Apply the Master Account Management policy
The Built-in Policy - Skype for Business - Master Account Management Policy Object enables Active Roles to perform Skype for Business Server user management tasks on user accounts in Active Directory forests that are external to the Skype for Business Server forest. It needs to be configured as appropriate to your Skype for Business Server forest mode (resource forest or central forest) and then linked to domains or containers in external user forests.
To configure the Policy Object
- In the Active Roles console tree, select Configuration | Policies | Administration | Builtin.
- In the details pane, double-click the Built-in Policy - Skype for Business - Master Account Management Policy Object.
- In the Properties dialog box that appears, go to the Policies tab, and double-click the entry in the list of policies.
- In the Properties dialog box that appears, go to the Forest Mode tab and select the option that matches the Skype for Business Server forest mode in your Skype for Business Server deployment (see Skype for Business Server forest mode).
- Review other policy settings:
- On the Shadow Account tab, view or change the container and default description for new shadow accounts.
- On the Master Account tab, view or change the attribute to store a reference to shadow account.
- On the Synced tab, view or change the list of synchronized properties.
- On the Substituted tab, configure your custom list of substituted properties in addition to the default list.
- On the Back-synced tab, view or change the list of back-synchronized properties.
For detailed description of the policy settings, see Master Account Management policy settings earlier in this document.
To link the Policy Object to an organizational unit or domain
- In the Active Roles console tree, select Configuration | Policies | Administration | Builtin.
- In the details pane, right-click the Built-in Policy - Skype for Business - Master Account Management Policy Object, and then click Policy Scope.
- In the dialog box that appears, click Add, and then select the desired organizational unit or domain.
Apply the User Management policy
The Built-in Policy - Skype for Business - User Management Policy Object enables Active Roles to perform Skype for Business Server user management tasks on user accounts in the Skype for Business Server forest. It needs to be linked to domains or containers in the Skype for Business Server forest that hold shadow accounts. In case of central forest, you also need to link that Policy Object to Active Directory domains or containers in the Skype for Business Server forest that hold logon-enabled user accounts for which you want Active Roles to perform Skype for Business Server user management tasks.
To link the Policy Object to an organizational unit or domain
- In the Active Roles console tree, select Configuration | Policies | Administration | Builtin.
- In the details pane, right-click the Built-in Policy - Skype for Business - User Management Policy Object, and then click Policy Scope.
- In the dialog box that appears, click Add, and then select the desired organizational unit or domain.
Out of the box, the Policy Object has all policy settings configured. You can use the Active Roles console to view or change policy settings as needed.
To view or change policy settings
- In the Active Roles console tree, select Configuration | Policies | Administration | Builtin.
- In the details pane, double-click the Built-in Policy - Skype for Business - User Management Policy Object.
- In the Properties dialog box that appears, go to the Policies tab, and double-click the entry in the list of policies.
- In the Properties dialog box that appears, do any of the following:
- On the Server tab, specify how you want Active Roles to select a computer running Skype for Business Server.
- On the SIP User Name tab, configure a rule for generating the SIP user name in the user SIP address.
- On the SIP Domain tab, configure a rule to restrict selection of a SIP domain for the user SIP address.
- On the Pool tab, configure a rule to restrict selection of an Enterprise Edition Front End pool or Standard Edition server to which Skype for Business Server users can be assigned.
- On the Telephony tab, configure a rule to restrict selection of a Telephony option for Skype for Business Server users.
For detailed description of the policy settings, see User Management policy settings earlier in this document.
Upgrade from an earlier version
You can use the following steps to upgrade from Active Roles Add-on for Skype for Business Server to Skype for Business Server User Management:
- Identify the Active Directory topology option used by the add-on. The possible options are:
In case of multiple forests, note down the Distinguished Name of the container in which the add-on creates shadow accounts.
- Uninstall the earlier version of the add-on from Active Roles Add-on Manager, and then uninstall the add-on from the system
- Upgrade to Active Roles version 7.5. For upgrade instructions, see the Active Roles 7.5 Quick Start Guide.
- Deploy Skype for Business Server User Management. Depending on the Active Directory topology option used by the add-on:
The following instructions elaborate on these steps. The instructions apply to Active Roles Add-on for Skype for Business Server 2.1.
To identify the Active Directory topology option used by the add-on
- In the Active Roles console tree, select Applications | Active Roles Add-on for Skype for Business Server.
- Review the add-on settings in the Configure Add-on area in the details pane:
- The Active Directory topology option is selected in the Active Directory topology box.
- If a multi-forest option is selected, the Distinguished Name of the container in which the add-on creates shadow accounts is specified in the Container for shadow accounts/contacts box.
If the add-on was configured with the resource forest or central forest option, you need to configure and apply the Built-in Policy - Skype for Business - Master Account Management Policy Object as follows.
To configure and apply the Master Account Management policy
- In the Active Roles console tree, select Configuration | Policies | Administration | Builtin.
- In the details pane, double-click the Built-in Policy - Skype for Business - Master Account Management Policy Object.
- In the Properties dialog box that appears, go to the Policies tab, and double-click the entry in the list of policies.
- In the Properties dialog box that appears, go to the Forest Mode tab and select the option that matches the Active Directory topology option that was used by the add-on:
- If the add-on was configured with the option Multiple forests - Resource forest, then select the Resource forest option on the Forest Mode tab.
- If the add-on was configured with the option Multiple forests - Central forest, then select the Central forest option on the Forest Mode tab.
- Go to the Shadow Account tab and configure the policy to use the container for shadow accounts that was used by the add-on: Click This container, click Browse, and select the container.
- Click OK to close the Properties dialog for the policy entry.
- In the Properties dialog box for the Policy Object, click Apply, go to the Scope tab, and then click the Scope button on that tab.
- In the dialog box that appears, add the containers that hold the master accounts you managed using the add-on, and then click OK.
- Click OK to close the Properties dialog box for the Policy Object.
Skype for Business Server User Management recognizes the existing master accounts, enabling Active Roles to manage their shadow accounts for Skype for Business Server in the same way as when using the add-on. To expedite the recognition of the existing master accounts, you might execute the Master Account Management task without waiting for its scheduled run: In the Active Roles console, navigate to the Configuration/Server Configuration/Scheduled Tasks/Builtin container, right-click the object Skype for Business - Master Account Management in that container, point to All Tasks, and then click Execute.
Managing Skype for Business Server Users
The Skype for Business Server User Management solution enables Active Roles to administer Skype for Business Server users. Once you have deployed Skype for Business Server User Management, the Active Roles Web Interface can be used to perform the following tasks: