SlideShare una empresa de Scribd logo

Lync 2010 Global Installation LATAM configuration

R
Roland Burink
1 de 39
Descargar para leer sin conexión
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 1 Introduction Previous versions of Office Communications Server relied on Active Directory Domain Services (AD DS) to store all global settings and groups necessary for the deployment and management of Office Communications Server. In Lync Server 2010, much of this information is stored in the Central Management store instead of AD DS, but User object schema extensions, including Office Communications Server 2007 and Office Communications Server 2007 R2 schema extensions, are still stored in AD DS. Microsoft Lync Server 2010 communications software supports the same Active Directory Domain Services (AD DS) topologies as Microsoft Office Communications Server 2007 R2 and Microsoft Office Communications Server 2007. The following topologies are supported:  Single forest with single domain  Single forest with a single tree and multiple domains  Single forest with multiple trees and disjoint namespaces  Multiple forests in a central forest topology  Multiple forests in a resource forest topology In previous documentation the Lync 2010 installation was described to provide a scalable, country independent and failover scenario for the TYCOFS EMEA and APAC users. We have described the installation for Lync 2010 Enterprise in Stratford UK EMEA Data Centre providing the Enterprise Pool solution for the EMEA users. This document will provide a description how to implement a Lync 2010 installation within multiple forests (CFSAD, TYCOFS and TYCOFS.LOCAL.ZA considering). The following figure identifies the icons used in the illustrations in this section.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 2 Multiple Forest, Central Forest Lync Server 2010 supports multiple forests that are configured in a central forest topology. Central forest topologies use contact objects in the central forest to represent users in the other forests. The central forest also hosts user accounts for any users in this forest. A directory synchronization product, such as Microsoft Identity Integration Server (MIIS), Microsoft Forefront Identity Manager (FIM) 2010, or Microsoft Identity Lifecycle Manager (ILM) 2007 Feature Pack 1 (FP1), manages the life cycle of user accounts within the organization: When a new user account is created in one of the forests or a user account is deleted from a forest, the directory synchronization product synchronizes the corresponding contact in the central forest. A central forest has the following advantages:  Servers running Lync Server are centralized within a single forest.  Users can search for and communicate with other users in any forest.  Users can view presence of other users in any forest.  The directory synchronization product automates the addition and deletion of contact objects in the central forest as user accounts are created or removed. The following figure illustrates a central forest topology. In this figure, there are two-way trust relationships between the domain that hosts Lync Server, which is in the central forest, and each user- only domain, which is in a separate forest. The schema in the separate user forests does not need to be extended.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 3 A multiple forest topology is often used in organizations that have a need for multiple forests in Active Directory Domain Services (AD DS) to help provide security or organizational boundaries. Multi-forest deployment of Microsoft Lync Server 2010 communications software can be in a:  Central forest  Resource forest Central Forest In a central forest topology, servers running Lync Server 2010 in the central forest provide services to users and groups in the central forest, in addition to users and groups in all other forests, which are called user forests. The central forest deployment offers the benefits of centralized administration and minimizes complexity in a multiple forest environment. To support a central forest topology, the following prerequisites are required:
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 4  Microsoft Forefront Identity Manager 2010, Microsoft Identity Lifecycle Manager 2007 Feature Pack 1 (FP1), or Microsoft Identity Integration Server 2003 SP2 — In order to synchronize data across your forests, you must deploy one of these life cycle manager tools.  To synchronize the necessary attributes from user forests to a central forest, Lync Server provides a tool called LcsSync. Resource Forest In a resource forest topology, Lync Server 2010 is deployed in one forest, a resource forest that hosts servers running Lync Server 2010 but does not host any logon-enabled user accounts. Outside the resource forest, user forests host enabled user accounts but no servers running Lync Server 2010. Within the resource forest, a corresponding disabled user account exists for each user account in the user forests. The resource forest hosts only enterprise application servers and does not contain any primary user accounts. The primary user accounts from other forests are represented as disabled user accounts. An ObjectSID of primary user account (from account forest) is mapped to corresponding disabled user account msRTCSIP-OriginatorSID attribute. These disabled user accounts are enabled for Lync Server 2010 and mail-enabled for Microsoft Exchange Server if it is deployed. CONCLUSION: With the Global Integrated Solution for the two forests CFSAD and TYCOFS the Central Forest Model is appropriate. Even other forests can be integrated in this solution, to bring resource user forests into the Lync forest. 1. Central Forest Topology for Lync Server 2010 In a central forest topology, servers running Lync Server 2010 in the central forest provide services to users and groups in the central forest, and also to users and groups in all other forests, which are called user forests. The central forest deployment offers the benefits of centralized administration and minimizes complexity in a multiple forest environment. This document will not describe in depth the installation based on the Multiple Forest, Central Forest model. Please see http://www.microsoft.com/en-us/download/confirmation.aspx?id=11300#
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 5 Note: You must establish a two-way trust between the central forest and user forests to enable distribution group expansion when groups from user forests are synchronized as contacts to the central forest. 2. Prerequisites for a Central Forest Topology Deployment To support a central forest topology, the following prerequisites are required.  Identity life cycle manager—One of the following supported identity life cycle managers must be deployed.  Microsoft Forefront Identity Manager 2010  Microsoft Identity Lifecycle Manager 2007 FP1  Microsoft Identity Integration Server 2003 SP2 As above tools are now all integration in Microsoft Forefront Identity Manager 2010, this document will be using the latter tool to synchronize user objects from user forests into contacts in the Lync Central Forest.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 6 Lync Central Forest Topology – User Forest In a central forest topology, servers running Lync Server 2010 in the central forest provide services to users and groups in the central forest, and also to users and groups in all other forests, which are called user forests. Central forest is in our scenario tycofs.com, whereas the user forest is tycofs.local.za (South Africa Users) The central forest deployment offers the benefits of centralized administration and minimizes complexity in a multiple forest environment. After you have deployed Lync Server in the central forest, complete the following steps: Step 1: Configuring the Microsoft Forefront Identity Manager 2010 for Lync Server 2010 Step 2: Enabling Contacts for Lync Server 2010 After you have deployed Lync Server 2010, modify the configuration of the identity life cycle manager server that is responsible for synchronizing user objects as contacts across all forests. The Lync Server Sync tool configures the management agent of each forest except the central one in order to synchronize its user and group information with the identity life cycle manager server. The identity life cycle manager server generates a metaverse object that represents each user or group and it then synchronizes each user or group object as a contact in the central forest. Because all Lync Server users and groups are synchronized as contacts (including the users or groups object security identifier (SID)) in every other forest, users can still communicate with each other across forest boundaries after the identity life cycle manager server is reconfigured, and users can still take advantage of distribution group expansion across forests. For configuring Lync Server in a multiple-forest environment, we are using the synchronization software Forefront Identity Manager 2010. Step 1: Configuring the Microsoft Forefront Identity Manager 2010 for Lync Server 2010 Each server that hosts the different FIM 2010 R2 server-side components has a different software requirement. We will focus on the required software that is required for synchronizing our user’s forests to the Lync Central Forest. - The 64-bit edition of Windows Server 2008 R2 Standard or Enterprise
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 7 - Microsoft SQL Server 2008 64-bit Standard or Enterprise, Service Pack 1 (SP1), SQL Server 2008 R2, Standard/Enterprise or later. - Windows SharePoint Services 3.0 Service Pack 2 (SP2) or Microsoft SharePoint Foundation 2010. Please follow the below link for Identity Life Cycle Manager Server : https://technet.microsoft.com/en- us/library/gg670892.aspx We will not discuss all the required steps for installation to the above requirements. The Forefront Identity Manager is configured to do the following:  Import the user objects and group objects from two user forests as Metaverse Objects  Export the metaverse objects to the central forest as contact objects. To install and configure the Lync Server Sync Tool, Lcssync, perform the following steps: 1. Install the Lync Server Sync Tool. 2. Extend the Metaverse Schema in the Identity Life Cycle Manager (So the Lync Server attributes can be synchronized) 3. Configure Extensions for the Lync Server Sync Tool (Configuring the extensions determines how synchronization is handled for Lync Server 2010 objects that are synchronized by the identity life cycle manager) 4. Configure the Object Deletion Rule in the Identity Life Cycle Manager (After you have configured extensions for the Lync Server 2010 Sync tool, configure the rule that determines what the identity life cycle manager server will do when a user object is deleted in a forest and how it will synchronize the deletion with the central forest. If a user object is deleted in a user forest, the
