Microsoft Lync Server 2013 Multitenant Pack For Partner Hosting Deployment Guide

Microsoft Lync Server 2013
Multitenant Hosting Pack

Deployment Guide
Microsoft Lync Server 2013 Multitenant Hosting Pack
Published: June 2013
Document Version: 1.2, 06/14/13

Changes in this version:
Updated section 7.5 to remove the following:
In addition, create one external DNS record for the FQDN of the Front End pool for
each external IP address of the Front End Servers.
Abstract: The Microsoft Lync Server 2013 Multitenant Hosting Pack features include
integration with Microsoft Exchange Server, Microsoft Outlook, and other communication
technologies. The Lync Server 2013 Multitenant Hosting Pack enables customers to manage
geographically dispersed offices and mobile users in a way that reduces travel expenses, while
maintaining highly collaborative team environments. This document describes the Lync Server
2013 Multitenant Hosting Pack, and includes information about how to deploy and configure it.
This document is provided as-is. Information and views expressed in this document, including
URL and other Internet Web site references, may change without notice.
Some examples depicted herein are provided for illustration only and are fictitious. No real
association or connection is intended or should be inferred.
This document does not provide you with any legal rights to any intellectual property in any
Microsoft product. You may copy and use this document for your internal, reference purposes.
Copyright 2012 Microsoft Corporation. All rights reserved.

Contents
1 Overview of the Microsoft Lync Server 2013 Multitenant Hosting Pack ................................. 1
1.1 Understanding the Lync Server 2013 Multitenant Hosting Pack ....................................... 1
1.2 How to get the Lync Server 2013 Multitenant Hosting Pack Software ............................. 2
1.3 Whats Available in the Lync Server 2013 Multitenant Hosting Pack ................................ 2
1.3.1 Comparing versions of the Lync Server Multitenant Hosting Pack ............................. 2
1.4 Known Issues ................................................................................................................... 12
2 Determining Your Infrastructure Requirements .................................................................... 12
2.1 Hardware Requirements.................................................................................................. 12
2.1.1 Hardware Requirements for Servers Running Lync Server 2013 .............................. 12
2.1.2 Hardware Requirements for Back End Servers and Other Database Servers ........... 13
2.2 Integration with Exchange Server .................................................................................... 14

2.3 Network Infrastructure Requirements ............................................................................ 14
2.4 Domain Name System (DNS) Requirements .................................................................... 15
2.5 Active Directory Domain Services Requirements ............................................................ 15

2.6 Load Balancing Requirements ......................................................................................... 15
2.7 Port and Protocol Requirements ..................................................................................... 15
2.8 Certificate Requirements ................................................................................................. 15
2.9 Software Requirements ................................................................................................... 16
2.10 Reverse Proxy Configuration ........................................................................................ 16
3 Understanding the Lync Server 2013 Multitenant Hosting Pack ........................................... 16
3.1 About Lync Server Multitenant Hosting Pack User Types ............................................... 16
3.2 Lync Server Multitenant Hosting Pack Server Roles ........................................................ 17
3.3 Lync Server 2013 Control Panel ....................................................................................... 17

4 Planning for the Lync Server Multitenant Hosting Pack ......................................................... 17
4.1 Example Topology ............................................................................................................ 17
4.1.1 About the Example Topology .................................................................................... 18
4.2 Flexible Systems Scaling ................................................................................................... 20
4.3 Role-specific Load Balancing and Fault Tolerance ........................................................... 20
5 Migrating from the Lync Server 2010 Multitenant Hosting Pack ........................................... 21
5.1 Migration Prerequisites ................................................................................................... 21
5.2 Performing the Migration ................................................................................................ 21
5.3 Migrating Tenants ............................................................................................................ 23

5.3.1 Known Limitations ..................................................................................................... 23
5.3.2 Prerequisities ............................................................................................................. 23
5.3.2.1 PoolMapping.csv ............................................................................................... 24

5.3.2.2 Migrate-TenantOrgV2.ps1 ................................................................................. 24
6 Deploying a New Lync Server 2013 Multitenant Hosting Pack Deployment.......................... 29
6.1 Deploying the Topology ................................................................................................... 30
6.2 Change the Name and Domain of the Server Running Lync Server ................................ 31
6.3 Installation Media ............................................................................................................ 31
6.4 Install the Lync Server 2013 Multitenant Hosting Pack ................................................... 31
7 Define the Topology ............................................................................................................... 33
7.1 Create a Front End Pool ................................................................................................... 33
7.2 Configure Front End Servers ............................................................................................ 34
7.3 Update the SQL Server Databases ................................................................................... 34
7.4 Add Server Roles .............................................................................................................. 35
7.5 Deploy Edge Servers ........................................................................................................ 35
7.6 Define the Edge Topology ................................................................................................ 35
7.7 Monitoring ....................................................................................................................... 36
8 Post-Installation Configuration ............................................................................................... 36
8.1 Install Additional Components ........................................................................................ 36
8.2 Modify Lync Server Management Shell ........................................................................... 36

8.3 Update Active Directory for Hosted Management Services ............................................ 36
8.4 Global Client Policies for Address Book Web Query ........................................................ 37
8.5 Lync Server Dial Plans ...................................................................................................... 37

8.6 Integration with on-premises PBX or Call Center ............................................................ 38
8.7 Changing the Root OU ..................................................................................................... 38
8.8 Configuring Mobility ........................................................................................................ 39
9 Provisioning Tenant Organizations ......................................................................................... 39
9.1 Create and Secure the Organizational Units.................................................................... 39
9.2 Set TenantId and ObjectId ............................................................................................... 40
9.2.1 Set the DomainUrlMap Attribute .............................................................................. 41
9.3 Add UPN Suffix to Tenant OU .......................................................................................... 41

9.4 Create Tenant SIP Domain ............................................................................................... 41
9.5 Configure Exchange Email................................................................................................ 42
9.6 Configure Exchange Unified Messaging........................................................................... 42

9.6.1 Create Tenant Exchange Dial Plan and Exchange UM Mailbox Policy ...................... 42
9.6.2 Assign Tenant Dial Plan to All Available Exchange UM Servers ................................ 43
9.6.3 Update Exchange UM/Lync Server Integration Configuration .................................. 43

9.6.4 Create Lync Server Contacts for Exchange UM Subscriber Access ........................... 44
10 Configuring Federation........................................................................................................ 45
10.1.1 Enabling a Tenant for Federation .......................................................................... 46
10.1.2 Getting Tenant Federation Settings ...................................................................... 46
10.2 Configure Tenant Federation Settings.......................................................................... 46

10.2.1 Configuring federation with an on-premises deployment in another organization
47
10.2.2 Configuring federation with other Hosting Pack deployments ............................. 48
10.2.3 Configuring federation with a Lync Online tenant ................................................ 49
10.2.4 Configure Federation Between Lync Server On-Premises and Lync Server
Multitenant Hosting Pack .................................................................................................... 49
10.2.5 Adding Domains to the Tenant Block List.............................................................. 49
10.2.6 Clearing the Tenant Block List ............................................................................... 49
10.2.7 Clearing the Tenant Allow List ............................................................................... 50
10.2.8 Resetting Tenant to Allow All Domains Except Those Listed on the Block List ..... 50
11 Create Tenant DNS Records ................................................................................................ 50
11.1 Create Tenant Meeting Simple URLs ............................................................................ 51
11.1.1 Import the Required Modules for Windows PowerShell ...................................... 51
11.1.2 Configure the Simple URL to Use the Back-end Database .................................... 51
11.1.3 Get Tenant Organization ID ................................................................................... 52
11.1.4 Create the Simple URLs for a Tenant Organization ............................................... 52
11.1.5 Set the Simple URL DNS Name .............................................................................. 53
12 Provisioning Tenant Users ................................................................................................... 53
12.1 Enable Tenant Users for Exchange UM ........................................................................ 53
12.2 Set User TenantID, GroupingID, and ObjectId.............................................................. 54
12.2.1 Known Issue ........................................................................................................... 55

12.3 Configure the user Base Simple URL with the Tenant Organizations Base URL.......... 56
12.4 Enable Tenants for Lync Server .................................................................................... 57
12.5 Set Address Book Policy for Tenant User ..................................................................... 57

12.6 Providing the Lync Server 2013 Interface for online meeting...................................... 58
13 Overview of the Audio Conferencing Provider ................................................................... 58
13.1 Integrating with Audio Conferencing Provider............................................................. 58
13.2 Provisioning with Audio Conferencing Provider........................................................... 59
13.3 Integration Workflows with Audio Conferencing Provider .......................................... 60

13.3.1 Create and Schedule a Web Conference ............................................................... 60
13.3.2 Activate a Conference ........................................................................................... 60
13.3.3 Join Conference by Using Conferencing Dial-out .................................................. 61
13.3.4 Audio Bridging Sequence....................................................................................... 62
13.3.5 Use Audio Controls from Lync Server .................................................................... 62
13.4 Known Issues ................................................................................................................ 63
14 Code Samples ...................................................................................................................... 64
14.1 Prerequisites ................................................................................................................. 64
14.2 Dependencies ............................................................................................................... 64
14.3 Provision a Tenant Organization .................................................................................. 64
14.3.1 Create and Secure Organizational Unit ................................................................. 65
14.3.2 Enable the Tenant Organization ............................................................................ 65
14.3.3 Add an Additional SIP Domain to the Tenant Organization .................................. 67
14.3.4 Adding Domains to the Tenant Allow List for Federation ..................................... 69
14.3.5 Adding Domains to the Tenant Block List for Federation ..................................... 70
14.3.6 Removing Domains from the Tenant Allow List for Federation ............................ 71
14.3.7 Removing Domains from the Tenant Block List for Federation ............................ 72
14.3.8 Allowing all Domains for Tenant Federation ......................................................... 73
14.3.9 Enabling a Tenant for Federation .......................................................................... 74
14.3.10 Enabling Federation between two Hosted Tenants .............................................. 76
14.4 Provision Tenant Users ................................................................................................. 78
1 Overview of the Microsoft Lync Server 2013
Multitenant Hosting Pack
Microsoft Lync Server 2013 Multitenant Hosting Pack is a unified communications (UC) solution for
telecom and hosting providers. Unified communications is a way for telecom and hosting providers to
expand their service offering to their current customers.
The Lync Server 2013 Multitenant Hosting Pack features include integration with Microsoft Exchange
Server, Microsoft Outlook, and other communication technologies. The Lync Server Multitenant
Hosting Pack enables customers to manage geographically dispersed offices and mobile users in a way
that reduces travel expenses, while maintaining highly collaborative team environments. This increased
integration of communication channels translates to improved organizational flexibility that is often
difficult to find in larger enterprise organizations.
For more information and additional resources about Lync hosting, see Partner Hosted Lync at
http://go.microsoft.com/fwlink/p/?LinkId=308942 and Microsoft Lync Server Multitenant Pack for
Partner Hosting Resources http://go.microsoft.com/fwlink/p/?LinkId=306561.
1.1 Understanding the Lync Server 2013 Multitenant Hosting Pack

This section describes how the Hosting Pack integrates with the core system infrastructure. To better
understand the overall system it helps to define unified communications, Lync Server, and the Lync
Server Multitenant Hosting Pack.
Unified communications (UC) is a system that integrates platforms for communications
including email, voice mail, telephony, instant messaging (IM), and voice and video
conferencing. UC solutions are installed on the clients core systems, adding a UC layer to the
overall infrastructure. This UC layer adds integration and interconnects the communications
systems with the organizations core system services.
Microsoft Lync Server 2013 is a family of servers functioning as UC servers that integrate with all
the Microsoft line-of-business software. Lync Server adds these new communication possibilities
within the organization. A Lync Server and Exchange Server layer provide system integration
between Exchange and other communication systems like IM, presence, voice and video calls,
desktop sharing, file transfer, and ad hoc conferences.
Microsoft Lync Server 2013 Multitenant Hosting Pack is a special deployment configuration
scoped for hosting or telecom services providers. The solution enables service providers to host
multitenant Lync Server instances shared across multiple customer environments. In addition,
the Lync Server Multitenant Hosting Pack solution includes an add-on layer that allows our
partners to build communication packages that use the Lync Server Multitenant Hosting Pack to
integrate with the core layer.
1
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
1.2 How to get the Lync Server 2013 Multitenant Hosting Pack
Software
A license is required to use the software. To download and install the Lync Server 2013 Multitenant
Hosting Pack software, you need to log on to the Microsoft Volume Licensing Service Center at
http://go.microsoft.com/fwlink/?LinkId=238381.
1.3 Whats Available in the Lync Server 2013 Multitenant Hosting

Pack
The features that integrate with other components and applications include the following:
Presence A collection of attributes that provides an indication of a person's status, activity,
location, willingness to communicate, and contact information.
Instant messaging (IM) A form of real-time text-based communication.
Data and desktop sharing A feature that allows users to share files, use whiteboard, and
display their desktop to a meeting or to conversation participants.
Conferencing Two-way video and audio transmissions between users in multiple locations.
Unified Messaging This feature is available only in combination with Microsoft Exchange
Server. An application that consolidates a user's voice mail, fax, and email into one mailbox, so
that the user only needs to check a single location for messages, regardless of type. The email
server is the platform for all types of messages, making it unnecessary to maintain separate
voice mail and email infrastructures.
Private branch exchange (PBX) replacement UC integration with Voice over Internet Protocol
(VoIP) systems can replace traditional phone exchange systems.
Lync Server Multitenant Hosting Pack partner feature set includes:

Appliances Hand and head set I/O devices.
Conferencing server gateway video Real-time IP video, voice, and data services.
Audio conferencing provider Integration with hosted conferencing systems.
Short Message Service (SMS) Text messaging systems used by phones and mobile
communication systems.
1.3.1 Comparing versions of the Lync Server Multitenant Hosting Pack

The following table compares the features available in the Lync Server Multitenant Hosting Pack 2010
and 2013.
2
Feature Comparison: Lync Server 2010 Multitenant Hosting Pack and Lync Server 2013 Multitenant Hosting Pack
Feature Lync Server 2010 Lync Server 2013

Hosting Pack Hosting Pack
Presence
1 to 1 and multi-party IM/Presence Yes Yes
Contacts list Yes Yes
Address Book Service Web Query service Yes Yes
Distribution List Expansion protocol (DLX) Yes Yes
Instant Messaging (IM)
Point-to-point IM Yes Yes
Multiparty/Group IM Yes Yes
Persistent Chat No No
PC to PC audio/video dial out calling Yes Yes
File transfer Yes Yes
Mobile VoIP to PC audio No Yes
Click to communicate from Office apps Yes Yes
Interactive contact card in Office 2010 and Office 2013 Yes Yes
Lync skill search in SharePoint Server (on-premises) Yes Yes
Lync skill search in SharePoint Online No No
Privacy mode No No
3

Client Support
Lync Client 2010 and Lync Client 2013 Yes Yes
Web app for joining scheduled meetings Yes Yes
Rich attendee client (joining meetings) Yes Yes
Mac attendee client Yes Yes
CWA (2007 R2) No No
OC 2007 R2 No No
Lync phone edition (Lync-based IP phones) No No

Support expected in a
future release
Lync Attendant client (receptionist rich client) No Yes

Lync Server 2010
version
Communicator Mobile (Windows Phone 6.x) No No
Lync Mobile No Yes
Lync desktop client Yes Yes
Mac Messenger Yes Yes
Attendee (meeting only) Yes Yes
Lync Mobile clients Yes Yes

(for Android, Windows Phone, iPhone) (If provisioned) (If provisioned)
Conferencing and Online Meetings
Meeting attendee capacity 250 250
4

Point-to-point audio/video Yes Yes
Video conferencing over IP Yes Yes
Audio conferencing over IP only Yes Yes
Meeting recording Yes Yes
Registration No No
Public Events page No No
Customer branding No No
Customer invitations No No
Managed Q&A No No
Virtual breakout rooms No No
Easy Assist No No
Desktop sharing Yes Yes
Application sharing Yes Yes
White boarding and annotation Yes Yes
Office document upload No No
PowerPoint upload Yes Yes
Polling Yes Yes
Unauthenticated in Web App (reach) Yes Yes
5

