Escolar Documentos
Profissional Documentos
Cultura Documentos
Abstract: The Microsoft Lync Server 2013 Multitenant Hosting Pack features include
integration with Microsoft Exchange Server, Microsoft Outlook, and other communication
technologies. The Lync Server 2013 Multitenant Hosting Pack enables customers to manage
geographically dispersed offices and mobile users in a way that reduces travel expenses, while
maintaining highly collaborative team environments. This document describes the Lync Server
2013 Multitenant Hosting Pack, and includes information about how to deploy and configure it.
This document is provided as-is. Information and views expressed in this document, including
URL and other Internet Web site references, may change without notice.
Some examples depicted herein are provided for illustration only and are fictitious. No real
association or connection is intended or should be inferred.
This document does not provide you with any legal rights to any intellectual property in any
Microsoft product. You may copy and use this document for your internal, reference purposes.
10.2.4 Configure Federation Between Lync Server On-Premises and Lync Server
Multitenant Hosting Pack .................................................................................................... 49
10.2.5 Adding Domains to the Tenant Block List.............................................................. 49
10.2.6 Clearing the Tenant Block List ............................................................................... 49
10.2.7 Clearing the Tenant Allow List ............................................................................... 50
10.2.8 Resetting Tenant to Allow All Domains Except Those Listed on the Block List ..... 50
11 Create Tenant DNS Records ................................................................................................ 50
11.1 Create Tenant Meeting Simple URLs ............................................................................ 51
11.1.1 Import the Required Modules for Windows PowerShell ...................................... 51
11.1.2 Configure the Simple URL to Use the Back-end Database .................................... 51
11.1.3 Get Tenant Organization ID ................................................................................... 52
11.1.4 Create the Simple URLs for a Tenant Organization ............................................... 52
11.1.5 Set the Simple URL DNS Name .............................................................................. 53
12 Provisioning Tenant Users ................................................................................................... 53
12.1 Enable Tenant Users for Exchange UM ........................................................................ 53
12.2 Set User TenantID, GroupingID, and ObjectId.............................................................. 54
Microsoft Lync Server 2013 is a family of servers functioning as UC servers that integrate with all
the Microsoft line-of-business software. Lync Server adds these new communication possibilities
within the organization. A Lync Server and Exchange Server layer provide system integration
between Exchange and other communication systems like IM, presence, voice and video calls,
desktop sharing, file transfer, and ad hoc conferences.
Microsoft Lync Server 2013 Multitenant Hosting Pack is a special deployment configuration
scoped for hosting or telecom services providers. The solution enables service providers to host
multitenant Lync Server instances shared across multiple customer environments. In addition,
the Lync Server Multitenant Hosting Pack solution includes an add-on layer that allows our
partners to build communication packages that use the Lync Server Multitenant Hosting Pack to
integrate with the core layer.
1
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
1.2 How to get the Lync Server 2013 Multitenant Hosting Pack
Software
A license is required to use the software. To download and install the Lync Server 2013 Multitenant
Hosting Pack software, you need to log on to the Microsoft Volume Licensing Service Center at
http://go.microsoft.com/fwlink/?LinkId=238381.
Data and desktop sharing A feature that allows users to share files, use whiteboard, and
display their desktop to a meeting or to conversation participants.
Conferencing Two-way video and audio transmissions between users in multiple locations.
Unified Messaging This feature is available only in combination with Microsoft Exchange
Server. An application that consolidates a user's voice mail, fax, and email into one mailbox, so
that the user only needs to check a single location for messages, regardless of type. The email
server is the platform for all types of messages, making it unnecessary to maintain separate
voice mail and email infrastructures.
Private branch exchange (PBX) replacement UC integration with Voice over Internet Protocol
(VoIP) systems can replace traditional phone exchange systems.
Conferencing server gateway video Real-time IP video, voice, and data services.
Short Message Service (SMS) Text messaging systems used by phones and mobile
communication systems.
2
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Feature Comparison: Lync Server 2010 Multitenant Hosting Pack and Lync Server 2013 Multitenant Hosting Pack
Presence
Persistent Chat No No
Interactive contact card in Office 2010 and Office 2013 Yes Yes
Privacy mode No No
3
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Client Support
OC 2007 R2 No No
4
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Registration No No
Customer branding No No
Customer invitations No No
Managed Q&A No No
Easy Assist No No
5
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Integration with select partners for PSTN audio conferencing Yes Yes
(ACP)
6
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Sharing
Integration
7
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Calling features
Public switched telephone network (PSTN) calling via Lync Yes Yes
incoming and outgoing
8
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Call park No No
E-911 No No
Direct SIP for signaling (presence updates) with on-premises IP- No Yes
PBX
Unassigned Number No No
9
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Delegation No Yes
Call park No No
Voice features
Hosted Exchange Unified Messaging (UM) for voice mail Yes Yes
Anti-malware scanning for meeting content and file transfers Yes Yes
10
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Attendee/User Reporting No No
Support
11
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
12
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Intel Itanium processors are not supported for Lync Server 2013 server roles.
Memory 16 GB
Disk Local storage with at least 72 GB free disk space on a 10,000 RPM disk drive
These recommendations are based on a maximum of 39,000 external users per Front End pool (which
follows the user model of 80,000 users per Front End pool, with 30% of users connecting externally and
1.5 multiple points of presence (MPOP).
2.1.2 Hardware Requirements for Back End Servers and Other Database
Servers
The requirements for the Back End Server and other database servers are similar to those of servers
running Lync Server 2013, except that Back End Servers require additional memory. The following table
describes the recommended hardware for a Back End Server or other database servers, based on an
80,000 user pool with eight Front End Servers and one Back End Server containing all databases required
for your Lync Server deployment.
Hardware Recommendations for Back End Servers and Other Database Servers
Intel Itanium processors are not supported for Lync Server 2013 server roles.
Memory 32 GB recommended for Back End Server (with or without collocated Archiving
and Monitoring databases), 16 GB recommended for Archiving and Monitoring
database (not collocated with the Back End Server).
Disk Local storage with at least 72 GB free disk space on a 10,000 RPM disk drive
13
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
14
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Audio/Video Conferencing
PSTN calls
Tenant peer-to-peer calls will occur within the tenant network. Any conferencing traffic will be via the
hoster and tenant networks.
Its still recommended that tenants configure port based Quality of Service (QoS) on the internal
network if multiple locations will be on the hosted platform. Although some traffic will be traversing
through the internet, the peer to peer client communication can be maintained in higher QoS policies on
the tenants internal network by configuring static ports for different modalities for client connections.
For more information, see Network Bandwidth Requirements for Media Traffic at
http://technet.microsoft.com/en-us/library/jj688118(v=ocs.15).aspx.
15
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Additional or specific certificate requirements are called out in the associated sections of this document.
External users These users have Lync Server user accounts and access Lync Server from outside
the corporate network.
Federated users These users have accounts with federated partners and access Lync Server
from outside the corporate network.
