Sign on question - UPN Different from Email/SIP address RRS feed

  • Question

  • Hey Guys. I recently got an Enterprise FE/Edge deployment up and everything is working well so far. This is a lab and I am going to soon be rebuilding this into my production environment. One point of note about my environment is that our domain name is, let's say, domain.net while our email/sip domain is, let's say, email.com.

    One annoyance I have noticed is that when I go to sign into the client I will enter my sign in address (my email address - let's call it brolide@domain.net) and enter my password and then it will fail due to log on credentials. THEN the client will present me with the ability to enter my username which is of course different than my sign in address because the default UPN is USERNAME@domain.net rather than USERNAME@email.com. Once I change the account name to the proper format I can sign in just fine, but I feel like when I roll this out to my users (the initial wave alone is going to be about 150, eventually getting up to about 700 people) this is going to cause a lot of confusion and inconvenience.

    My question is, can I change this behavior through the server or even GPO in a client setting to somehow change this behavior? We do not want to change the default UPN for our domain or change it for any users so we're really hoping someone has an alternative.

    Thanks everyone!

    Sunday, July 31, 2016 6:13 PM


  • Hi,

    (assuming we are talking domain-added Windows PCs here)

    normally, you wouldn't have to do anything to ensure SSO in Lync. This requires the following prerequisites:

    1. your SIP domain as set in Lync is your email domain --> email.com in your example

    2. your Lync users have SIP IDs from that SIP domain (e.g. because you have added them to Lync with the "use email address" option)

    3. Lync Discovery is correctly configured for that SIP domain

    If all of the above is true and you are logged on with your domain user, upon starting Lync client for the first time it will pull your info from AD (msRTCSIP-PrimaryUserAddress) and no further authentication is necessary.

    As long as your lab setup still stands, you can try to debug this before tearing it down and rolling out into production.

    If, however, you have non-domain clients, then, well, I think you're stuck with either changing the UPN or the SIP Domain/address, whichever suits you better.

    Evgenij Smirnov

    msg services ag, Berlin -> http://www.msg-services.de
    my personal blog (mostly German) -> http://it-pro-berlin.de
    Windows Server User Group, Berlin -> http://www.winsvr-berlin.de
    Mark Minasi Technical Forum, reloaded -> http://newforum.minasi.com

    In theory, there is no difference between theory and practice. In practice, there is.

    • Marked as answer by Brolide Monday, August 1, 2016 12:20 AM
    Sunday, July 31, 2016 8:20 PM