Unauthenticated attendee (rich client) Yes Yes
Scheduled conferences using Outlook plugin Yes Yes
Round table support Yes Yes
Lobby Yes Yes
Integration with select partners for PSTN audio conferencing Yes Yes
(ACP)
Provisioning for approved ACP partners for Office 365 No No

customers
Scheduling an online meeting in OWA No Yes
Client side recording and playback Yes Yes
Cloud side recording and playback No No
Authenticated experience in Web app (reach) No No
Generate a link to a scheduled meeting via web page Yes Yes
PSTN audio conferencing in MCUs Yes Yes

via audio conferencing via audio conferencing
provider provider
1:1 Chat Yes Yes
Backstage/Content Preview for Presenters Yes Yes
Mute / Unmute all attendees No Yes
Mute / Unmute individual attendees Yes Yes
In-meeting Attendee Permission Controls Yes Yes
6

Interoperability with on-premises video conferencing systems No Yes

via 3rd party
Multimedia, JPEG, Text Page, Web Page, No Yes

Screen snapshot (Desktop Annotation)
PSTN dial-out from scheduled meetings Yes Yes

provider provider
Ad-hoc audio dial-out conferencing Yes Yes

VoIP via SIP Trunk VoIP via SIP Trunk
Meet now audio dial-out conferencing Yes Yes

provider provider
Scheduled audio dial-out conferencing Yes Yes

provider provider
Sharing
Point-to-point/multiparty data conference (white boarding) Yes Yes
Point-to-point/multiparty file share Yes Yes
Point-to-point/multiparty desktop and application sharing Yes Yes
Point-to-point/multiparty Microsoft PowerPoint slide sharing Yes Yes
Polling Yes Yes
Integration
Microsoft Outlook integration for IM, presence, calendar Yes Yes

(with users on the same hosting partner)
Microsoft SharePoint integration for IM, presence Yes Yes
7

(with users on the same hosting partner)
Public IM Connectivity and Federation
Inter-tenant federation Yes Yes
Federation with Extensible Messaging and Presence Protocol No No

(XMPP)
IM/P/A/V Federation with Office Communications Server, Yes Yes

Lync Server, Lync Online
IM/P/A/V with Windows Live Messenger / Skype No Yes
IM/P and voice with Skype No Yes
Public IM connectivity and presence No No

AOL, Yahoo!, Windows Live
IBM Sametime federation No No
Calling features
Public switched telephone network (PSTN) calling via Lync Yes Yes
incoming and outgoing
Ad-hoc PSTN dial-out for meetings No No
Call controls Yes Yes

hold, transfer, forward, simultaneous ring
Voice policies Yes Yes
Access to Exchange Online voice mail No No
Team call No Yes
Delegation (boss-admin) for Voice No No
8

Call park No No
Outgoing DID manipulation No No
E-911 No No
Dial plans & Policies No No
IP desk phone support No Yes
Resilient Branch Office Appliance No No
Call Admissions Control (CAC) No No
Support for Analog devices (e.g. FAX) No No
Response groups No Yes

via 3rd party
Private Line (secondary DID for execs) No No
Direct connectivity with PBX via gateways Yes Yes
Direct SIP for audio with on-premises IP-PBXs No Yes
Direct SIP for signaling (presence updates) with on-premises IP- No Yes
PBX
RCC (click-to-call) with on-premises PBX No No
Malicious call trace No No
Unassigned Number No No
Network QoS DSCP No No
Media path optimization No No
9

Phone number management No No
CDR & billing reporting Yes Yes
Integration with call center solutions (Aspect) No Yes
Team call No YES
Delegation No Yes
Private line (secondary Direct Inward Dialing (DID)) No No
Call park No No
Outgoing DID manipulation No No
Voice features
Private dial plans No No
Hosted Exchange Unified Messaging (UM) for voice mail Yes Yes
ACP Integration with select carriers Yes Yes
'Voice integration with select carriers Yes Yes
Security and Archiving
IM & media encryption Yes Yes
IM filtering Yes Yes
Anti-malware scanning for meeting content and file transfers Yes Yes
IM archiving (server side) No Yes
10

SharePoint and Exchange Co-existence
Presence Integration with Exchange/SP on-premises Yes Yes
Presence integration with Exchange/SP online Yes Yes
On-premise UM integration with Exchange Online No No
UM integration with Exchange on-premises Yes Yes
Hybrid with Lync Online
Server/cloud co-existence (split domain) on user basis (some No No

users on-premises, some users online)
Splitting workloads (eg. Voice on-premises, IM&P in the cloud) No No
Administration and Manageability
Windows PowerShell support Yes Yes
Lync Server Control Panel UI No No
Feature Configurability Per User Yes Yes
Attendee/User Reporting No No
Reporting (CDR, QoE) Yes Yes
Support for 3rd party applications
Client automation APIs (client side) Yes Yes
Server side APIs Yes Yes
Support
11

Tenant User support No No
IT Support Yes Yes
1.4 Known Issues

The Lync Update Installer requires write permissions to the folder in which it is run. If you start
the installation from a read-only folder, the installer will present a blank list of updates to apply,
and the installation will not complete successfully.
You should copy the installation files to a location that is not read-only, and run Setup from that
location.
2 Determining Your Infrastructure Requirements

All servers running Lync Server 2013 must meet certain minimum system requirements. System
requirements for Lync Server 2013 include the server hardware, the operating system to be installed on
each server, and related software requirements, such as Windows updates and other software that
must be installed on the servers.
2.1 Hardware Requirements

Lync Server 2013 server roles and computers running Lync Server administrative tools require 64-bit
hardware.
The specific hardware used for a Lync Server 2013 deployment can vary depending on size and usage
requirements. This section describes the recommended hardware. Although these are
recommendations, not requirements, using hardware that does not meet these recommendations can
result in a significant impact on performance as well as other problems.
2.1.1 Hardware Requirements for Servers Running Lync Server 2013

The following table describes the recommended hardware for all servers where you plan to install Lync
Server 2013. These recommendations are based on a user pool of 80,000 users with eight Front End
Servers and one Back End Server.
Hardware Recommendations for Servers Running Lync Server 2013
Hardware component Recommended
CPU One of the following:
64-bit dual processor, quad-core, 2.0 GHz or higher
12
64-bit 4-way processor, dual-core, 2.0 GHz or higher
Intel Itanium processors are not supported for Lync Server 2013 server roles.
Memory 16 GB
Disk Local storage with at least 72 GB free disk space on a 10,000 RPM disk drive
Network 1 network adapter required (2 recommended), each 1 Gbps or higher
These recommendations are based on a maximum of 39,000 external users per Front End pool (which
follows the user model of 80,000 users per Front End pool, with 30% of users connecting externally and
1.5 multiple points of presence (MPOP).
2.1.2 Hardware Requirements for Back End Servers and Other Database
Servers
The requirements for the Back End Server and other database servers are similar to those of servers
running Lync Server 2013, except that Back End Servers require additional memory. The following table
describes the recommended hardware for a Back End Server or other database servers, based on an
80,000 user pool with eight Front End Servers and one Back End Server containing all databases required
for your Lync Server deployment.
Hardware Recommendations for Back End Servers and Other Database Servers
Hardware component Recommended
CPU One of the following:
64-bit dual processor, quad-core, 2.0 GHz or higher
64-bit 4-way processor, dual-core, 2.0 GHz or higher
Intel Itanium processors are not supported for Lync Server 2013 server roles.
Memory 32 GB recommended for Back End Server (with or without collocated Archiving
and Monitoring databases), 16 GB recommended for Archiving and Monitoring
database (not collocated with the Back End Server).
Disk Local storage with at least 72 GB free disk space on a 10,000 RPM disk drive
Network 1 network adapter required (2 recommended), each 1 Gbps or higher
13
2.2 Integration with Exchange Server

The Lync Server 2013 Multitenant Hosting Pack supports integration with Exchange Server 2010 SP3 or
latest Service Pack and Exchange 2013. You can configure integration with both hosted Exchange and
Exchange Server on-premises. This includes support for Exchange Unified Messaging (UM) for: presence,
IM, workload, conferencing, and VoIP servers and services.
To configure integration with hosted within the same hosting pack deployment cloud, follow the same
process for a Lync Server 2013 on-premises deployment. For more information, see Integrating
Microsoft Lync Server 2013 and Microsoft Exchange Server 2013 at http://technet.microsoft.com/en-
us/library/jj688098.aspx.
For more information about configuring integration with Exchange Unified Messaging, see the following
topics:
Deploying On-Premises Exchange UM to Provide Lync Server 2013 Voice Mail at
http://technet.microsoft.com/en-us/library/gg398768(v=ocs.15).aspx.
Providing Lync Server 2013 Users Voice Mail on Hosted Exchange UM at
To integrate the hosting pack with Exchange on-premises, you need to establish a MPLS or VPN
connection to the on-premises network, and then establish an Active Directory trust relationship
between the on-premises Active Directory and youre the Active Directory of the hosting provider where
the hosting pack is deployed.
You can also deploy the Lync Server Multitenant Hosting Pack into a multi-tenant Exchange Server 2010
forest as long as the Exchange Server 2010 deployment is in a supported state following the guidance
described here: http://technet.microsoft.com/en-us/exchange/hh563895.aspx.
2.3 Network Infrastructure Requirements

The requirements for your network infrastructure will vary greatly depending on your deployment, the
number of tenant users you need to support, and the features used by those tenants. For general
information about network infrastructure requirements for Lync Server 2013, see Network
Infrastructure Requirements at http://go.microsoft.com/fwlink/?linkid=204603.
Specific requirements for deploying the Lync Server Multitenant Hosting Pack, or requirements that
differ from those for Lync Server 2013 Enterprise Edition, are noted in the sections for the associated
deployment task.
It is important to understand the bandwidth implications for hosting providers and customers when
enabling a new tenant for your service. Bandwidth requirements vary greatly depending on the number
of users and which services are used by tenant users. As a hosting provider, you will need to plan the
network requirements with tenant customers by utilizing the same principles used in any other Lync
Server deployment.
In Lync Server Multitenant Hosting Pack, tenants are treated like branches where users are hosted at the
Central Site. The Lync bandwidth calculator should be used to get an idea of what the bandwidth
requirements required for tenants as branches that connect to the Central Site for Lync services.
The following Lync traffic will need to be supported on the hosting provider and tenant:
Signaling
14
Audio/Video Conferencing
PSTN calls
Tenant peer-to-peer calls will occur within the tenant network. Any conferencing traffic will be via the
hoster and tenant networks.
Its still recommended that tenants configure port based Quality of Service (QoS) on the internal
network if multiple locations will be on the hosted platform. Although some traffic will be traversing
through the internet, the peer to peer client communication can be maintained in higher QoS policies on
the tenants internal network by configuring static ports for different modalities for client connections.
For more information, see Network Bandwidth Requirements for Media Traffic at
http://technet.microsoft.com/en-us/library/jj688118(v=ocs.15).aspx.
2.4 Domain Name System (DNS) Requirements

To support client automatic configuration for all hosted domains, you must work with your hosted
customers to ensure that the required DNS records are created for each hosted domain. To facilitate
initial testing, this documentation assumes that hosting providers will follow the standard guidance to
configure a single supported SIP domain during initial deployment. That SIP domain is both publicly
registered and used as the Active Directory Domain Services domain for all servers running Lync Server
2013. It will be used for initial testing. The Provisioning Tenant Organizations section later in this
document covers adding DNS records, updating certificates, and other related steps.
2.5 Active Directory Domain Services Requirements

Deploy a pair of redundant Active Directory servers according to Exchange Server 2013 guidance. For
details, see Planning Active Directory in the TechNet Library at
The Lync Server 2013 Multitenant Hosting Pack supports a Single forest Active Directory environment
with User or Resource forests. For details about Active Directory and Lync Server 2013, see Active
Directory Domain Services Requirements, Support, and Topologies in the TechNet Library at
http://technet.microsoft.com/en-us/library/gg398760.aspx.
2.6 Load Balancing Requirements

We recommend that you use hardware load balancing for all supported roles. For details about
hardware load balancing in Lync Server, see Load Balancing Requirements in the TechNet Library at
http://go.microsoft.com/fwlink/?LinkId=235820, and Components Required for External User Access
in the TechNet Library at http://go.microsoft.com/fwlink/?LinkId=235821.
2.7 Port and Protocol Requirements

For details about port and protocol requirements for communications between Lync Server, see Ports
and Protocols for Internal Servers in the TechNet Library at http://technet.microsoft.com/en-
us/library/gg398833.aspx. Specific information about port and protocol requirements that differ from
Lync Server 2013 Enterprise are called out in the associated section of this document.
2.8 Certificate Requirements

For Lync Server 2013 certificate requirements, see Certificate Infrastructure Requirements in the
TechNet Library at http://technet.microsoft.com/en-us/library/gg398094.aspx.
15
Additional or specific certificate requirements are called out in the associated sections of this document.
2.9 Software Requirements

For web conferencing, the Lync Server 2013 Multitenant Hosting Pack also requires Office Web Apps and
the Office Web Apps Server (formerly known as WAC Server) to handle PowerPoint presentations. For
details, see Configuring Integration with Office Web Apps Server and Lync Server 2013 at
http://technet.microsoft.com/en-us/library/jj204792(OCS.15).aspx.
2.10 Reverse Proxy Configuration

For information about using Reverse Proxies with the Lync Server 2013 Multitenant Hosting Pack, see
the following articles:
Configuring Reverse Proxy Access to Microsoft Lync Using F5 BIG-IP Local Traffic Manager at
http://blogs.technet.com/b/nexthop/archive/2013/02/22/configuring-reverse-proxy-access-to-
microsoft-lync-using-f5-big-ip-local-traffic-manager.aspx.
Using IIS ARR as a Reverse Proxy for Lync Server 2013 at

http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-
lync-server-2013.aspx.
3 Understanding the Lync Server 2013 Multitenant

Hosting Pack
The Lync Server Multitenant Hosting Pack solution is an infrastructure layer that enables connection
between various technology solutions. Dependencies for the solution include Microsoft Exchange
Server, Exchange UM and Active Directory. Additionally the Lync Server Multitenant Hosting Pack can
also communicate with VoIP devices.
The logical infrastructure for Lync Server Multitenant Hosting Pack includes zones for edge systems,
proxy systems, data center systems, and VoIP. The server roles are focused within the edge system
roles, proxy roles for Exchange, data center roles for Active Directory, Lync Server Multitenant Hosting
Pack, and Exchange.
3.1 About Lync Server Multitenant Hosting Pack User Types

It is important to understand the different types of users to understand why server roles used in a Lync
Server Multitenant Hosting Pack deployment differ from those used in an enterprise deployment of Lync
Server 2013.
In a typical enterprise deployment of Lync Server 2013, there are the following types of users:
Internal users These users access Lync Server services from inside the corporate network.
External users These users have Lync Server user accounts and access Lync Server from outside
the corporate network.
Federated users These users have accounts with federated partners and access Lync Server
from outside the corporate network.
In a Lync Server Multitenant Hosting Pack deployment, there are the following types of users:
16
External users Also known as tenant users in this guide, these users have Lync Server user
accounts associated with a specific tenant, and access Lync Server from outside the hosts
network.
Federated users These users have accounts with federated partners and access Lync Server
from outside the hosts network.
3.2 Lync Server Multitenant Hosting Pack Server Roles

Edge Servers act as the first point of contact for requests coming from clients, federated traffic, and
media in a hosted deployment.
In a Lync Server Multitenant Hosting Pack deployment, incoming requests from tenant users go through
a proxy on the Edge Servers and are redirected to the appropriate Front End pool.
For the reference architectures included in this guide, all other server roles are the same as the roles for
Lync Server 2013. For details, see Server Roles in the TechNet Library at
3.3 Lync Server 2013 Control Panel

Some enhancements included in the Lync Server Multitenant Hosting Pack are not compatible with the
Lync Server Control Panel. For example, enabled users are not displayed in the User section of the Lync
Server Control Panel.
You should use the Lync Server Control Panel only in read-only mode. You should make all changes to
the topology, server configuration, or user configuration by using cmdlets in the Lync Server
Management Shell. For details, see Lync Server Management Shell in the TechNet Library at
Important There are no restrictions on the use of the Topology Builder tool. You can use Topology Builder as you
would normally with a Lync Server 2013 Enterprise Edition deployment.
4 Planning for the Lync Server Multitenant Hosting

Pack
This section provides information to assist you in planning and preparing for deploying the Lync Server
Multitenant Hosting Pack.
4.1 Example Topology

The topology described in this section illustrates the basic architectures necessary to support 20,000
tenant users with heavy business uses with approximately 75% concurrency and PSTN access. It is not
meant to describe an actual deployment, but rather as a starting point for planning a deployment. It
provides a high-level understanding of the architecture and scalability of the product
You should use the topology provided as a starting point in the planning process. Keep in mind that
youll need to customize the topology to meet the needs of your organizations expected usage profiles,
service level agreements, and cost control requirements.
17
Scaling estimates are based on testing done by Microsoft using Lync Server 2013 Enterprise Edition. For
details, see the following:
Running Lync Server on Virtual Servers in the TechNet Library at
Capacity Planning Using the User Models in the TechNet Library at