In a Lync Server Multitenant Hosting Pack deployment, there are the following types of users:
16
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
External users Also known as tenant users in this guide, these users have Lync Server user
accounts associated with a specific tenant, and access Lync Server from outside the hosts
network.
Federated users These users have accounts with federated partners and access Lync Server
from outside the hosts network.
17
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Scaling estimates are based on testing done by Microsoft using Lync Server 2013 Enterprise Edition. For
details, see the following:
Running Lync Server on Virtual Servers in the TechNet Library at
http://technet.microsoft.com/en-us/library/gg399035(v=ocs.15).aspx.
On average, only one in ten users is expected to be in a call at any given time. For details about
estimating voice usage and traffic, see Estimating Voice Usage and Traffic in the TechNet
Library at http://technet.microsoft.com/en-us/library/gg398439(v=ocs.15).aspx. Depending on
the percentage of calls using media bypass (including PC-to-PC calls), you may need fewer or
additional Mediation Servers in your environment.
18
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Topology architecture
The following table provides details about the number and types of servers in the Topology, including
the processor and memory requirements for each. Operating System support includes the 64-bit
versions of the following:
Windows Server 2008 R2 with Service Pack 1 (SP1) Standard (required) or latest service pack
(recommended)
Windows Server 2008 R2 with SP1 Enterprise (required) or latest service pack (recommended)
Windows Server 2008 R2 with SP1 Datacenter (required) or latest service pack (recommended)
Windows Server 2012 Standard
Windows Server 2012 Datacenter
Servers in the Topology
19
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Mediation Server 8 4 16 GB
Monitoring/Archiving database 2 4 32 GB
The following table lists the load balancing technology per server role that service providers can use as a
guideline for deployment in a production environment to implement high availability and fault
tolerance.
External Web Services Integrated reverse proxy and load balancer or hardware load balancers
20
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
4. Run the Microsoft Lync Server 2010 Best Practices Analyzer and confirm that there are no
critical issues for the Lync Server 2010 Multitenant Hosting Pack.
Caution Use only the LyncServerUpdateInstaller.exe provided with the Lync Server 2013 Multitenant Hosting
Pack. Do not use Microsoft Update to install the any Lync Server 2013 updates.
1. On the server that will be the Front End server, run Setup.exe for the Lync Server 2013
Multitenant Hosting Pack.
3. Install CsServices.msi from the ..\Setup\amd64\setup folder on the installation media. The file is
also copied to the following location when you install the Hosting Pack:
c:\programdata\microsoft\Lync server\deployment\cache\5.0.8308\setup folder
21
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
4. Open the Lync Server Management Shell, and run the following two cmdlets. You may need to
run "import-module LyncOnline" before running the cmdlets.
o Install-CsAdServerSchema
o Install-CsAdServiceSchema
1. On the Lync Server 2013 Multitenant Hosting Pack Front End server, open Topology Builder and
select Download Topology from existing deployment, and then choose a location to save the
topology.
2. In Topology Builder expand Lync Server 2013, then right-click Enterprise Edition Front End
pools, select New Front End Pool, and then complete the wizard.
Update the Lync Server 2013 Multitenant Hosting Pack Front End server
1. On the Lync Server 2013 Multitenant Hosting Pack Front End server, run setup.exe and complete
the following:
o Check that all Lync services start in Administrative Tools > Services.
2. Install the Lync Server 2013 backward compatibility tools from ..\amd64\setup\OCSWMIBC.msi
on the installation media.
3. Create the DNS A record for the Lync Server 2013 Front End pool on a DNS server.
4. Enable Remote User Access on the Lync Server 2010 Multitenant Hosting Pack Edge Pool.
Note Users homed on the new Lync Server 2013 Multitenant Hosting Pack Front End Pool will not be able to
login via the Lync Server 2010 Multitenant Hosting Pack Director/Front End pool.
5. Publish the Lync Server 2013 Multitenant Hosting Pack Front End pool external web services URL
on the reverse proxy.
Validate co-existence
1. Provision a new tenant and user on the Lync Server 2013 Multitenant Hosting Pack Front End
pool.
2. Configure a Lync client to use the Lync Server 2010 Multitenant Hosting Pack Access Edge
address on port 443 and verify sign-in.
22
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
3. Add a federated contact that is homed on the Lync Server 2010 Multitenant Hosting Pack pool,
and verify IM and Presence works in both directions.
4. Perform a "Meet Now" with the Lync Server 2013 Multitenant Hosting Pack user, and then add
the Lync Server 2010 Multitenant Hosting Pack federated contact, an external federated
contact, and a web participant. Test all modalities (AV, Whiteboard, PPT upload, etc.)
5.3.2 Prerequisities
The script requires the following:
PoolMapping.csv the PoolMapping.csv file should include the Lync Server 2010 Multitenant
Hosting Pack Front End pools and the corresponding target Lync Server 2013 Multitenant
Hosting Pack pool that the users will be migrated to.
JDB-HelperCmds.dll this file is required for the script to run.
The method of supplying this file or code to compile is TBD
23
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
5.3.2.1 PoolMapping.csv
Create a .csv file in the following format, replacing the pool names with the pool names for your
deployment.
SrcPool,DstPool
V1FEPOOL.contoso.com,V2FEPool.fabrikam.com
5.3.2.2 Migrate-TenantOrgV2.ps1
#<#
#.Synopsis
#
#.Description
#
#.Parameter TenantOrg
#
#.Parameter MappingFile
#
#.Parameter MoveConferenceData
#
#.Parameter ForceMove
#
#.Example
#
#.Version
#
##>
# Import-module
import-module ActiveDirectory
import-module Lync
import-module LyncOnline
Import-Module .\JDB-HelperCmds.dll
#variables
$FailedMoves = 0
$SuccesfulMoves = 0
24
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
$TenantOrgOUStr = "OU=$($TenantOrg),$($TenantOrgBaseLocationStr)"
25
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
foreach($User in $TenantOrgUserList)
{
if($PoolList.Contains($user.RegistrarPool))
{
#list already includes pool
}
else
{
#pool is not in the list, adding
write-richlog -strLogText "Adding $($user.RegistrarPool) to
pool list." -strFileName $LogFileName -strSubSystem "Main" -
intIdentLevel 1 -logMode File -logLevel Informational
$rtn = $PoolList.add($user.RegistrarPool)
}
}
foreach($pool in $PoolList)
{
write-richlog -strLogText " $($Pool) is mapped to
$($poolMappingList.get_item($pool.Friendlyname))" -strFileName
$LogFileName -strSubSystem "Main" -intIdentLevel 2 -logMode File -
logLevel Informational
}
26
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
27
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
}
else
{
write-richlog -strLogText "Force moving of
$($User.SipAddress) excluding conference data from
$($user.RegistrarPool) to
$($PoolMappingList.get_Item($user.RegistrarPool.Friendlyname))" -
strFileName $LogFileName -strSubSystem "Main" -intIdentLevel 1 -
logMode File -logLevel Informational
Move-CsUser -id $user.sipaddress -Target
$PoolMappingList.get_Item($user.RegistrarPool.Friendlyname) -Force -
Confirm:$False
}
}
catch
{
write-richlog -strLogText "Force move failed for
$($User.SipAddress)." -strFileName $LogFileName -strSubSystem "Main" -
intIdentLevel 1 -logMode File -logLevel Error
$FailedMoves++
$FailedMoveUserList.add($User.SipAddress)
}
}
else
{
write-richlog -strLogText "Force move will not be
attempted for $($User.SipAddress)" -strFileName $LogFileName -
strSubSystem "Main" -intIdentLevel 1 -logMode File -logLevel
Informational
$FailedMoves++
$FailedMoveUserList.add($User.SipAddress)
}
28
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
29
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Two domain controllers with DNS and an Enterprise Root certification authority (CA)
An Enterprise Edition Front End pool consisting of two Front End Servers
A SQL Server-based Back End Server that also contains the Central Management store
A Lync Server Multitenant Hosting Pack deployment is different from a Lync Server 2013 Enterprise
Edition deployment in the following ways:
A different set of installation media is used. Hosting Pack installation media has been optimized
for hosts and is the only media supported for hosted, multitenant deployments.
