在 Lync Server 2013 中準備鎖定的 Active Directory 網域服務Preparing a locked-down Active Directory Domain Services in Lync Server 2013

 

主題上次修改日期: 2012-05-14Topic Last Modified: 2012-05-14

組織通常會鎖定 Active Directory 網域服務,以協助降低安全性風險。Organizations often lock down Active Directory Domain Services to help mitigate security risks. 不過,鎖定的 Active Directory 環境可以限制 Lync Server 2013 所需的許可權。However, a locked-down Active Directory environment can limit the permissions that Lync Server 2013 requires. 正確準備 Lync Server 2013 的鎖定 Active Directory 環境時,包含一些額外的考慮和步驟。Properly preparing a locked-down Active Directory environment for Lync Server 2013 involves some additional considerations and steps.

鎖定的 Active Directory 環境是以下列兩種常見方式來限制權限:Two common ways in which permissions are limited in a locked-down Active Directory environment are as follows:

  • 已驗證的使用者存取控制項目 (ACE) 已從容器中移除。Authenticated user access control entries (ACEs) are removed from containers.

  • User、Contact、InetOrgPerson 或 Computer 物件的容器已停用權限繼承。Permissions inheritance is disabled on containers of User, Contact, InetOrgPerson, or Computer objects.