Estimating Voice Usage and Traffic in the TechNet Library at http://technet.microsoft.com/en-

us/library/gg398439(v=ocs.15).aspx.
4.1.1 About the Example Topology

The example topology is designed to support up to 20,000 tenant users that have PSTN access and
A/V/PSTN, and that primarily use MAPI (that is, Outlook Anywhere) at approximately 75% concurrency.
Server allocation provides basic redundancy for each server role with the exception of Monitoring and
Archiving, which do not support fault-tolerance.
Other assumptions about this architecture include the following:
Concurrency of use for the Exchange UM service will be <0.5%.
On average, only one in ten users is expected to be in a call at any given time. For details about
estimating voice usage and traffic, see Estimating Voice Usage and Traffic in the TechNet
Library at http://technet.microsoft.com/en-us/library/gg398439(v=ocs.15).aspx. Depending on
the percentage of calls using media bypass (including PC-to-PC calls), you may need fewer or
additional Mediation Servers in your environment.
The following figure illustrates the example topology.
18
Topology architecture
The following table provides details about the number and types of servers in the Topology, including
the processor and memory requirements for each. Operating System support includes the 64-bit
versions of the following:
Windows Server 2008 R2 with Service Pack 1 (SP1) Standard (required) or latest service pack
(recommended)
Windows Server 2008 R2 with SP1 Enterprise (required) or latest service pack (recommended)
Windows Server 2008 R2 with SP1 Datacenter (required) or latest service pack (recommended)
Windows Server 2012 Standard
Windows Server 2012 Datacenter
Servers in the Topology
Server role # of servers CPU cores RAM
Edge Server pool 2 4 16 GB
Front End pool 8 4 16 GB
19
Server role # of servers CPU cores RAM
Mediation Server 8 4 16 GB
Back End Server 2 4 32 GB
Monitoring/Archiving database 2 4 32 GB
4.2 Flexible Systems Scaling

It is possible to configure multiple Lync Server Multitenant Hosting Pack server roles on a single physical
or virtual server, but it is not recommended for any roles other than Monitoring and Archiving server
roles. For best performance and scalability, you should use one role per server. For example, as demand
for web conferencing services increases, you can increase the number of Front End Servers without
affecting other areas in the collaboration environment.
4.3 Role-specific Load Balancing and Fault Tolerance

Different server roles support different techniques and architectures for load balancing and fault
tolerance. Most Lync Server roles are designed to use DNS load balancing, a new feature in Lync Server
2013 implemented at the application level in both clients and servers. When used in a Lync Server
Multitenant Hosting Pack deployment, the requesting application retrieves a list of the IP addresses of
all available Front End Servers in a given pool and tries to connect with one after another until a
connection succeeds. In contrast, most SIP trunk providers need to be told in advance the IP addresses
of all Mediation Servers and will distribute incoming calls to those servers in a round-robin fashion. To
learn more about DNS load balancing for Lync Server 2013, see DNS Load Balancing in the TechNet
Library at http://technet.microsoft.com/en-us/library/gg398634(v=ocs.15).aspx.
Note: The hosting pack supports distributed load balancing, but for optimal performance in large scale
deployments, hardware load balancing is recommended.
The following table lists the load balancing technology per server role that service providers can use as a
guideline for deployment in a production environment to implement high availability and fault
tolerance.
Load Balancing Per Server Role
Server role Load balancing technology
Edge Server Hardware load balancers
Front End Server Hardware load balancers
External Web Services Integrated reverse proxy and load balancer or hardware load balancers
20
Server role Load balancing technology
Mediation Server outbound to PSTN Hardware load balancers
Mediation Server inbound from PSTN SIP Trunk Configuration
5 Migrating from the Lync Server 2010 Multitenant

Hosting Pack
If you are migrating from the Lync Server 2010 Multitenant Hosting Pack, follow the instruction in this
section. If you are not migrating, skip this section and proceed to the next.
The process for migrating includes deploying a Lync Server 2013 Multitenant Hosting Pack Front End
pool, and then configuring co-existence to add that pool to your Lync Server 2010 Multitenant Hosting
Pack topology.
5.1 Migration Prerequisites

You will need to perform the following tasks before starting the migration process:
1. Deploy a new SQL instance.
2. Deploy an Office Web Apps server.

See Configuring Lync Server 2013 to Work with Office Web Apps Server at
http://technet.microsoft.com/en-us/library/jj204944(v=ocs.15).
3. Create a new File share.

See Configure File Storage at http://technet.microsoft.com/en-us/library/jj205150(v=ocs.15).
4. Run the Microsoft Lync Server 2010 Best Practices Analyzer and confirm that there are no
critical issues for the Lync Server 2010 Multitenant Hosting Pack.
Caution Use only the LyncServerUpdateInstaller.exe provided with the Lync Server 2013 Multitenant Hosting
Pack. Do not use Microsoft Update to install the any Lync Server 2013 updates.
5.2 Performing the Migration

Prepare Active Directory for coexistence
1. On the server that will be the Front End server, run Setup.exe for the Lync Server 2013
Multitenant Hosting Pack.
2. Select Install Administrative Tools.
3. Install CsServices.msi from the ..\Setup\amd64\setup folder on the installation media. The file is
also copied to the following location when you install the Hosting Pack:
c:\programdata\microsoft\Lync server\deployment\cache\5.0.8308\setup folder
21
4. Open the Lync Server Management Shell, and run the following two cmdlets. You may need to
run "import-module LyncOnline" before running the cmdlets.
o Install-CsAdServerSchema
o Install-CsAdServiceSchema
5. In the Deployment Wizard, select "Prepare Active Directory"

(this should now be showing as partially complete)
6. Complete Step (3) Prepare Current Forest.
7. Complete Step (5) Prepare Current Domain.
Define the topology
1. On the Lync Server 2013 Multitenant Hosting Pack Front End server, open Topology Builder and
select Download Topology from existing deployment, and then choose a location to save the
topology.
2. In Topology Builder expand Lync Server 2013, then right-click Enterprise Edition Front End
pools, select New Front End Pool, and then complete the wizard.
3. Publish the topology.
Update the Lync Server 2013 Multitenant Hosting Pack Front End server
1. On the Lync Server 2013 Multitenant Hosting Pack Front End server, run setup.exe and complete
the following:
o Install or Update Lync Server System - complete steps 1-4
o Check that all Lync services start in Administrative Tools > Services.
2. Install the Lync Server 2013 backward compatibility tools from ..\amd64\setup\OCSWMIBC.msi
on the installation media.
3. Create the DNS A record for the Lync Server 2013 Front End pool on a DNS server.
4. Enable Remote User Access on the Lync Server 2010 Multitenant Hosting Pack Edge Pool.
Note Users homed on the new Lync Server 2013 Multitenant Hosting Pack Front End Pool will not be able to
login via the Lync Server 2010 Multitenant Hosting Pack Director/Front End pool.
5. Publish the Lync Server 2013 Multitenant Hosting Pack Front End pool external web services URL
on the reverse proxy.
Validate co-existence
1. Provision a new tenant and user on the Lync Server 2013 Multitenant Hosting Pack Front End
pool.
2. Configure a Lync client to use the Lync Server 2010 Multitenant Hosting Pack Access Edge
address on port 443 and verify sign-in.
22
3. Add a federated contact that is homed on the Lync Server 2010 Multitenant Hosting Pack pool,
and verify IM and Presence works in both directions.
4. Perform a "Meet Now" with the Lync Server 2013 Multitenant Hosting Pack user, and then add
the Lync Server 2010 Multitenant Hosting Pack federated contact, an external federated
contact, and a web participant. Test all modalities (AV, Whiteboard, PPT upload, etc.)
5.3 Migrating Tenants

The script included in this section will migrate one tenant at a time, including the tenant users that are
spread across multiple Lync Server 2010 Multitenant Hosting Pack pools.
To use the migration script
1. Configure Tenant OU base location in Migrate-TenantOrgV2.ps1 (line 46)

$TenantOrgBaseLocationStr ="OU=LHP Tenants,DC=uc-
world,DC=co,DC=uk"
2. Configure PoolMapping.csv with source and destination pools
3. Run the script with the following syntax:

Migrate-TenantOrgV2.ps1 TenantOrg <Tenant OU Name> -MappingFile
<PoolMapping.csv> MoveConferenceData <$True | $False> -ForceMove
<$True | $False>
Note When you run the script, you may receive a warning Failed to find content folder for user sip:<user SIP
address>. This message is generated when attempting to move a user with the Move-CsUser cmdlet and the user
has no stored meeting content. If no meeting content folder is found for the user, this message is displayed. If you
know that the user has no meeting content to move, you can safely ignore this warning.
5.3.1 Known Limitations

The following are known limitations of the script provided:
On the Tenant OU, the msRTCIP-DomainUrlMap requires populating to meet Lync Server 2013
Multitenant Hosting Pack requirements
On the Tenant users, the msRTCSIP-ObjectId needs populating to meet Lync Server 2013
Multitenant Hosting Pack requirements
5.3.2 Prerequisities
The script requires the following:
PoolMapping.csv the PoolMapping.csv file should include the Lync Server 2010 Multitenant
Hosting Pack Front End pools and the corresponding target Lync Server 2013 Multitenant
Hosting Pack pool that the users will be migrated to.
JDB-HelperCmds.dll this file is required for the script to run.
The method of supplying this file or code to compile is TBD
23
Migrate-TenantOrgV2.ps1 a script that migrates tenants
5.3.2.1 PoolMapping.csv
Create a .csv file in the following format, replacing the pool names with the pool names for your
deployment.
SrcPool,DstPool
V1FEPOOL.contoso.com,V2FEPool.fabrikam.com
5.3.2.2 Migrate-TenantOrgV2.ps1
#<#
#.Synopsis
#
#.Description
#
#.Parameter TenantOrg
#
#.Parameter MappingFile
#
#.Parameter MoveConferenceData
#
#.Parameter ForceMove
#
#.Example
#
#.Version
#
##>
param ( [parameter(Mandatory=$true)] [string] $TenantOrg,

[parameter(Mandatory=$true)] [string] $MappingFile,
[parameter(Mandatory=$true)] [Bool] $MoveConferenceData,
[parameter(Mandatory=$true)] [Bool] $ForceMove
)
# Import-module
import-module ActiveDirectory
import-module Lync
import-module LyncOnline
Import-Module .\JDB-HelperCmds.dll
#variables
$FailedMoves = 0
$SuccesfulMoves = 0
24
$FailedMoveUserList = New-Object System.Collections.ArrayList

$Today = get-date -uformat "%y-%m-%d-%H-%M-%S"
$LogFileName= "c:\lyncproject\Migrate-TenantOrg-"+$Today+".log"
$starttime = get-date
write-richlog -strLogText "### Starting Migrate-TenantOrg ###" -

strFileName $LogFileName -strSubSystem "Main" -intIdentLevel 1 -
logMode File -logLevel Informational
write-richlog -strLogText "Parameters: " -strFileName $LogFileName -
strSubSystem "Main" -intIdentLevel 1 -logMode File -logLevel
Informational
write-richlog -strLogText " Param - Mapping file : $($MappingFile)
" -strFileName $LogFileName -strSubSystem "Main" -intIdentLevel 1 -
write-richlog -strLogText " Param - Move conference data :
$($MoveConferenceData) " -strFileName $LogFileName -strSubSystem
"Main" -intIdentLevel 1 -logMode File -logLevel Informational
write-richlog -strLogText " Param - Force Move : $($ForceMove) " -
$TenantOrgBaseLocationStr ="OU=LHP Tenants,DC=uc-world,DC=co,DC=uk"
$TenantOrgOUStr = "OU=$($TenantOrg),$($TenantOrgBaseLocationStr)"
#Get list of user in Tenant Org

$TenantOrgUserList = Get-CsUser -OU $TenantOrgOUStr
write-richlog -strLogText "A total of $($TenantOrgUserList.count)
users were found." -strFileName $LogFileName -strSubSystem "Main" -
intIdentLevel 1 -logMode File -logLevel Informational
write-richlog -strLogText "User list:" -strFileName $LogFileName -
Informational
foreach($user in $TenantOrgUserList)
{
write-richlog -strLogText " $($user.SipAddress)" -strFileName
$LogFileName -strSubSystem "Main" -intIdentLevel 2 -logMode File -
logLevel Informational
}
#build list of pools

$PoolList = New-Object System.Collections.ArrayList
write-richlog -strLogText "Building Pool list" -strFileName
25
foreach($User in $TenantOrgUserList)
{
if($PoolList.Contains($user.RegistrarPool))
{
#list already includes pool
}
else
{
#pool is not in the list, adding
write-richlog -strLogText "Adding $($user.RegistrarPool) to
pool list." -strFileName $LogFileName -strSubSystem "Main" -
$rtn = $PoolList.add($user.RegistrarPool)
}
}
#build pool mapping hash table

write-richlog -strLogText "Importing pool mapping list" -strFileName
$PoolMappingList = ((get-content -Path $MappingFile) -replace ",","=")
-join "`n" | ConvertFrom-StringData
write-richlog -strLogText "Pool mapping imported, the following
mapping will be used:" -strFileName $LogFileName -strSubSystem "Main"
-intIdentLevel 1 -logMode File -logLevel Informational
foreach($pool in $PoolList)
{
write-richlog -strLogText " $($Pool) is mapped to
$($poolMappingList.get_item($pool.Friendlyname))" -strFileName
}
#foreach to move user to new pool

foreach($user in $TenantOrgUserList)
{
try
{
if($MoveConferenceData)
{
write-richlog -strLogText "Starting move of
$($User.SipAddress) including conference data from
$($user.RegistrarPool) to
$($PoolMappingList.get_Item($user.RegistrarPool.Friendlyname))" -
26

Move-CsUser -id $user.sipaddress -Target
$PoolMappingList.get_Item($user.RegistrarPool.Friendlyname) -
MoveConferenceData -Confirm:$False
}
else
{
write-richlog -strLogText "Starting move of
$($User.SipAddress) excluding conference data from
Confirm:$False
}
write-richlog -strLogText "Move for $($User.SipAddress)
complete" -strFileName $LogFileName -strSubSystem "Main" -
$SuccesfulMoves++
}
catch
{
write-richlog -strLogText "Move for $($User.SipAddress)
failed" -strFileName $LogFileName -strSubSystem "Main" -intIdentLevel
1 -logMode File -logLevel Error
if($ForceMove)
{
try
{
write-richlog -strLogText "Attempting force move for
$($User.SipAddress)" -strFileName $LogFileName -strSubSystem "Main" -
if($MoveConferenceData)
{
write-richlog -strLogText "Force moving of
$($User.SipAddress) including conference data from
MoveConferenceData -force -Confirm:$False
27
}
else
{
write-richlog -strLogText "Force moving of
$($User.SipAddress) excluding conference data from
$PoolMappingList.get_Item($user.RegistrarPool.Friendlyname) -Force -
Confirm:$False
}
}
catch
{
write-richlog -strLogText "Force move failed for
$($User.SipAddress)." -strFileName $LogFileName -strSubSystem "Main" -
intIdentLevel 1 -logMode File -logLevel Error
$FailedMoves++
$FailedMoveUserList.add($User.SipAddress)
}
}
else
{
write-richlog -strLogText "Force move will not be
attempted for $($User.SipAddress)" -strFileName $LogFileName -
Informational
$FailedMoves++
$FailedMoveUserList.add($User.SipAddress)
}
#report on move process

write-richlog -strLogText "#############POST RUN REPORT#############"
-strFileName $LogFileName -strSubSystem "Main" -intIdentLevel 1 -
write-richlog -strLogText " Tenant Org : $($TenantOrg)" -
28
write-richlog -strLogText " Numberof user found :

$($TenantOrgUserList.count)" -strFileName $LogFileName -strSubSystem
"Main" -intIdentLevel 1 -logMode File -logLevel Informational
write-richlog -strLogText " Numberof successful moves :
$($SuccesfulMoves)" -strFileName $LogFileName -strSubSystem "Main" -
write-richlog -strLogText " Numberof failed moves :
$($FailedMoves)" -strFileName $LogFileName -strSubSystem "Main" -
if($FailedMoves -gt 0)
{
write-richlog -strLogText " Failed move list:" -strFileName
foreach($user in $FailedMoveUserList)
{
write-richlog -strLogText " $($user)" -strFileName
}
}
write-richlog -strLogText "#########################################"
-strFileName $LogFileName -strSubSystem "Main" -intIdentLevel 1 -
write-richlog -strLogText "### Ending Migrate-TenantOrg ###" -
6 Deploying a New Lync Server 2013 Multitenant

