admin guide lync

Microsoft Lync Server 2010 Administration Guide

Microsoft Lync Server 2010Published: May 2011

This document is provided “as-is”. Information and views expressed in this document, including

URL and other Internet Web site references, may change without notice.

Some examples depicted herein are provided for illustration only and are fictitious. No real

association or connection is intended or should be inferred.

This document does not provide you with any legal rights to any intellectual property in any

Microsoft product. You may copy and use this document for your internal, reference purposes.

Copyright © 2011 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, ActiveSync, ActiveX, DirectX, Excel, Forefront, Groove, Hyper-V,

Internet Explorer, Lync, MSDN, MSN, OneNote, Outlook, PowerPoint, RoundTable, SharePoint,

Silverlight, SQL Server, Visio, Visual C++, Visual Studio, Windows, Windows Live, Windows

Media, Windows PowerShell, Windows Server, and Windows Vista, are trademarks of the

Microsoft group of companies. All other trademarks are property of their respective owners.

Contents

Lync Server Administrative Tools.................................................................................................1

Administrative Tools Infrastructure Requirements....................................................................3

Requirements to Publish a Topology.....................................................................................3

Planning for Simple URLs.....................................................................................................4

DNS Requirements for Simple URLs....................................................................................7

Edit or Configure Simple URLs.............................................................................................9

Server and Tools Operating System Support.........................................................................15

Administrative Tools Software Requirements.........................................................................17

Administrator Rights and Permissions Required for Setup and Administration......................18

Requirements to Publish a Topology......................................................................................21

Install Lync Server Administrative Tools.................................................................................23

Open Lync Server Administrative Tools..................................................................................24

Lync Server Control Panel.........................................................................................................28

Managing Users..................................................................................................................... 29

Search for Lync Server 2010 Users....................................................................................29

Add a New User to Lync Server 2010.................................................................................30

Enable or Disable Users for Lync Server 2010...................................................................31

Set, View, and Send a User's Dial-in Conferencing PIN.....................................................32

Move Users to Another Pool...............................................................................................33

Assign Policies to Users.....................................................................................................36

Assign a Conferencing Policy to Modify a User's Default Meeting Experience................36

Specify Client Versions Supported for Sign-in by a User.................................................38

Assign Specific Dial-in Conferencing PIN Security Settings to a User.............................39

Apply External User Access Policies to Users.................................................................41

Configure Archiving of a User's Communications............................................................42

Assign a Location Policy to a User..................................................................................43

Presence Policy Settings.................................................................................................45

Enable Users for Enterprise Voice......................................................................................47

Configure Telephony for Users...........................................................................................49

Managing Computers in Your Topology..................................................................................51

View a List of Computers Running Lync Server 2010.........................................................51

View the Status of Services Running on a Computer.........................................................52

View Details About a Service..............................................................................................52

Start or Stop Lync Server 2010 Services............................................................................53

Prevent Sessions for Services............................................................................................54

View Microsoft SIP Processing Language (MSPL) Server Applications..............................55

Enable or Disable a Microsoft SIP Processing Language (MSPL) Server Application........56

Mark a Microsoft SIP Processing Language (MSPL) Application as Critical or Not Critical 57

View a List of Trusted Applications.....................................................................................58

View the Simple URL Details..............................................................................................58

Filtering Instant Messages and Client Versions......................................................................60

Configuring Filtering for Instant Messaging (IM).................................................................60

Modify the Default File Transfer Filter..............................................................................63

Create a New File Transfer Filter for a Specific Site........................................................64

Modify the Default URL Filter...........................................................................................65

Create a New URL Filter to Handle Hyperlinks in IM Conversations...............................65

Specify Client Versions Supported for Sign-in by a User....................................................66

Configuring Voice Routing......................................................................................................68

Configuring Dial Plans and Normalization Rules................................................................68

Create a Dial Plan...........................................................................................................69

