Secure OfficeWebApps Farm with “FarmOU” Setting

August 23, 2013 3:19 PM / 4 Comments /

As Microsoft describes on TechNet you can prevent other OfficeWebAppsHosts from joining your Farm when the computer account isn’t located in the correct active directory OU.

http://technet.microsoft.com/library/jj219442.aspx

FarmOU Optional System.String Specifies the name of the Active Directory organizational unit (OU) that servers must be a member of to join the Office Web Apps Server farm. Use this parameter to prevent unauthorized servers (that is, servers that are not in the OU) from joining an Office Web Apps Server farm.

But how to apply this setting? As using the DN of the OU does not work you need to use the Canonical Name of the OU. If your machines are located in CONTOSO.COM/Computers/OfficeServer/SERVERNAME1 you need to use the following command:

Set-OfficeWebAppsFarm -FarmOU “Computers/OfficeServer”

To check the setting:

Get-OfficeWebAppsFarm

FarmOU should display the ldap path of the OU.

FarmOU                            : ldap://OU=OfficeServer,OU=Computers

 

Posted in: OfficeWebApps, SharePoint / Tagged: ,

4 Thoughts on “Secure OfficeWebApps Farm with “FarmOU” Setting

  1. Dave on November 16, 2013 at 6:26 AM said:

    This doesn’t work for me either. I created an OU at the root called OWAServers and the OWA servers are in this OU. I get the following exception, “..The FarmOU may be formatted incorrectly.” when I use the following cmdlet Set-OfficeWebAppsFarm -FarmOU “OWAServers”.

    Reply
  2. Pat Richard (Lync MVP) on August 28, 2014 at 2:27 PM said:

    Awesome. I’ve been trying to set this on several, using the DN of the OU, and kept getting the
    “Set-OfficeWebAppsFarm : Office Web Apps encountered an error while checking to see if this machine is a member of the FarmOU. The FarmOU may be formatted incorrectly.”

    Thanks for this little nugget as supplying just the Canonical Name of the OU, I was able to get it set.

    BTW – While working through this issue, I read http://www.wictorwilen.se/office-web-apps-2013-securing-your-wac-farm which says that the OU should be a top level OU. Interesting.

    Reply
    • XeroX on August 28, 2014 at 4:18 PM said:

      Obviously he doesn’t know the correct syntax how to use Sub OUs of active directory. I don’t know why there is no proper documentation of microsoft, but it works and its intented to work like this.

      Glad that this fixes you issue.

      Cheers

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Post Navigation