After installing AppManager for Microsoft Lync, you will need to establish special permissions for your user accounts.
Before you can begin discovering servers with AppManager for Microsoft Lync, you need to create a domain-based account with the minimum permissions on the following servers:
Front-end Server: Domain user must be a member of the Local Administrators group. Also the user must have Windows authentication rights on the SQL Server hosting the LcsCDR and the QoEMetrics databases with the db_datareader permission for the LcsCDR and the QoEMetrics databases.
Edge Server: Domain or local user must be a member of Local Administrators group.
Mediation Server: Domain or local user must be a member of Local Administrators group.
Trusted Application Server: Domain user must be a member of the Local Administrators group and the RTCUniversalAdminReadOnly group.
Before you can begin discovering servers with AppManager for Microsoft OCS, create a new domain user account on the Domain Controller that has access to OCS. You only need to perform this procedure once.
After you create the new user, you must add it to the RTC Universal Server Admin group, a group that was created when you installed AppManager for Microsoft OCS. This group gives its members OCS administrator-level permissions to interact with the OCS environment.
To create a new domain user account:
Launch Active Directory by clicking Start > Programs > Administrative Tools > Active Directory Users and Computers.
In the Active Directory Users and Computers dialog box for the Domain Controller, navigate to the relevant Users folder for the OCS server.
Select the Users folder and click the New User button.
In the New Object - User dialog box, type a first and last name for the new user.
In the User logon name text box, type the new user logon name and click Next.
NOTE:NetIQ Corporation recommends you give the new user a logon name of NetIQService.
In the Password and Confirm password dialog boxes, type a password for the new user.
Select the User cannot change password and Password never expires check boxes and click Next.
Verify the new user information and click Finish.
After the user has been added, right-click that user and select Properties.
On the Member Of tab, click Add to update the user’s group membership.
In the Enter the object names to select text box, type RTCUniversalServerAdmins and click OK. The new user is added to the RTCUniversalServerAdmins group.
Click OK on the NetIQService Properties dialog box to save the updated group membership.
For every Lync server you are monitoring, configure the NetIQ AppManager Client Resource Monitoring (NetIQmc) service to run under the new account you created in Creating a New Account.
To set up the NetIQmc service:
On the Lync server, select the Services option from the Administrative Tools section of the Control Panel.
From the list of services, right-click NetIQ AppManager Client Resource Monitor and select Properties.
On the Log On tab, select This account and type the domain name and username of the user you created to run NetIQ AppManager Client Resource Monitor, such as LYNCENT\NetIQService. You can also use an account name that fits your company standards, as needed.
NOTE:You will need to be logged in as an administrator to update this setting.
Type the password you created for the new user and click OK.
Right-click NetIQ AppManager Client Resource Monitor from the list of services and select Restart to restart the service.
Repeat this procedure on all the Lync servers you will be monitoring.
The final step for user configuration is to give your user account Read access to the relevant Microsoft SQL servers. You will need to repeat this procedure on every SQL server hosting a Monitoring database.
To set up SQL servers:
In SQL Server Management Studio or SQL Server Configuration Manager, navigate to the Logins directory from the Security directory of the relevant SQL server.
Right-click Logins and select New Login.
On the General page of the Login - New dialog box, type the domain name and username of the user you created to run NetIQ AppManager Client Resource Monitor, such as LYNCENT\NetIQService.
Select Windows authentication.
In the Default database list, select the name of the Monitoring database, such as LcsCDR and QoEMetrics, the default name for the Monitoring database.
On the User Mappings page of the Login - New dialog box, select the LcsCDR and QoEMetrics databases from the Users mapped to this login table.
Select db_datareader access and click OK.
Repeat this procedure for all the SQL servers hosting Monitoring databases you will be using with Lync.