locked
Running ForestPrep Global Option System vs. Configuration RRS feed

  • Question

  • When running the ForestPrep when installing OCS you have the option of either using the default of System container or Configuration container.  Why would you use over the other?   What would be the best practice?
    Thursday, June 28, 2007 12:05 PM

Answers

  • System Container is the default and is the recommended choice.

    ·         To store settings in the domain partition of the root domain, click System container in the root domain (recommended) and select the domain where you want to create the universal groups from the list.

    ·         To store settings in the configuration partition of the root domain, click Configuration partition, and select the domain where you want to create the universal groups from the drop-down list.

     

    This is from the OCS AD Guide:

    What Does Prep Forest Do?

    The Prep Forest step creates Office Communications Server objects in the forest root domain Systems container if the default option is selected or in the configuration container if you choose. These objects contain global settings and information about your Office Communications Server deployment. Prep Forest also creates Office Communications Server objects in the configuration container that contain property sets and display specifiers used by Office Communications Server.

    Prep Forest must be run once in each Active Directory forest where you plan to deploy Office Communications Server. See the section “Running Active Directory Preparation Steps,” or the specific steps and credentials required to run this procedure.

    ·         Creates Active Directory global settings and objects

    ·         Creates Active Directory groups used by Office Communications Server

    Active Directory Global Settings and Objects

    Prep Forest creates global settings and objects used by Office Communications Server as follows:

    ·         Creates the global settings n the Active Directory objects in either the system container of the root domain or the configuration container based on the choice you select.

    ·         If you choose to store global settings in the System container in the root domain (recommended), Prep Forest adds a new Microsoft container under System of the root domain and adds a new RTC Service object under the System\Microsoft object. If you choose to store global settings in the Configuration container of the root domain, the existing Services container is used, but a new RTC Service object under the Configuration\Microsoft object.

    ·         Adds Global Settings object of type msRTCSIP-GlobalContainer under the RTC Service object. The Global Settings object holds all settings that apply through the Office Communications Server 2007 deployment.

    ·         A new msRTCSIP-Domain object for the root domain in which Prep Forest is run.

    ·         A Pools object of type msRTCSIP-Pools under the RTC Service object. This object holds a list of all the pools in your organization.

    Active Directory Universal Service and Administration Groups

    Prep Forest also creates universal groups based on the domain selected and adds access control entries (ACE) for these groups. Prep Forest creates the following:

    ·         Universal groups in the User containers of domain you specify to host universal groups used by Office Communications Server.

    Service groups:

    ·         RTCHSUniversalServices

    ·         RTCComponentUniversalServices

    ·         RTCArchivingUniversalServices

    ·         RTCProxyUniversalServices

    Administration groups--Yong has reviewed definitions

    ·         RTCUniversalServerAdmins allows members to manage server and pool settings and also move users from one server or pool to another.

    ·         RTCUniversalUserAdmins allows members to manage user settings and move users from one server or pool to another

    ·         RTCUniversalReadOnlyAdmins allows members to read server, pool and user settings.

    ·         RTCUniversalGuestAccessGroup grants access to users connecting from outside the intranet to meeting content for conferences. This group is used by internal users with Active Directory credentials who are connecting remotely as well as anonymous users, who do not have Active Directory credentials.

    Infrastructure groups

    ·         RTCUniversalGlobalWriteGroup grants write access to global setting objects for Office Communications Server.

    ·         RTCUniversalGlobalReadOnlyGroup-grants read only access to global setting objects for Office Communications Server.

    ·         RTCUniversalUserReadOnlyGroup grants read-only access to Office Communications Server user settings.

    ·         RTCUniversalServerReadOnlyGroup grants read-only access to Office Communications Server settings. This group does not have access to pool level settings only settings specific to an individual server.

    ·         Adds the administrator groups to the correct infrastructure groups:

    ·         RTCUniversalServerAdmins is added to the RTCUniversalGlobalReadOnlyGroup, RTCUniversalGlobalWriteGroup, RTCUniversalServerReadOnlyGroup, RTCUniversalUserReadOnlyGroup groups

    ·         RTCUnversalUserAdmins is added as a member of RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, RTCUniversalUserReadOnlyGroup.

    ·         RTCHSUniversalServices RTCComponentUniversalServices, RTCUniversalReadOnlyAdmins are added as members of the RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, RTCUniversalUserReadOnlyGroup groups

    Prep Forest creates private ACEs on the global settings container used by Office Communications Server 2007. This container is used only by Office Communications Server and is located in the System container in the root domain or the configuration container (depending on the options you specify). The public ACEs created by Prep Forest are listed in the following table:

    Table 1    ACEs added by Prep Forest

     

    RTCUniversalGlobalReadOnlyGroup

    Read root domain System Container (not inherited)*

    X

    Read Configuration’s DisplaySpecifiers container

    (not inherited)

    X

    Read Container (An inherited ACE ) set on the DisplaySpecifiers subordinate container (inherited)

    X

    *ACEs that are not inherited do not grant access to child object under these containers. ACEs that are inherited grant access to child objects under these containers.