Modify a Dial Plan...........................................................................................................71

Defining Normalization Rules..........................................................................................74

Create or Modify a Normalization Rule by Using Build a Normalization Rule..................74

Create or Modify a Normalization Rule Manually............................................................76

Configuring Voice Policies, PSTN Usage Records, and Voice Routes...............................78

Configuring Voice Policies and PSTN Usage Records to Authorize Calling Features and

Privileges.....................................................................................................................78

Create a Voice Policy and Configure PSTN Usage Records...........................................78

Modify a Voice Policy and Configure PSTN Usage Records...........................................82

View PSTN Usage Records............................................................................................85

Configuring Voice Routes for Outbound Calls.................................................................85

Create a Voice Route......................................................................................................86

Modify a Voice Route.......................................................................................................88

Configuring Trunks and Translation Rules..........................................................................90

Configure Media Bypass on a Trunk................................................................................90

Configure a Trunk Without Media Bypass.......................................................................93

Defining Translation Rules...............................................................................................96

Create or Modify a Translation Rule by Using the Build a Translation Rule Tool.............96

Create or Modify a Translation Rule Manually.................................................................98

Exporting and Importing Voice Routing Configuration......................................................100

Export a Voice Route Configuration File........................................................................100

Import a Voice Route Configuration File........................................................................100

Test Voice Routing............................................................................................................102

Create a Voice Routing Test Case.................................................................................103

Export Voice Routing Test Cases..................................................................................104

Import Voice Routing Test Cases...................................................................................104

Running Voice Routing Tests.........................................................................................105

Run Informal Voice Routing Tests..................................................................................105

Run Voice Routing Test Cases......................................................................................107

Publish Pending Changes to the Voice Routing Configuration.........................................109

Configuring Incoming Call Handling Features......................................................................110

Configure Phone Number Extensions for Parking Calls....................................................110

Create a Call Park Orbit Range.....................................................................................110

Change a Call Park Orbit Range....................................................................................111

Delete a Call Park Orbit Range......................................................................................113

Configure Routing of Unassigned Phone Numbers..........................................................114

Create an Unassigned Number Range..........................................................................114

Change an Unassigned Number Range........................................................................116

Delete an Unassigned Number Range..........................................................................117

Managing Response Groups................................................................................................118

Managing Agent Groups...................................................................................................118

Create an Agent Group..................................................................................................119

Change Agent Group Settings or Members...................................................................121

Delete an Agent Group..................................................................................................123

Managing Response Group Queues................................................................................124

Create a Response Group Queue.................................................................................124

Change a Response Group Queue...............................................................................126

Delete a Response Group Queue.................................................................................127

Managing Response Group Workflows.............................................................................128

Response Group Configuration Tool Requirements......................................................128

Response Group Audio File Requirements...................................................................128

Design Call Flows by Using Interactive Voice Response...............................................129

(Optional) Define Response Group Business Hours and Holidays................................132

Create a Response Group Workflow.............................................................................135

Create a Hunt Group Workflow......................................................................................136

Create an Interactive Workflow......................................................................................140

Change a Response Group Workflow...........................................................................146

Change a Hunt Group Workflow....................................................................................146

Change an Interactive Workflow....................................................................................150

Delete a Response Group Workflow.............................................................................156

Managing On-Premises Meetings........................................................................................157

Configuring Conferencing Settings...................................................................................157

Modify the Default Conferencing User Experience........................................................157

Create or Modify Conferencing User Experience for a Site or Group of Users..............160

Conferencing Policy Settings Reference.......................................................................162

Delete a Conferencing Policy for a Site or Group of Users............................................164

Configuring the Meeting Join Experience.........................................................................165

Modify the Default Meeting Join Experience.................................................................165

Create or Modify Meeting Join Settings for a Site or Pool.............................................166

Delete Meeting Join Settings for a Site or Pool.............................................................167

Configure Settings for a Dial-in Conferencing Access Number.........................................168

