AD Password policy does not apply to Lync only users RRS feed

  • Question

  • Ok I was not sure if I should  post this into AD or Lync thread but.

    The setup:

    Resource forest (running in 2008 native) that contains Lync user accounts and Lync servers. Users use machines and  Windows logons from prod forest to logon to machines but in Lync client itself they use Resource forest ID and pwd to connect to Lync server. There is no interaction between prod forest and Lync forest.

    What I realized users connecting with Lync client do not trigger change to LastLogon attribute entry in the resource forest, hence password policy  does not apply to them. To be exact LastLogon entry says (Never)

    Is that by design or some kind of bug in Lync <> AD interaction?

    • Edited by Mariusz Rus Thursday, December 8, 2011 4:14 PM
    Thursday, December 8, 2011 4:13 PM


  • Lync only uses Kerberos or NTLM authentication on its first logon - during which the user receives a certificate which it will use for subsequent logons. This authentication method is faster and is intended to enhance Lync's (or Lync Phone Edition clients) ability to sign-in when AD is not available. 


    You can disable certificate auth (not recommended) via the Set-CsWebServiceConfiguration cmdlet: http://technet.microsoft.com/en-us/library/gg398396.aspx

    Thursday, December 8, 2011 11:26 PM