Hosting Pack Deployment
The deployment of Lync Server 2013 Multitenant Hosting Pack is very similar to the deployment of Lync
Server 2013, Enterprise Edition. This document provides guidance only on which steps to complete, skip,
or modify to deploy the Lync Server Multitenant Hosting Pack successfully.
This section details where service providers must perform tasks other than the standard Lync Server
2013 tasks defined in Deploying Lync Server 2013 in the TechNet Library at
http://technet.microsoft.com/library/gg412892(v=ocs.15).aspx. Unless otherwise directed, follow all the
steps in that guide. Any steps to be added, skipped, or modified are noted as appropriate in the
remainder of this guide, and include a link to the applicable procedure.
29
6.1 Deploying the Topology

This section provides instructions on how to deploy Lync Server Multitenant Hosting Pack using the
example topology. This sample deployment is designed to support approximately 20,000 tenant users. It
includes guidance on how to integrate Lync Server with an existing Active Directory infrastructure, but
does not provide instructions on the initial deployment of that infrastructure. Note that the existing
infrastructure must not include any previous deployments of Lync Server 2013. It also includes a
summary of the process for creating private tenant organizations within Active Directory Instructions
about how to configure Exchange UM features to provide voice mail and other features for Lync Server
users are also included.
This documentation provides a staged approach to deploying a consolidated Lync Server Multitenant
Hosting Pack lab, starting with the minimum configuration required to get you up and running. The
initial Hosting Pack topology deployment described in this section includes the following environment
and components:
A single forest, single domain Active Directory structure
Two domain controllers with DNS and an Enterprise Root certification authority (CA)
An Edge pool consisting of two Edge Servers
An Enterprise Edition Front End pool consisting of two Front End Servers
A Mediation Server pool consisting of two Mediation Servers
A SQL Server-based Back End Server that also contains the Central Management store
A SQL Server-based Monitoring and Archiving back-end server database
A DFS file server hosting the Lync Server file store
A Lync Server Multitenant Hosting Pack deployment is different from a Lync Server 2013 Enterprise
Edition deployment in the following ways:
A different set of installation media is used. Hosting Pack installation media has been optimized
for hosts and is the only media supported for hosted, multitenant deployments.
No provision is made for internal users. All users are expected to connect over the Internet.
Procedures are provided to permit per-tenant Exchange Server dial plans without requiring
per-tenant Lync Server dial plans.
Other than the few procedural modifications required to accommodate the preceding, deployment
procedures are based on the following standard deployment process for Lync Server 2013 Enterprise
Edition:
Lync Server 2013: Deployment in the TechNet Library at http://technet.microsoft.com/en-
us/library/gg398664(v=ocs.15).aspx lists the standard procedures for deploying Lync Server
2013.
30
6.2 Change the Name and Domain of the Server Running Lync Server
It can be difficult to change server names after you deploy the Lync Server Multitenant Hosting Pack.
You should make sure the server names for the following roles are the name you want to use before you
start your deployment:
Edge Server
Front End
Mediation Server
To change the computer name and domain of a server
1. To open Server Manager, click Start, click Administrative Tools, click Server Manager.
2. In Server Manager, click Change System Properties.
3. In the System Properties, click Change.
4. In Computer Name/Domain Changes, click More.
5. On the DNS Suffix and NetBIOS Computer Name dialog box, do the following:
a. In the Primary DNS suffix of this computer field, enter the name of the external domain to
be used by Lync Server (for example, <externaldomain>.com).
b. Clear the Change primary DNS suffix when domain membership changes check box.
6. Click OK on each dialog box until you close the System Properties dialog box.
7. Verify that both the public domain name and the private Active Directory name are in the DNS
suffix search order for the IP address.
8. Restart the server to apply the changes.
6.3 Installation Media

To download and install the Lync Server 2013 Multitenant Hosting Pack software, you need to log on to
the Microsoft Volume Licensing Service Center at http://go.microsoft.com/fwlink/?LinkId=238381.
After the Setup Wizard starts, the installation proceeds as described in the standard Lync Server 2013
Enterprise Edition Deployment documentation in the TechNet Library documentation, with any
exceptions to those steps noted in this document.
6.4 Install the Lync Server 2013 Multitenant Hosting Pack

Use the Lync Server Multitenant Hosting Pack installation media for this procedure. To start the
installation, open Setup.exe in the \amd64 folder on the Front End server.
31
The installation media also includes a tool for applying patches to the Lync Server software,
\amd64\LyncServerUpdateInstaller.exe.
To begin your deployment, follow the procedures in the topics listed in the following table. Include each
of the child topics within the sections listed.
Checklist for Installing the Lync Server 2013 Multitenant Hosting Pack
Completed Topic
Deploying Lync Server 2013 Enterprise Edition
http://technet.microsoft.com/library/gg412892(v=ocs.15)
Preparing the Infrastructure and Systems
http://technet.microsoft.com/en-us/library/gg398205(v=ocs.15).aspx
Set Up Hardware and the System Infrastructure
System Requirements for Enterprise Edition Servers
Install Operating Systems and Prerequisite Software on Servers
Request Certificates in Advance (Optional)
Configure IIS
Configure SQL Server for Lync Server 2013
Configure DNS Records for a Front End Pool
32
Completed Topic
Defining and Configuring the Topology
Install Lync Server Administrative Tools
7 Define the Topology

When you perform the procedures for defining the topology, there are changes to two of the
procedures that you need to be aware of for a Lync Server Multitenant Hosting Pack deployment.
Note The Lync Server 2013 Planning Tool is not supported for the Lync Server Multitenant Hosting Pack.
These changes apply to the procedures in Defining and Configuring the Topology in the TechNet
Library at http://technet.microsoft.com/en-us/library/gg398339(v=ocs.15).aspx:
When performing the steps in Define and Configure a Topology in Topology Builder at
http://technet.microsoft.com/en-us/library/gg398788(v=ocs.15).aspx, you will be prompted to
provide a location and file name for saving the topology. Choose New Topology and follow the
instructions.
You do not need to specify additional supported domains at this time. Adding tenant SIP
domains is covered later in the Create Tenant SIP Domain and in the Provisioning Tenant
Organizations sections in this document.
The Topology Builder does not allow you to configure a topology in which the Edge Servers are
bypassed. Because of this, you must make some configuration changes to your topology to enable
communications between servers running Lync Server 2013. You should perform the steps described in
the following sections of this document after you deploy Lync Serve 2013 and the Lync Server 2013
Multitenant Hosting Pack:
Error! Reference source not found. Describes how to set Front End Servers to capture needed
information about NAT traversal. (In enterprise deployments, this information is captured by the
Edge Servers.)
Create Tenant DNS Records Lists the service records that you need to create and includes notes
about port usage.
7.1 Create a Front End Pool

When performing the steps in Define and Configure a Front End Pool in the TechNet Library at
http://technet.microsoft.com/en-us/library/gg398538(v=ocs.15).aspx, create a new Enterprise Edition
33
Front End pool. Continue to follow the steps provided, applying the modifications as described in the
following list:
1. When defining the computers in this pool, use the fully qualified domain names (FQDNs) of the
computers that will be in the Front End pool. These servers are FE0101 and FE0102 in the
architecture, where the first two digits represent the pool number (in this case there is just one),
and the second two digits represent the server within the pool (in this case 01 and 02).
2. On the Select features page, select all features.
3. On the Select collocated server roles page, leave all options unselected.
4. On the Associate server roles with this Front End pool page, leave all options unselected. You
will update the topology when these server roles are deployed in later steps.
5. On the Define the SQL store page, define a new SQL database, specifying the FQDN and
(optionally) named instance you created earlier according to Configure SQL Server for Lync
Server 2013.
6. Complete all remaining steps in Define and Configure a Front End Pool in the TechNet Library
at http://technet.microsoft.com/en-us/library/gg398538(v=ocs.15).aspx.
7. After you define and configure your topology, proceed with all steps listed in Finalizing and
Implementing the Topology Design in the TechNet Library at http://technet.microsoft.com/en-
7.2 Configure Front End Servers

You can complete most of procedures involved in Setting Up Front End Servers and Front End Pools in
the TechNet Library at http://technet.microsoft.com/en-us/library/gg398827(v=ocs.15).aspx with the
following exceptions:
The Bootstrap local machine process assumes that a great number of language packs are
installed and will raise errors for any not installed. It is safe to ignore these errors for any
languages that you dont intend to use.
7.3 Update the SQL Server Databases

After you configure your Front End servers, you will need to update the SQL Server databases so that
they are compatible with the updates applied with the Lync Server Update tool.
To update the SQL Server databases
1. On all Front End servers, open the Lync Server Management Shell and run the following cmdlet
to stop Lync Server services:
Stop-csWindowsService
2. On one of the Front End servers, run the following cmdlet to update the databases:
Install-CsDatabase -Update -ConfiguredDatabases SqlServerFqdn
<SQL Server FQDN>
3. On all Front End servers, run the following cmdlet to restart Lync Server services:
34
Start-csWindowsService
7.4 Add Server Roles

Except where noted in this section, you can follow the standard procedures for Adding Server Roles in
the TechNet Library at http://technet.microsoft.com/en-us/library/gg412794(v=ocs.15).aspx. You need
to deploy the following additional server roles:
Edge Servers Instructions for service providers are provided in the Deploy Edge Servers
section later in this document.
Enterprise Voice (Mediation Servers)
Dial-in Conferencing For an overview, see the Overview of the Audio Conferencing Provider
later in this document.
Monitoring
Archiving
Response Group
Note Do not add the Call Park application because it is not supported in the Lync Server Multitenant Hosting Pack.
7.5 Deploy Edge Servers

The guidance in this section and in the Provisioning Tenant Organizations and Tenants section later in
this document describes how to implement these configurations. Follow the standard guidance in
Deploying External User Access in the TechNet Library at http://technet.microsoft.com/en-
us/library/gg398918(v=ocs.15).aspx unless otherwise directed as follows:
When you follow the steps in Configure DNS for Edge Support in the TechNet Library at
http://technet.microsoft.com/en-us/library/gg398756(v=ocs.15).aspx , you must configure the
DNS records for the initial test SIP domain. Configure the SRV record to point to the Edge Server
pool.
When you perform the steps in Configure the DNS Suffix for Edge Servers in the TechNet
Library at http://technet.microsoft.com/en-us/library/gg398756(v=ocs.15).aspx, set the DNS
suffix to the value to the name of the external domain used by the Lync Server deployment.
7.6 Define the Edge Topology

To be consistent with instructions provided in Defining Your Edge Topology in the TechNet Library at
http://technet.microsoft.com/en-us/library/gg398591(v=ocs.15).aspx, this document assumes that
youre using DNS load balancing. If you choose to use hardware load balancing for the Edge Server pool,
see the task for for doing so later in the same topic.
Also, this deployment guide assumes that the external Edge interfaces are not configured to use NAT. If
you choose to use NAT for this purpose, you will need to develop your own procedures for doing so.
Complete the steps to Define the Topology for a DNS Load Balanced Edge Pool in the TechNet Library
at http://technet.microsoft.com/en-us/library/gg398591(v=ocs.15).aspx.
35
7.7 Monitoring
For details about Monitoring, see Deploying Monitoring in the TechNet Library at
8 Post-Installation Configuration
You must complete the tasks in this section after you complete the installation.
8.1 Install Additional Components

You need to install a few more components on all Front End Servers, Edge Servers, Mediation Servers,
Monitoring Server, and Archiving Servers before you can complete the post-installation configuration
process.
Run the following Windows Installer scripts from an elevated command prompt on every instance of
these servers before proceeding:
\Setup\CSServices.msi
8.2 Modify Lync Server Management Shell

The Lync Server Multitenant Hosting Pack includes an additional Windows PowerShell module
(included in the CSServices.msi file) that provides cmdlets used in the management of tenants and other
aspects of the hosted solution. Modification of the Lync Server Management Shell is done automatically
during setup of the hosting pack.
After you run setup, run the following cmdlet each time you open the Lync Server Management Shell:
Import-Module LyncOnline
Note This step is not necessary if you are running Windows Server 2012.
8.3 Update Active Directory for Hosted Management Services

The Lync Server 2013 Hosting Pack includes tools to update the Active Directory schema and create a
root organizational unit for Lync resellers and tenants. To use them, open the Lync Server Management
Shell with elevated permissions (open as administrator) on a server that has Active Directory tools
installed, and run the following cmdlets:
Install-CsAdServiceSchema
Enable-CsAdForest
Enable-CsAdDomain
(Get-CsTopology -AsXml).ToString() > C:\Topology.xml
36
Publish-CsTopology -FileName "C:\Topology.xml"
Enable-CsTopology
Enable-CsServiceTopology
The first command extends the Active Directory schema to include information required by the Lync
Server 2013 Hosting Pack. The second command prepares the Active Directory forests for operation of
the Lync Server 2013 Hosting Pack. The third command prepares the Active Directory domain for the
Lync Server 2013 Hosting Pack. The remaining commands re-publish and enable the topology.
Part of the Active Directory domain preparation is the creation of the root tenant OU, \OCS Tenants.
Tenants can be created either directly in this directory, or in one or more levels of nested reseller OUs.
8.4 Global Client Policies for Address Book Web Query

The Lync Server 2013 Hosting Pack is designed to allow clients to use only the Address Book Web Query
service, and not the Address Book Service that can be used in Lync Server 2013 Enterprise Edition. The
following cmdlet demonstrates how to configure the Address Book server for all users by setting the
global client policy to allow only the Address Book Web Query service:
Set-CsClientPolicy Identity global -AddressBookAvailability
WebSearchOnly
This command sets the AddressBookAvailability parameter to WebSearchOnly. Keep in mind that if
client policies are set at the site or user level, these policies must also have the AddressBookAvailability
parameter set to WebSearchOnly. For example, if there is a client policy for users on the Redmond site,
you must set the AddressBookAvailability property of that policy:
Set-CsClientPolicy Identity site:Redmond AddressBookAvailability
WebSearchOnly
8.5 Lync Server Dial Plans

Dial plans in Lync Server are distinct from dial plans in Exchange UM. Dial plans, which were called
location profiles in Microsoft Office Communications Server 2007, do not route calls to Exchange by
matching the name of the Lync Server dial plan to the name of the Exchange dial plan. Instead, calls are
routed in part by matching the Lync Server users SIP address with their SIP unified messaging extension.
As a result, Lync Server administrators can create one or more Lync Server dial plans based on
geography, tolling or other considerations and employ them without regard to the tenant to which a
user belongs.
To create a new Lync Server dial plan, run a command similar to the following from the Lync Server
Management Shell:
New-CsDialPlan Identity Site:Seattle SimpleName SeattleDialPlan
37
When you create a dial plan, a default normalization rule is associated with that dial plan. You should
modify that normalization rule to apply to the dial plan. Here is an example of modifying a normalization
rule for the SeattleDialPlan we just created:
New-CsVoiceNormalizationRule Identity Site:Seattle/SeattlePrefix
Pattern ^9(\d*){1,5}$ Translation +1206$1
The preceding dial plan was created at the user scope, which means it must be assigned directly to the
user or users to whom it will apply. To assign a dial plan to a user, use the Grant-CsDialPlan cmdlet:
Grant-CsDialPlan Identity john@contoso.com PolicyName
"SeattleDialPlan"
8.6 Integration with on-premises PBX or Call Center

For more information about integrating the hosting pack with an on-premises PBX, see Direct SIP
Deployment Options at http://technet.microsoft.com/en-us/library/gg398672(v=ocs.15).aspx.
If the IP PBX is not qualified for Lync Server you can use a Sessions Border Controller (SBC). For more
information, see Components and Topologies for SIP Trunking at http://technet.microsoft.com/en-
8.7 Changing the Root OU