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 8 corresponding contact object that is used by Lync Server in the central forest must also be deleted. Configuring the object deletion rule ensures that the identity life cycle manager server and Lync Server handle this situation correctly) 5. Create a Management Agent for the Lync Server Sync Tool in the Central Forest. 6. Create a Management Agent for the Lync Server Sync Tool in all User Forests. 7. Importing, Synchronizing, and Provisioning Lync Server Objects. The Lync Server Sync tool configures the management agent of each forest except the central one in order to synchronize its user and group information with the identity life cycle manager server. The identity life cycle manager server generates a metaverse object that represents each user or group and it then synchronizes each user or group object as a contact in the central forest. Because all Lync Server users and groups are synchronized as contacts (including the users or groups object security identifier (SID)) in every other forest, users can still communicate with each other across forest boundaries after the identity life cycle manager server is reconfigured, and users can still take advantage of distribution group expansion across forests.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 9 LATAM configuration: Importing, Synchronizing, and Provisioning Lync Server Objects After you have created management agents for all forests in your environment, you need to synchronize user and contact information. During this initial synchronization, you import Active Directory data for each forest into the connector space, synchronize this data in the metaverse, and then export this data from the metaverse to the central forest. https://technet.microsoft.com/en-us/library/gg670892.aspx
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 10 LATAM configuration: Importing, Synchronizing, and Provisioning Lync Server Objects After you have created management agents for all forests in your environment, you need to synchronize user and contact information. During this initial synchronization, you import Active Directory data for each forest into the connector space, synchronize this data in the metaverse, and then export this data from the metaverse to the central forest. So we do have two Management Agents setup: - One for the forest lat.tyc.local (from where the users will be gathered) - One for the forest tycofs.com (in where the contacts will be created) https://technet.microsoft.com/en-us/library/gg670892.aspx Steps to complete are described below: - Run a FULL Import on the Management Agent in the Central Forest - Run a FULL import on the Management Agent in the User Forest - Synchronize the Metaverse in the Central Forest (Run the Management Agent in the Central Forest, and select “Full Sync”. - Synchronize the Metaverse in the User Forest (Run the Management Agent in the User Forest, and select “Full Sync”. - Provision in the Central Forest (Run the Management Agent in the Central Forest, and select “Export”. For LATAM there is a need to setup a Management Agent to synchronize the user objects from off lat.tyc.local into contacts into TYCOFS.COM. In the below Procedure you will find the steps to configure the two used Management Agents successfully.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 11 Configure Management Agent “Lcs Central Forest” First step is to configure the Lcs Central Forest Agent which is used for the Lync User Forest. This is tycofs.com in where we have our Lync EMEA organization. To create a new Management Agents please select Right Click inside the Name where you have to use “Import Management Agent” This will be defaulted to the Share in where the Extensions for Lync will be found. This location is “C:Program FilesMicrosoft Forefront Identity Manager2010Synchronization ServiceExtensions”
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 12 For the Central Forest we are selecting “lcscentralforestma”, which is the default for the Central Forest. Please leave the Name as default “Lcs Central Forest”, fill in the Description to identify the Agent if more Agents are in use. Select Next and configure the desired options for TYCOFS.COM
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 13 Select the forest TYCOFS.COM
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 14 Select Containers: This is from where the Forest should gather the full import from for all the Objects that have been created already. We are choosing LATAM only from off the OU “Lync 2010 FIM Synchronization” Please note that the Container location is the SAME as is in the file inside the folder C:Program FilesMicrosoft Forefront Identity Manager2010Synchronization ServiceExtensionslcscfg” on the server ukstr1ly00004.tycofs.com The synchronization process is using the lcssync.dll file, which reads from the lcscfg.xml file. Therefore please use the same locations. Configure Provisioning Hierarchy will be used during provisioning to create any necessary container objects in the connected directory. Only containers with one or fewer required.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 15 We can leave this as default to “o” and “ou”.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 16 We will leave all the default settings and select Next to continue on the next step. The next is Select Object Types in where we are selecting the Object Type class to look for any objects. For sure the Contact is required, so we will tick that. The next is to select the Attributes in where we are interesting in to synchronize. As there is a high need for use to look into the msRTCSIP-OriginatorSid (TYCOFS.COM) - ObjectsSid from legacy LAT.TYC.LOCAL Domain we need to select Show All to see all the Attributes.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 17 And check if the desired attribute inside TYCOFS.COM are selected. The below list out all the Attributes that are in play for this Management Agent: - C - Cn - Comment - Company - Department - Description - DisplayName - GivenName - HomePhone - IpPhone - L - Mail - ManagedBy - Manager - Mobile - msDS-SourceObjectDN - msRTCSIP-OriginatorSid - msRTCSIP-SourceObjectType - objectSid - otherHomePhone - otherMobile - otherPager - ohterTelephone - pager - physicalDeliveryOfficeName - sn - st - telephoneNumber - thumbnailPhoto - title Most of the attributes are standard and are required in the necessary Information that needs to be shown after that the Contact will be created inside TYCOFS.COM and be enabled for Lync. If required any additional attribute can be selected to synchronize. In the Configure Connector Filter, we can filter on any appropriate action to select/deselect the objects from off TYCOFS.COM. For now we will leave this as is:
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 18 The next is the “Configure Join and Projection Rules” in where we will add the desire to map the different attributes we are trying to bring over from legacy Domain (lat.tyc.local) into User Forest Domain (tycofs.com) It is required to first of all select YES on the Join Data Source Object Type for Contact only!! We are not interested in any other Join or Protection Rule.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 19 In the Attribute Flow we are selecting the Metaverse Attribute will flow into the desired Contacts attribute (Data Source Attribute). For LATAM synchronization and Lync Enabling Process we have the below Standard in place: Firstname.Lastname@tycofs.com In where: - Firstname is the SamAccountName from off the User Forest LAT.TYC.LOCAL - Lastname is for all the accounts “latam”. So from the Metaverse (the Collection for the synchronization accounts) we are deselecting the SN attribute. This will be filled by Powershell script with default “latam”.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 20 The following step is the Configure Deprovisioning step, which we leave as default In the Configure Extensions you will find the Rules Extension name “lcssync.dll”, which needs to be used to synchronize Users from the Users Forest to Contacts inside the Central Forest.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 21 This will be the final step, so we will click OK to configure the Lcs Central Forest Management Agent.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 22 Configure Management Agent “Lcs User Forest - LATAM” Next step is to configure the Lcs User Forest Agent which is used for the User Forest from which is the source from where the information is gathered. This is lat.tyc.local for the LATAM region. To create a new Management Agents please select Right Click inside the Name where you have to use “Import Management Agent” This will be defaulted to the Share in where the Extensions for Lync will be found. This location is “C:Program FilesMicrosoft Forefront Identity Manager2010Synchronization ServiceExtensions”
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 23 As we are interested in the User Forest we will select “lcsuserforestma”. Select open high lightening this name. We are changing the name to reflect the Source “Lcs User Forest – LATAM” and providing a description for the need for this Management Agent. To gather information from the Source lat.tyc.local there is a need to create a service account that is able to read information from the user forest (Account for Directory Replication Changes is required (http://absolute-sharepoint.com/2012/12/step-by-step-guide-to-configure-the-replicating-directory- changes-for-sharepoint-2010-and-2013.html).
