is able to provide added insight and value to students that reach beyond the scope of a standard course outline. San has established himself as one of New Horizons' preferred trainers by continually bringing a combination of technical expertise and personality to the classroom each day.

Read full bio
Back to top