You can change the root organizational unit (OU) when installing the Lync Server 2013 Multitenant
Hosting Pack in an Active Directory environment that already has an organizational unit for tenants, or
when you want to change the root tenant OU for any reason. This procedure describes how to use
ldp.exe to change the otherWellKnownObjects attribute to point to the root tenant OU.
To change the root OU for a tenant
1. Run ldp.exe.
2. In the Connection menu, click Connect.
3. In the Connection menu, click Bind.
38
4. In the View menu, click Tree and select the configuration partition from drop-down menu, then
click OK.
Note: The configuration partition option is the one that begins with CN=Configuration.
5. Right-click the root node, select Modify, and then do the following:
a. In the Edit Entry box, enter otherWellKnownObjects for Attribute and
B:32:DE8197E3283B2C439A62F871E529F7DD:<DN of root tenant OU here> for
Values.
b. In the Operation box, select Replace and then click Enter.
c. Click Run.
6. On the Connection menu, click Exit to close ldp.exe.
8.8 Configuring Mobility

Mobility support for your Lync Server 2013 Multitenant Hosting Pack deployment is configured the same
as for a Lync Server 2013 on-premises deployment.
In order to enable mobility for your deployment, you must request and be provisioned for an FQDN
access proxy, which enables Push notification. Push notifications are required for Windows mobile
devices, and work on Android and iPhone devices.
To request provisioning, you will need to send a request, including the FQDN of your Access Proxy, to
hostlync@microsoft.com.
For more information about configuring mobility, see the following topics in the TechNet library:
Planning for Mobility at http://technet.microsoft.com/en-us/library/hh689981(v=ocs.15).aspx
Deploying Mobility at http://technet.microsoft.com/en-us/library/hh690055(v=ocs.15).aspx
Autodiscover Service Requirements at http://technet.microsoft.com/en-
us/library/hh690012(v=ocs.15).aspx
9 Provisioning Tenant Organizations

After you deploy the Lync Server 2013 Hosting Pack, including the Edge Server, Front End Server, Back
End Server, and Mediation Server, you can provision tenant organizations. Before you can provision
individual users, you must create tenant organizations in Active Directory, Lync Server, and Exchange
Server by following the steps in this section.
9.1 Create and Secure the Organizational Units

By default, the Lync Server 2013 Hosting Pack is configured so that tenant OUs are created under the
root organizational unit called \OCS Tenants. Many hosting providers will want to represent reseller
organizations as subordinate OUs (sub-OUs), each with sub-OUs representing tenants. You should use
Active Directory permissions or other suitable mechanisms to ensure that management tools have
adequate access to the tenant OU, and that other tenants do not have inappropriate access.
39
9.2 Set TenantId and ObjectId

Lync Server 2013 Hosting Pack uses the Active Directory attributes msRTCSIP-TenantId and msRTCSIP-
ObjectId to associate tenant OUs with individual users, so you must copy the tenant OUs to those
attributes. You can use Windows PowerShell commands from the Active Directory module to create this
association. To use the Active Directory cmdlets you must either import the Active Directory module
into your Windows PowerShell or Lync Server Management Shell window, or you must run the
commands from the Active Directory Module for Windows PowerShell window. The Active Directory
module is installed by default on your domain controller. To import the Active Directory module, run the
following command at the Windows PowerShell prompt:
Import-Module ActiveDirectory
Alternatively, to open the Active Directory Module for Windows PowerShell window, on the Start menu,
click Administrative Tools, and then click Active Directory Module for Windows PowerShell.
The following commands will copy the tenant OU, based on the globally-unique identifier (GUID) of the
OU, into the msRTCSIP-TenantId and msRTCSIP-ObjectId attributes.
$OU = "OU=fabrikam,OU=OCS Tenants,DC=litwareinc,DC=com"
$OUObject = Get-ADOrganizationalUnit -Identity $OU
$GUID = $OUObject.ObjectGUID
The first line in the preceding commands sets a variable to the full LDAP path of the OU we want to set.
The second line calls the Get-ADOrganizationalUnit cmdlet to retrieve that OU, storing it the variable
$OUObject. The third line retrieves the GUID, stored in the ObjectGUID property, of the OU and stores it
in another variable ($GUID). Next we need to set the msRTCSIP-TenantId and msRTCSIP-ObjectId
properties.
$OUObject |Set-ADOrganizationalUnit -Replace @{'msRTCSIP-
TenantId'=$GUID}
$OUObject |Set-ADOrganizationalUnit -Replace @{'msRTCSIP-
ObjectId'=$GUID}
In these two lines we pipe the OU object that is stored in our $OUObject variable to the Set-
ADOrganizationalUnit cmdlet. Set-CsADOrganizationalUnit has a number of parameters that allow you
to directly set Active Directory properties, such as Server, City, and PostalCode. For the less-commonly
used properties, such as msRTCSIP-TenantId, we use the Replace parameter, passing it the name of the
property we want to set and the value we want to set it to. Using the Replace parameter will replace any
value or values currently stored in that property with the value you specify.
Finally, we retrieve all the users in the specified OU and set the msRTCSIP-GroupingId and msRTCSIP-
TenantId properties to the GUID of the OU:
Get-ADUser -LDAPFilter "(ObjectClass=user)" -SearchBase $OU -
Properties msRTCSIP-GroupingID,msRTCSIP-PrimaryUserAddress,comment
|Set-ADUser -Replace @{'msRTCSIP-GroupingID'=$GUID}
40
Get-ADUser -LDAPFilter "(ObjectClass=user)" -SearchBase $OU -

Properties msRTCSIP-GroupingID,msRTCSip-TenantID,msRTCSIP-
PrimaryUserAddress,comment |Set-ADUser -Replace @{'msRTCSip-
TenantID'=$GUID}
The first thing we do in each of these commands is to retrieve all the users in the OU. We do that by
calling the Get-ADUser cmdlet and passing values for the LDAPFilter and SearchBase parameters. The
LDAPFilter value specifies that we want to retrieve all users who actually are users, meaning their
ObjectClass property has a value of user. The SearchBase property is set to the FQDN of the OU (which
we stored previously in the $OU variable). Notice that we also supply values for the Properties
parameter. This isnt necessary, but it will speed up your query by limiting the amount of data about
each user that is returned. This is especially useful if youre running these commands over a remote
session.
After weve retrieved all the users in the specified OU, we pipe that information to the Set-ADUser
cmdlet, which will modify the settings for each of those users. We again use the Replace parameter, this
time replacing the value in the msRTCSIP-GroupingId property with the GUID of the OU. Finally, we do
the exact same thing, but this time replacing the value of the msRTCSIP-TenantId property with the
GUID.
9.2.1 Set the DomainUrlMap Attribute

You will also need to configure the msRTCSIP-DomainUrlMap attribute in the following format:
<TenantSipDomain#<HosterBaseMeetingUrl>/<TenantSipDomain>. You can set the value by using
ADSIEdit or other tool.
9.3 Add UPN Suffix to Tenant OU

To enable users in the tenant OU to have user principal names (UPNs) that match their email and SIP
addresses, the domain must be added as a permitted UPN suffix to the tenant OU. Use ADSIEdit or other
tool to add the domain to the OUs uPNSuffixes property.
9.4 Create Tenant SIP Domain

To provide customized behaviors for a tenant-specific SIP domain (referred to in this document as
tenant SIP domain), Lync Server needs to be aware of the domain.
If a domain is added to your deployment, it will be added to the list of supported domains in Topology
Builder. However, meeting URLs are not automatically added, which will result in an error in Topology
Builder. After a domain is added to your deployment, you will need to manually edit the topology file to
allow users to be configured with any supported SIP domain.
To manually edit the topology file for your deployment
1. Run the following cmdlet to retrieve your topology file, replacing the path with the correct path
for your environment.
(Get-CsTopology -AsXml).ToString() > C:\Topology.xml
2. Edit the topology.xml file using Notepad, and find the InternalDomains AllowAllDomains="false"
section. Change the value for the section from "false" to "true".
The value is case-sensitive.
41
3. Run the following cmdlet to publish the updated topology.

Publish-CsTopology -FileName "C:\Topology.xml"
Next, use ADSIEdit or other tool to add the domain to the msRTCSIP-Domains attribute of the tenant
OU. Afterward, you should see the domain listed when querying the properties of the tenant:
Get-CsTenant | Format-Table -AutoSize Id,Domains
Id Domains
-- -------
OU=fabrikam.com,OU=OCS Tenants,DC=fabrikam,DC=com {fabrikam.com}
OU=fabrikam.net,OU=OCS Tenants,DC=fabrikam,DC=net {fabrikam.net}
9.5 Configure Exchange Email

Use tools and procedures of your choice to configure the tenant OU with email, including one or more
SMTP domains and private address lists.
9.6 Configure Exchange Unified Messaging

To configure Exchange UM, you need to perform steps on servers running Exchange and Lync Server.
For more information about configuring Exchange UM, see the following topics:
Planning for Exchange Unified Messaging Integration at http://technet.microsoft.com/en-
us/library/gg399031(v=ocs.15).aspx
Deployment Process for Integrating On-Premises Unified Messaging and Lync Server 2013 at
Deploying On-Premises Exchange UM to Provide Lync Server 2013 Voice Mail at
Providing Lync Server 2013 Users Voice Mail on Hosted Exchange UM at
9.6.1 Create Tenant Exchange Dial Plan and Exchange UM Mailbox Policy
To enable users for Exchange UM, they must be assigned a dial plan and Exchange UM mailbox policy. In
order for each tenant organization to have its own dial-by-name directory and other forms of privacy,
each tenant must be assigned to a different dial plan. A tenant dial plan and associated Exchange UM
mailbox policy can be created using the following Exchange 2013 Management Shell command:
New-UMDialplan -Name "<TenantDialPlanName>" -UriType SipName -
NumberofDigitsInExtension <TenantExtensionDigits> -VoIPSecurity
Secured -CountryorRegionCode 1 -GenerateUMMailboxPolicy $true -
AccessTelephoneNumbers <TenantAccessTelephoneNumber>
42
This example uses variables as placeholders that you should replace with real values when provisioning
a tenant:
TenantDialPlanName A unique name for the dial plan. It is advantageous for troubleshooting
purposes to have the TenantDialPlanName reflect the name of the tenant and reseller.
TenantExtensionDigits The number of digits to be used in Exchange UM extensions. Note that

to simplify management, full 10-digit phone numbers were used when developing this
documentation.
TenantAccessTelephoneNumber This is the E.164 telephone number or numbers that users

will call to retrieve their voice mail and otherwise interact with Outlook Voice Access.
Heres an example of what this command might look like:

New-UMDialplan -Name "FabrikamDP" -UriType SipName -
NumberofDigitsInExtension 10 -VoIPSecurity Secured -
CountryorRegionCode 1 -GenerateUMMailboxPolicy $true -
AccessTelephoneNumbers "+12065551234"
The UriType specifies the URI type that will be sent and received with SIP messages. Possible values are
SipName, E164, and TelExtn. The VoIPSecurity parameter can have a value of Secured, SIPSecured, or
Unsecured. GenerateUMMailboxPolicy is True by default, which indicates that we want to create an
Exchange UM mailbox when the dial plan is created.
9.6.2 Assign Tenant Dial Plan to All Available Exchange UM Servers

After creating the Exchange UM dial plan you must associate it with an Exchange UM server. To do this,
user a command such as the following from the Exchange Management Console:
Set-UmServer Identity UMServer1 DialPlans Fabrikam1
9.6.3 Update Exchange UM/Lync Server Integration Configuration

Microsoft provides the script exchucutil.ps1, located in the scripts subfolder of the Exchange installation
folder on Exchange UM servers, to automate the following tasks:
Create an Exchange UM IP gateway representing each Front End pool. This allows calls to be
routed between the Exchange and Lync Server platforms.
Create an Exchange UM hunt groups for each dial plan. This links the configuration of each dial
plan to the Exchange UM IP gateway by creating hunt groups including each of the
TenantAccessTelephoneNumbers.
Grant Lync Server permission to read Exchange UM Active Directory objects.
During testing, this script was run repeatedly without damaging existing dial plans or other Exchange
UM configurations. For additional safety and efficiency, hosts may want to develop modified versions of
exchucutil.ps1 that perform only the functions specific to a new tenant.
43
9.6.4 Create Lync Server Contacts for Exchange UM Subscriber Access

For Lync Server to route calls to and from Exchange Server, it needs to configure contact objects
representing Exchange UM objects. To configure these contacts, use the Exchange UM Integration
Utility.
1. On a Front End Server, open a command prompt as an administrator: click Start, click
Accessories, right-click Command Prompt, and then click Run as Administrator.
2. Type the following command and then press Enter:

cd %CommonProgramFiles%\Microsoft Lync Server 2013\Support
3. To run the Exchange UM Integration Utility, type the following command and then press Enter:
OcsUmUtil.exe
4. Click Load Data. You should see all of the Exchange Server dial plans listed in the left column,
SIP Dial Plans, but with no contacts listed for the most-recently added dial plan.
5. Click Add, and then fill in the required information as follows:
o Dial Plan This should be auto-populated with the correct information.
o Organizational Unit For the purpose of developing this documentation, all Lync Server
contacts related to Exchange UM were stored in a root-level OU named Lync UM
Contacts.
o Name The name of the dial plan should appear automatically.
o SIP Address This should take the form of sip:<PhoneContext of the dial plan, as reported
by the Exchange Management Shell cmdlet get-umdialplan>@<TenantSipDomain> (for
example, sip:exumcontact@fabrikam.com).
o Server or pool Select your Front End pool, not your Director pool.
o Phone Number This should be one of the E.164 phone numbers contained in the
AccessTelephoneNumbers property, as reported by the Exchange Management Shell
cmdlet Get-UMDialPlan.
o Contact Type Subscriber Access.
6. Click OK. After you have created the contact, you will still see a red exclamation point and the
following error message:
A location profile has not been created that matches this dial plan. Until a location profile is
created, the UM play-on-phone and call transfer features may not work (ignore this error for
Exchange 14 SP1 and above).
44
As the error message states, you can safely ignore it. Avoid creating a Lync Server dial plan that
matches the Exchange Server dial plan.
7. To be able to associate UM-related contacts with a tenant organization, Lync Server 2013
Hosting Pack uses the Active Directory attribute msRTCSIP-TenantId to associate tenant OUs,
users, and contacts. You can create this association by running the following commands as an
administrator at an Active Directory Module for Windows PowerShell command prompt, which
will copy the tenant OUs globally-unique identifier (GUID) into the msRTCSIP-TenantId and
msRTCSIP-GroupingId attributes of the contact:
$OU = "OU=fabrikam,OU=OCS Tenants,DC=litwareinc,DC=com"
$Contact = "CN=tenant1,OU=fabrikam,OU=OCS
Tenants,DC=litwareinc,DC=com"
$GUID = $OUObject.ObjectGUID
Get-ADObject -Identity $Contact -Properties msRTCSIP-

GroupingID,msRTCSIP-TenantID |Set-ADObject -Replace @{'msRTCSIP-
GroupingID'=$GUID}

GroupingID,msRTCSIP-TenantID |Set-ADObject -Replace @{'msRTCSip-
TenantID'=$GUID}

GroupingID,msRTCSIP-TenantID |Format-Table -AutoSize
name,msRTCSIP-GroupingID,msRTCSIP-TenantID
These commands begin by setting some variables that will be used to retrieve and set information. The
first variable we set is $OU, which contains the distinguished name (DN) of the OU you want to work
with. The second variable, $Contact, contains the DN of the contact you want to associate with the OU.
Next, call the Get-ADOrganizationalUnit command, passing it the DN of the OU to retrieve the OU
object, and then store that object in the $OUObject variable. Finally, you retrieve the GUID for that OU
object from the ObjectGUID property and store it in the $GUID variable.
Now you are ready to set the contact attributes in the same way that you set the attributes on the users
as described previously in the Set TenantId and ObjectId section.
10 Configuring Federation
Federation makes it possible for external users who are not users on your domain, including
authenticated and anonymous remote users, federated partners, mobile clients and users of public
instant messaging (IM) services, to communicate with other users in your organization using Lync
Server.
45
10.1.1 Enabling a Tenant for Federation

To enable a tenant for federation, run the Set-CsTenantFederationConfiguration cmdlet on that tenant
and set the AllowFederatedUsers parameter to True, as shown in the following command:
Set-CsTenantFederationConfiguration -Tenant [TenantID] -
AllowFederatedUsers $true
10.1.2 Getting Tenant Federation Settings