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 24 For the Lat.tyc.local we have created the LyncAdSync Service Account with the desired privileges. Select the forest LAT.TYC.LOCAL
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 25 Select Containers: Please select the OU’s from where the Users should be provisioned into the MetaVerse. We have used the below Sub-OUs inside the LT-Users OU. Configure Provisioning Hierarchy will be used during provisioning to create any necessary container objects in the connected directory. Only containers with one or fewer required. We can leave this as default to “o” and “ou”.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 26
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 27 We will leave all the default settings and select Next to continue on the next step. The next is Select Object Types in where we are selecting the Object Type class to look for any objects. For sure the Contact is required, so we will tick that. The next is to select the Attributes in where we are interesting in to synchronize. As there is a high need for use to look into the msRTCSIP-OriginatorSid (TYCOFS.COM) - ObjectsSid from legacy LAT.TYC.LOCAL Domain we need to select Show All to see all the Attributes. And check if the desired attribute inside LAT.TYC.LOCAL are selected. The below list out all the Attributes that are in play for this Management Agent: - C - Cn - Company
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 28 - Department - Description - DisplayName - GroupType - HomePhone - IpPhone - L - Mail - ManagedBy - Manager - Mobile - objectSid - otherHomePhone - otherMobile - otherPager - ohterTelephone - pager - sIDHistory - st - telephoneNumber - thumbnailPhoto - title - UserAccountControl Most of the attributes are standard and are required in the necessary Information that needs to be shown after that the Contact will be created inside TYCOFS.COM and be enabled for Lync. If required any additional attribute can be selected to synchronize. For LATAM synchronization and Lync Enabling Process we have the below Standard in place: Firstname.Lastname@tycofs.com In where: - Firstname is the SamAccountName from off the User Forest LAT.TYC.LOCAL - Lastname is for all the accounts “latam”. So from the Metaverse (the Collection for the synchronization accounts) we are deselecting the SN and GivenName attribute. This will be filled by Powershell script with GivenName {SamAccountName} and SN default “latam”.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 29 In the Configure Connector Filter, we can filter on any appropriate action to select/deselect the objects from off TYCOFS.COM. The filter on User is setup to meet the below criteria. - Mail needs to be present in the User Forest on the User Object; - The user needs to be ENABLED in the User Forest. We are not willing to flow User Objects based on above criteria so we will filter these out as above configuration. The next is the “Configure Join and Projection Rules” in where we will add the desire to map the different attributes we are trying to bring over from legacy Domain (lat.tyc.local) into User Forest Domain (tycofs.com)
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 30 For Single Sign-on to Lync it is required that the ObjectSid from the Source Forest (lat.tyc.local) is filled into the msRTCSIP-OriginatorSid into the Destination Forest (tycofs.com). This guarantees that whenever a user logs on a lat.tyc.local Computer with his/her user account inside this forest is able to use Lync without entering his/her credentials!!! In the Attribute Flow we are selecting the Metaverse Attribute will flow into the desired Contacts attribute (Data Source Attribute).
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 31 Please take note on the above that we are synchronising the sAMAccountName from User Forest into the comment attribute inside the Central Forest. In the Management Agent Central Forest, we have setup an Attribute Flow for the Comment field to the GivenName inside the Central Forest. This so that we have NOT any Identical givenNames which are used for the SIP Address. The following step is the Configure Deprovisioning step, which we leave as default In the Configure Extensions you will find the Rules Extension name “lcssync.dll”, which needs to be used to synchronize Users from the Users Forest to Contacts inside the Central Forest. This will be the final step, so we will click OK to configure the Lcs User Forest Management Agent!
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 32 Importing, Synchronizing, and Provisioning Lync Server Objects After you have created management agents for all forests in your environment, you need to synchronize user and contact information. During this initial synchronization, you import Active Directory data for each forest into the connector space, synchronize this data in the metaverse, and then export this data from the metaverse to the central forest. Steps to complete are described below: - Run a FULL Import on the Management Agent in the Central Forest - Run a FULL import on the Management Agent in the User Forest - Synchronize the Metaverse in the Central Forest (Run the Management Agent in the Central Forest, and select “Full Sync”. - Synchronize the Metaverse in the User Forest (Run the Management Agent in the User Forest, and select “Full Sync”. - Provision in the Central Forest (Run the Management Agent in the Central Forest, and select “Export”. After you provision the central forest, you should verify that contact objects have been created for each user object in the user forests. You must then enable these contacts for Lync Server 2010. - Run a FULL import on the Management Agent in the Central Forest
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 33 - Run a FULL import on the Management Agent in the User Forest - Synchronize the Metaverse in the Central Forest (Run the Management Agent in the Central Forest, and select “Full Sync”. - Synchronize the Metaverse in the User Forest (Run the Management Agent in the User Forest, and select “Full Sync”.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 34 - Provision in the Central Forest (Run the Management Agent in the Central Forest, and select “Export”.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 35 After you provision the central forest, you should verify that contact objects have been created for each user object in the user forests. You must then enable these contacts for Lync Server 2010. Please look into the OU “OU=LATAM,OU=Lync 2010 FIM Synchronization,OU=Users,OU=TIP Projects,OU=Divisions,DC=TYCOFS,DC=COM” to where the last Export should have created the desired Contacts to be enabled for Lync. Please review that all the Attributes as you have setup to flow are imported. - First name should be filled by the SamAccountName from lat.tyc.local - Display Name should be filled by the Display Name from lat.tyc.local (this is required for the Lync Address Book) - The E-mail address field should be EMPTY, as if filled it is causing a Synchronisation to Microsoft managed Domain which we SHOULD AVOID!!
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 36 Please review the other attributes. The import attribute to check is the msRTCSIP-Originator which should be filled by the ObjectSID from the lat.tyc.local.
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 37 Enabling Contacts for Lync Users cannot use Lync Server 2010 until they are enabled for all Lync Server services. After you have synchronized Active Directory Domain Services (AD DS) for users, groups, and contacts across all your forests, enable the contacts that you created in the central forest for Lync Server. To streamline and automate this process, we are using a three steps process to enable the contacts: 1. As we are using Firstname.Lastname@tycofs.com as the users SIP address, there is a need for us to fill the Lastname with “latam”. The script will take care on this; 2. To ensure that the Contact is NOT synchronized to Microsoft the script will fill the extensionAttribute13 with “Never”, which will bring the contact out of synchronization; 3. Latest step is to Enable all Created Contacts to Lync. The script will be run against the OU “LATAM” and will process on all Contacts that have not been ENABLED for Lync already. Above steps will be a scheduled task run every day. We have streamlined all of this as per below Powershell Script. LATAM FIM - Enable for Lync.ps1 This script will be running at the Lync Front End Server ukstr1ly00001.tycofs.com and will run first of all at a daily interval. For the naming convention we have used firstname.lastname@tycofs.com for their unique SIP address. Note: As earlier mentioned, for excluding the created objects out of the Global GAL in our Email environment, the script will automatically fill “ExtensionAttribute13” with “Never”. Additional we need to ensure that the Mail Attribute is empty as this is not required for Lync enabled contact The below should appear!
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 38
Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 39 Appendix: All servers reside in the EMEA Stratford Data Centre. Ukstr1ly00004.tycofs.com: - Windows 2008 R2 - Lync Server running the Microsoft Forefront Identity Management Tool - Microsoft Sharepoint Foundation 2010 installed - Microsoft SQL 2008 R2 installed – Database can be facilitated at another SQL Database Cluster Lync EMEA Frontedge Servers: - Ukstr1ly00001.tycofs.com and ukstr1ly00002.tycofs.com are the two FrontEnd Lync servers, that can hold maximum around 20.000 users. Easily this can be extended by either bringing a regional FrontEdge Server or facilitate an extra FrontEnd Server in Stratford. AD specifications: Two service accounts for the FIM tool running: - TycofsGBL-FIM-Agent : for running the FIM Tool - TycofsGBL-FIM-Service: for running the synchronization. User forest: Service Account that is able to read information from the user forest (Account for Directory Replication Changes is required (http://absolute-sharepoint.com/2012/12/step-by-step-guide-to-configure- the-replicating-directory-changes-for-sharepoint-2010-and-2013.html). For the lat.tyc.local we have created the account tycofs.local.za we have used lat.tyc.localLyncAdSync