Create or Modify a Dial-in Conferencing Access Number..............................................168

Delete a Dial-in Conferencing Access Number..............................................................170

Configure Dial-in Conferencing Personal Identification Number (PIN) Rules....................171

Modify the Default Dial-in Conferencing PIN Settings...................................................171

Create or Modify Dial-in Conferencing PIN Settings for a Site or Group of Users.........172

Delete Dial-in Conferencing PIN Settings for a Site or Group of Users.........................173

Configuring Support for Clients and Devices........................................................................175

Specify the Client Versions Supported in Your Organization.............................................175

View the Status of Services Running on a Computer.......................................................177

Modify the Default Action for Clients Not Explicitly Supported or Restricted.....................177

View Software Updates for Devices in Your Organization.................................................178

Add a Device to Test Update Functionality.......................................................................179

Modify Settings for Log Files of Device Update Activity....................................................180

Configure Security Settings for Lync 2010 Phone Edition.................................................181

Configure Voice Quality of Service for Lync 2010 Phone Edition......................................181

Configure Phone Lock for Lync 2010 Phone Edition.........................................................182

Managing External Connectivity...........................................................................................183

Enable or Disable External User Access for Your Organization........................................184

Enable or Disable Remote User Access for Your Organization.....................................185

Enable or Disable Federation for Your Organization.....................................................186

Enable or Disable Anonymous User Access for Your Organization...............................188

Manage Communications with External Users.................................................................189

Manage Remote User Access.......................................................................................190

Manage Federated Partner Access...............................................................................191

Configure Policies to Control Federated User Access...................................................192

Enable or Disable Discovery of Federation Partners.....................................................193

Control Access by Individual Federated Domains.........................................................194

Enable or Disable Sending an Archiving Disclaimer to Federated Partners..................196

Manage IM Provider Support.........................................................................................197

Configure Policies to Control Access by Users of IM Service Providers........................197

Specify Supported IM Service Providers.......................................................................199

Configure Conferencing Policies to Support Anonymous Users....................................202

Apply Policies for External User Access to Users..........................................................203

Apply External User Access Policies to Users...............................................................203

Apply Conferencing Policies to Support Anonymous Users..........................................204

Reset or Delete External User Access Policies.............................................................205

Delete a Site or User Policy for External User Access...................................................205

Reset the Global Policy for External User Access.........................................................206

Managing Monitoring............................................................................................................207

Create a Site Policy for Call Detail Recording...................................................................207

Create a Site Policy for Quality of Experience..................................................................208

Enable Call Detail Recording............................................................................................208

Enable Quality of Experience............................................................................................209

Configure Call Detail Recording........................................................................................210

Configure Quality of Experience.......................................................................................211

Delete a Site Policy for Call Detail Recording...................................................................211

Delete a Site Policy for Quality of Experience...................................................................212

Managing Archiving..............................................................................................................213

Configuring Support for Archiving of Internal and External Communications....................213

Change the Global Policy for Archiving of Internal and External Communications........214

Create a Site Policy for Archiving..................................................................................215

Enable or Disable Archiving for a Site...........................................................................216

Create a User Policy for Archiving.................................................................................216

Enable or Disable Archiving for Users...........................................................................218

Delete an Archiving Policy.............................................................................................219

Apply an Archiving Policy to a User or User Group.......................................................219

Enable or Disable Archiving..............................................................................................220

Specify the Types of Communications To Be Archived.....................................................221

Enable or Disable Purging for Archiving...........................................................................221

Block or Allow IM and Web Conferencing Sessions If Archiving Fails...............................222

Enable or Disable Sending an Archiving Disclaimer to Federated Partners......................223

Configuring Security.............................................................................................................224

Create a New Registrar....................................................................................................224

Modify an Existing Registrar.............................................................................................225

Delete a Registrar.............................................................................................................226

Create a New Web Service...............................................................................................227

