立即与支持人员聊天
与支持团队交流

Active Roles 7.6.1 - Solutions Guide

Active Roles Solutions Overview Exchange Resource Forest Management Configuration Transfer Wizard Solution Active Roles SPML Provider Skype for Business Server Solution
Introducing Skype for Business Server User Management Supported Active Directory topologies User Management policy Master Account Management policy Access Templates for Skype for Business Server Deploying the Solution Managing Skype for Business Server Users
Management Pack for SCOM

Multiple forests - Central forest

The central forest topology refers to a multi-forest environment where a separate forest—Skype for Business Server forest—hosts servers running Skype for Business Server and may also host logon-enabled accounts. Outside the Skype for Business Server forest, user forests host logon-enabled user accounts but no servers running Skype for Business Server.

With the Skype for Business Server User Management policy applied to logon-enabled user accounts in the Skype for Business Server forest, Active Roles can enable and administer those user accounts for Skype for Business Server in the same way as in the Single forest case.

When creating a Skype for Business Server account for a user from an external forest, Active Roles creates a contact in the Skype for Business Server forest, establishes a link between the user account in the user forest (master account) and the contact in the Skype for Business Server forest (shadow account), and enables that contact for Skype for Business Server. The Master Account Management policy then ensures that the attributes of the contact are synchronized with the attributes of the user account, so that Skype for Business Server user properties can be administered on the user account via Active Roles. In the Skype for Business Server forest, the User Management policy detects the attribute changes replicated from the user account to the contact, and translates them to remote shell commands on Skype for Business Server, similarly to the Single forest case.

User Management policy

The User Management policy is intended for single-forest and multi-forest environments where logon-enabled accounts of Skype for Business Server users are defined in the Active Directory forest in which Skype for Business Server is deployed, as well as for multi-forest environments where logon-enabled master accounts of Skype for Business Server users are defined in external forests with each master account being represented by a shadow account (disabled user account or contact) in the Active Directory forest in which Skype for Business Server is deployed. The User Management policy enables Active Roles to perform user management tasks on Skype for Business Server.

The Policy Object that holds this policy is in the Configuration/Policies/Administration/Builtin container. The name of the Policy Object is Built-in Policy - Skype for Business - User Management. Depending upon your Active Directory topology, apply this Policy Object as follows to enable Skype for Business Server User Management in Active Roles.

Table 16: Applying the Built-in - Skype for Business - User Management Policy Object

Topology option

Where to apply the Policy Object

Single forest

Apply this Policy Object to

Active Directory domains or containers that hold user accounts you want to administer by using Skype for Business Server User Management in Active Roles.

Multiple forests - Resource forest

Apply this Policy Object to

Active Directory domains or containers in the Skype for Business Server forest that hold shadow accounts (disabled user accounts) for users from external forests you want to administer by using Skype for Business Server User Management in Active Roles.

Multiple forests - Central forest

Apply this Policy Object to

Active Directory domains or containers in the Skype for Business Server forest that hold logon-enabled user accounts you want to administer by using Skype for Business Server User Management in Active Roles

Active Directory domains or containers in the Skype for Business Server forest that hold shadow accounts (contacts) for users from external forests you want to administer by using Skype for Business Server User Management in Active Roles.

User Management policy settings

The topics in this section cover the User Management policy settings.

Connection to Skype for Business Server

To administer Skype for Business Server users, Active Roles requires a connection to a computer running the following server role in your Skype for Business Server deployment: Front End Server (in case of Skype for Business Server Enterprise Edition) or Standard Edition Server. The computer must be from an Active Directory domain that is registered with Active Roles as a managed domain. By using the Server policy setting, you can specify how you want Active Roles to select a Skype for Business Server computer:

  • Connect to any available server  With this option, Active Roles attempts to connect to any Front End Server or Standard Edition Server that runs the Central Management Server in your Skype for Business Server deployment. If no Central Management Server role holders are available in the managed domains, then Active Roles attempts to connect to the first Front End Server or Standard Edition Server found in the managed domains.
  • Connect to these servers only  This option allows you to configure a list from which you want Active Roles to select a Skype for Business Server computer. You can:
    • Add or remove computers from the list. Active Roles searches the managed domains for computers running the appropriate Skype for Business Server role, allowing you to select the desired computers.
    • Set the default computer. Active Roles first attempts to connect to that computer.
    • Reorder the list. Active Roles first attempts to connect to computers that are higher in the list.

Note that at least one of your Active Directory domains that hold computers running the Front End Server or Standard Edition Server must be registered with Active Roles as a managed domain. Otherwise, Active Roles is unable to discover your Skype for Business Server deployment, so Skype for Business Server User Management functions are unavailable.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级