Recomendados

Network service description office 365 dedicated plans april 2012
Network service description office 365 dedicated plans april 2012Network service description office 365 dedicated plans april 2012
Network service description office 365 dedicated plans april 2012gallegosm37
 
1 introduction
1 introduction1 introduction
1 introductionNgeam Soly
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory ProposalMJ Ferdous
 
Vinod ramamoorthy project manager
Vinod ramamoorthy project managerVinod ramamoorthy project manager
Vinod ramamoorthy project managerVinod Ramamoorthy
 
Sanjeet Resume2016
Sanjeet Resume2016Sanjeet Resume2016
Sanjeet Resume2016Sanjeet Kumar
 
Ahmed+Abouelela+CV
Ahmed+Abouelela+CVAhmed+Abouelela+CV
Ahmed+Abouelela+CVahmed abo el ela
 
Jack brophy resume_june_2016
Jack brophy resume_june_2016Jack brophy resume_june_2016
Jack brophy resume_june_2016Jack Brophy
 
RESUME
RESUMERESUME
RESUMEKristian Stoytchev
 

Recomendados

Network service description office 365 dedicated plans april 2012
Network service description office 365 dedicated plans april 2012Network service description office 365 dedicated plans april 2012
Network service description office 365 dedicated plans april 2012gallegosm37
 
1 introduction
1 introduction1 introduction
1 introductionNgeam Soly
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory ProposalMJ Ferdous
 
Vinod ramamoorthy project manager
Vinod ramamoorthy project managerVinod ramamoorthy project manager
Vinod ramamoorthy project managerVinod Ramamoorthy
 
Sanjeet Resume2016
Sanjeet Resume2016Sanjeet Resume2016
Sanjeet Resume2016Sanjeet Kumar
 
Ahmed+Abouelela+CV
Ahmed+Abouelela+CVAhmed+Abouelela+CV
Ahmed+Abouelela+CVahmed abo el ela
 
Jack brophy resume_june_2016
Jack brophy resume_june_2016Jack brophy resume_june_2016
Jack brophy resume_june_2016Jack Brophy
 
RESUME
RESUMERESUME
RESUMEKristian Stoytchev
 
System Engineer Fahed Rabadi
System Engineer Fahed RabadiSystem Engineer Fahed Rabadi
System Engineer Fahed Rabadifahed rabadi
 
Himanshu_Doneria_CV_Quant
Himanshu_Doneria_CV_QuantHimanshu_Doneria_CV_Quant
Himanshu_Doneria_CV_QuantHimanshu Doneria
 
karpaga priya.Res
karpaga priya.Reskarpaga priya.Res
karpaga priya.ResKarpaga priya
 
Resume (1)
Resume (1)Resume (1)
Resume (1)Jessica Grabinsky
 
Rickson_Rijoy_Windows, Exchange, Lync,Scom server support Engineer with 7.5 y...
Rickson_Rijoy_Windows, Exchange, Lync,Scom server support Engineer with 7.5 y...Rickson_Rijoy_Windows, Exchange, Lync,Scom server support Engineer with 7.5 y...
Rickson_Rijoy_Windows, Exchange, Lync,Scom server support Engineer with 7.5 y...Rickson Rijoy
 
CharlesGiles 10_20_16
CharlesGiles 10_20_16CharlesGiles 10_20_16
CharlesGiles 10_20_16Charles Giles
 
Tevin West Resume Fall 2016 updated with GPA and graduation date
Tevin West Resume Fall 2016 updated with GPA and graduation dateTevin West Resume Fall 2016 updated with GPA and graduation date
Tevin West Resume Fall 2016 updated with GPA and graduation datetevin west
 
Resume_RajashekarC
Resume_RajashekarCResume_RajashekarC
Resume_RajashekarCRaj Shekar
 
Kent_Chui_Resume_Draft
Kent_Chui_Resume_DraftKent_Chui_Resume_Draft
Kent_Chui_Resume_DraftKent Chui
 
QubicaAMF_LyncServer2010_CS
QubicaAMF_LyncServer2010_CSQubicaAMF_LyncServer2010_CS
QubicaAMF_LyncServer2010_CSMichele Fini
 
Planning for clients and devices lync server 2010 (rc)
Planning for clients and devices lync server 2010 (rc)Planning for clients and devices lync server 2010 (rc)
Planning for clients and devices lync server 2010 (rc)Daniel Ullmark
 
Features integrated with office365
Features integrated with office365Features integrated with office365
Features integrated with office365Cyril Sebastian
 
Lync Server 2010: Introduzione [I2001]
Lync Server 2010: Introduzione [I2001]Lync Server 2010: Introduzione [I2001]
Lync Server 2010: Introduzione [I2001]Fabrizio Volpe
 
Lync server overview (Inroduction) US English
Lync server overview (Inroduction) US EnglishLync server overview (Inroduction) US English
Lync server overview (Inroduction) US EnglishFabrizio Volpe
 
Updated Core Cal Guide
Updated Core Cal GuideUpdated Core Cal Guide
Updated Core Cal Guidewtaylor2408
 
Proposal For Their Integration Of Windows Server
Proposal For Their Integration Of Windows ServerProposal For Their Integration Of Windows Server
Proposal For Their Integration Of Windows ServerBrenda Higgins
 
Planning for archiving lync server 2010 (rc)
Planning for archiving lync server 2010 (rc)Planning for archiving lync server 2010 (rc)
Planning for archiving lync server 2010 (rc)Daniel Ullmark
 
Bouwen in de Cloud: Anthony Priestman - Filr
Bouwen in de Cloud: Anthony Priestman - FilrBouwen in de Cloud: Anthony Priestman - Filr
Bouwen in de Cloud: Anthony Priestman - FilrInterExperts
 
Ketan Julka CV
Ketan Julka CVKetan Julka CV
Ketan Julka CVKetanJulka
 
IRJET- Research Paper on Active Directory
IRJET- Research Paper on Active DirectoryIRJET- Research Paper on Active Directory
IRJET- Research Paper on Active DirectoryIRJET Journal
 
Planning for im and conferencing lync server 2010 (rc)
Planning for im and conferencing lync server 2010 (rc)Planning for im and conferencing lync server 2010 (rc)
Planning for im and conferencing lync server 2010 (rc)Daniel Ullmark
 
Microsoft Teams Preview - Technical Overview
Microsoft Teams Preview - Technical OverviewMicrosoft Teams Preview - Technical Overview
Microsoft Teams Preview - Technical OverviewOlivier Carpentier
 

Más contenido relacionado

Destacado

System Engineer Fahed Rabadi
System Engineer Fahed RabadiSystem Engineer Fahed Rabadi
System Engineer Fahed Rabadifahed rabadi
 
Rickson_Rijoy_Windows, Exchange, Lync,Scom server support Engineer with 7.5 y...
Rickson_Rijoy_Windows, Exchange, Lync,Scom server support Engineer with 7.5 y...Rickson_Rijoy_Windows, Exchange, Lync,Scom server support Engineer with 7.5 y...
Rickson_Rijoy_Windows, Exchange, Lync,Scom server support Engineer with 7.5 y...Rickson Rijoy
 
CharlesGiles 10_20_16
CharlesGiles 10_20_16CharlesGiles 10_20_16
CharlesGiles 10_20_16Charles Giles
 
Tevin West Resume Fall 2016 updated with GPA and graduation date
Tevin West Resume Fall 2016 updated with GPA and graduation dateTevin West Resume Fall 2016 updated with GPA and graduation date
Tevin West Resume Fall 2016 updated with GPA and graduation datetevin west
 
Resume_RajashekarC
Resume_RajashekarCResume_RajashekarC
Resume_RajashekarCRaj Shekar
 
Kent_Chui_Resume_Draft
Kent_Chui_Resume_DraftKent_Chui_Resume_Draft
Kent_Chui_Resume_DraftKent Chui
 
QubicaAMF_LyncServer2010_CS
QubicaAMF_LyncServer2010_CSQubicaAMF_LyncServer2010_CS
QubicaAMF_LyncServer2010_CSMichele Fini
 

Destacado (10)

System Engineer Fahed Rabadi
System Engineer Fahed RabadiSystem Engineer Fahed Rabadi
System Engineer Fahed Rabadi
 
Himanshu_Doneria_CV_Quant
Himanshu_Doneria_CV_QuantHimanshu_Doneria_CV_Quant
Himanshu_Doneria_CV_Quant
 
karpaga priya.Res
karpaga priya.Reskarpaga priya.Res
karpaga priya.Res
 
Resume (1)
Resume (1)Resume (1)
Resume (1)
 
Rickson_Rijoy_Windows, Exchange, Lync,Scom server support Engineer with 7.5 y...
Rickson_Rijoy_Windows, Exchange, Lync,Scom server support Engineer with 7.5 y...Rickson_Rijoy_Windows, Exchange, Lync,Scom server support Engineer with 7.5 y...
Rickson_Rijoy_Windows, Exchange, Lync,Scom server support Engineer with 7.5 y...
 