Modify an Existing Web Service.......................................................................................228

Delete a Web Service.......................................................................................................229

Create a New PIN Policy..................................................................................................229

Modify an Existing PIN Policy...........................................................................................230

Delete a PIN Policy...........................................................................................................231

Configuring Your Network....................................................................................................232

Enabling Call Admission Control.......................................................................................232

Enabling Media Bypass....................................................................................................233

Configuring Location Policy..............................................................................................234

Configuring Bandwidth Policy Profile................................................................................238

Configuring Network Regions...........................................................................................240

Configuring Network Sites................................................................................................242

Configuring Network Subnets...........................................................................................244

Configuring Network Region Links....................................................................................246

Configuring Network Region Routes.................................................................................247

Configuring Network Site Links.........................................................................................249

Change the Web Services URL...........................................................................................251

Administering the Address Book Service.............................................................................253

Windows PowerShell Cmdlets for Address Book Services...............................................259

New-CsAddressBookConfiguration for Address Book Management.............................259

Set-CsAddressBookConfiguration for Address Book Management...............................260

Get-CsAddressBookConfiguration for Address Book Management..............................260

Remove-CsAddressBookConfiguration for Address Book Management.......................261

Test-CsAddressBookService for Address Book Management.......................................261

Test-CsAddressBookWebQuery for Address Book Management..................................262

Update-CsAddressBook for Address Book Management..............................................262

New-CsClientPolicy for Address Book Management.....................................................263

Set-CsClientPolicy for Address Book Management.......................................................263

Get-CsService for Address Book Management.............................................................264

New-CsWebServiceConfiguration for Address Book Management...............................266

Get-CsWebServiceConfiguration for Address Book Management.................................266

Set-CsWebServiceConfiguration for Address Book Management.................................267

Remove-CsWebServiceConfiguration for Address Book Management.........................267

Prevent New Connections to Lync Server 2010 for Server Maintenance.............................268

Delegating Control of Microsoft Lync Server 2010...............................................................269

Configure a New Trusted Application Server........................................................................271

Troubleshooting Lync Server 2010 Control Panel................................................................272

Configuring Federation Support for a Lync Online 2010 Customer.........................................274

Prerequisites for Federating with a Lync Online Customer..................................................274

Configure Domain Access for Federation with a Lync Online Customer..............................275

Configure Federation for a Lync Online Domain...............................................................275

Enable or Disable Domain Access for a Lync Online Customer........................................277

Configure User Access for Federation with a Lync Online Customer...................................278

Configure User Access for Lync Online Users..................................................................278

Configure User Access for Internal Lync Users.................................................................279

Verify Communications with a Lync Online Customer..........................................................279

Lync Server Administrative ToolsThis topic describes the administrative tools for Microsoft Lync Server 2010.

The administrative tools are installed by default on each Lync Server 2010 server. Additionally,

you can install the administrative tools on other computers, such as dedicated administrative

consoles. For procedures to install the administrative tools, see Install Lync Server Administrative

Tools. For procedures to open the tools to perform management tasks, see Open Lync Server

Administrative Tools.

Ensure that you review infrastructure, operating system, software, and administrator rights

requirements before you install or use the Lync Server administrative tools. For details about

infrastructure requirements, see Administrative Tools Infrastructure Requirements. For details

about operating system and software requirements to install the Lync Server 2010 administrative

tools, see Server and Tools Operating System Support, Additional Software Requirements, and

Additional Server Support and Requirements. The user rights and permissions required to install

and use the tools are described in Administrator Rights and Permissions Required for Setup and

Administration.

The administrative tools consist of the following:

Lync Server Deployment Wizard Use to deploy Lync Server 2010 and to install all

administrative tools.

Lync Server Topology Builder Use to define components in your deployment.

Lync Server Control Panel Use for ongoing management of your deployment by using a

web-based interface.

Lync Server Management Shell Use for ongoing management of your deployment by

using the command line.

