Role-based access control (RBAC) for Lync Server 2013


Topic Last Modified: 2013-11-07

Microsoft Lync Server 2013 includes Role-Based Access Control (RBAC) groups to enable you to delegate administrative tasks while maintaining high standards for security. These groups are created during forest preparation. For details about forest preparation, see Active Directory Domain Services for Lync Server 2013. For details about the specific groups created by forest preparation, see Changes made by forest preparation in Lync Server 2013 in the Deployment documentation.

With RBAC, administrative privilege is granted by assigning users to pre-defined administrative roles, including the 11 predefined roles that cover many common administrative tasks. Each role is associated with a specific list of Lync Server Management Shell cmdlets that users in that role are allowed to run. You can use RBAC to follow the principle of "least privilege," in which users are given only the administrative abilities that their jobs require. For details, see Planning for role-based access control in Lync Server 2013 in the Planning documentation.