No provision is made for internal users. All users are expected to connect over the Internet.
Procedures are provided to permit per-tenant Exchange Server dial plans without requiring
per-tenant Lync Server dial plans.
Other than the few procedural modifications required to accommodate the preceding, deployment
procedures are based on the following standard deployment process for Lync Server 2013 Enterprise
Edition:
Lync Server 2013: Deployment in the TechNet Library at http://technet.microsoft.com/en-
us/library/gg398664(v=ocs.15).aspx lists the standard procedures for deploying Lync Server
2013.
30
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
6.2 Change the Name and Domain of the Server Running Lync Server
It can be difficult to change server names after you deploy the Lync Server Multitenant Hosting Pack.
You should make sure the server names for the following roles are the name you want to use before you
start your deployment:
Edge Server
Front End
Mediation Server
1. To open Server Manager, click Start, click Administrative Tools, click Server Manager.
5. On the DNS Suffix and NetBIOS Computer Name dialog box, do the following:
a. In the Primary DNS suffix of this computer field, enter the name of the external domain to
be used by Lync Server (for example, <externaldomain>.com).
b. Clear the Change primary DNS suffix when domain membership changes check box.
6. Click OK on each dialog box until you close the System Properties dialog box.
7. Verify that both the public domain name and the private Active Directory name are in the DNS
suffix search order for the IP address.
31
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
The installation media also includes a tool for applying patches to the Lync Server software,
\amd64\LyncServerUpdateInstaller.exe.
To begin your deployment, follow the procedures in the topics listed in the following table. Include each
of the child topics within the sections listed.
Checklist for Installing the Lync Server 2013 Multitenant Hosting Pack
Completed Topic
http://technet.microsoft.com/library/gg412892(v=ocs.15)
http://technet.microsoft.com/en-us/library/gg398205(v=ocs.15).aspx
http://technet.microsoft.com/en-us/library/gg425852(v=ocs.15).aspx
http://technet.microsoft.com/en-us/library/gg398588(v=ocs.15).aspx
http://technet.microsoft.com/en-us/library/gg398588(v=ocs.15).aspx
http://technet.microsoft.com/en-us/library/gg412733(v=ocs.15).aspx
Configure IIS
http://technet.microsoft.com/en-us/library/gg412918(v=ocs.15).aspx
http://technet.microsoft.com/en-us/library/gg425848(v=ocs.15).aspx
32
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Completed Topic
http://technet.microsoft.com/en-us/library/gg398079(v=ocs.15).aspx
http://technet.microsoft.com/en-us/library/gg398339(v=ocs.15).aspx
http://technet.microsoft.com/en-us/library/gg398665(v=ocs.15).aspx
These changes apply to the procedures in Defining and Configuring the Topology in the TechNet
Library at http://technet.microsoft.com/en-us/library/gg398339(v=ocs.15).aspx:
When performing the steps in Define and Configure a Topology in Topology Builder at
http://technet.microsoft.com/en-us/library/gg398788(v=ocs.15).aspx, you will be prompted to
provide a location and file name for saving the topology. Choose New Topology and follow the
instructions.
You do not need to specify additional supported domains at this time. Adding tenant SIP
domains is covered later in the Create Tenant SIP Domain and in the Provisioning Tenant
Organizations sections in this document.
The Topology Builder does not allow you to configure a topology in which the Edge Servers are
bypassed. Because of this, you must make some configuration changes to your topology to enable
communications between servers running Lync Server 2013. You should perform the steps described in
the following sections of this document after you deploy Lync Serve 2013 and the Lync Server 2013
Multitenant Hosting Pack:
Error! Reference source not found. Describes how to set Front End Servers to capture needed
information about NAT traversal. (In enterprise deployments, this information is captured by the
Edge Servers.)
Create Tenant DNS Records Lists the service records that you need to create and includes notes
about port usage.
33
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Front End pool. Continue to follow the steps provided, applying the modifications as described in the
following list:
1. When defining the computers in this pool, use the fully qualified domain names (FQDNs) of the
computers that will be in the Front End pool. These servers are FE0101 and FE0102 in the
architecture, where the first two digits represent the pool number (in this case there is just one),
and the second two digits represent the server within the pool (in this case 01 and 02).
3. On the Select collocated server roles page, leave all options unselected.
4. On the Associate server roles with this Front End pool page, leave all options unselected. You
will update the topology when these server roles are deployed in later steps.
5. On the Define the SQL store page, define a new SQL database, specifying the FQDN and
(optionally) named instance you created earlier according to Configure SQL Server for Lync
Server 2013.
6. Complete all remaining steps in Define and Configure a Front End Pool in the TechNet Library
at http://technet.microsoft.com/en-us/library/gg398538(v=ocs.15).aspx.
7. After you define and configure your topology, proceed with all steps listed in Finalizing and
Implementing the Topology Design in the TechNet Library at http://technet.microsoft.com/en-
us/library/gg398178(v=ocs.15).aspx.
1. On all Front End servers, open the Lync Server Management Shell and run the following cmdlet
to stop Lync Server services:
Stop-csWindowsService
2. On one of the Front End servers, run the following cmdlet to update the databases:
Install-CsDatabase -Update -ConfiguredDatabases SqlServerFqdn
<SQL Server FQDN>
3. On all Front End servers, run the following cmdlet to restart Lync Server services:
34
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Start-csWindowsService
Dial-in Conferencing For an overview, see the Overview of the Audio Conferencing Provider
later in this document.
Monitoring
Archiving
Response Group
Note Do not add the Call Park application because it is not supported in the Lync Server Multitenant Hosting Pack.
When you perform the steps in Configure the DNS Suffix for Edge Servers in the TechNet
Library at http://technet.microsoft.com/en-us/library/gg398756(v=ocs.15).aspx, set the DNS
suffix to the value to the name of the external domain used by the Lync Server deployment.