Lync Server Logging tool Use to troubleshoot problems in your deployment.

You can manage your deployment by primarily using Topology Builder and Lync Server Control

Panel.

Deployment WizardYou must use the Lync Server Deployment Wizard included on the installation media to install all

administrative tools onto a computer on which you have not already installed Lync Server. During

the administrative tools installation process, the Lync Server Deployment Wizard is installed

locally along with the other tools so that you can later use it to install files for additional

components or remove files for components that you do not want on the computer.

For details about how to run the Lync Server Deployment Wizard for the first time from the Lync

Server 2010 installation media, see Install Lync Server Administrative Tools.

1

Topology BuilderFor details about deployment tasks that you can you perform by using Topology Builder, see the

Deployment documentation for each server role.

Lync Server Control PanelYou can use Lync Server 2010 Control Panel to perform most of the administrative tasks required

to manage and maintain Lync Server 2010.For details about administrative tasks you can perform

by using Lync Server 2010 Control Panel, see Lync Server Control Panel.

Lync Server Management ShellIn Lync Server 2010, the Lync Server Management Shell provides a new method for

administration and management. Lync Server Management Shell is a powerful management

interface, built on the Windows PowerShell command-line interface, that includes a

comprehensive set of cmdlets that are specific to Lync Server 2010. With Lync Server

Management Shell, you gain a rich set of configuration and automation controls. Topology Builder

and Lync Server Control Panel both implement subsets of these cmdlets to support management

of Lync Server 2010. The Lync Server Management Shell includes cmdlets for all Lync Server

2010 administration tasks, and you can use the cmdlets individually to manage your deployment.

For details, see Lync Server Management Shell documentation or the command-line help for

each cmdlet.

Logging ToolThe Lync Server Logging Tool facilitates troubleshooting by capturing logging and tracing

information from the product while the product is running. You can use the tool to run debug

sessions on any Lync Server server role. For details about the Logging Tool, see the Lync Server

2010 Logging Tool documentation on the TechNet Library at http://go.microsoft.com/fwlink/?

LinkId=199265.

In This Section Administrative Tools Infrastructure Requirements

Server and Tools Operating System Support

Administrative Tools Software Requirements

Administrator Rights and Permissions Required for Setup and Administration

Requirements to Publish a Topology

Install Lync Server Administrative Tools

Open Lync Server Administrative Tools

See Also

Lync Server Control Panel

2

http://go.microsoft.com/fwlink/?LinkId=199265



Administrative Tools Infrastructure RequirementsThere are no additional infrastructure requirements for you to install Microsoft Lync Server 2010

administrative tools or perform most management tasks using these tools. For infrastructure

requirements for specific scenarios, see the topics in this section.

In This Section


Planning for Simple URLs

DNS Requirements for Simple URLs

Edit or Configure Simple URLs

Related Sections


Lync Server Management Shell

See Also





This topic describes the infrastructure and software requirements that are specific to publishing a

topology, whether by using Topology Builder or the Lync Server Management Shell command-line

interface. These requirements are in addition to the general operating system, software, and

permissions requirements applicable to all Microsoft Lync Server 2010 administrative tools.

Ensure that you satisfy all administrative tools requirements before you publish a topology.

You must run Topology Builder on a computer that is joined to the same domain or forest of

the Lync Server 2010 deployment you are creating so that Active Directory Domain Services

(AD DS) preparation steps are already completed, enabling you to use the administrative

tools on that computer to successfully publish your topology.

Note:

For details about preparing AD DS, see Preparing Active Directory Domain Services

for Lync Server 2010 in the Deployment documentation.

The computers defined in the topology must be joined to the domain, except for Edge

Servers, and in AD DS. However, the computers do not need to be online when you publish

the topology.

The file share for the pool must be created and available to remote users.

