在 Lync Server 2013 中准备锁定的 Active Directory 域服务Preparing a locked-down Active Directory Domain Services in Lync Server 2013

 

上次修改的主题: 2012-05-14Topic Last Modified: 2012-05-14

组织通常会锁定 Active Directory 域服务以帮助缓解安全风险。Organizations often lock down Active Directory Domain Services to help mitigate security risks. 但是,锁定的 Active Directory 环境可以限制 Lync Server 2013 所需的权限。However, a locked-down Active Directory environment can limit the permissions that Lync Server 2013 requires. 为 Lync Server 2013 正确准备锁定的 Active Directory 环境涉及一些额外的注意事项和步骤。Properly preparing a locked-down Active Directory environment for Lync Server 2013 involves some additional considerations and steps.

在锁定的 Active Directory 环境中,权限以如下两种常见方式受到限制:Two common ways in which permissions are limited in a locked-down Active Directory environment are as follows:

  • 从容器中删除经过身份验证的用户的访问控制项 (ACE)。Authenticated user access control entries (ACEs) are removed from containers.

  • 权限继承在用户、联系人、InetOrgPerson 或计算机对象的容器上被禁用。Permissions inheritance is disabled on containers of User, Contact, InetOrgPerson, or Computer objects.