none
Lync Multiple Domain

    Question

  • Hello everybody! We've recently merged companies and we are currently hosting Lync on our premises. I'd like some help in deciding the easiest way to approach this. We DO have trust between both domains , but I'm not quite sure where we fall on the Forest topology (Resource or Central). Only our company has Lync deployed.

    BOTH 2008 Domains

    We have the following set up on OUR end:

    * Front End, Edge, Reverse Proxy

    * Our own Exchange 2010 environment

    OTHER company:

    * Their own Exchange 2010 environment

    What I'm trying to avoid is to deploy a Front End server @ the other company and have the Edge communicate with our Edge to get to us. Since we have the trust in place, I figured it should be easier. Do we still have to deploy Forefront Identity Manager? Would it be best to host that server in THEIR environment or ours?

    Thank you for the time!


    • Edited by SoarVigor Thursday, July 26, 2012 1:15 AM
    Thursday, July 26, 2012 1:00 AM

Answers

All replies

  • If you decide to only maintain your own environment and not to deploy Lync in the other Forest then you are looking at a Central Forest topology. In the long term of course you need to migrate those other users to your environment. However, in the short term deploying disabled user accounts in your Forest to allow you provision both an Exchange mailbox and to Lync enabled those other users is probably the way to go. While it would probably be easier to deploy Lync in the other environment and just use Federation in the long run you would still have to migrate their environment into yours.

    In terms of the physical topology you could not really host a server in their environment unless you were prepared to extend your AD environment to their network since any Lync server other there still needs to communicate with your AD domain contollers. A good place to start is here:

    http://technet.microsoft.com/en-us/library/gg670912.aspx

    Thursday, July 26, 2012 1:10 AM
  • Just to add a little bit more to this. We want to be able to have the other users log in user their current domain, not ours. I'm assuming I'd need to add the _sip entries on their DNS to point to our server?

    Thursday, July 26, 2012 1:14 AM
  • Yes, you would add their SIP domain to your Lync configuration and you would need to configure the appropriate DNS records to point to your environment. You will also need to update your certificates to support this.

    Thursday, July 26, 2012 1:42 AM
  • Thank you ALANMAD. Again! I remember you from a few posts backs. :) So it actually sounds as if I do not need to deploy Forefront for this to be accomplished. This is good news for me.

    At this moment, I already have the cert done with the additional SAN entries, added the SIP domain, and added the DNS records. My dilemna right now is the Disabled account portion. This disabled account will reside on OUR domain, correct? When the user @ the other domain tries to log in (ie: test@domain2.com), how is it authenticated? Does it go to their DCs or ours? Does the disabled account need to have the new domain (domin2.com) suffix? I honestly can't find any easy to follow docs or scripts that would help me with this. I really am just working with my one account that's created on the other domain and I'm trying to do it on an individual basis for now.


    • Edited by SoarVigor Thursday, July 26, 2012 2:25 AM
    Thursday, July 26, 2012 2:15 AM
  • You are correct the disabled account will reside in your domain. Depending on how many users you have you might need FIM because in order for the disabled account to work you have to populate certain AD attributes on the disabled accounts and link the accounts.

    LCSSYNC is a resource kit utility that integrates with FIM:

    http://technet.microsoft.com/en-us/library/gg670886.aspx

    If you don't have many users then you can populate manually. This page will help here.

    http://technet.microsoft.com/en-us/library/gg670894.aspx

    • Proposed as answer by Kent-Huang Monday, July 30, 2012 5:38 AM
    • Marked as answer by Kent-Huang Wednesday, August 01, 2012 2:15 AM
    Thursday, July 26, 2012 2:31 AM
  • For the sip address used in your configuration , you have multiple choice :

    You can host two sip suffixes : domaina and domain b

    and you will have to create dns entries for both sip domains

    or you can have only one sip domain.

    This is only to make the administraton easier when you create Lync user (how you create the sip uri)

    Rgds

    Jean-Marc


    Butor

    Thursday, July 26, 2012 2:07 PM
  •  i think  that, you must deploy seperate lync infrastructure for each company and then connect them using edge server, i think it's the best way for you
    Thursday, July 26, 2012 5:53 PM
  • Hi,

    I recommend you try the deployment as ALANMAD said. In this case, it is possible to make call between two forest lync users and can share one gateway to external PSNT calls. In addition, if you use two sip domain, you need to reinstall the front end certificate that includes new sip domain.


    Regards,

    Kent Huang

    TechNet Community Support

    ************************************************************************************************************************

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.


    • Edited by Kent-Huang Monday, July 30, 2012 6:18 AM
    Monday, July 30, 2012 6:17 AM