35
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
7.7 Monitoring
For details about Monitoring, see Deploying Monitoring in the TechNet Library at
http://technet.microsoft.com/en-us/library/gg398199(v=ocs.15).aspx.
8 Post-Installation Configuration
You must complete the tasks in this section after you complete the installation.
Run the following Windows Installer scripts from an elevated command prompt on every instance of
these servers before proceeding:
\Setup\CSServices.msi
After you run setup, run the following cmdlet each time you open the Lync Server Management Shell:
Import-Module LyncOnline
Note This step is not necessary if you are running Windows Server 2012.
Enable-CsAdForest
Enable-CsAdDomain
36
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Enable-CsTopology
Enable-CsServiceTopology
The first command extends the Active Directory schema to include information required by the Lync
Server 2013 Hosting Pack. The second command prepares the Active Directory forests for operation of
the Lync Server 2013 Hosting Pack. The third command prepares the Active Directory domain for the
Lync Server 2013 Hosting Pack. The remaining commands re-publish and enable the topology.
Part of the Active Directory domain preparation is the creation of the root tenant OU, \OCS Tenants.
Tenants can be created either directly in this directory, or in one or more levels of nested reseller OUs.
This command sets the AddressBookAvailability parameter to WebSearchOnly. Keep in mind that if
client policies are set at the site or user level, these policies must also have the AddressBookAvailability
parameter set to WebSearchOnly. For example, if there is a client policy for users on the Redmond site,
you must set the AddressBookAvailability property of that policy:
Set-CsClientPolicy Identity site:Redmond AddressBookAvailability
WebSearchOnly
37
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
When you create a dial plan, a default normalization rule is associated with that dial plan. You should
modify that normalization rule to apply to the dial plan. Here is an example of modifying a normalization
rule for the SeattleDialPlan we just created:
New-CsVoiceNormalizationRule Identity Site:Seattle/SeattlePrefix
Pattern ^9(\d*){1,5}$ Translation +1206$1
The preceding dial plan was created at the user scope, which means it must be assigned directly to the
user or users to whom it will apply. To assign a dial plan to a user, use the Grant-CsDialPlan cmdlet:
Grant-CsDialPlan Identity john@contoso.com PolicyName
"SeattleDialPlan"
If the IP PBX is not qualified for Lync Server you can use a Sessions Border Controller (SBC). For more
information, see Components and Topologies for SIP Trunking at http://technet.microsoft.com/en-
us/library/gg398720(v=ocs.15).aspx.
1. Run ldp.exe.
2. In the Connection menu, click Connect.
3. In the Connection menu, click Bind.
38
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
4. In the View menu, click Tree and select the configuration partition from drop-down menu, then
click OK.
Note: The configuration partition option is the one that begins with CN=Configuration.
5. Right-click the root node, select Modify, and then do the following:
a. In the Edit Entry box, enter otherWellKnownObjects for Attribute and
B:32:DE8197E3283B2C439A62F871E529F7DD:<DN of root tenant OU here> for
Values.
b. In the Operation box, select Replace and then click Enter.
c. Click Run.
6. On the Connection menu, click Exit to close ldp.exe.
39
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Alternatively, to open the Active Directory Module for Windows PowerShell window, on the Start menu,
click Administrative Tools, and then click Active Directory Module for Windows PowerShell.
The following commands will copy the tenant OU, based on the globally-unique identifier (GUID) of the
OU, into the msRTCSIP-TenantId and msRTCSIP-ObjectId attributes.
$OU = "OU=fabrikam,OU=OCS Tenants,DC=litwareinc,DC=com"
$GUID = $OUObject.ObjectGUID
The first line in the preceding commands sets a variable to the full LDAP path of the OU we want to set.
The second line calls the Get-ADOrganizationalUnit cmdlet to retrieve that OU, storing it the variable
$OUObject. The third line retrieves the GUID, stored in the ObjectGUID property, of the OU and stores it
in another variable ($GUID). Next we need to set the msRTCSIP-TenantId and msRTCSIP-ObjectId
properties.
$OUObject |Set-ADOrganizationalUnit -Replace @{'msRTCSIP-
TenantId'=$GUID}
$OUObject |Set-ADOrganizationalUnit -Replace @{'msRTCSIP-
ObjectId'=$GUID}
In these two lines we pipe the OU object that is stored in our $OUObject variable to the Set-
ADOrganizationalUnit cmdlet. Set-CsADOrganizationalUnit has a number of parameters that allow you
to directly set Active Directory properties, such as Server, City, and PostalCode. For the less-commonly
used properties, such as msRTCSIP-TenantId, we use the Replace parameter, passing it the name of the
property we want to set and the value we want to set it to. Using the Replace parameter will replace any
value or values currently stored in that property with the value you specify.
Finally, we retrieve all the users in the specified OU and set the msRTCSIP-GroupingId and msRTCSIP-
TenantId properties to the GUID of the OU:
Get-ADUser -LDAPFilter "(ObjectClass=user)" -SearchBase $OU -
Properties msRTCSIP-GroupingID,msRTCSIP-PrimaryUserAddress,comment
|Set-ADUser -Replace @{'msRTCSIP-GroupingID'=$GUID}
40
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
The first thing we do in each of these commands is to retrieve all the users in the OU. We do that by
calling the Get-ADUser cmdlet and passing values for the LDAPFilter and SearchBase parameters. The
LDAPFilter value specifies that we want to retrieve all users who actually are users, meaning their
ObjectClass property has a value of user. The SearchBase property is set to the FQDN of the OU (which
we stored previously in the $OU variable). Notice that we also supply values for the Properties
parameter. This isnt necessary, but it will speed up your query by limiting the amount of data about
each user that is returned. This is especially useful if youre running these commands over a remote
session.
After weve retrieved all the users in the specified OU, we pipe that information to the Set-ADUser
cmdlet, which will modify the settings for each of those users. We again use the Replace parameter, this
time replacing the value in the msRTCSIP-GroupingId property with the GUID of the OU. Finally, we do
the exact same thing, but this time replacing the value of the msRTCSIP-TenantId property with the
GUID.
1. Run the following cmdlet to retrieve your topology file, replacing the path with the correct path
for your environment.
(Get-CsTopology -AsXml).ToString() > C:\Topology.xml
2. Edit the topology.xml file using Notepad, and find the InternalDomains AllowAllDomains="false"
section. Change the value for the section from "false" to "true".
The value is case-sensitive.
