Differnet AD Domain and SIP Domain


  • Hi 

    I am planning to install Lync Server Standard edition as a pilot project in my organization. It will be just one Standard Server installation without any external access. My AD Domain is of the form "abc.local" and my Primary SMTP Domain (configured on Exchange) is I will be using "" as my primary SIP domain. I have a few queries regarding DNS entires required for this Setup. 

    AD Domain - abc.local

    SIP Domain -

    Lync Server FQDN-

    1) Since I wont be using  my AD domain "abc.local" as my SIP domain do i need to add any SRV records in internal AD DNS Zone ?

    2) I have read in various posts that the SRV Record for _sipinternaltls should point to A Record matching the SIP Domain otherwise it will give me certificate mismatch error. Where should i point my SRV record in DNS ? to   or ( both these A records I have to create in Zone and they will point to IP of lyncserver) I need to know this as the DNS of is not in my control and I have to send a request to modify the zone.

    3) What should be the SN and SAN name in the certificates for the above scenario ?


    Mittwoch, 27. Juni 2012 07:28


Alle Antworten

  • so if your sip domain will be

    you need srv record in zone value of lync server),

    certificate will automaticaly generated if you have internal ca,

    about ceritficate (not error) you can use gpo more you can see in

    Mittwoch, 27. Juni 2012 19:09
  • I dont have internal CA, so I have to go for external CA, also as I said I have read on technet articles that SRV record for every sip domain should point to the A record in the Same Domain...or it will give error as mentioned in the article above

    so what is the best option value 

    or value  or

    or value 

    All above A Records will point to IP of Lync Server


    Donnerstag, 28. Juni 2012 06:53
  • in technet documentation must be fqdn, and fqdn for you will be

    so i think that best option is value

    Donnerstag, 28. Juni 2012 09:33
  • Hi, in scenarios where the internal domain is different than the fqdn use of split dns comes in very handy. In your case it will simplify record creation in the appropriate DNS zone so you can minimize the confusion. Simply create an additional DNS zone with and create your records there, this will allow the same domain controller can handle name resolution for both domains internally. If you plan on allowing external user access down the road, then it will simply be a matter of updating records at your public dns (besides of course the edge and reverse proxy servers). Hope this helps



    Donnerstag, 28. Juni 2012 18:06
  • Quite simply the SRV records only apply to Lync client auto-configuration.  Best practice is to use the internal domain.local namespace for all server and pool names.  An additional would be defined in the certificate and paired with an SRV record for client sign-in.

    Jeff Schertz | Microsoft Solutions Architect - Polycom | Lync MVP

    Donnerstag, 28. Juni 2012 18:18