Active Directory Domain Services Support
Topic Last Modified: 2012-12-04
Microsoft Lync Server 2010 communications software uses the Central Management store to store configuration data for servers and services, instead of relying on Active Directory Domain Services (AD DS) for this information as in previous versions. Lync Server 2010 still stores the following in AD DS:
User object extensions
Extensions for Office Communications Server 2007 and Office Communications Server 2007 R2 classes to maintain backward compatibility with previous supported versions
Data (stored in Lync Server extended schema and in existing classes)
User SIP URI and other user settings
Contact objects for applications (for example, the Response Group application and the Conferencing Attendant application)
Data published for backward compatibility
A service connection point (SCP) for the Central Management store
Kerberos Authentication Account (an optional computer object)
This section describes the AD DS support requirements for Lync Server 2010. For details about topology support, see Supported Active Directory Topologies in the Supportability documentation.
Supported Domain Controller Operating Systems
Lync Server 2010 supports domain controllers running the following operating systems:
Windows Server 2008 R2 operating system
Windows Server 2008 operating system
Windows Server 2008 Enterprise 32-Bit
The 32-bit or 64-bit versions of the Window Server 2003 R2 operating system
The 32-bit or 64-bit versions of the Windows Server 2003
Forest and Domain Functional Level
You must raise all domains in which you deploy Lync Server 2010 to a domain functional level of Windows Server 2008 R2, Windows Server 2008, or at least Windows Server 2003 native mode. Windows Server 2003 mixed mode is not supported.
All forests in which you deploy Lync Server 2010 must be raised to a forest functional level of Windows Server 2008 R2, Windows Server 2008, or at least Windows Server 2003 native mode. Windows Server 2003 mixed mode is not supported.
Support for Read-Only Domain Controllers
Lync Server 2010 supports Active Directory Domain Services (AD DS) deployments that include read-only domain controllers or read-only global catalog servers, as long as there are writable domain controllers available.
Lync Server does not support single-labeled domains. For example, a forest with a root domain named contoso.local is supported, but a root domain named local is not supported. For details, see Microsoft Knowledge Base article 300684, “Information about configuring Windows for domains with single-label DNS names,” at http://go.microsoft.com/fwlink/p/?linkid=3052&kbid=300684.
Lync Server does not support renaming domains. If you need to rename a domain where Lync Server is deployed, you need to first uninstall Lync Server, then rename the domain, and then reinstall Lync Server.
Locked Down AD DS Environments
In a locked-down AD DS environment, Users and Computer objects are often placed in specific organizational units (OUs) with permissions inheritance disabled to help secure administrative delegation and to enable use of Group Policy objects (GPOs) to enforce security policies. Lync Server 2010 can be deployed in a locked-down Active Directory environment. For details about what is required to deploy Lync Server in a locked-down environment, see Preparing a Locked-Down Active Directory Domain Services in the Deployment documentation.