To retrieve the settings for a particular tenant, use the following command:
Get-CsTenantFederationConfiguration -Tenant [TenantID]
Note that unlike most Lync Server Get-* cmdlets, you cannot call Get-CsTenantFederationConfiguration
with no parameters to return all configurations, you must specify a Tenant ID. Tenant IDs are in the form
of a GUID. For example, your command to retrieve a tenant federation configuration will look something
like this:
Get-CsTenantFederationConfiguration -Tenant 595b58ab-3137-406a-a32b-
32e23fc8b56b
Another way to retrieve a tenant federation configuration would be to first retrieve the tenant ID, save
the ID to a variable, then pass that variable to the Get-CsTenantFederationConfiguration cmdlet, as
shown in the following commands:
$t = Get-CsTenant | Where-Object {$_.DisplayName eq "Tenant1"}
Get-CsTenantFederationConfiguration Tenant $t.TenantId
The first command calls Get-CsTenant to retrieve all tenants, and then it pipes that list of tenants to the
Where-Object cmdlet. Where-Object looks for the tenant with a DisplayName that is equal to (-eq)
Tenant1. That tenant is saved to the variable $t. Now when we call Get-
CsTenantFederationConfiguration we can pass the TenantId value for the tenant we just retrieved. By
using these commands we were able to retrieve a tenant federation configuration without having the
type in a GUID.
10.2 Configure Tenant Federation Settings

Tenants may want to allow their users to communicate with some, all, or no other tenants; or with
outside organizations. The following are examples of how you can use Lync Server Management Shell
commands to achieve the federation settings you want for a tenant.
You can configure federation without the need for SAN certificates for AutoConfig and federation. To
accomplish this, do the following:
Have all tenants federation partners add their hoster as a Hosting Provider as described in
Configuring Federation Support for a Lync Online Customer at
http://technet.microsoft.com/en-us/library/hh202193(v=ocs.15).aspx
46
Have all tenants create an automatic setup script for Lync clients to add the FQDN for the
hosting provider as described at http://support.microsoft.com/kb/2531068/en-
us?wa=wsignin1.0
When configuring federation between hosted tenants, where one tenant uses SAN certificates
(sip.tenantdomain.com) on their Edge server and another does not, you should use the following
cmdlets to add each tenant domain individually instead of adding the tenant as a trusted hosting
provider.
New-csalloweddomain [tenantdomain.com]
Set-csalloweddommain identity tenantdomain.com proxyfqdn
FQDN.to.hostingLPH.Edge
You will need to run these cmdlets for each tenant in your deployment that you want to enable
federation for, but this method allows you to also enable federation for the tenants using Edge
certificates by using the same process.
10.2.1 Configuring federation with an on-premises deployment in

another organization
You can configure federation between your Hosting Pack deployment and an on-premises Lync Server
deployment in another organization. To do so, enable federation between your hosted tenant and the
domain of the on-premises Lync Server deployment. The hosting provider can do this by enabling open
federation on the Access Proxy. Then, the on-premises deployment needs to configure the hosting
provider Access Proxy FQDN as a hosted cloud. The hosting provider then adds the on-premises domain
to the Allow list, and allows only the hosted tenant domain from the on-premises deployment.
For example, if you want to enable federation between your tenant domain, contoso.com, and an on-
premises Lync Server deployment in another domain, fabrikam.com, you can:
1. Configure federation between contoso.com and fabrikam.com.
See Configure Support for Allowed External Domains at http://technet.microsoft.com/en-

us/library/gg425908(v=ocs.15).aspx and Setting Up Lync Federation at
http://technet.microsoft.com/en-us/library/jj204800.aspx.
2. Configure the on-premises deployment to add the hosting deployment as a hosted cloud.
See Managing Federation and External Access to Lync Server 2013 at

3. Configure the hosted deployment to add the on-premises domain to the Allow list.
To allow a tenant to communicate with other domains, you must add those domains to the
Allow list. To add domains to the Allow list for a tenant, run the following commands:
$d1 = New-CsEdgeDomainPattern -Domain "fabrikam.com"
$d2 = New-CsEdgeDomainPattern -Domain "contoso.com"
$a = New-CsEdgeAllowList -AllowedDomain @{replace=$d1,$d2}
47
Set-CsTenantFederationConfiguration -Tenant [TenantID]-

AllowedDomains $a
The first two commands call the New-CsEdgeDomainPattern cmdlet. This cmdlet creates the
domain object that will be added to the Allow list. Notice that we assigned the results of these
commands to variables ($d1 and $d2). If you dont assign the new object to a variable, that
object will be created only in memory and will not be saved.
Next, we call New-CsEdgeAllowList with the AllowedDomain parameter. We add the two
domains we just created to the Allow list and save the list object to the variable $a. Like New-
CsEdgeDomainPattern, the object is created only in memory so we must save it to a variable.
Finally, we call Set-CsTenantFederationConfiguration, specifying the ID (that is, the GUID) of the
tenant we want to modify as the value for the Tenant parameter, and the list we just created as
the value for the AllowedDomains parameter.
10.2.2 Configuring federation with other Hosting Pack deployments

You can also configure federation between two fully-hosted tenant organizations. To do so, add each
tenant to the other tenants Allow list, as described previously. For example, if you want to enable
federation between fabrikam.com and contoso.com, use the following steps.
Add "fabrikam.com" as an ALLOWED partner on "contoso.com"
$d1 = New-CSEdgeDomainPattern -Domain "fabrikam.com"
$a = New-CSEdgeAllowList -AllowedDomain @{replace=$d1}
Set-CSTenantFederationConfiguration -Tenant <contoso.com's GUID> -

AllowedDomains $a
Do the converse at "fabrikam.com". Add "contoso.com" as an ALLOWED partner on "fabrikam.com"

$d1 = New-CSEdgeDomainPattern -Domain "contoso.com"
$a = New-CSEdgeAllowList -AllowedDomain @{replace=$d1}
Set-CSTenantFederationConfiguration -Tenant <fabrikam.com's GUID> -

AllowedDomains $a
This enables federation for users in in each tenant SIP domain.
48
10.2.3 Configuring federation with a Lync Online tenant

You can enable federation between a hosted deployment and Lync Online. For more information, see
Configuring Federation Support for a Lync Online Customer at http://technet.microsoft.com/en-
us/library/hh202193(v=ocs.15).aspx.
10.2.4 Configure Federation Between Lync Server On-Premises and

Lync Server Multitenant Hosting Pack
The steps for configuring federation between an on-premises Lync Server deployment and a Lync Server
Multitenant Hosting Pack deployment are the same as configuring federation with Lync Online. For
details, see Configuring Federation Support for a Lync Online 2013 Customer in the TechNet Library at
http://technet.microsoft.com/en-us/library/hh202193(v=ocs.15).aspx.
10.2.5 Adding Domains to the Tenant Block List

To prevent a tenant from communicating with another domain you must add that domain to the
tenants Block list. The commands for adding a domain to the Block list are similar to adding the domain
to the Allow list as described in the previous section. The only difference is that instead of creating a list
object with the domains, we simply add the domains directly to the tenant federation configuration by
using the BlockedDomains parameter, passing it the domains we want to block.
$bd1 = New-CsEdgeDomainPattern -Domain "fabrikam.com"
$bd2 = New-CsEdgeDomainPattern -Domain "contoso.com"
Set-CsTenantFederationConfiguration -Tenant [TenantID] -BlockedDomains

@{Replace=$bd1,$bd2}
10.2.6 Clearing the Tenant Block List

The remove all domains from a tenants Block list, run the following command:
$null
To remove a single domain from a tenants Block list, run commands similar to the following:
$bd2 = New-CsEdgeDomainPattern -Domain "contoso.com"
@{Remove=$bd2}
In this example, we called the New-CsEdgeDomainPattern cmdlet to create a reference to the

tailspintoys.com domain, one of the domains we added to our Block list in the previous section. This
time when we call Set-CsTenantFederationConfiguration, we use the Remove command in the
BlockedDomains parameter value rather than Replace. This will remove the domain tailspintoys.com
from the Block list, but leave all other domains in the list.
49
10.2.7 Clearing the Tenant Allow List

To remove all domains from a tenants Allow list, run the following commands:
$a = New-CsEdgeAllowList
Set-CsTenantFederationConfiguration -Tenant [TenantID] -AllowedDomains
$a
The first command creates an empty Allow list. The second command then assigns that list to the tenant
federation configuration. To remove only one domain from the list, youll need to recreate the list
without the specific domain you want to remove.
10.2.8 Resetting Tenant to Allow All Domains Except Those Listed on

the Block List
To ensure the tenant is allowed to communicate with all domains in the deployment except those in the
tenants Block list, run the following commands:
$all = New-CsEdgeAllowAllKnownDomains
Set-CsTenantFederationConfiguration -Tenant [TenantID] -AllowedDomains
$all
11 Create Tenant DNS Records

Several tenant-specific DNS records are required for tenant users to be able to use hosted Lync Server
easily. Lync Server clients comply with SIP RFCs, which state that TLS connections must require that the
servers domain name match the SIP domain name of the client user. The client looks for a service (SRV)
record with a matching domain name, which in turn must point to a server or servers with matching
domain names.
The following table shows which records need to be created for each SIP domain to be used by a given
tenant.
Tenant-specific DNS Records
Type FQDN Target IP address/FQDN Port Maps to/comments
SRV _sip._tls.<TenantSipDomain> sip.<HosterDomain> 443 Used for automatic

configuration of the lync
client maps to hosters
Access Edge
SRV _sipfederationtls._tcp.<TenantSi sip.<HosterDomain> 5061 Used for federation with

pDomain> other lync deployments
maps to hosters Access Edge
50
11.1 Create Tenant Meeting Simple URLs

The following section details how to create a Simple Meeting URL or a Tenant Organization. The Simple
Meeting URL will be in the format:
https://meet.[Hoster Domain]/[Tenant SIP Domain]
For example:
https://meet.litwareinc.com/fabrikam.com
This format has the advantage of not needing an additional SAN on the Reverse Proxy certificate for
each additional Tenant Organization added to the platform.
Note If you are using Windows Server 2012, the modules may be loaded automatically.
11.1.1 Import the Required Modules for Windows PowerShell

To import the modules necessary to create Tenant Meeting URLs, run the following cmdlets at an
elevated Windows PowerShell prompt:
Import-Module ActiveDirectory,Lync,LyncOnline
To verify that the modules loaded successfully, run the following cmdlet:
Get-Module
The following modules should be listed:
ActiveDirectory
Lync
LyncOnline
11.1.2 Configure the Simple URL to Use the Back-end Database

Run the following cmdlet to configure the simple URL to use the back-end database. This configures
your deployment as a service environment.
Set-CsSimpleUrlConfiguration UseBackEndDatabase $true
51
To verify that the settings were applied, run the following cmdlet:
(Get-CsSimpleUrlConfiguration -Identity "Global").UseBackEndDatabase
11.1.3 Get Tenant Organization ID

To create a new Simple Meeting URL, the Tenant Organization ID is required. To find this using the
following steps:
$TenantName = Fabrikam
$PathRoot = "OU=OCS Tenants,DC=Litwareinc,DC=com"
$TargetOU = "OU="+$TenantName +","+$PathRoot
$TenantOU = Get-ADOrganizationalUnit -Identity $TargetOU -Properties

msRTCSIP-TenantId
$TenOrgID = New-Object -TypeName System.guid -ArgumentList

$TenantOU.ObjectGUID
11.1.4 Create the Simple URLs for a Tenant Organization

To create the simple URLs for a tenant organization, run the following cmdlets:
$TenantSIPDomain = fabrikam.com
$BaseMeetingURL = "https://meet.litwareinc.com/"
$NewMeetingURL = "https://meet.litwareinc.com/" + $TenantSIPDomain
$URLEntry = New-CsSimpleUrlEntry -Url $NewMeetingURL
$SimpleURL = New-CsSimpleUrl -Component "meet" -Domain

$TenantSIPDomain -SimpleUrl $URLEntry -ActiveUrl $NewMeetingURL
52
Set-CsSimpleUrlConfiguration Tenant $TenOrgID -SimpleUrl

@{Add=$simpleUrl}
To confirm the Tenant Org meeting URL successfully created, run the following cmdlet. Where [Tenant
Name] is replaced with the name of the Tenant Name:
(Get-CsSimpleUrlConfiguration Tenant ((Get-CsTenant | where{$_.name
eq [Tenant Name]}).TenantId)).simpleurl | ft AutoSize
Use the value returned for the TenantId into the following cmdlet:
(Get-CsSimpleUrlConfiguration -Tenant "TenantID GUID").simpleurl | ft
AutoSize
11.1.5 Set the Simple URL DNS Name

To set the DNS name for the simple URL, run the following cmdlets:
$BaseURL = "https://meet.litwareinc.com/"
set-CsProvisionServiceConfiguration -SimpleUrlDnsName $BaseURL
To verify that the DNS name was set, run the following cmdlet:
(Get-CsProvisionServiceConfiguration).SimpleUrlDNSName
12 Provisioning Tenant Users

After you have created the tenant organization, you can provision tenant users and enable them for
Exchange UM and Lync Server services.
12.1 Enable Tenant Users for Exchange UM

After you have created a user and youve enabled the user for Exchange Server within the tenant OU,
you can enable the user for Exchange UM by running the following Exchange Management Shell
commands:
Set-Mailbox -Identity john@contoso.com -AddressBookPolicy $null
Enable-UMMailbox -Identity john@contoso.com -UMMailboxPolicy
<TenantUmMailboxPolicyName> -Extensions <extension> -
SIPResourceIdentifier "<UserPrincipalName>" -PIN <user pin>
The first line removes any existing address book policy for the user john@contoso.com.
The next line enables Exchange UM for that user. Keep in mind that this command will run successfully
only if the Exchange Unified Messaging Service is running.
53
To run the Enable-UMMailbox cmdlet you can use any of the values listed above for the Identity of the
user. The value you specify for the UMMailboxPolicy parameter must be the Name of an existing
Exchange UM mailbox policy. To find existing UM mailbox policies, run the following cmdlet:
Get-UMMailboxPolicy
To create a new Exchange UM mailbox policy (and the associated Exchange UM dial plan), follow the
instructions previously in the Create Tenant Exchange Dial Plan and Exchange UM Mailbox Policy
section.
The value you specify for the Extensions parameter of the Enable-UMMailbox cmdlet must match the
values allowed in the specified Exchange UM dial plan. For example, if the UM dial plan requires that
extensions consist of five digits, the value specified for the Extensions parameter in the call to Enable-
UMMailbox can be any 5-digit number, such as 12345.
If youre enabling the user with a SIP URI or E.164 dial plan, the call to Enable-UMMailbox requires a
value for the parameter SIPResourceIdentifier. The SIPResourceIdentifier is a user principal name,
similar to id1@contoso.com. This value should have a suffix matching the tenant SIP domain of the Lync
Server contact object. For details, see the previous Create Tenant SIP Domain section in this
document.
This example also includes the personal identification number (PIN) parameter, where you specify the
PIN the user can user to access the mailbox. If you do not specify a PIN, a value is generated
automatically and sent to the user.
12.2 Set User TenantID, GroupingID, and ObjectId

Each tenant user account must have three Active Directory attributes assigned to it so that Lync Server
knows that it is a member of a tenant organization. Assigning the TenantID, GroupingID and ObjectId
provides privacy for the tenant address book.
Note You cannot migrate a Lync Server 2013 Enterprise Edition deployment to a Lync Server 2013 Hosting Pack
deployment. If you use GroupingID, you must perform tenant provisioning again.
The following example script reads the GUID of the tenant OU and populates the msRTCSip-TenantId
and msRTCSip-GroupingId with the value of the GUID. You can run these commands from the Active
Directory Module for Windows PowerShell.
$OU = " OU=fabrikam,OU=OCS Tenants,DC=litwareinc,DC=com"
$GUID = $OUObject.objectguid
Get-ADOrganizationalUnit -identity $OU -properties name,msRTCSIP-

TenantId |Set-ADOrganizationalUnit -replace @{'msRTCSIP-
TenantId'=$GUID}
Get-ADOrganizationalUnit -identity $OU -properties name,msRTCSIP-
ObjectId |Set-ADOrganizationalUnit -replace @{'msRTCSIP-
ObjectId'=$GUID}
54
Get-ADUser -LDAPFilter "(objectClass=user)" -searchbase $OU -

properties msRTCSIP-GroupingID,msRTCSIP-PrimaryUserAddress,comment
|Set-ADUser -replace @{'msRTCSIP-GroupingID'=$GUID}
Get-ADUser -LDAPFilter "(objectClass=user)" -searchbase $OU -
properties msRTCSIP-GroupingID,msRTCSip-TenantID,msRTCSIP-
PrimaryUserAddress,comment |Set-ADUser -replace @{'msRTCSip-
TenantID'=$GUID}
12.2.1 Known Issue