CharlesGiles 10_20_16
CharlesGiles 10_20_16CharlesGiles 10_20_16
CharlesGiles 10_20_16
 
Tevin West Resume Fall 2016 updated with GPA and graduation date
Tevin West Resume Fall 2016 updated with GPA and graduation dateTevin West Resume Fall 2016 updated with GPA and graduation date
Tevin West Resume Fall 2016 updated with GPA and graduation date
 
Resume_RajashekarC
Resume_RajashekarCResume_RajashekarC
Resume_RajashekarC
 
Kent_Chui_Resume_Draft
Kent_Chui_Resume_DraftKent_Chui_Resume_Draft
Kent_Chui_Resume_Draft
 
QubicaAMF_LyncServer2010_CS
QubicaAMF_LyncServer2010_CSQubicaAMF_LyncServer2010_CS
QubicaAMF_LyncServer2010_CS
 

Similar a Lync 2010 Global Installation LATAM configuration

Planning for clients and devices lync server 2010 (rc)
Planning for clients and devices lync server 2010 (rc)Planning for clients and devices lync server 2010 (rc)
Planning for clients and devices lync server 2010 (rc)Daniel Ullmark
 
Features integrated with office365
Features integrated with office365Features integrated with office365
Features integrated with office365Cyril Sebastian
 
Lync Server 2010: Introduzione [I2001]
Lync Server 2010: Introduzione [I2001]Lync Server 2010: Introduzione [I2001]
Lync Server 2010: Introduzione [I2001]Fabrizio Volpe
 
Lync server overview (Inroduction) US English
Lync server overview (Inroduction) US EnglishLync server overview (Inroduction) US English
Lync server overview (Inroduction) US EnglishFabrizio Volpe
 
Updated Core Cal Guide
Updated Core Cal GuideUpdated Core Cal Guide
Updated Core Cal Guidewtaylor2408
 
Proposal For Their Integration Of Windows Server
Proposal For Their Integration Of Windows ServerProposal For Their Integration Of Windows Server
Proposal For Their Integration Of Windows ServerBrenda Higgins
 
Planning for archiving lync server 2010 (rc)
Planning for archiving lync server 2010 (rc)Planning for archiving lync server 2010 (rc)
Planning for archiving lync server 2010 (rc)Daniel Ullmark
 
Bouwen in de Cloud: Anthony Priestman - Filr
Bouwen in de Cloud: Anthony Priestman - FilrBouwen in de Cloud: Anthony Priestman - Filr
Bouwen in de Cloud: Anthony Priestman - FilrInterExperts
 
Ketan Julka CV
Ketan Julka CVKetan Julka CV
Ketan Julka CVKetanJulka
 
IRJET- Research Paper on Active Directory
IRJET- Research Paper on Active DirectoryIRJET- Research Paper on Active Directory
IRJET- Research Paper on Active DirectoryIRJET Journal
 
Planning for im and conferencing lync server 2010 (rc)
Planning for im and conferencing lync server 2010 (rc)Planning for im and conferencing lync server 2010 (rc)
Planning for im and conferencing lync server 2010 (rc)Daniel Ullmark
 
Microsoft Teams Preview - Technical Overview
Microsoft Teams Preview - Technical OverviewMicrosoft Teams Preview - Technical Overview
Microsoft Teams Preview - Technical OverviewOlivier Carpentier
 
FarrukhQazi-CV-Nov-2015
FarrukhQazi-CV-Nov-2015FarrukhQazi-CV-Nov-2015
FarrukhQazi-CV-Nov-2015Farrukh Qazi
 
Haitham Faisal Portofolio
Haitham Faisal PortofolioHaitham Faisal Portofolio
Haitham Faisal PortofolioHaitham Faisal
 
UK Lotus User Group Connectr #2
UK Lotus User Group Connectr #2UK Lotus User Group Connectr #2
UK Lotus User Group Connectr #2Neil Burston
 
Office 365 Local File Share Synchronization - Issues Solved.
Office 365 Local File Share Synchronization - Issues Solved.Office 365 Local File Share Synchronization - Issues Solved.
Office 365 Local File Share Synchronization - Issues Solved.Layer2
 
Bpos Architectural Consideration Architectural Forum
Bpos Architectural Consideration Architectural ForumBpos Architectural Consideration Architectural Forum
Bpos Architectural Consideration Architectural Forumukdpe
 

Similar a Lync 2010 Global Installation LATAM configuration (20)

Planning for clients and devices lync server 2010 (rc)
Planning for clients and devices lync server 2010 (rc)Planning for clients and devices lync server 2010 (rc)
Planning for clients and devices lync server 2010 (rc)
 
Features integrated with office365
Features integrated with office365Features integrated with office365
Features integrated with office365
 
Lync Server 2010: Introduzione [I2001]
Lync Server 2010: Introduzione [I2001]Lync Server 2010: Introduzione [I2001]
Lync Server 2010: Introduzione [I2001]
 
Lync server overview (Inroduction) US English
Lync server overview (Inroduction) US EnglishLync server overview (Inroduction) US English
Lync server overview (Inroduction) US English
 
Updated Core Cal Guide
Updated Core Cal GuideUpdated Core Cal Guide
Updated Core Cal Guide
 
Proposal For Their Integration Of Windows Server
Proposal For Their Integration Of Windows ServerProposal For Their Integration Of Windows Server
Proposal For Their Integration Of Windows Server
 
Planning for archiving lync server 2010 (rc)
Planning for archiving lync server 2010 (rc)Planning for archiving lync server 2010 (rc)
Planning for archiving lync server 2010 (rc)
 
Bouwen in de Cloud: Anthony Priestman - Filr
Bouwen in de Cloud: Anthony Priestman - FilrBouwen in de Cloud: Anthony Priestman - Filr
Bouwen in de Cloud: Anthony Priestman - Filr
 
Ketan Julka CV
Ketan Julka CVKetan Julka CV
Ketan Julka CV
 
IRJET- Research Paper on Active Directory
IRJET- Research Paper on Active DirectoryIRJET- Research Paper on Active Directory
IRJET- Research Paper on Active Directory
 
Planning for im and conferencing lync server 2010 (rc)
Planning for im and conferencing lync server 2010 (rc)Planning for im and conferencing lync server 2010 (rc)
Planning for im and conferencing lync server 2010 (rc)
 
Microsoft Teams Preview - Technical Overview
Microsoft Teams Preview - Technical OverviewMicrosoft Teams Preview - Technical Overview
Microsoft Teams Preview - Technical Overview
 
Ravi Chinnasamy
Ravi ChinnasamyRavi Chinnasamy
Ravi Chinnasamy
 
FarrukhQazi-CV-Nov-2015
FarrukhQazi-CV-Nov-2015FarrukhQazi-CV-Nov-2015
FarrukhQazi-CV-Nov-2015
 
Haitham Faisal Portofolio
Haitham Faisal PortofolioHaitham Faisal Portofolio
Haitham Faisal Portofolio
 
UK Lotus User Group Connectr #2
UK Lotus User Group Connectr #2UK Lotus User Group Connectr #2
UK Lotus User Group Connectr #2
 
Worldwide Deployment
Worldwide DeploymentWorldwide Deployment
Worldwide Deployment
 
Office 365 Local File Share Synchronization - Issues Solved.
Office 365 Local File Share Synchronization - Issues Solved.Office 365 Local File Share Synchronization - Issues Solved.
Office 365 Local File Share Synchronization - Issues Solved.
 