    Prep Forest performs the following tasks on the configuration container under the configuration naming context.

    ·         Adds an entry {AB255F23-2DBD-4bb6-891D-38754AC280EF} for the RTC property page under the adminContextMenu and adminPropertyPages attributes of the language display specifier for users, contacts, and InetOrgPersons (for example, CN=user-Display,CN=409,CN=DisplaySpecifiers).

    ·         Adds an RTCPropertySet object of type controlAccessRight under Extended-Rights that applies to the User and Contact classes.

    ·         Adds an RTCUserSearchPropertySet object of type controlAccessRight under Extended-Rights that applies to User, Contact, OU, and DomainDNS classes.

    ·         Add msRTCSIP-PrimaryUserAddress under the extraColumns attribute of each language organizational unit display specifier (CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers) and copies the values of the extraColumns attribute of the default display (CN=organizationalUnit-Display, CN=409,CN=DisplaySpecifiers).

    Adds msRTCSIP-PrimaryUserAddress, msRTCSIP-PrimaryHomeServer, and msRTCSIP-UserEnabled filtering attributes under the attributeDisplayNames attribute of each language display specifier for Users, Contacts, and InetOrgPerson objects (for example, in English: CN=user-Display,CN=409,CN=DisplaySpecifiers).

    Thursday, June 28, 2007 3:55 PM

All replies

  • System Container is the default and is the recommended choice.

    ·         To store settings in the domain partition of the root domain, click System container in the root domain (recommended) and select the domain where you want to create the universal groups from the list.

    ·         To store settings in the configuration partition of the root domain, click Configuration partition, and select the domain where you want to create the universal groups from the drop-down list.

     

    This is from the OCS AD Guide:

    What Does Prep Forest Do?

    The Prep Forest step creates Office Communications Server objects in the forest root domain Systems container if the default option is selected or in the configuration container if you choose. These objects contain global settings and information about your Office Communications Server deployment. Prep Forest also creates Office Communications Server objects in the configuration container that contain property sets and display specifiers used by Office Communications Server.

    Prep Forest must be run once in each Active Directory forest where you plan to deploy Office Communications Server. See the section “Running Active Directory Preparation Steps,” or the specific steps and credentials required to run this procedure.

    ·         Creates Active Directory global settings and objects

    ·         Creates Active Directory groups used by Office Communications Server

    Active Directory Global Settings and Objects

    Prep Forest creates global settings and objects used by Office Communications Server as follows:

    ·         Creates the global settings n the Active Directory objects in either the system container of the root domain or the configuration container based on the choice you select.

    ·         If you choose to store global settings in the System container in the root domain (recommended), Prep Forest adds a new Microsoft container under System of the root domain and adds a new RTC Service object under the System\Microsoft object. If you choose to store global settings in the Configuration container of the root domain, the existing Services container is used, but a new RTC Service object under the Configuration\Microsoft object.

    ·         Adds Global Settings object of type msRTCSIP-GlobalContainer under the RTC Service object. The Global Settings object holds all settings that apply through the Office Communications Server 2007 deployment.

    ·         A new msRTCSIP-Domain object for the root domain in which Prep Forest is run.

    ·         A Pools object of type msRTCSIP-Pools under the RTC Service object. This object holds a list of all the pools in your organization.

    Active Directory Universal Service and Administration Groups

    Prep Forest also creates universal groups based on the domain selected and adds access control entries (ACE) for these groups. Prep Forest creates the following:

    ·         Universal groups in the User containers of domain you specify to host universal groups used by Office Communications Server.

    Service groups:

    ·         RTCHSUniversalServices

    ·         RTCComponentUniversalServices

    ·         RTCArchivingUniversalServices

    ·         RTCProxyUniversalServices

    Administration groups--Yong has reviewed definitions

    ·         RTCUniversalServerAdmins allows members to manage server and pool settings and also move users from one server or pool to another.

    ·         RTCUniversalUserAdmins allows members to manage user settings and move users from one server or pool to another

    ·         RTCUniversalReadOnlyAdmins allows members to read server, pool and user settings.

    ·         RTCUniversalGuestAccessGroup grants access to users connecting from outside the intranet to meeting content for conferences. This group is used by internal users with Active Directory credentials who are connecting remotely as well as anonymous users, who do not have Active Directory credentials.

    Infrastructure groups

    ·         RTCUniversalGlobalWriteGroup grants write access to global setting objects for Office Communications Server.

    ·         RTCUniversalGlobalReadOnlyGroup-grants read only access to global setting objects for Office Communications Server.

    ·         RTCUniversalUserReadOnlyGroup grants read-only access to Office Communications Server user settings.

    ·         RTCUniversalServerReadOnlyGroup grants read-only access to Office Communications Server settings. This group does not have access to pool level settings only settings specific to an individual server.

