New way to Disable Skype For Business Online: New Technet Wiki

Background

When a company have Office 365 with Skype For Business Online active and migrate the Skype users from Office 365 to a SfB resource forest a hosting provider.

Issues

Couple of issue's occur after migration:

  • Users that are using Skype For Business Online cannot see the presence of the on-premises users in the resource forest.
  • The on-premises users cannot dial out sometimes and Skype For Business server gives error like gateway down, but other users can dial out.

This issue happens because when you delete the users from Skype For Business Online they are not delete permanent, in fact they are in a recycle bin that you don't see. It is not reachable for administrators.  There is a 90 day wait time before the user is permanently deleted from Skype for Business Online. Why 90 day's? When someone gets a trial of office 365 and after the trial end, then decide to subscribe to office 365 all that was deleted can easily restored.

One of our customers came from Skype for Business Online to onprem deployment in our resource forest. The customer have 2 domains, 1 child domain with contonso.in. The users in the child domain are only working in Office 365 and using Skype for Business Online only for IM. The domain Contonso.com is migrated from Office 365 with skype for business enabled to resource forest. We are syncing with AD of contonso.com to our AD and the users are disabled. Then the users are enabled for Skype For Business onprem with Enterprise Voice.

After migration the users of contoso.in where complaining that they cannot see the presence of users from contoso.com domain. After a while troubleshooting the users in the contoso.com where enabled and deleted from Skype for Business Online. But the accounts where still active in the recycle bin of Office 365. Why contonso.in domain was only finding deleted users in office365 is because when SfB Online is looking up a user it checks first in Office 365 domain and if no match it start to look up at DNS. The deleted users where still "active" in office 365 and never looking for DNS.

Solution

To fix this problem we have done a couple of things:

Active Directory schema must be extended for Lync/Skype for Business. Our customer had already an old deployment and AD was already prepared.

Then with a powershell script we have added these 2 attributes in the user forest of contoso.com

msRTCSIP-DeploymentLocator SRV:
msRTCSIP-Userenabled True

After adding the 2 values in AD, start Dirsync with Office 365. What the attributes do is that the deploymentlocator says how to find the user (SRV DNS records) and UserEnabled that the user is activated for Skype/Lync.

When the sync was completed the users contonso.in in office 365 where able to see the presence of contonso.com domain and the problem was solved.

Powershell Script to sync the attributes

Import-Module ActiveDirectory
  
$newproxy = "domain"
$userou = 'OU'
$users = Get-ADUser -Filter * -SearchBase $userou -Properties SamAccountName, ProxyAddresses, msRTCSIP-PrimaryUserAddress, msRTCSIP-DeploymentLocator, msRTCSIP-UserEnabled, givenName, Surname
  
Foreach ($user in $users) {
            Set-ADUser -Identity $user.samaccountname -Add @{'msRTCSIP-UserEnabled'=$TRUE}
            Set-ADUser -Identity $user.samaccountname -Add @{'msRTCSIP-DeploymentLocator'="SRV:"}
    }