Access to the Lync Server Address Book Databases

I encountered an issue today with access to the two databases (rtcab and rtcab1) which the Lync server uses to hold the Active Directory user information that eventually makes it’s way into the Lync Address Book files. I wanted to do a quick blog post in-case other people have the same issue.

By default all Lync databases grant members of the domain\RTCUniversalReadOnlyAdmins and domain\RTCUniversalServerAdmins groups access. You can see this in the Security settings in SQL Management Studio for the Lync ‘rtc’ database:

image

The two databases used by the Lync Address Book server are special in this regard. Both the RTCAb and RTC\Ab1 databases only grant members of the domain\RTCComponentUniversalServices security group access by default:

image

The grant access a user (e.g. another Lync administrator) access to these two databases, either add the user account to the domain security group RTCComponentUniversalServices or explicitly add their domain account to the database Users (in Security).

You might need to do this if the administrator is doing custom scripting or reporting that uses the user information in these Lync databases.

Note: you do NOT need to do this for a regular Lync users (clients) that use the Address Book. They will have access through the Lync Address Book service.

Note: the Lync Address Book Server alternates use of these databases: one of them is used for address book queries while the other is being updated. Once the updates are complete, they switch roles.

More information about the Microsoft Lync databases can be found here: The Lync Server Databases.

Be Sociable, Share!

2 comments to Access to the Lync Server Address Book Databases

  • Richard

    Do you think running “update-csdatabase” resets/ruins any custom configured permissions, or it just makes sure the necessary permissions required for the Lync functionality are granted, and does not care about any additional ACLs added there?

  • [...] rtcab & rtcab1: used to store the raw Lync address book information (i.e. that is pulled from AD).  The Lync Address Book server alternates use of these databases: one of them is used to service address book queries while the other is being updated. Once the updates are done, they switch roles. Theses databases contain a table called AbAttribute which specifies which AD fields will be used in the Lync Address Book (database and ultimately the Lync address book files). If you are having permission issues with either of these databases, see Access to the Lync Server Address Book Databases. [...]

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>