In order to publish an Enterprise Edition Front End pool, the SQL Server-based Back End

Server must be joined to the domain in which you are deploying the servers, online, and

configured with the appropriate firewall rules to make it available to remote users. For details

3


about specifying firewall exceptions, see Understanding Firewall Requirements for SQL

Server. For other details about configuring SQL Server, see Configure SQL Server for Lync

Server 2010.

Note:

Standard Edition server has a collocated database that will accept the published

configuration. You must first run the Prepare first Standard Edition server setup

task in the Lync Server Deployment Wizard.

If you run Topology Builder on a computer where you plan to later install Lync Server, then

you must install the Microsoft SQL Server 2005 backward compatibility components by

running the first setup task in the Lync Server Deployment Wizard before you publish the

topology. For details, see Install the Local Configuration Store or Install the Standard Edition

Local Configuration Store.

Note:

You do not need the Microsoft SQL Server 2005 backward compatibility components

to publish the topology if you run Topology Builder on a dedicated administrative

console or if you run Topology Builder on a computer where Lync Server is already

installed. (Lync Server setup automatically installs the backward compatibility

components along with other component files required by Lync Server.)

See Also





Simple URLs make joining meetings easier for your users, and make getting to Microsoft Lync

Server 2010 administrative tools easier for your administrators.

Microsoft Lync Server 2010 communications software supports three simple URLs:

Meet is used as the base URL for all conferences in the site or organization. An example of a

Meet simple URL is https://meet.contoso.com. A particular meeting URL might be

https://meet.contoso.com/username/7322994.

With the Meet simple URL, links to join meetings are easy to comprehend, and easy to

communicate and distribute.

Dial-in enables access to the Dial-in Conferencing Settings webpage. This page displays

conference dial-in numbers with their available languages, assigned conference information

(that is, for meetings that do not need to be scheduled), and in-conference DTMF controls,

and supports management of personal identification number (PIN) and assigned

conferencing information. The Dial-in simple URL is included in all meeting invitations so that

users who want to dial in to the meeting can access the necessary phone number and PIN

information. An example of the Dial-in simple URL is https://dialin.contoso.com.

4


Admin enables quick access to the Microsoft Lync Server 2010 Control Panel. From any

computer within your organization’s firewalls, an admin can open the Lync Server 2010

Control Panel by typing the Admin simple URL into a browser. The Admin simple URL is

internal to your organization. An example of the Admin simple URL is

https://admin.contoso.com

Simple URL Scope

You can configure your simple URLs to have global scope, or you can specify different simple

URLs for each central site in your organization. If both a global simple URL and a site simple URL

are specified, the site simple URL has precedence.

In most cases, we recommend that you set simple URLs only at the global level, so that a user’s

Meet simple URL does not change if they move from one site to another. The exception would be

organizations that need to use different telephone numbers for dial-in users at different sites. Note

that if you set a one simple URL (such as the Dial-in simple URL) at a site to be a site-level

simple URL, you must also set the other simple URLs at that site to be site-level as well.

You can set global simple URLs in Topology Builder. To set a simple URL at the site level, you

must use the Set-CsSimpleURLConfiguration cmdlet.

Naming Your Simple URLs

There are three recommended options for naming your simple URLs. Which option you choose

has implications for how you set up your DNS A records and certificates which support simple

URLs. In each option, you must configure one Meet simple URL for each SIP domain in your

organization. You always need just one simple URL in your whole organization for Dial-in, and

one for Admin, no matter how many SIP domains you have.

For details about the necessary DNS A records and certificates, see DNS Requirements for

Simple URLs and Certificate Requirements for Internal Servers in the Planning documentation.

In Option 1, you create a new SIP domain name for each simple URL.

If you use this option, you need a separate DNS A record for each simple URL, and each Meet

simple URL must be named in your certificates.