    ·         Adds the administrator groups to the correct infrastructure groups:

    ·         RTCUniversalServerAdmins is added to the RTCUniversalGlobalReadOnlyGroup, RTCUniversalGlobalWriteGroup, RTCUniversalServerReadOnlyGroup, RTCUniversalUserReadOnlyGroup groups

    ·         RTCUnversalUserAdmins is added as a member of RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, RTCUniversalUserReadOnlyGroup.

    ·         RTCHSUniversalServices RTCComponentUniversalServices, RTCUniversalReadOnlyAdmins are added as members of the RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, RTCUniversalUserReadOnlyGroup groups

    Prep Forest creates private ACEs on the global settings container used by Office Communications Server 2007. This container is used only by Office Communications Server and is located in the System container in the root domain or the configuration container (depending on the options you specify). The public ACEs created by Prep Forest are listed in the following table:

    Table 1    ACEs added by Prep Forest

     

    RTCUniversalGlobalReadOnlyGroup

    Read root domain System Container (not inherited)*

    X

    Read Configuration’s DisplaySpecifiers container

    (not inherited)

    X

    Read Container (An inherited ACE ) set on the DisplaySpecifiers subordinate container (inherited)

    X

    *ACEs that are not inherited do not grant access to child object under these containers. ACEs that are inherited grant access to child objects under these containers.

    Prep Forest performs the following tasks on the configuration container under the configuration naming context.

    ·         Adds an entry {AB255F23-2DBD-4bb6-891D-38754AC280EF} for the RTC property page under the adminContextMenu and adminPropertyPages attributes of the language display specifier for users, contacts, and InetOrgPersons (for example, CN=user-Display,CN=409,CN=DisplaySpecifiers).

    ·         Adds an RTCPropertySet object of type controlAccessRight under Extended-Rights that applies to the User and Contact classes.

    ·         Adds an RTCUserSearchPropertySet object of type controlAccessRight under Extended-Rights that applies to User, Contact, OU, and DomainDNS classes.

    ·         Add msRTCSIP-PrimaryUserAddress under the extraColumns attribute of each language organizational unit display specifier (CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers) and copies the values of the extraColumns attribute of the default display (CN=organizationalUnit-Display, CN=409,CN=DisplaySpecifiers).

    Adds msRTCSIP-PrimaryUserAddress, msRTCSIP-PrimaryHomeServer, and msRTCSIP-UserEnabled filtering attributes under the attributeDisplayNames attribute of each language display specifier for Users, Contacts, and InetOrgPerson objects (for example, in English: CN=user-Display,CN=409,CN=DisplaySpecifiers).

    Thursday, June 28, 2007 3:55 PM
  • We were trying to find out if there was a reason why you would use the Configuration container rather than the System Container?
    Friday, July 6, 2007 11:48 AM
  • The reason for storing the global settings in the configuration container would be:

    Unreliable connection to the forest Root. Putting the settings into the configuration container makes the system immune for this case.

     

    Try what happens if you cut the connection to the forest controler and restart one of the services... or try to open the OCS administration snap-in. It won't work, because it reads the settings from the Forest root. The configuration container gets obviusly replicated to the other sites

     

    Best Regards:

    Michael

    Friday, December 7, 2007 9:25 PM
  • HI,

     

    regarding the forestprep in the domain partition or in the configuration partition, I have a scenario where it is convenient to setup in the configuration partition.

    However, when I run the wizard, the option to select configuration partition is shaded, so i cannot select that.

    Anyone knows why this happens? Can it be related to the forest functional level?

     

    Thanks in advance

     

    Friday, February 8, 2008 4:38 PM
  •  

    Hi Ralph,

     

    If you do have good connectivity with Forest GCs/DCs or if you do have single domain forest. It is always recommended to go for the default setting.

     

    If you do have network problem (link or port block) with the forst GCs/DCs, keep the settings in the configuration partition.

     

    There is no explicit advantage or disadvantage between two if you do have proper network settings in place.

     

     

    Ram K Ojha
    MCSE 2003 - Messaging, MCTS- (LCS 2005 & OCS 2007)
    http://www.OCSPedia.com
    http://www.ITCentrics.com

     

     

    Friday, February 8, 2008 8:05 PM
  • We have a similar situation.  We need to put the settings in the configuration partition but we have LCS installed and so we are prevented from installing int he cofiguration partition.  Anyone know of a fix for this??

     

    Thanks!

    Q

    Thursday, April 3, 2008 11:47 AM
  • Hi,

     

    in our case we had to stick with domain partition exactly because we have LCS in several domains in our forest.

    We tried to get help from MS for this, but the only thing they provided us is a script that would move all LCS / OCS settings from the Root Domain partition to the configuration partition, but since this is very risky and would need to stop all LCS in the forest we decided not to take chances and sticked to the domain partition.

     

    Cheers!

     

    Tuesday, June 17, 2008 3:22 PM