41
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Next, use ADSIEdit or other tool to add the domain to the msRTCSIP-Domains attribute of the tenant
OU. Afterward, you should see the domain listed when querying the properties of the tenant:
Id Domains
-- -------
OU=fabrikam.com,OU=OCS Tenants,DC=fabrikam,DC=com {fabrikam.com}
OU=fabrikam.net,OU=OCS Tenants,DC=fabrikam,DC=net {fabrikam.net}
9.6.1 Create Tenant Exchange Dial Plan and Exchange UM Mailbox Policy
To enable users for Exchange UM, they must be assigned a dial plan and Exchange UM mailbox policy. In
order for each tenant organization to have its own dial-by-name directory and other forms of privacy,
each tenant must be assigned to a different dial plan. A tenant dial plan and associated Exchange UM
mailbox policy can be created using the following Exchange 2013 Management Shell command:
New-UMDialplan -Name "<TenantDialPlanName>" -UriType SipName -
NumberofDigitsInExtension <TenantExtensionDigits> -VoIPSecurity
Secured -CountryorRegionCode 1 -GenerateUMMailboxPolicy $true -
AccessTelephoneNumbers <TenantAccessTelephoneNumber>
42
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
This example uses variables as placeholders that you should replace with real values when provisioning
a tenant:
TenantDialPlanName A unique name for the dial plan. It is advantageous for troubleshooting
purposes to have the TenantDialPlanName reflect the name of the tenant and reseller.
The UriType specifies the URI type that will be sent and received with SIP messages. Possible values are
SipName, E164, and TelExtn. The VoIPSecurity parameter can have a value of Secured, SIPSecured, or
Unsecured. GenerateUMMailboxPolicy is True by default, which indicates that we want to create an
Exchange UM mailbox when the dial plan is created.
Create an Exchange UM hunt groups for each dial plan. This links the configuration of each dial
plan to the Exchange UM IP gateway by creating hunt groups including each of the
TenantAccessTelephoneNumbers.
During testing, this script was run repeatedly without damaging existing dial plans or other Exchange
UM configurations. For additional safety and efficiency, hosts may want to develop modified versions of
exchucutil.ps1 that perform only the functions specific to a new tenant.
43
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
3. To run the Exchange UM Integration Utility, type the following command and then press Enter:
OcsUmUtil.exe
4. Click Load Data. You should see all of the Exchange Server dial plans listed in the left column,
SIP Dial Plans, but with no contacts listed for the most-recently added dial plan.
o Organizational Unit For the purpose of developing this documentation, all Lync Server
contacts related to Exchange UM were stored in a root-level OU named Lync UM
Contacts.
o SIP Address This should take the form of sip:<PhoneContext of the dial plan, as reported
by the Exchange Management Shell cmdlet get-umdialplan>@<TenantSipDomain> (for
example, sip:exumcontact@fabrikam.com).
o Server or pool Select your Front End pool, not your Director pool.
o Phone Number This should be one of the E.164 phone numbers contained in the
AccessTelephoneNumbers property, as reported by the Exchange Management Shell
cmdlet Get-UMDialPlan.
6. Click OK. After you have created the contact, you will still see a red exclamation point and the
following error message:
A location profile has not been created that matches this dial plan. Until a location profile is
created, the UM play-on-phone and call transfer features may not work (ignore this error for
Exchange 14 SP1 and above).
44
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
As the error message states, you can safely ignore it. Avoid creating a Lync Server dial plan that
matches the Exchange Server dial plan.
7. To be able to associate UM-related contacts with a tenant organization, Lync Server 2013
Hosting Pack uses the Active Directory attribute msRTCSIP-TenantId to associate tenant OUs,
users, and contacts. You can create this association by running the following commands as an
administrator at an Active Directory Module for Windows PowerShell command prompt, which
will copy the tenant OUs globally-unique identifier (GUID) into the msRTCSIP-TenantId and
msRTCSIP-GroupingId attributes of the contact:
$OU = "OU=fabrikam,OU=OCS Tenants,DC=litwareinc,DC=com"
$Contact = "CN=tenant1,OU=fabrikam,OU=OCS
Tenants,DC=litwareinc,DC=com"
$GUID = $OUObject.ObjectGUID
These commands begin by setting some variables that will be used to retrieve and set information. The
first variable we set is $OU, which contains the distinguished name (DN) of the OU you want to work
with. The second variable, $Contact, contains the DN of the contact you want to associate with the OU.
Next, call the Get-ADOrganizationalUnit command, passing it the DN of the OU to retrieve the OU
object, and then store that object in the $OUObject variable. Finally, you retrieve the GUID for that OU
object from the ObjectGUID property and store it in the $GUID variable.
Now you are ready to set the contact attributes in the same way that you set the attributes on the users
as described previously in the Set TenantId and ObjectId section.
10 Configuring Federation
Federation makes it possible for external users who are not users on your domain, including
authenticated and anonymous remote users, federated partners, mobile clients and users of public
instant messaging (IM) services, to communicate with other users in your organization using Lync
Server.
45
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Note that unlike most Lync Server Get-* cmdlets, you cannot call Get-CsTenantFederationConfiguration
with no parameters to return all configurations, you must specify a Tenant ID. Tenant IDs are in the form
of a GUID. For example, your command to retrieve a tenant federation configuration will look something
like this:
Get-CsTenantFederationConfiguration -Tenant 595b58ab-3137-406a-a32b-
32e23fc8b56b
Another way to retrieve a tenant federation configuration would be to first retrieve the tenant ID, save
the ID to a variable, then pass that variable to the Get-CsTenantFederationConfiguration cmdlet, as
shown in the following commands:
$t = Get-CsTenant | Where-Object {$_.DisplayName eq "Tenant1"}
Get-CsTenantFederationConfiguration Tenant $t.TenantId
The first command calls Get-CsTenant to retrieve all tenants, and then it pipes that list of tenants to the
Where-Object cmdlet. Where-Object looks for the tenant with a DisplayName that is equal to (-eq)
Tenant1. That tenant is saved to the variable $t. Now when we call Get-
CsTenantFederationConfiguration we can pass the TenantId value for the tenant we just retrieved. By
using these commands we were able to retrieve a tenant federation configuration without having the
type in a GUID.
46
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Have all tenants create an automatic setup script for Lync clients to add the FQDN for the
hosting provider as described at http://support.microsoft.com/kb/2531068/en-
us?wa=wsignin1.0
When configuring federation between hosted tenants, where one tenant uses SAN certificates
(sip.tenantdomain.com) on their Edge server and another does not, you should use the following
cmdlets to add each tenant domain individually instead of adding the tenant as a trusted hosting
provider.
New-csalloweddomain [tenantdomain.com]
Set-csalloweddommain identity tenantdomain.com proxyfqdn
FQDN.to.hostingLPH.Edge
You will need to run these cmdlets for each tenant in your deployment that you want to enable
federation for, but this method allows you to also enable federation for the tenants using Edge
certificates by using the same process.
2. Configure the on-premises deployment to add the hosting deployment as a hosted cloud.
3. Configure the hosted deployment to add the on-premises domain to the Allow list.
To allow a tenant to communicate with other domains, you must add those domains to the
Allow list. To add domains to the Allow list for a tenant, run the following commands:
$d1 = New-CsEdgeDomainPattern -Domain "fabrikam.com"
$d2 = New-CsEdgeDomainPattern -Domain "contoso.com"
47
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
The first two commands call the New-CsEdgeDomainPattern cmdlet. This cmdlet creates the
domain object that will be added to the Allow list. Notice that we assigned the results of these
commands to variables ($d1 and $d2). If you dont assign the new object to a variable, that
object will be created only in memory and will not be saved.
