Group Memberships and User Rights Requirements for Best Practices Analyzer


Topic Last Modified: 2011-02-10

To successfully run Best Practices Analyzer, the user account that you use to log on must be a member of the Administrators group on the local computer. Additionally, to scan your environment, the user account must be a member of the following groups:

  • Domain Admins   To enumerate Active Directory Domain Services information and to call the Windows Management Instrumentation (WMI) providers on domain controllers and global catalog servers.

  • Administrators   Required on each Lync Server internal computer and each Edge Server to call the Windows Management Instrumentation (WMI) providers and to access the registry.

  • RTCUniversalReadOnlyAdmins

  • Exchange View Only Administrator   Full or delegated Exchange View Only Administrator on the Microsoft Exchange organization.

If your user account does not have sufficient user rights, you have two options:

  • At a command prompt, use the runas command to run the tool under an account that does have sufficient user rights. The syntax is as follows:

    runas /netonly /user:<domain>\<userName> rtcbpa.exe
  • On the Connect to Active Directory page, set the credentials for the accounts that you plan to use to run Best Practices Analyzer. Click Show advanced login options. You can enter three accounts: one for connecting to Active Directory Domain Services, one for connecting to Lync Server 2010 Edge Servers, and one for connecting to the Exchange Servers. If you do not specify any of these accounts, the user account that you used to log on and run Best Practices Analyzer is used.