Bpos Architectural Consideration Architectural Forum
Bpos Architectural Consideration Architectural ForumBpos Architectural Consideration Architectural Forum
Bpos Architectural Consideration Architectural Forum
 
Core SharePoint 2013 Concepts
Core SharePoint 2013 ConceptsCore SharePoint 2013 Concepts
Core SharePoint 2013 Concepts
 

Lync 2010 Global Installation LATAM configuration

  • 1. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 1 Introduction Previous versions of Office Communications Server relied on Active Directory Domain Services (AD DS) to store all global settings and groups necessary for the deployment and management of Office Communications Server. In Lync Server 2010, much of this information is stored in the Central Management store instead of AD DS, but User object schema extensions, including Office Communications Server 2007 and Office Communications Server 2007 R2 schema extensions, are still stored in AD DS. Microsoft Lync Server 2010 communications software supports the same Active Directory Domain Services (AD DS) topologies as Microsoft Office Communications Server 2007 R2 and Microsoft Office Communications Server 2007. The following topologies are supported:  Single forest with single domain  Single forest with a single tree and multiple domains  Single forest with multiple trees and disjoint namespaces  Multiple forests in a central forest topology  Multiple forests in a resource forest topology In previous documentation the Lync 2010 installation was described to provide a scalable, country independent and failover scenario for the TYCOFS EMEA and APAC users. We have described the installation for Lync 2010 Enterprise in Stratford UK EMEA Data Centre providing the Enterprise Pool solution for the EMEA users. This document will provide a description how to implement a Lync 2010 installation within multiple forests (CFSAD, TYCOFS and TYCOFS.LOCAL.ZA considering). The following figure identifies the icons used in the illustrations in this section.
  • 2. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 2 Multiple Forest, Central Forest Lync Server 2010 supports multiple forests that are configured in a central forest topology. Central forest topologies use contact objects in the central forest to represent users in the other forests. The central forest also hosts user accounts for any users in this forest. A directory synchronization product, such as Microsoft Identity Integration Server (MIIS), Microsoft Forefront Identity Manager (FIM) 2010, or Microsoft Identity Lifecycle Manager (ILM) 2007 Feature Pack 1 (FP1), manages the life cycle of user accounts within the organization: When a new user account is created in one of the forests or a user account is deleted from a forest, the directory synchronization product synchronizes the corresponding contact in the central forest. A central forest has the following advantages:  Servers running Lync Server are centralized within a single forest.  Users can search for and communicate with other users in any forest.  Users can view presence of other users in any forest.  The directory synchronization product automates the addition and deletion of contact objects in the central forest as user accounts are created or removed. The following figure illustrates a central forest topology. In this figure, there are two-way trust relationships between the domain that hosts Lync Server, which is in the central forest, and each user- only domain, which is in a separate forest. The schema in the separate user forests does not need to be extended.
  • 3. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 3 A multiple forest topology is often used in organizations that have a need for multiple forests in Active Directory Domain Services (AD DS) to help provide security or organizational boundaries. Multi-forest deployment of Microsoft Lync Server 2010 communications software can be in a:  Central forest  Resource forest Central Forest In a central forest topology, servers running Lync Server 2010 in the central forest provide services to users and groups in the central forest, in addition to users and groups in all other forests, which are called user forests. The central forest deployment offers the benefits of centralized administration and minimizes complexity in a multiple forest environment. To support a central forest topology, the following prerequisites are required:
  • 4. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 4  Microsoft Forefront Identity Manager 2010, Microsoft Identity Lifecycle Manager 2007 Feature Pack 1 (FP1), or Microsoft Identity Integration Server 2003 SP2 — In order to synchronize data across your forests, you must deploy one of these life cycle manager tools.  To synchronize the necessary attributes from user forests to a central forest, Lync Server provides a tool called LcsSync. Resource Forest In a resource forest topology, Lync Server 2010 is deployed in one forest, a resource forest that hosts servers running Lync Server 2010 but does not host any logon-enabled user accounts. Outside the resource forest, user forests host enabled user accounts but no servers running Lync Server 2010. Within the resource forest, a corresponding disabled user account exists for each user account in the user forests. The resource forest hosts only enterprise application servers and does not contain any primary user accounts. The primary user accounts from other forests are represented as disabled user accounts. An ObjectSID of primary user account (from account forest) is mapped to corresponding disabled user account msRTCSIP-OriginatorSID attribute. These disabled user accounts are enabled for Lync Server 2010 and mail-enabled for Microsoft Exchange Server if it is deployed. CONCLUSION: With the Global Integrated Solution for the two forests CFSAD and TYCOFS the Central Forest Model is appropriate. Even other forests can be integrated in this solution, to bring resource user forests into the Lync forest. 1. Central Forest Topology for Lync Server 2010 In a central forest topology, servers running Lync Server 2010 in the central forest provide services to users and groups in the central forest, and also to users and groups in all other forests, which are called user forests. The central forest deployment offers the benefits of centralized administration and minimizes complexity in a multiple forest environment. This document will not describe in depth the installation based on the Multiple Forest, Central Forest model. Please see http://www.microsoft.com/en-us/download/confirmation.aspx?id=11300#
  • 5. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 5 Note: You must establish a two-way trust between the central forest and user forests to enable distribution group expansion when groups from user forests are synchronized as contacts to the central forest. 2. Prerequisites for a Central Forest Topology Deployment To support a central forest topology, the following prerequisites are required.  Identity life cycle manager—One of the following supported identity life cycle managers must be deployed.  Microsoft Forefront Identity Manager 2010  Microsoft Identity Lifecycle Manager 2007 FP1  Microsoft Identity Integration Server 2003 SP2 As above tools are now all integration in Microsoft Forefront Identity Manager 2010, this document will be using the latter tool to synchronize user objects from user forests into contacts in the Lync Central Forest.
  • 6. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 6 Lync Central Forest Topology – User Forest In a central forest topology, servers running Lync Server 2010 in the central forest provide services to users and groups in the central forest, and also to users and groups in all other forests, which are called user forests. Central forest is in our scenario tycofs.com, whereas the user forest is tycofs.local.za (South Africa Users) The central forest deployment offers the benefits of centralized administration and minimizes complexity in a multiple forest environment. After you have deployed Lync Server in the central forest, complete the following steps: Step 1: Configuring the Microsoft Forefront Identity Manager 2010 for Lync Server 2010 Step 2: Enabling Contacts for Lync Server 2010 After you have deployed Lync Server 2010, modify the configuration of the identity life cycle manager server that is responsible for synchronizing user objects as contacts across all forests. The Lync Server Sync tool configures the management agent of each forest except the central one in order to synchronize its user and group information with the identity life cycle manager server. The identity life cycle manager server generates a metaverse object that represents each user or group and it then synchronizes each user or group object as a contact in the central forest. Because all Lync Server users and groups are synchronized as contacts (including the users or groups object security identifier (SID)) in every other forest, users can still communicate with each other across forest boundaries after the identity life cycle manager server is reconfigured, and users can still take advantage of distribution group expansion across forests. For configuring Lync Server in a multiple-forest environment, we are using the synchronization software Forefront Identity Manager 2010. Step 1: Configuring the Microsoft Forefront Identity Manager 2010 for Lync Server 2010 Each server that hosts the different FIM 2010 R2 server-side components has a different software requirement. We will focus on the required software that is required for synchronizing our user’s forests to the Lync Central Forest. - The 64-bit edition of Windows Server 2008 R2 Standard or Enterprise