In some environments, it may be important to set the user's msRTCSIP-GroupingID or msRTCSIP-
TenantID before the user is enabled for Lync Server. Depending on the specifics of your deployment (for
example, if Office Communications Server or Lync Server Enterprise Edition has been previously
deployed in the environment, or if you have locked-down Active Directory with access control lists
(ACLs), Lync Server may only be able to act on these settings at the time the account is enabled for Lync
Server. If the value is changed later, the user may not be able to see other users' presence status, or find
other users via address book search.
You may also see errors such as the following in the Lync event log on Front End Servers:
Log Name: Lync Server
Source: LS User Replicator
Date: 10/25/2011 2:19:51 PM
Event ID: 30039
Task Category: (1009)
Level: Warning
Keywords: Classic
User: N/A
Computer: [Server FQDN]
Description:
A Tenant ID attribute value was changed, deleted, or added for an existing user in the database. Resolve
the conflict by restoring the original value or deleting the user from AD.
The DN of the user whose Tenant ID value User Replicator tried to replicate
is:
[User Distinguished Name]
This update came from domain:

[Windows Domain]
Cause: Typically caused by manual modification of msRTCSIP-TenantId attribute value instead of using
management tools
Resolution:
55
Restore the original value of msRTCSIP-TenantId attribute or delete the user from AD. You may use
Dbanalyze to diagnose the problem.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="LS User Replicator" />
<EventID Qualifiers="33777">30039</EventID>
<Level>3</Level>
<Task>1009</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-10-25T21:19:51.000000000Z" />
<EventRecordID>2414</EventRecordID>
<Channel>Lync Server</Channel>
<Computer>[Server FQDN]
<Security />
</System>
<EventData>
<Data>[User Distinguished Name]
<Data>[Windows Domain DNS Name]</Data>
</EventData>
</Event>
If you need to set a user's msRTCSIP-GroupingId or msRTCSIP-TenantId after the user has been enabled
for Lync Server, you need to first disable the users account in Lync Server, change the values, and then
enable the user for Lync Server again.
12.3 Configure the user Base Simple URL with the Tenant
Organizations Base URL
As part of the tenant user account creation process the msRTCSIP-BaseSimpleURL attribute needs to be
populated with the tenant organizations base URL. To do so, run the following commands from the
Active Directory module for Windows PowerShell window:
$CompanyName = "Litware Inc."
$BaseURL = "https://meet.litwareinc.com/"
$PathRoot = "OU=OCS Tenants,DC=litwareinc,DC=com"
$TargetOU = "OU="+$CompanyName+","+$PathRoot
$OUObject = Get-ADOrganizationalunit -Identity $TargetOU
56
$BaseURL = "https://meet.litwareinc.com/"+$SIPDomain
Get-ADUser -LDAPFilter "(objectClass=user)" -SearchBase $TargetOU -

Properties msRTCSIP-BaseSimpleUrl -Server "DC01.fabrikam.com" |Set-
ADUser -Replace @{'msRTCSIP-BaseSimpleUrl'=$BaseURL}
Important The value for the BaseURL property must use the https:// prefix.
12.4 Enable Tenants for Lync Server

You should use the Lync Server Management Shell to enable tenant users on the Lync Server because
the Lync Server Control Panel is read-only in the Lync Server 2013 Hosting Pack. The exact commands
you use depends on your choice of service features and the provisioning automation that you employ.
Note You need to apply these changes only once per user, and you can run the command on any Lync Server in your
deployment.
The following example set of commands enables a user on Lync Server who is already enabled for
Exchange UM located within the tenant OU:
Enable-CsUser -Identity <UserPrincipalName> -RegistrarPool <FQDN of
Front End Pool> -SipAddressType UserPrincipalName
After the user is enabled on Lync Server, the user must be granted access to a Lync Server dial plan. In
this example, a single Lync Server dial plan is used for all users. Using a single Lync Server dial plan for all
tenant users is recommended because the maximum number of dial plans supported by Lync Server
could constrain the total number of tenants if each one were given their own dial plan. To create a new
dial plan, see the Lync Server Dial Plans section. The following command demonstrates how to assign
the dial plan TenantDP to the user:
Grant-CsDialPlan -Identity kenmyer@fabrikam.com -PolicyName TenantDP
After the user is enabled for Lync Server and has access to a dial plan, the user can be enabled for
Enterprise Voice by running the following command:
Set-CsUser kenmyer@fabrikam.com -EnterpriseVoiceEnabled $true -LineURI
tel:+12065551234
The line URI is the telephone number through which the user can be reached via the PSTN. That number
must have been properly provisioned with your SIP trunk provider.
After you complete this step, the user should be able to log on and use Enterprise Voice and Exchange
UM features.
12.5 Set Address Book Policy for Tenant User

These policies are applied as the last step. In order to assign an address book policy to a tenant user,
open an Exchange Management Shell and run the following command:
57
Set-Mailbox -Identity john@contoso.com -AddressBookPolicy TenantAB
12.6 Providing the Lync Server 2013 Interface for online meeting
When participants join a meeting hosted by tenant users, the default user interface is based on Lync
Server 2010. To provide the Lync Server 2013 interface, you will need to use the user experience policy
cmdlets to configure this. For more information, see New-CsUserExperiencePolicy and Grant-
CsUserExperiencePolicy.
13 Overview of the Audio Conferencing Provider

The audio conferencing provider provides PSTN integration to Lync Server conferencing and
collaboration. PSTN integration expands modality options for participating in Lync Server conferences.
By using an audio conferencing provider, providers can enable the following scenarios:
A user can dial-in to a Lync Server conference from a phone.
A user can dial-out from a Lync Server conference to a Lync Server user who was not part of the
original conference invitee list or call-out to someone who will attend by phone only.
Users can mute or unmute themselves and others on Lync Server VoIP and PSTN.
The conference can be locked.
Participants can be removed.
13.1 Integrating with Audio Conferencing Provider

There are two ways to integrate with audio conferencing provider:
Use an external audio conferencing provider that is qualified for Microsoft Office 365.
Use internal conferencing integration.
The Lync Server Multitenant Hosting Pack includes an audio conference provider, which serves as the
signaling and control gateway between Lync Server and audio conferencing provider environments. This
component initiates the audio bridging, and connects through access point to the audio conferencing
provider module within the conferencing architecture in audio conferencing provider.
The audio conferencing provider module abstracts the Centralized Conference Control Protocol (C3P) for
native Lync Server integration with audio conferencing provider environment. It handles the control
channel between Lync Server and the audio conferencing provider including managing basic signaling,
such as roster updates and adding users via conferencing dial-out.
58
Integrating with Audio Conferencing Provider
Hosts can use the audio conferencing provider SDK to develop internal applications for conference
initiation, session management, and conference control.
13.2 Provisioning with Audio Conferencing Provider

Audio conferencing provider attributes are provisioned into Active Directory through a Windows
PowerShell cmdlet. These attributes are then replicated to the presence server from which the
scheduling client pulls this data for scheduling a conference.
You can provision users either of the following of two ways:
By using a Lync Server Management Shell cmdlet to provision users one at a time using audio
conferencing provider attributes
By developing a script to enable a bulk upload of attributes for provisioning a large number of
tenant users all at the same time
The audio conferencing provider attributes needed to provision users are as follows:
ID
First Name
Last Name
Tollnumber
TollFreeNumber
Name
Web
Domain
Port
59
13.3 Integration Workflows with Audio Conferencing Provider

This section provides an overview of the integration workflows when using audio conferencing provider
to integrate with Lync Server Multitenant Hosting Pack.
13.3.1 Create and Schedule a Web Conference

Scheduling a web conference with Lync Server and audio conferencing provider follows the same basic
process as scheduling a VoIP-only Lync Server conference. The main difference is the communication
that occurs between the audio conferencing provider conferencing server and the audio conferencing
provider module:
1. Online Meeting Add-in for Lync 2013 gets audio conferencing provider information from the
presence database.
2. Organizer creates a Lync Server meeting or web conference.
3. Organizer selects meeting participants.
4. The Lync Server scheduling client (that is, Online Meeting Add-in for Lync 2013) issues
addConference to the Focus Factory along with audio conferencing provider-specific dial-in
information.
Note To understand the role of the Focus Factory in the Lync Server 2013 conferencing topology, see
Conference Features in the TechNet Library at http://go.microsoft.com/fwlink/?LinkId=230850.
5. The Focus Factory creates conference and returns conference info to scheduling client.
6. The Lync Server client sends meeting invitations to participants.
13.3.2 Activate a Conference

During conference activation, the audio conferencing provider conferencing server receives a request
containing dial-in phone numbers, participant pass code, and audio conferencing provider domain. The
following subsequent steps then occur:
1. The audio conferencing provider conferencing server sends an INVITE (for third-party call
control) and SUBSCRIBE (for conference state changes) to the audio conferencing provider
module.
2. The audio conferencing provider module responds with the bridge URI to be used for the audio
bridging initiation when users join from both modalities (that is, VoIP, PSTN).
60
3. The audio conferencing provider conferencing server retains the bridge URI to initiate bridging
after users join via both PSTN and VoIPConference activation.
Conference activation traffic flow
13.3.3 Join Conference by Using Conferencing Dial-out

When a user wants to join the conference by having Lync Server dial-out to him or her using the Lync
feature to call the conference attendee back (that is, conferencing dial-out), the following steps occur:
1. The Lync Server client sends request to add a user in to Focus.
2. The Focus sends adduser command to the audio conferencing provider conferencing server.
3. The audio conferencing provider conferencing server forwards INFO command to audio
conferencing provider module via INVITE dialog box.
4. The audio conferencing provider module sends calls out command to the audio conferencing
provider environment.
5. The audio conferencing provider module sends NOTIFY in SUBSCRIBE dialog back to audio
conferencing provider conferencing server that the user is connected.
6. The audio conferencing provider conferencing server sends userconnected to the Focus.
7. The Focus sends roster update notification to clients.
Traffic flow for joining a conference
61
13.3.4 Audio Bridging Sequence

The audio conferencing provider conferencing server is polling the Focus at regular intervals for state
changes (for example, when a PSTN user joins the conference). When the audio conferencing provider
conferencing server recognizes that there are users on both bridges, it does a VoIP dial-out to initiate
the bridging. This process flow describes how audio is bridged between the Lync Server, A/V
Conferencing Server and audio conferencing provider:
1. The Focus sends INFO command (adduser) to the audio conferencing provider conferencing
server (if dial-in, the audio conferencing provider module sends adduser request to the audio
conferencing provider conferencing server).
2. The audio conferencing provider conferencing server sends adduser dial-out request to the A/V
Conferencing Server with bridge URI received at conference activation.
3. A/V Conferencing Server establishes RTP stream with audio conferencing provider Session
Border Controller (SBC) via the Mediation Server.
4. Audio stream established between the SBC and PSTN bridge.
5. Bridged audio stream between A/V Conferencing Server and PSTN bridge.
Audio bridging sequence
13.3.5 Use Audio Controls from Lync Server

At conference activation, the audio conferencing provider conferencing server established an INVITE
dialog box with the audio conferencing provider module to facilitate third-party conference control
during a bridged conference. This process flow describes how commands are passed and acted on from
a Lync Server client through the audio conferencing provider components and back during a conference:
1. The Lync Server client sends CCCP INFO command to the Focus.
62
2. The Focus sends a command to the audio conferencing provider conferencing server.
3. The audio conferencing provider conferencing server sends an INFO command to audio
conferencing provider module using the established INVITE dialog box.
4. The audio conferencing provider module sends command to PSTN middleware and bridge to act
on command (for example, mute user or lock conference).
5. The audio conferencing provider module sends a NOTIFY to the audio conferencing provider
conferencing server via the SUBSCRIBE dialog box, indicating new state of participant.
6. The audio conferencing provider conferencing server sends a command back to the Focus, to
indicate new state of participant.
7. The Focus sends a roster update to the Lync Server clients.
Audio conferencing provider communication flow
13.4 Known Issues

The following known issues exist at the time this guide was published:
PSTN Attendee count announcements This is a standard message played to attendees who
join a PSTN audio bridge (for example, You are the fourth person in the conference or There
are five others in the conference). At this time, there is no way for Lync Server to present the
audio conferencing provider module with the current number of participants, so this may be
misleading.
Mute all Currently PSTN users cannot use dual-tone multifrequency (DTMF) codes to mute
all, including VoIP usersonly the PSTN audio attendees will be muted.
Locked conference with no PSTN users on audio conferencing provider bridge There is a valid
scenario where all participants join via Lync audio (that is, VoIP) and choose to lock the
conference so that no additional users may join by either modality. The audio conferencing
provider module will receive the conference lock command from the audio conferencing
provider conferencing server and must initiate a locked conference state on a bridge where no
participants joined via the PSTN; therefore, no conference exists.
Blocked calls from participants PSTN participants that block their phone number (for example,
by using *67) will show up in the client as a random phone number generated from the audio
conferencing provider. The software development kit (SDK) doesnt currently support non-
63
integers as values. As a result, values like Guest, No Phone Available, and so on are not
currently supported. Note that if the audio conferencing provider receives a blocked call via a
toll-free number, the number will be presented with a flag for Blocked, and so on. The audio
conferencing provider must act on the flag and send a randomly generated number to denote
the participant in Lync.
14 Code Samples
This section introduces how a service provider or an independent software vendor (ISV) can automate
provisioning using .NET Framework and the Lync Server Multitenant Hosting Pack management shell.
The selected examples are tasks that most hosting providers with a Lync Server Multitenant Hosting
Pack deployment will need to do on a routine basis. You can use the code samples in this section as a
starting point for customizing or creating control panels involved in managing the provisioning process.
Before using these samples, you should be familiar with the cmdlets that are installed with Lync Server
Multitenant Hosting Pack, which provide a wide range of provisioning and management capabilities.
14.1 Prerequisites
Before you use any of the samples in this section, verify that these prerequisites are available in your
environment:
Lync Server 2013 Multitenant Hosting Pack
Visual Studio 2010
.NET Framework 3.5.1 (minimum requirement) or more recent version
Windows Server 2008 R2 (minimum requirement) or more recent version
14.2 Dependencies
All code samples require the following using directives:
using System;
using System.Collections;
using System.Collections.ObjectModel;
// powershell namespaces
using System.Management.Automation.Runspaces;
using System.Management.Automation;
using System.Text;
using System.Data.SqlClient;
14.3 Provision a Tenant Organization

The samples in this section demonstrate the use of the Active Directory module for Windows PowerShell
to set properties on a tenant OU. This module is installed automatically with Windows Server 2008 when
you install the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory
Services (AD LDS) server roles. For details about the Active Directory module for Windows PowerShell,
64
see Active Directory Administration with Windows PowerShell in the TechNet Library at
These samples also use the Lync Server cmdlets.
14.3.1 Create and Secure Organizational Unit

The Lync Server Multitenant Hosting Pack requires that tenant OUs be created under the root
organizational unit called \OCS Tenants. Many service providers will want to represent reseller
organizations as subordinate OUs (sub-OUs), each with sub-OUs representing tenants. You should use
Active Directory permissions or other suitable mechanisms to ensure that management tools have
adequate access to the tenant OU, and that other tenants do not have inappropriate access. As no
specific set of permissions is mandated by the Lync Server Multitenant Hosting Pack, it is beyond the
scope of this document to provide samples for creating and securing a tenant organization.
14.3.2 Enable the Tenant Organization

To enable a tenant, you must do the following:
Create at least one SIP Domain for the tenant.
Add the SIP Domain to the upnSuffixes property of the OU.
Add the SIP Domain to the msRTCSIP-Domains property of the OU.
Set the msRTCSIP-TenantId and msRTCSIP-ObjectId to a unique identifier which will be used to
identify the tenant in the Lync Server Multitenant Hosting Pack operating environment and to
associate users with that tenant.
The following sample demonstrates the automation of these steps by invoking Windows PowerShell
commands via C# code.
// sip domain and tenant DN
string sipDomain = "AlpineSkiHouse.com";
string distinguishedName =
"ou=AlpineSkiHouse,ou=ConsolidatedMessenger,ou=OCS
Tenants,dc=fabrikam,dc=com";
// create an initial session state with the Active Directory Windows

PowerShell module loaded and the Lync Server 2013 modules
InitialSessionState session = InitialSessionState.CreateDefault();
session.ImportPSModule(new string[]
{
"ActiveDirectory" ,
"Lync",
"LyncOnline"
});
// create a runspace using the session state.

