Lync file share permissions gets configured by the Lync topology builder when you publish the topology and the Lync file share has the change permissions for the user (you) running the Topology Builder. This doesn’t really work and gets a little bit more trickier, when you want to user DFS for Lync file share, but it very simple if you follow the procedure I’ve figured out. Let’s see how it works.
The prerequisites are:
- You have already prepared schema, forest and domain, that is you have the needed Lync system accounts in the active directory.
- You have configured DFS namespace (e.g. \\domain.local\LyncDFS) and you have working DFS replication for the share you intend to use as Lync file share. Test if replication works by putting a text file into the folder and checking if it gets replicated over to the other file servers.
- In Topology Builder configure the file share to one of the shared folder of the Lync DFS namespace servers. E.g. \\fileserver01.domain.local\LyncFileShare
- Publish topology! Since the replication works, you will have the folders created by the Topology Builder replicated to all the file shares part of the Lync DFS namespace. Also the NTFS permissions will be replicated.
- In Topology Builder configure a new file share to the DFS share (e.g. \\domain.local\LyncDFS) and change the Lync pool configuration to use the the DFS share as File store. Publishing the topology will display warnings but you don’t need to worry about it:
Warning: Unable to access share permissions for “\\domain.local\LyncDFS”. This is expected if you are not an administrator on the file server, or if this is a Distributed File System (DFS) share. If the share permissions have already been configured, this warning can be ignored. If it is a new share, refer to the documentation for details on manually configuring share permissions.
- Now the most important step is to set share permissions for all the shares being part of the namespace of the Lync file share. On each file server (e.g. fileserver02, fileserver03), except the one you used in step 1., execute the following lines in a PowerShell prompt to change the share permissions (change the share names to you shares name!):
Grant-SmbShareAccess –Name “LyncFileShare” –AccountName d01\RTCHSUniversalServices –AccessRight Change -Force;
Grant-SmbShareAccess –Name “LyncFileShare” –AccountName d01\RTCComponentUniversalServices –AccessRight Change -Force;
Grant-SmbShareAccess –Name “LyncFileShare” –AccountName d01\RTCUniversalServerAdmins –AccessRight Change -Force;
Grant-SmbShareAccess –Name “LyncFileShare” –AccountName d01\RTCUniversalConfigReplicator –AccessRight Change -Force;
- Now verify if Lync can use and write the DFS share.
On one of the Lync server from the pool, run the Invoke-CsManagementStoreReplication and verify in the event viewer if CMS replication was successful.
- In Topology Builder you can delete the earlier file share (e.g. \\fileserver01.domain.local\LyncFileShare). If TB doesn’t let you delete it, download the topology first!
I hope I could help you with this procedure. Of course, I might be wrong about it and there might be quicker ways to carry out the same task. Please add your comments.