  • 7. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 7 - Microsoft SQL Server 2008 64-bit Standard or Enterprise, Service Pack 1 (SP1), SQL Server 2008 R2, Standard/Enterprise or later. - Windows SharePoint Services 3.0 Service Pack 2 (SP2) or Microsoft SharePoint Foundation 2010. Please follow the below link for Identity Life Cycle Manager Server : https://technet.microsoft.com/en- us/library/gg670892.aspx We will not discuss all the required steps for installation to the above requirements. The Forefront Identity Manager is configured to do the following:  Import the user objects and group objects from two user forests as Metaverse Objects  Export the metaverse objects to the central forest as contact objects. To install and configure the Lync Server Sync Tool, Lcssync, perform the following steps: 1. Install the Lync Server Sync Tool. 2. Extend the Metaverse Schema in the Identity Life Cycle Manager (So the Lync Server attributes can be synchronized) 3. Configure Extensions for the Lync Server Sync Tool (Configuring the extensions determines how synchronization is handled for Lync Server 2010 objects that are synchronized by the identity life cycle manager) 4. Configure the Object Deletion Rule in the Identity Life Cycle Manager (After you have configured extensions for the Lync Server 2010 Sync tool, configure the rule that determines what the identity life cycle manager server will do when a user object is deleted in a forest and how it will synchronize the deletion with the central forest. If a user object is deleted in a user forest, the
  • 8. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 8 corresponding contact object that is used by Lync Server in the central forest must also be deleted. Configuring the object deletion rule ensures that the identity life cycle manager server and Lync Server handle this situation correctly) 5. Create a Management Agent for the Lync Server Sync Tool in the Central Forest. 6. Create a Management Agent for the Lync Server Sync Tool in all User Forests. 7. Importing, Synchronizing, and Provisioning Lync Server Objects. The Lync Server Sync tool configures the management agent of each forest except the central one in order to synchronize its user and group information with the identity life cycle manager server. The identity life cycle manager server generates a metaverse object that represents each user or group and it then synchronizes each user or group object as a contact in the central forest. Because all Lync Server users and groups are synchronized as contacts (including the users or groups object security identifier (SID)) in every other forest, users can still communicate with each other across forest boundaries after the identity life cycle manager server is reconfigured, and users can still take advantage of distribution group expansion across forests.
  • 9. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 9 LATAM configuration: Importing, Synchronizing, and Provisioning Lync Server Objects After you have created management agents for all forests in your environment, you need to synchronize user and contact information. During this initial synchronization, you import Active Directory data for each forest into the connector space, synchronize this data in the metaverse, and then export this data from the metaverse to the central forest. https://technet.microsoft.com/en-us/library/gg670892.aspx
  • 10. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 10 LATAM configuration: Importing, Synchronizing, and Provisioning Lync Server Objects After you have created management agents for all forests in your environment, you need to synchronize user and contact information. During this initial synchronization, you import Active Directory data for each forest into the connector space, synchronize this data in the metaverse, and then export this data from the metaverse to the central forest. So we do have two Management Agents setup: - One for the forest lat.tyc.local (from where the users will be gathered) - One for the forest tycofs.com (in where the contacts will be created) https://technet.microsoft.com/en-us/library/gg670892.aspx Steps to complete are described below: - Run a FULL Import on the Management Agent in the Central Forest - Run a FULL import on the Management Agent in the User Forest - Synchronize the Metaverse in the Central Forest (Run the Management Agent in the Central Forest, and select “Full Sync”. - Synchronize the Metaverse in the User Forest (Run the Management Agent in the User Forest, and select “Full Sync”. - Provision in the Central Forest (Run the Management Agent in the Central Forest, and select “Export”. For LATAM there is a need to setup a Management Agent to synchronize the user objects from off lat.tyc.local into contacts into TYCOFS.COM. In the below Procedure you will find the steps to configure the two used Management Agents successfully.
  • 11. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 11 Configure Management Agent “Lcs Central Forest” First step is to configure the Lcs Central Forest Agent which is used for the Lync User Forest. This is tycofs.com in where we have our Lync EMEA organization. To create a new Management Agents please select Right Click inside the Name where you have to use “Import Management Agent” This will be defaulted to the Share in where the Extensions for Lync will be found. This location is “C:Program FilesMicrosoft Forefront Identity Manager2010Synchronization ServiceExtensions”
  • 12. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 12 For the Central Forest we are selecting “lcscentralforestma”, which is the default for the Central Forest. Please leave the Name as default “Lcs Central Forest”, fill in the Description to identify the Agent if more Agents are in use. Select Next and configure the desired options for TYCOFS.COM
  • 13. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 13 Select the forest TYCOFS.COM
  • 14. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 14 Select Containers: This is from where the Forest should gather the full import from for all the Objects that have been created already. We are choosing LATAM only from off the OU “Lync 2010 FIM Synchronization” Please note that the Container location is the SAME as is in the file inside the folder C:Program FilesMicrosoft Forefront Identity Manager2010Synchronization ServiceExtensionslcscfg” on the server ukstr1ly00004.tycofs.com The synchronization process is using the lcssync.dll file, which reads from the lcscfg.xml file. Therefore please use the same locations. Configure Provisioning Hierarchy will be used during provisioning to create any necessary container objects in the connected directory. Only containers with one or fewer required.
  • 15. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 15 We can leave this as default to “o” and “ou”.
  • 16. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 16 We will leave all the default settings and select Next to continue on the next step. The next is Select Object Types in where we are selecting the Object Type class to look for any objects. For sure the Contact is required, so we will tick that. The next is to select the Attributes in where we are interesting in to synchronize. As there is a high need for use to look into the msRTCSIP-OriginatorSid (TYCOFS.COM) - ObjectsSid from legacy LAT.TYC.LOCAL Domain we need to select Show All to see all the Attributes.
  • 17. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 17 And check if the desired attribute inside TYCOFS.COM are selected. The below list out all the Attributes that are in play for this Management Agent: - C - Cn - Comment - Company - Department - Description - DisplayName - GivenName - HomePhone - IpPhone - L - Mail - ManagedBy - Manager - Mobile - msDS-SourceObjectDN - msRTCSIP-OriginatorSid - msRTCSIP-SourceObjectType - objectSid - otherHomePhone - otherMobile - otherPager - ohterTelephone - pager - physicalDeliveryOfficeName - sn - st - telephoneNumber - thumbnailPhoto - title Most of the attributes are standard and are required in the necessary Information that needs to be shown after that the Contact will be created inside TYCOFS.COM and be enabled for Lync. If required any additional attribute can be selected to synchronize. In the Configure Connector Filter, we can filter on any appropriate action to select/deselect the objects from off TYCOFS.COM. For now we will leave this as is:
  • 18. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 18 The next is the “Configure Join and Projection Rules” in where we will add the desire to map the different attributes we are trying to bring over from legacy Domain (lat.tyc.local) into User Forest Domain (tycofs.com) It is required to first of all select YES on the Join Data Source Object Type for Contact only!! We are not interested in any other Join or Protection Rule.
  • 19. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 19 In the Attribute Flow we are selecting the Metaverse Attribute will flow into the desired Contacts attribute (Data Source Attribute). For LATAM synchronization and Lync Enabling Process we have the below Standard in place: Firstname.Lastname@tycofs.com In where: - Firstname is the SamAccountName from off the User Forest LAT.TYC.LOCAL - Lastname is for all the accounts “latam”. So from the Metaverse (the Collection for the synchronization accounts) we are deselecting the SN attribute. This will be filled by Powershell script with default “latam”.
  • 20. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 20 The following step is the Configure Deprovisioning step, which we leave as default In the Configure Extensions you will find the Rules Extension name “lcssync.dll”, which needs to be used to synchronize Users from the Users Forest to Contacts inside the Central Forest.
  • 21. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 21 This will be the final step, so we will click OK to configure the Lcs Central Forest Management Agent.
  • 22. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 22 Configure Management Agent “Lcs User Forest - LATAM” Next step is to configure the Lcs User Forest Agent which is used for the User Forest from which is the source from where the information is gathered. This is lat.tyc.local for the LATAM region. To create a new Management Agents please select Right Click inside the Name where you have to use “Import Management Agent” This will be defaulted to the Share in where the Extensions for Lync will be found. This location is “C:Program FilesMicrosoft Forefront Identity Manager2010Synchronization ServiceExtensions”
  • 23. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 23 As we are interested in the User Forest we will select “lcsuserforestma”. Select open high lightening this name. We are changing the name to reflect the Source “Lcs User Forest – LATAM” and providing a description for the need for this Management Agent. To gather information from the Source lat.tyc.local there is a need to create a service account that is able to read information from the user forest (Account for Directory Replication Changes is required (http://absolute-sharepoint.com/2012/12/step-by-step-guide-to-configure-the-replicating-directory- changes-for-sharepoint-2010-and-2013.html).