using (Runspace runspace = RunspaceFactory.CreateRunspace(session))
65
{
// open the runspace
runspace.Open();
using (Pipeline pipeline = runspace.CreatePipeline())

{
// create a SIP Domain in the Lync system.
Command sipCommand = new Command("New-CsSipDomain");
sipCommand.Parameters.Add(new CommandParameter("Identity",
sipDomain));
pipeline.Commands.Add(sipCommand);
pipeline.Invoke();
}
{
// create a hashtable to contain the property settings for the
OU
// these will add the SIP domain to the upnSuffixes and
msRTCSIP-Domains properties
Hashtable properties = new Hashtable();
properties.Add("upnSuffixes", sipDomain);
properties.Add("msRTCSIP-Domains", sipDomain);
// add a command to retrieve the OU using the supplied

distinguished name
Command getCommand = new Command("Get-ADOrganizationalUnit");
getCommand.Parameters.Add(new CommandParameter("Identity",
distinguishedName));
pipeline.Commands.Add(getCommand);
// pipe the OU to a set command to set the domain properties

// the add parameter of the set command is used to append the
// SIP domain value.
Command setCommand = new Command("Set-ADOrganizationalUnit");
setCommand.Parameters.Add(new CommandParameter("add",
properties));
pipeline.Commands.Add(setCommand);
pipeline.Invoke();
}

{
66
// create the guid that will be used for the msRTCSIP-TenantId

and msRTCSIP-ObjectId
Guid id = Guid.NewGuid();
properties.Add("msRTCSIP-TenantId", id);
properties.Add("msRTCSIP-ObjectId", id);

distinguished name
// pipe the OU to a set command to set the id properties

// using the replace parameter of the set command.
setCommand.Parameters.Add(new CommandParameter("replace",
properties));
pipeline.Invoke();
}
}
14.3.3 Add an Additional SIP Domain to the Tenant Organization

Many organizations have more than a single domain that needs to be added to a Lync Server
Multitenant Hosting Pack operating environment. This can be done using a subset of the code sample
shown in the Enable the Tenant Organization section. The following example code demonstrates how
to add another SIP domain to a tenant.
// sip domain and tenant DN
string sipDomain = "AlpineSkiHouse.net";
// create an initial session state with the Active Directory Windows

PowerShell module loaded and the Lync Server 2013 modules
{
"ActiveDirectory" ,
"Lync",
67
"LyncOnline"
});
{
runspace.Open();

{
// create a SIP Domain in the Lync system.
Command sipCommand = new Command("New-CsSipDomain");
sipCommand.Parameters.Add(new
CommandParameter("Identity",sipDomain));
pipeline.Commands.Add(sipCommand);
pipeline.Invoke();
}
using(Pipeline pipeline = runspace.CreatePipeline())
{
// create a hashtable to contain the property settings for the
OU
properties.Add("upnSuffixes", sipDomain);
properties.Add("msRTCSIP-Domains", sipDomain);

distinguished name
// pipe the OU to a set command to set the id properties

// supply the $properties variable established with the
SetVariable command
// to the add parameter of the set command.
setCommand.Parameters.Add(new CommandParameter("add",
properties));
pipeline.Invoke();
68
}
}
14.3.4 Adding Domains to the Tenant Allow List for Federation

Tenants may want to allow their users to communicate with users of a domain outside their
organization. The following example demonstrates how to add a domain to the tenants list of allowed
domains.
// allowed domain and tenant DN
string allowedDomain = "AdventureWorks.com";
// create an initial session state with the Lync 2013 modules loaded
{
"Lync",
"LyncOnline"
});

{
runspace.Open();
// set variables for the distinguished name and domain
runspace.SessionStateProxy.SetVariable("dn", distiguishedName);
runspace.SessionStateProxy.SetVariable("domainName",
allowedDomain);
// build a script for adding the domain
StringBuilder builder = new StringBuilder();
builder.AppendLine("$tenant = Get-CsTenant -Identity $dn");
builder.AppendLine("$domain = New-CsEdgeDomainPattern -Domain
$domainName");
builder.AppendLine("$config = Get-CsTenantFederationConfiguration
-Tenant $tenant.TenantId");
builder.AppendLine("$all = New-CsEdgeAllowAllKnownDomains");
builder.AppendLine("$allowList = $config.AllowedDomains");
// test to see if AllowedDomains property is equal to
Microsoft.Rtc.Management.WritableConfig.Settings.Edge.AllowAllKnownDom
ains
builder.AppendLine("if($allowList.GetType() -eq $all.GetType())");
builder.AppendLine("{");
69
builder.AppendLine("\t$newList = New-CSEdgeAllowList -
AllowedDomain $domain");
builder.AppendLine("\tSet-CsTenantFederationConfiguration -Tenant
$tenant.TenantId -AllowedDomains $newList");
builder.AppendLine("}");
builder.AppendLine("else");
builder.AppendLine("\t$allowList.AllowedDomain.Add($domain)");
$tenant.TenantId -AllowedDomains $allowList");
string script = builder.ToString();
// use a RunspaceInvoke instance to invoke the script

using (RunspaceInvoke invoker = new RunspaceInvoke(runspace))
{
invoker.Invoke(script);
}
}
14.3.5 Adding Domains to the Tenant Block List for Federation

Tenants may want to block their users from communicating with users of certain domains outside their
organization. The following example demonstrates how to add a domain to the tenants list of blocked
domains.
// blocked domain and tenant DN
string blockedDomain = "BadDomain.com";
{
"Lync",
"LyncOnline"
});

{
70

runspace.Open();
allowedDomain);
$domainName");
builder.AppendLine("$config.BlockedDomains.Add($domain)");
builder.AppendLine("Set-CsTenantFederationConfiguration -Tenant
$tenant.TenantId -BlockedDomains $config.BlockedDomains");

{
}
}
14.3.6 Removing Domains from the Tenant Allow List for Federation
If you need to remove a previously added Allowed domain from a specific tenant, you can use a similar
technique to the one you used to add it to remove it.
// allowed domain and tenant DN
string allowedDomain = "AdventureWorks.com";
{
"Lync",
"LyncOnline"
});
71

{
runspace.Open();
allowedDomain);
// build a script for removing the domain
builder.AppendLine("$domain = $config.AllowedDomains.AllowedDomain
| ?{$_.Domain -eq $domainName}");
builder.AppendLine("if($domain -ne $null)");
builder.AppendLine("\t$config.AllowedDomains.AllowedDomain.Remove($dom
ain)");
$tenant.TenantId -AllowedDomains $config.AllowedDomains");

{
}
}
14.3.7 Removing Domains from the Tenant Block List for Federation
If you need to remove a previously added Blocked domain from a specific tenant, you can use a similar
technique to the one you used to add it to remove it.
// blocked domain and tenant DN
string blockedDomain = "BadDomain.com";
72
{
"Lync",
"LyncOnline"
});

{
runspace.Open();
blockedDomain);
// build a script for removing the domain
builder.AppendLine("$domain = $config.BlockedDomains | ?{$_.Domain
-eq $domainName}");
builder.AppendLine("if($domain -ne $null)");
builder.AppendLine("\t$config.BlockedDomains.Remove($domain)");
$tenant.TenantId -BlockedDomains $config.BlockedDomains");

{
}
}
14.3.8 Allowing all Domains for Tenant Federation

The following code sample shows how to allow a tenant to federate with all domains except for those
that appear in the tenants list of blocked domains.
73
// tenant DN
{
"Lync",
"LyncOnline"
});

{
runspace.Open();
// build a script setting allowed domains to all

builder.AppendLine("Set-CsTenantFederationConfiguration -Tenant
$tenant.TenantId -AllowedDomains $all");

{
}
}
14.3.9 Enabling a Tenant for Federation

To enable a tenant for federation, you must set the AllowFederatedUsers property of the
CsTenantFederationConfiguration instance to True.
// tenant DN
74
{
"Lync",
"LyncOnline"
});

{
runspace.Open();
// get the tenant id

Guid tenantId = Guid.Empty;
{
Command cmd = new Command("Get-CsTenant");
cmd.Parameters.Add(new
CommandParameter("Identity",distiguishedName));
pipeline.Commands.Add(cmd);
Collection<PSObject> result = pipeline.Invoke();
// there should be only one because we specified a unique

identity
// if the tenant did not exist the Invoke would have thrown
// an exception
PSObject tenant = result[0];

tenantId = (Guid)tenant.Properties["TenantId"].Value;
}
// set the property
{
Command setCmd = new Command("Set-
CsTenantFederationConfiguration");
setCmd.Parameters.Add(new CommandParameter("Tenant",
tenantId));
setCmd.Parameters.Add(new
CommandParameter("AllowFederatedUsers",true));
pipeline.Commands.Add(setCmd);
pipeline.Invoke();
75
}
}
14.3.10 Enabling Federation between two Hosted Tenants

You can also configure federation between two tenant organizations on the same hosted platform. To
do so, add each tenant to the other tenants Allow list.
static void Main(string[] args)
{
string tenantA =
string domainA = "AlpineSkiHouse.com";
string tenantB =
"ou=AdventureWorks,ou=ConsolidatedMessenger,ou=OCS
string domainB = "AdventureWorks.com";
// add domains to each tenant
LyncSample sample = new LyncSample();
sample.AddAllowedDomain(tenantA, domainB);
sample.AddAllowedDomain(tenantB, domainA);
}
The following example shows the AddAllowedDomain function called in the sample above.
public void AddAllowedDomain(string distinguishedName, string
allowedDomain)
{
// create an initial session state with the Lync 2013 modules
loaded
{
"Lync",
"LyncOnline"
});

using (Runspace runspace =
RunspaceFactory.CreateRunspace(session))
{
runspace.Open();
// set variables for the distinquished name and domain
76
runspace.SessionStateProxy.SetVariable("dn",
distinguishedName);
allowedDomain);
$domainName");
builder.AppendLine("$config = Get-
CsTenantFederationConfiguration -Tenant $tenant.TenantId");
builder.AppendLine("$allowList = $config.AllowedDomains");
// test to see if AllowedDomains property is equal to
Microsoft.Rtc.Management.WritableConfig.Settings.Edge.AllowAllKnownDom
ains
builder.AppendLine("if($allowList.GetType() -eq
$all.GetType())");
builder.AppendLine("\t$newList = New-CSEdgeAllowList -
AllowedDomain $domain");
builder.AppendLine("\tSet-CsTenantFederationConfiguration -
Tenant $tenant.TenantId -AllowedDomains $newList");
builder.AppendLine("else");
builder.AppendLine("\t$allowList.AllowedDomain.Add($domain)");
builder.AppendLine("\tSet-CsTenantFederationConfiguration -
Tenant $tenant.TenantId -AllowedDomains $allowList");

{
}
}
}
77
14.4 Provision Tenant Users

The following code example demonstrates how to enable a user for Lync Server 2013 including the
following tasks:
Enabling the user for Lync Server 2013
Granting a dial plan to the user
Setting the tenant and group IDs
Setting the simple URL for meetings
string tenantOU = "ou=AlpineSkiHouse,ou=ConsolidatedMessenger,ou=OCS

string userPrincipalName = "testuser@alpineskihouse.com";
string poolFQDN = "lyncpool01.fabrikam.com";
// create an initial session state with the Active Directory and Lync
Server // modules loaded.

{
"ActiveDirectory" ,
"Lync",
"LyncOnline"
});

{
runspace.Open();
Guid tenantId = Guid.Empty;
{
Command cmd = new Command("Get-CsTenant");
cmd.Parameters.Add(new CommandParameter("Identity",
tenantOU));

identity
78
// if the tenant did not exist the Invoke would have thrown
// an exception
PSObject tenant = result[0];

tenantId = (Guid)tenant.Properties["TenantId"].Value;
}
// get the tenant OU simple URL
string simpleUrl = string.Empty;
{
Command cmd = new Command("Get-CsSimpleUrlConfiguration");
cmd.Parameters.Add("Tenant", tenantId);

identity
PSObject urlConfig = result[0];
// get the simple url
simpleUrl = (string)urlConfig.Properties["ActiveUrl"].Value;
}
// enable the user

{
Command cmd = new Command("Enable-CsUser");
cmd.Parameters.Add("Identity", userPrincipalName);
cmd.Parameters.Add("RegistrarPool", poolFQDN);
cmd.Parameters.Add("SipAddressType", "UserPrincipalName");
pipeline.Invoke();
}
//grant the dial plan
{
Command cmd = new Command("Grant-CsDialPlan");
cmd.Parameters.Add("Identity", userPrincipalName);
cmd.Parameters.Add("PolicyName", dialPlanName);
pipeline.Invoke();
79
}
//set the grouping and tenant ids
{
properties.Add("msRTCSIP-GroupingID", tenantId);
properties.Add("msRTCSIP-TenantId", tenantId);
properties.Add("msRTCSIP-BaseSimpleUrl", simpleUrl);
Command getCmd = new Command("Get-AdUser");
getCmd.Parameters.Add("Identity", userPrincipalName);
pipeline.Commands.Add(getCmd);
Command setCmd = new Command("Set-AdUser");

setCmd.Parameters.Add("Replace", properties);
pipeline.Invoke();
}
}
80

Microsoft Lync Server 2013 Multitenant Pack For Partner Hosting Deployment Guide

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Microsoft Lync Server 2013 Multitenant Pack For Partner Hosting Deployment Guide

Enviado por

Direitos autorais:

Formatos disponíveis

Microsoft Lync Server 2013

Multitenant Hosting Pack

Microsoft Lync Server 2013 Multitenant Hosting Pack

Published: June 2013

Document Version: 1.2, 06/14/13

Copyright 2012 Microsoft Corporation. All rights reserved.

2.2 Integration with Exchange Server .................................................................................... 14

2.5 Active Directory Domain Services Requirements ............................................................ 15

3.3 Lync Server 2013 Control Panel ....................................................................................... 17

5.3 Migrating Tenants ............................................................................................................ 23

5.3.2.1 PoolMapping.csv ............................................................................................... 24

8.2 Modify Lync Server Management Shell ........................................................................... 36

8.5 Lync Server Dial Plans ...................................................................................................... 37

9.3 Add UPN Suffix to Tenant OU .......................................................................................... 41

9.6 Configure Exchange Unified Messaging........................................................................... 42

9.6.3 Update Exchange UM/Lync Server Integration Configuration .................................. 43

10.2 Configure Tenant Federation Settings.......................................................................... 46

12.2.1 Known Issue ........................................................................................................... 55

12.5 Set Address Book Policy for Tenant User ..................................................................... 57

13.3 Integration Workflows with Audio Conferencing Provider .......................................... 60

1.1 Understanding the Lync Server 2013 Multitenant Hosting Pack

1.3 Whats Available in the Lync Server 2013 Multitenant Hosting

Instant messaging (IM) A form of real-time text-based communication.

Lync Server Multitenant Hosting Pack partner feature set includes:

Audio conferencing provider Integration with hosted conferencing systems.

1.3.1 Comparing versions of the Lync Server Multitenant Hosting Pack

Feature Lync Server 2010 Lync Server 2013

1 to 1 and multi-party IM/Presence Yes Yes

Contacts list Yes Yes

Address Book Service Web Query service Yes Yes

Distribution List Expansion protocol (DLX) Yes Yes

Instant Messaging (IM)

Point-to-point IM Yes Yes

Multiparty/Group IM Yes Yes

PC to PC audio/video dial out calling Yes Yes

File transfer Yes Yes

Mobile VoIP to PC audio No Yes

Click to communicate from Office apps Yes Yes

Lync skill search in SharePoint Server (on-premises) Yes Yes

Lync skill search in SharePoint Online No No

Feature Lync Server 2010 Lync Server 2013

Lync Client 2010 and Lync Client 2013 Yes Yes

Web app for joining scheduled meetings Yes Yes

Rich attendee client (joining meetings) Yes Yes

Mac attendee client Yes Yes

CWA (2007 R2) No No

Lync phone edition (Lync-based IP phones) No No

Lync Attendant client (receptionist rich client) No Yes

Communicator Mobile (Windows Phone 6.x) No No

Lync Mobile No Yes

Lync desktop client Yes Yes

Mac Messenger Yes Yes

Attendee (meeting only) Yes Yes

Lync Mobile clients Yes Yes

Conferencing and Online Meetings

Meeting attendee capacity 250 250

Feature Lync Server 2010 Lync Server 2013

Point-to-point audio/video Yes Yes

Video conferencing over IP Yes Yes

Audio conferencing over IP only Yes Yes

Meeting recording Yes Yes

Public Events page No No

Virtual breakout rooms No No