Next, we call New-CsEdgeAllowList with the AllowedDomain parameter. We add the two
domains we just created to the Allow list and save the list object to the variable $a. Like New-
CsEdgeDomainPattern, the object is created only in memory so we must save it to a variable.
Finally, we call Set-CsTenantFederationConfiguration, specifying the ID (that is, the GUID) of the
tenant we want to modify as the value for the Tenant parameter, and the list we just created as
the value for the AllowedDomains parameter.
48
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
To remove a single domain from a tenants Block list, run commands similar to the following:
$bd2 = New-CsEdgeDomainPattern -Domain "contoso.com"
Set-CsTenantFederationConfiguration -Tenant [TenantID] -BlockedDomains
@{Remove=$bd2}
49
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
The first command creates an empty Allow list. The second command then assigns that list to the tenant
federation configuration. To remove only one domain from the list, youll need to recreate the list
without the specific domain you want to remove.
50
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
This format has the advantage of not needing an additional SAN on the Reverse Proxy certificate for
each additional Tenant Organization added to the platform.
Note If you are using Windows Server 2012, the modules may be loaded automatically.
To verify that the modules loaded successfully, run the following cmdlet:
Get-Module
The following modules should be listed:
ActiveDirectory
Lync
LyncOnline
51
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
To verify that the settings were applied, run the following cmdlet:
(Get-CsSimpleUrlConfiguration -Identity "Global").UseBackEndDatabase
$TenantSIPDomain = fabrikam.com
$BaseMeetingURL = "https://meet.litwareinc.com/"
52
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
To confirm the Tenant Org meeting URL successfully created, run the following cmdlet. Where [Tenant
Name] is replaced with the name of the Tenant Name:
(Get-CsSimpleUrlConfiguration Tenant ((Get-CsTenant | where{$_.name
eq [Tenant Name]}).TenantId)).simpleurl | ft AutoSize
Use the value returned for the TenantId into the following cmdlet:
(Get-CsSimpleUrlConfiguration -Tenant "TenantID GUID").simpleurl | ft
AutoSize
To verify that the DNS name was set, run the following cmdlet:
(Get-CsProvisionServiceConfiguration).SimpleUrlDNSName
The first line removes any existing address book policy for the user john@contoso.com.
The next line enables Exchange UM for that user. Keep in mind that this command will run successfully
only if the Exchange Unified Messaging Service is running.
53
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
To run the Enable-UMMailbox cmdlet you can use any of the values listed above for the Identity of the
user. The value you specify for the UMMailboxPolicy parameter must be the Name of an existing
Exchange UM mailbox policy. To find existing UM mailbox policies, run the following cmdlet:
Get-UMMailboxPolicy
To create a new Exchange UM mailbox policy (and the associated Exchange UM dial plan), follow the
instructions previously in the Create Tenant Exchange Dial Plan and Exchange UM Mailbox Policy
section.
The value you specify for the Extensions parameter of the Enable-UMMailbox cmdlet must match the
values allowed in the specified Exchange UM dial plan. For example, if the UM dial plan requires that
extensions consist of five digits, the value specified for the Extensions parameter in the call to Enable-
UMMailbox can be any 5-digit number, such as 12345.
If youre enabling the user with a SIP URI or E.164 dial plan, the call to Enable-UMMailbox requires a
value for the parameter SIPResourceIdentifier. The SIPResourceIdentifier is a user principal name,
similar to id1@contoso.com. This value should have a suffix matching the tenant SIP domain of the Lync
Server contact object. For details, see the previous Create Tenant SIP Domain section in this
document.
This example also includes the personal identification number (PIN) parameter, where you specify the
PIN the user can user to access the mailbox. If you do not specify a PIN, a value is generated
automatically and sent to the user.
The following example script reads the GUID of the tenant OU and populates the msRTCSip-TenantId
and msRTCSip-GroupingId with the value of the GUID. You can run these commands from the Active
Directory Module for Windows PowerShell.
$OU = " OU=fabrikam,OU=OCS Tenants,DC=litwareinc,DC=com"
$GUID = $OUObject.objectguid
54
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
The DN of the user whose Tenant ID value User Replicator tried to replicate
is:
[User Distinguished Name]
Cause: Typically caused by manual modification of msRTCSIP-TenantId attribute value instead of using
management tools
Resolution:
55
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Restore the original value of msRTCSIP-TenantId attribute or delete the user from AD. You may use
Dbanalyze to diagnose the problem.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="LS User Replicator" />
<EventID Qualifiers="33777">30039</EventID>
<Level>3</Level>
<Task>1009</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-10-25T21:19:51.000000000Z" />
<EventRecordID>2414</EventRecordID>
<Channel>Lync Server</Channel>
<Computer>[Server FQDN]
<Security />
</System>
<EventData>
<Data>[User Distinguished Name]
<Data>[Windows Domain DNS Name]</Data>
</EventData>
</Event>
If you need to set a user's msRTCSIP-GroupingId or msRTCSIP-TenantId after the user has been enabled
for Lync Server, you need to first disable the users account in Lync Server, change the values, and then
enable the user for Lync Server again.
12.3 Configure the user Base Simple URL with the Tenant
Organizations Base URL
As part of the tenant user account creation process the msRTCSIP-BaseSimpleURL attribute needs to be
populated with the tenant organizations base URL. To do so, run the following commands from the
Active Directory module for Windows PowerShell window:
$CompanyName = "Litware Inc."
$BaseURL = "https://meet.litwareinc.com/"
$TargetOU = "OU="+$CompanyName+","+$PathRoot
56
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
$BaseURL = "https://meet.litwareinc.com/"+$SIPDomain
Important The value for the BaseURL property must use the https:// prefix.
The following example set of commands enables a user on Lync Server who is already enabled for
Exchange UM located within the tenant OU:
Enable-CsUser -Identity <UserPrincipalName> -RegistrarPool <FQDN of
Front End Pool> -SipAddressType UserPrincipalName
After the user is enabled on Lync Server, the user must be granted access to a Lync Server dial plan. In
this example, a single Lync Server dial plan is used for all users. Using a single Lync Server dial plan for all
tenant users is recommended because the maximum number of dial plans supported by Lync Server
could constrain the total number of tenants if each one were given their own dial plan. To create a new
dial plan, see the Lync Server Dial Plans section. The following command demonstrates how to assign
the dial plan TenantDP to the user:
Grant-CsDialPlan -Identity kenmyer@fabrikam.com -PolicyName TenantDP
After the user is enabled for Lync Server and has access to a dial plan, the user can be enabled for
Enterprise Voice by running the following command:
Set-CsUser kenmyer@fabrikam.com -EnterpriseVoiceEnabled $true -LineURI
tel:+12065551234
The line URI is the telephone number through which the user can be reached via the PSTN. That number
must have been properly provisioned with your SIP trunk provider.