  • 24. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 24 For the Lat.tyc.local we have created the LyncAdSync Service Account with the desired privileges. Select the forest LAT.TYC.LOCAL
  • 25. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 25 Select Containers: Please select the OU’s from where the Users should be provisioned into the MetaVerse. We have used the below Sub-OUs inside the LT-Users OU. Configure Provisioning Hierarchy will be used during provisioning to create any necessary container objects in the connected directory. Only containers with one or fewer required. We can leave this as default to “o” and “ou”.
  • 26. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 26
  • 27. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 27 We will leave all the default settings and select Next to continue on the next step. The next is Select Object Types in where we are selecting the Object Type class to look for any objects. For sure the Contact is required, so we will tick that. The next is to select the Attributes in where we are interesting in to synchronize. As there is a high need for use to look into the msRTCSIP-OriginatorSid (TYCOFS.COM) - ObjectsSid from legacy LAT.TYC.LOCAL Domain we need to select Show All to see all the Attributes. And check if the desired attribute inside LAT.TYC.LOCAL are selected. The below list out all the Attributes that are in play for this Management Agent: - C - Cn - Company
  • 28. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 28 - Department - Description - DisplayName - GroupType - HomePhone - IpPhone - L - Mail - ManagedBy - Manager - Mobile - objectSid - otherHomePhone - otherMobile - otherPager - ohterTelephone - pager - sIDHistory - st - telephoneNumber - thumbnailPhoto - title - UserAccountControl Most of the attributes are standard and are required in the necessary Information that needs to be shown after that the Contact will be created inside TYCOFS.COM and be enabled for Lync. If required any additional attribute can be selected to synchronize. For LATAM synchronization and Lync Enabling Process we have the below Standard in place: Firstname.Lastname@tycofs.com In where: - Firstname is the SamAccountName from off the User Forest LAT.TYC.LOCAL - Lastname is for all the accounts “latam”. So from the Metaverse (the Collection for the synchronization accounts) we are deselecting the SN and GivenName attribute. This will be filled by Powershell script with GivenName {SamAccountName} and SN default “latam”.
  • 29. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 29 In the Configure Connector Filter, we can filter on any appropriate action to select/deselect the objects from off TYCOFS.COM. The filter on User is setup to meet the below criteria. - Mail needs to be present in the User Forest on the User Object; - The user needs to be ENABLED in the User Forest. We are not willing to flow User Objects based on above criteria so we will filter these out as above configuration. The next is the “Configure Join and Projection Rules” in where we will add the desire to map the different attributes we are trying to bring over from legacy Domain (lat.tyc.local) into User Forest Domain (tycofs.com)
  • 30. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 30 For Single Sign-on to Lync it is required that the ObjectSid from the Source Forest (lat.tyc.local) is filled into the msRTCSIP-OriginatorSid into the Destination Forest (tycofs.com). This guarantees that whenever a user logs on a lat.tyc.local Computer with his/her user account inside this forest is able to use Lync without entering his/her credentials!!! In the Attribute Flow we are selecting the Metaverse Attribute will flow into the desired Contacts attribute (Data Source Attribute).
  • 31. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 31 Please take note on the above that we are synchronising the sAMAccountName from User Forest into the comment attribute inside the Central Forest. In the Management Agent Central Forest, we have setup an Attribute Flow for the Comment field to the GivenName inside the Central Forest. This so that we have NOT any Identical givenNames which are used for the SIP Address. The following step is the Configure Deprovisioning step, which we leave as default In the Configure Extensions you will find the Rules Extension name “lcssync.dll”, which needs to be used to synchronize Users from the Users Forest to Contacts inside the Central Forest. This will be the final step, so we will click OK to configure the Lcs User Forest Management Agent!
  • 32. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 32 Importing, Synchronizing, and Provisioning Lync Server Objects After you have created management agents for all forests in your environment, you need to synchronize user and contact information. During this initial synchronization, you import Active Directory data for each forest into the connector space, synchronize this data in the metaverse, and then export this data from the metaverse to the central forest. Steps to complete are described below: - Run a FULL Import on the Management Agent in the Central Forest - Run a FULL import on the Management Agent in the User Forest - Synchronize the Metaverse in the Central Forest (Run the Management Agent in the Central Forest, and select “Full Sync”. - Synchronize the Metaverse in the User Forest (Run the Management Agent in the User Forest, and select “Full Sync”. - Provision in the Central Forest (Run the Management Agent in the Central Forest, and select “Export”. After you provision the central forest, you should verify that contact objects have been created for each user object in the user forests. You must then enable these contacts for Lync Server 2010. - Run a FULL import on the Management Agent in the Central Forest
  • 33. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 33 - Run a FULL import on the Management Agent in the User Forest - Synchronize the Metaverse in the Central Forest (Run the Management Agent in the Central Forest, and select “Full Sync”. - Synchronize the Metaverse in the User Forest (Run the Management Agent in the User Forest, and select “Full Sync”.
  • 34. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 34 - Provision in the Central Forest (Run the Management Agent in the Central Forest, and select “Export”.
  • 35. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 35 After you provision the central forest, you should verify that contact objects have been created for each user object in the user forests. You must then enable these contacts for Lync Server 2010. Please look into the OU “OU=LATAM,OU=Lync 2010 FIM Synchronization,OU=Users,OU=TIP Projects,OU=Divisions,DC=TYCOFS,DC=COM” to where the last Export should have created the desired Contacts to be enabled for Lync. Please review that all the Attributes as you have setup to flow are imported. - First name should be filled by the SamAccountName from lat.tyc.local - Display Name should be filled by the Display Name from lat.tyc.local (this is required for the Lync Address Book) - The E-mail address field should be EMPTY, as if filled it is causing a Synchronisation to Microsoft managed Domain which we SHOULD AVOID!!
  • 36. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 36 Please review the other attributes. The import attribute to check is the msRTCSIP-Originator which should be filled by the ObjectSID from the lat.tyc.local.
  • 37. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 37 Enabling Contacts for Lync Users cannot use Lync Server 2010 until they are enabled for all Lync Server services. After you have synchronized Active Directory Domain Services (AD DS) for users, groups, and contacts across all your forests, enable the contacts that you created in the central forest for Lync Server. To streamline and automate this process, we are using a three steps process to enable the contacts: 1. As we are using Firstname.Lastname@tycofs.com as the users SIP address, there is a need for us to fill the Lastname with “latam”. The script will take care on this; 2. To ensure that the Contact is NOT synchronized to Microsoft the script will fill the extensionAttribute13 with “Never”, which will bring the contact out of synchronization; 3. Latest step is to Enable all Created Contacts to Lync. The script will be run against the OU “LATAM” and will process on all Contacts that have not been ENABLED for Lync already. Above steps will be a scheduled task run every day. We have streamlined all of this as per below Powershell Script. LATAM FIM - Enable for Lync.ps1 This script will be running at the Lync Front End Server ukstr1ly00001.tycofs.com and will run first of all at a daily interval. For the naming convention we have used firstname.lastname@tycofs.com for their unique SIP address. Note: As earlier mentioned, for excluding the created objects out of the Global GAL in our Email environment, the script will automatically fill “ExtensionAttribute13” with “Never”. Additional we need to ensure that the Mail Attribute is empty as this is not required for Lync enabled contact The below should appear!
  • 38. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 38
  • 39. Lync 2010 Global Installation TYCO Lync 2010 Global Installation – Multiple Forest, Central Forest Topology Page | 39 Appendix: All servers reside in the EMEA Stratford Data Centre. Ukstr1ly00004.tycofs.com: - Windows 2008 R2 - Lync Server running the Microsoft Forefront Identity Management Tool - Microsoft Sharepoint Foundation 2010 installed - Microsoft SQL 2008 R2 installed – Database can be facilitated at another SQL Database Cluster Lync EMEA Frontedge Servers: - Ukstr1ly00001.tycofs.com and ukstr1ly00002.tycofs.com are the two FrontEnd Lync servers, that can hold maximum around 20.000 users. Easily this can be extended by either bringing a regional FrontEdge Server or facilitate an extra FrontEnd Server in Stratford. AD specifications: Two service accounts for the FIM tool running: - TycofsGBL-FIM-Agent : for running the FIM Tool - TycofsGBL-FIM-Service: for running the synchronization. User forest: Service Account that is able to read information from the user forest (Account for Directory Replication Changes is required (http://absolute-sharepoint.com/2012/12/step-by-step-guide-to-configure- the-replicating-directory-changes-for-sharepoint-2010-and-2013.html). For the lat.tyc.local we have created the account tycofs.local.za we have used lat.tyc.localLyncAdSync