So far, in this article series we have covered all tasks related to installing the first Front-End server, however, the Lync eco-system has a variety of roles and features available to an organization. In this article and upcoming ones, we will be looking at some of these roles to bring more value to the organization. We are going to start with user management, and how an administrator or a delegated user is able to manage Lync users. From that basic concept we can cover more key areas such as, Policies, Lync client, integration with Exchange, how to monitor the Lync usage and so forth.
Before going any further, let’s cover the Lync Server Control Panel which is the interface that most of the administrators will use to manage several aspects of the Lync administration, such as; user management, policies, and voice.
In the previous articles we used the Lync Server Topology Builder, and that tool will always be available to deploy new servers and major changes, such as PSTN gateways, add a role to an existent server and so forth. The other side of the administration is the Lync Server Control Panel for daily activities. Also, the Lync Server Management Shell can be used for the same tasks and more advanced settings. Before getting to the Lync Server Control Panel, let’s stop by the DNS management for our domain to make sure that everything is okay and prepare the basics for the automatic logon process that is coming in the upcoming articles of this series.
Managing DNS to support Lync Server deployment
Besides deploying Lync Server 2010 and managing the clients, the DNS design plays an important role in the Lync environment. The main question which usually solves 80% of the problems is the automatic logon process. If your company wants to use DNS for that you must make sure that your SIP domain defined in Lync has a zone in the DNS, or you can always use Group Policies to manage the clients, however, it creates some issues (external clients, workstations outside of domain and so forth).
In this article series we are going to use DNS which makes things easier down the road. The setup Active Directory FQDN is apatricio.local and the SIP domain is defined as andersonpatricio.org. If you already have the SIP domain identical to that of Active Directoy you can skip this section, however, we will go back to DNS to manage the autodiscover in a near future article of this series.
The downside of using split-DNS is that the external zone entries must be replicated, otherwise the internal clients won’t find resources that are available in the external DNS. For example: our company uses www.andersonpatricio.org and the page is not found, since a www entry does not exist in the internal zone. For that reason all external entries that the internal clients may use must be added internally as well. Any new entries or even changes must be updated internally which creates a little more work to manage your DNS depending on the size of your company.
Since we decided to use a split-DNS we are going to create a new zone in Active Directory, and we will name it using our SIP domain which in our article series is andersonpatricio.org. Create three A host entries called: meet, dialin and admin, as shown in figure 01. That will be enough to support our current requirement which is to manage Lync using Lync Server Control Panel through the admin.andersonpatricio.org.
Lync Server Control Panel
The Lync Server Control Panel has a web page interface and all main items are listed on the left side while, on the right side all options related to that specific item will be listed. Within the right side we can have several tabs depending on the complexity of the object that is being managed.
In order to access it you need to type in https://admin.<your-sip-domain>. The authentication pop-up will be displayed. A last hint before playing with the web interface tool, there is no right-click button, and in order to get the properties of any given object is to use the traditional double-click or the alternative way is to click the menu item actions.
In the initial page (figure 02) of Lync Server Control Panel which is the Home item, the logged user can see which roles he belongs to in the User Information section, also in the Resources section there are links to access online Lync documentation, product team page and forums. In the Top Actions section the administrator can go straight to main tasks, such as: enable users, view topology status, monitoring reports and edit/move users.
In order to visualize the Lync Servers that are part of our environment and see the current status, we can click either View Topology Status underneath Top Actions of the previous section, or click the Topology item on the left side. In a single view the administrator will be able to check all Lync Servers, Gateways, their current Status and replication when applicable (Figure 03). The administrator can also double click a listed server to view all services and their current statuses. The administrator is able to manage services as well, as shown in Figure 04.
Delegating permissions in a Lync Environment
Lync uses RBAC to manage permissions and by default we have nine built-in roles (CsAdministrator, CsUserAdministrator, CsVoiceAdministrator, CsServerAdministrator, CsViewOnlyAdministrator, CsHelpDesk, CsArchivingAdministrator, CsResponseGroupAdministrator and CsLocationAdministrator). We can customize new roles using PowerShell, however the standard roles will give our environment a lot of flexibility.
All the roles described previously are linked to the Active Directory Groups created during the deployment of the product and by default all those groups can be found in the Users container of the Active Directory (Figure 05). The group names are the same as the roles, and in the group itself in Active Directory we have the description with all permissions.
When a user visits the Lync Control Panel, he can check his own role by clicking the View your roles link as shown in Figure 06. Actions available on the menu will be limited and based on the role assigned to the logged on user.
In this article we went through the changes required in DNS to support Lync administrative tools and main services, such as: meet, dial in and admin, and touched Lync’s Control Panel. In the next article, we will be managing Lync Users and creating a portal to help end-users on how to use the Lync tool.
If you would like to read the other parts in this article series please go to:
- Deploying Lync Server 2010 (Part 7) – Managing Lync Users
- Deploying Lync Server 2010 (Part 8) – Managing User Policies