After you complete this step, the user should be able to log on and use Enterprise Voice and Exchange
UM features.
57
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
12.6 Providing the Lync Server 2013 Interface for online meeting
When participants join a meeting hosted by tenant users, the default user interface is based on Lync
Server 2010. To provide the Lync Server 2013 interface, you will need to use the user experience policy
cmdlets to configure this. For more information, see New-CsUserExperiencePolicy and Grant-
CsUserExperiencePolicy.
A user can dial-out from a Lync Server conference to a Lync Server user who was not part of the
original conference invitee list or call-out to someone who will attend by phone only.
Users can mute or unmute themselves and others on Lync Server VoIP and PSTN.
The Lync Server Multitenant Hosting Pack includes an audio conference provider, which serves as the
signaling and control gateway between Lync Server and audio conferencing provider environments. This
component initiates the audio bridging, and connects through access point to the audio conferencing
provider module within the conferencing architecture in audio conferencing provider.
The audio conferencing provider module abstracts the Centralized Conference Control Protocol (C3P) for
native Lync Server integration with audio conferencing provider environment. It handles the control
channel between Lync Server and the audio conferencing provider including managing basic signaling,
such as roster updates and adding users via conferencing dial-out.
58
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
Hosts can use the audio conferencing provider SDK to develop internal applications for conference
initiation, session management, and conference control.
By developing a script to enable a bulk upload of attributes for provisioning a large number of
tenant users all at the same time
The audio conferencing provider attributes needed to provision users are as follows:
ID
First Name
Last Name
Tollnumber
TollFreeNumber
Name
Web
Domain
Port
59
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
4. The Lync Server scheduling client (that is, Online Meeting Add-in for Lync 2013) issues
addConference to the Focus Factory along with audio conferencing provider-specific dial-in
information.
Note To understand the role of the Focus Factory in the Lync Server 2013 conferencing topology, see
Conference Features in the TechNet Library at http://go.microsoft.com/fwlink/?LinkId=230850.
5. The Focus Factory creates conference and returns conference info to scheduling client.
2. The audio conferencing provider module responds with the bridge URI to be used for the audio
bridging initiation when users join from both modalities (that is, VoIP, PSTN).
60
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
3. The audio conferencing provider conferencing server retains the bridge URI to initiate bridging
after users join via both PSTN and VoIPConference activation.
2. The Focus sends adduser command to the audio conferencing provider conferencing server.
3. The audio conferencing provider conferencing server forwards INFO command to audio
conferencing provider module via INVITE dialog box.
4. The audio conferencing provider module sends calls out command to the audio conferencing
provider environment.
5. The audio conferencing provider module sends NOTIFY in SUBSCRIBE dialog back to audio
conferencing provider conferencing server that the user is connected.
6. The audio conferencing provider conferencing server sends userconnected to the Focus.
61
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
2. The audio conferencing provider conferencing server sends adduser dial-out request to the A/V
Conferencing Server with bridge URI received at conference activation.
3. A/V Conferencing Server establishes RTP stream with audio conferencing provider Session
Border Controller (SBC) via the Mediation Server.
5. Bridged audio stream between A/V Conferencing Server and PSTN bridge.
62
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
2. The Focus sends a command to the audio conferencing provider conferencing server.
3. The audio conferencing provider conferencing server sends an INFO command to audio
conferencing provider module using the established INVITE dialog box.
4. The audio conferencing provider module sends command to PSTN middleware and bridge to act
on command (for example, mute user or lock conference).
5. The audio conferencing provider module sends a NOTIFY to the audio conferencing provider
conferencing server via the SUBSCRIBE dialog box, indicating new state of participant.
6. The audio conferencing provider conferencing server sends a command back to the Focus, to
indicate new state of participant.
Mute all Currently PSTN users cannot use dual-tone multifrequency (DTMF) codes to mute
all, including VoIP usersonly the PSTN audio attendees will be muted.
Locked conference with no PSTN users on audio conferencing provider bridge There is a valid
scenario where all participants join via Lync audio (that is, VoIP) and choose to lock the
conference so that no additional users may join by either modality. The audio conferencing
provider module will receive the conference lock command from the audio conferencing
provider conferencing server and must initiate a locked conference state on a bridge where no
participants joined via the PSTN; therefore, no conference exists.
Blocked calls from participants PSTN participants that block their phone number (for example,
by using *67) will show up in the client as a random phone number generated from the audio
conferencing provider. The software development kit (SDK) doesnt currently support non-
63
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
integers as values. As a result, values like Guest, No Phone Available, and so on are not
currently supported. Note that if the audio conferencing provider receives a blocked call via a
toll-free number, the number will be presented with a flag for Blocked, and so on. The audio
conferencing provider must act on the flag and send a randomly generated number to denote
the participant in Lync.
14 Code Samples
This section introduces how a service provider or an independent software vendor (ISV) can automate
provisioning using .NET Framework and the Lync Server Multitenant Hosting Pack management shell.
The selected examples are tasks that most hosting providers with a Lync Server Multitenant Hosting
Pack deployment will need to do on a routine basis. You can use the code samples in this section as a
starting point for customizing or creating control panels involved in managing the provisioning process.
Before using these samples, you should be familiar with the cmdlets that are installed with Lync Server
Multitenant Hosting Pack, which provide a wide range of provisioning and management capabilities.
14.1 Prerequisites
Before you use any of the samples in this section, verify that these prerequisites are available in your
environment:
Lync Server 2013 Multitenant Hosting Pack
14.2 Dependencies
All code samples require the following using directives:
using System;
using System.Collections;
using System.Collections.ObjectModel;
// powershell namespaces
using System.Management.Automation.Runspaces;
using System.Management.Automation;
using System.Text;
using System.Data.SqlClient;
64
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
see Active Directory Administration with Windows PowerShell in the TechNet Library at
http://go.microsoft.com/fwlink/?LinkId=235838.
These samples also use the Lync Server cmdlets.
Set the msRTCSIP-TenantId and msRTCSIP-ObjectId to a unique identifier which will be used to
identify the tenant in the Lync Server Multitenant Hosting Pack operating environment and to
associate users with that tenant.
The following sample demonstrates the automation of these steps by invoking Windows PowerShell
commands via C# code.
// sip domain and tenant DN
string sipDomain = "AlpineSkiHouse.com";
string distinguishedName =
"ou=AlpineSkiHouse,ou=ConsolidatedMessenger,ou=OCS
Tenants,dc=fabrikam,dc=com";
65
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
{
// open the runspace
runspace.Open();
}
using (Pipeline pipeline = runspace.CreatePipeline())
{
// create a hashtable to contain the property settings for the
OU
// these will add the SIP domain to the upnSuffixes and
msRTCSIP-Domains properties
Hashtable properties = new Hashtable();
properties.Add("upnSuffixes", sipDomain);
properties.Add("msRTCSIP-Domains", sipDomain);
pipeline.Invoke();
}
66
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
pipeline.Invoke();
}
}
67
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
"LyncOnline"
});
// create a runspace using the session state.
using (Runspace runspace = RunspaceFactory.CreateRunspace(session))
{
// open the runspace
runspace.Open();
}
using(Pipeline pipeline = runspace.CreatePipeline())
{
// create a hashtable to contain the property settings for the
OU
Hashtable properties = new Hashtable();
properties.Add("upnSuffixes", sipDomain);
properties.Add("msRTCSIP-Domains", sipDomain);
pipeline.Invoke();
68
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
}
}
// create an initial session state with the Lync 2013 modules loaded
InitialSessionState session = InitialSessionState.CreateDefault();
session.ImportPSModule(new string[]
{
"Lync",
"LyncOnline"
});
69
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
builder.AppendLine("\t$newList = New-CSEdgeAllowList -
AllowedDomain $domain");
builder.AppendLine("\tSet-CsTenantFederationConfiguration -Tenant
$tenant.TenantId -AllowedDomains $newList");
builder.AppendLine("}");
builder.AppendLine("else");
builder.AppendLine("{");
builder.AppendLine("\t$allowList.AllowedDomain.Add($domain)");
builder.AppendLine("\tSet-CsTenantFederationConfiguration -Tenant
$tenant.TenantId -AllowedDomains $allowList");
builder.AppendLine("}");
// create an initial session state with the Lync 2013 modules loaded
InitialSessionState session = InitialSessionState.CreateDefault();
session.ImportPSModule(new string[]
{
"Lync",
"LyncOnline"
});
70
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
builder.AppendLine("Set-CsTenantFederationConfiguration -Tenant
$tenant.TenantId -BlockedDomains $config.BlockedDomains");
14.3.6 Removing Domains from the Tenant Allow List for Federation
If you need to remove a previously added Allowed domain from a specific tenant, you can use a similar
technique to the one you used to add it to remove it.
// allowed domain and tenant DN
string allowedDomain = "AdventureWorks.com";
string distinguishedName =
"ou=AlpineSkiHouse,ou=ConsolidatedMessenger,ou=OCS
Tenants,dc=fabrikam,dc=com";
// create an initial session state with the Lync 2013 modules loaded
InitialSessionState session = InitialSessionState.CreateDefault();
session.ImportPSModule(new string[]
{
"Lync",
"LyncOnline"
});
71
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
builder.AppendLine("\t$config.AllowedDomains.AllowedDomain.Remove($dom
ain)");
builder.AppendLine("\tSet-CsTenantFederationConfiguration -Tenant
$tenant.TenantId -AllowedDomains $config.AllowedDomains");
builder.AppendLine("}");
14.3.7 Removing Domains from the Tenant Block List for Federation
If you need to remove a previously added Blocked domain from a specific tenant, you can use a similar
technique to the one you used to add it to remove it.
// blocked domain and tenant DN
string blockedDomain = "BadDomain.com";
string distinguishedName =
"ou=AlpineSkiHouse,ou=ConsolidatedMessenger,ou=OCS
Tenants,dc=fabrikam,dc=com";
72
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
// create an initial session state with the Lync 2013 modules loaded
InitialSessionState session = InitialSessionState.CreateDefault();
session.ImportPSModule(new string[]
{
"Lync",
"LyncOnline"
});
73
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
// tenant DN
string distinguishedName =
"ou=AlpineSkiHouse,ou=ConsolidatedMessenger,ou=OCS
Tenants,dc=fabrikam,dc=com";
// create an initial session state with the Lync 2013 modules loaded
InitialSessionState session = InitialSessionState.CreateDefault();
session.ImportPSModule(new string[]
{
"Lync",
"LyncOnline"
});
74
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
// create an initial session state with the Lync 2013 modules loaded
InitialSessionState session = InitialSessionState.CreateDefault();
session.ImportPSModule(new string[]
{
"Lync",
"LyncOnline"
});
75
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
}
}
The following example shows the AddAllowedDomain function called in the sample above.
public void AddAllowedDomain(string distinguishedName, string
allowedDomain)
{
// create an initial session state with the Lync 2013 modules
loaded
InitialSessionState session = InitialSessionState.CreateDefault();
session.ImportPSModule(new string[]
{
"Lync",
"LyncOnline"
});
76
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
runspace.SessionStateProxy.SetVariable("dn",
distinguishedName);
runspace.SessionStateProxy.SetVariable("domainName",
allowedDomain);
// build a script for adding the domain
StringBuilder builder = new StringBuilder();
builder.AppendLine("$tenant = Get-CsTenant -Identity $dn");
builder.AppendLine("$domain = New-CsEdgeDomainPattern -Domain
$domainName");
builder.AppendLine("$config = Get-
CsTenantFederationConfiguration -Tenant $tenant.TenantId");
builder.AppendLine("$all = New-CsEdgeAllowAllKnownDomains");
builder.AppendLine("$allowList = $config.AllowedDomains");
// test to see if AllowedDomains property is equal to
Microsoft.Rtc.Management.WritableConfig.Settings.Edge.AllowAllKnownDom
ains
builder.AppendLine("if($allowList.GetType() -eq
$all.GetType())");
builder.AppendLine("{");
builder.AppendLine("\t$newList = New-CSEdgeAllowList -
AllowedDomain $domain");
builder.AppendLine("\tSet-CsTenantFederationConfiguration -
Tenant $tenant.TenantId -AllowedDomains $newList");
builder.AppendLine("}");
builder.AppendLine("else");
builder.AppendLine("{");
builder.AppendLine("\t$allowList.AllowedDomain.Add($domain)");
builder.AppendLine("\tSet-CsTenantFederationConfiguration -
Tenant $tenant.TenantId -AllowedDomains $allowList");
builder.AppendLine("}");
77
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
// create an initial session state with the Active Directory and Lync
Server // modules loaded.
78
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
// if the tenant did not exist the Invoke would have thrown
// an exception
PSObject tenant = result[0];
pipeline.Invoke();
}
//grant the dial plan
using (Pipeline pipeline = runspace.CreatePipeline())
{
Command cmd = new Command("Grant-CsDialPlan");
cmd.Parameters.Add("Identity", userPrincipalName);
cmd.Parameters.Add("PolicyName", dialPlanName);
pipeline.Commands.Add(cmd);
pipeline.Invoke();
79
Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide
}
//set the grouping and tenant ids
using (Pipeline pipeline = runspace.CreatePipeline())
{
Hashtable properties = new Hashtable();
properties.Add("msRTCSIP-GroupingID", tenantId);
properties.Add("msRTCSIP-TenantId", tenantId);
properties.Add("msRTCSIP-BaseSimpleUrl", simpleUrl);
Command getCmd = new Command("Get-AdUser");
getCmd.Parameters.Add("Identity", userPrincipalName);
pipeline.Commands.Add(getCmd);
pipeline.Invoke();
}
}
80