Simple URL Naming Option 1

Simple URL Example

Meet https://meet.contoso.com,

https://meet.fabrikam.com, and so on (one for

each SIP domain in your organization)

Dial-in https://dialin.contoso.com

Admin https://admin.contoso.com

With Option 2, simple URLs are based on the domain name lync.contoso.com. Therefore, you

need only one DNS A record which enables all three types of simple URLs. This DNS A record

5


references lync.contoso.com. Additionally, you still need separate DNS A records for other SIP

domains in your organization.


Simple URL Example

Meet https://lync.contoso.com/Meet,

https://lync.fabrikam.com/Meet, and so on (one

for each SIP domain in your organization)

Dial-in https://lync.contoso.com/Dialin

Admin https://lync.contoso.com/Admin

Option 3 is most useful if you have many SIP domains, and you want them to have separate Meet

simple URLs but want to minimize the DNS record and certificate requirements for these simple

URLs.


Simple URL Example

Meet https://lync.contoso.com/contosoSIPdomain/Meet

https://lync.contoso.com/fabrikamSIPdomain/Meet



Simple URL Naming and Validation Rules

Topology Builder and the Lync Server Management Shell cmdlets enforce several validation rules

for your simple URLs. You are required to set simple URLs for Meet and Dialin, but setting one for

Admin is optional. Each SIP domain must have a separate Meet simple URL, but you need only

one Dialin simple URL and one Admin simple URL for your whole organization.

Each simple URL in your organization must have a unique name, and cannot be a prefix of

another simple URL (for example, you could not set lync.contoso.com/Meet as your Meet simple

URL and lync/contoso.com/Meet/Dialin as your Dialin simple URL). Simple URL names cannot

contain the FQDN of any of your pools, or any port information (for example,

https://FQDN:88/meet is not allowed). All simple URLs must start with the https:// prefix.

Simple URLs can contain only alphanumeric characters (that is, a-z, A-Z, 0-9, and the period (.). If

you use other characters, the simple URLs might not work as expected.

Changing Simple URLs after Deployment

If you change a simple URL after initial deployment, you must be aware of what changes impact

your DNS records and certificates for simple URLs. If the change impacts the base of a simple

URL, then you must change the DNS records and certificates as well. For example, changing

from https://lync.contoso.com/Meet to https://meet.contoso.com changes the base URL from

6


lync.contoso.com to meet.contoso.com, so you would need to change the DNS records and

certificates to refer to meet.contoso.com. If you changed the simple URL from

https://lync.contoso.com/Meet to https://lync.contoso.com/Meetings, the base URL of

lync.contoso.com stays the same, so no DNS or certificate changes are needed.

Whenever you change a simple URL name, however, you must run Enable-CsComputer on each

Director and Front End Server to register the change.

See Also



Microsoft Lync Server 2010 introduces simple URLs, which make joining meetings easier for your

users, and make getting to Microsoft Lync Server 2010 administrative tools easier for your

administrators. For details about simple URLs, see Planning for Simple URLs.

Lync Server 2010 supports the following three simple URLs: Meet, Dial-In, and Admin. You are

required to set up simple URLs for Meet and Dial-In, and the Admin simple URL is optional. The

Domain Name System (DNS) records that you need to support simple URLs depend on how you

have defined these simple URLs. There are three different ways you can define the URLs.

Simple URL Option 1

In Option 1, you create a new base URL for each simple URL.

Note:

When a user clicks a simple URL meeting link, the server that the DNS A record resolves

to determines the correct client software to start. After the client software is started, it

automatically communicates with the pool where the conference is hosted. This way,

users are directed to the appropriate server for meeting content no matter which server or

pool the simple URL DNS A records resolve to.

Simple URL Option 1

Simple URL Example

Meet https://meet.contoso.com,

https://meet.fabrikam.com, and so on (one for

each SIP domain in your organization)



If you use Option 1, you must define the following:

For each Meet simple URL, you need a DNS A record that resolves the URL to the IP address

of the Director, if you have one deployed. Otherwise, it should resolve to the IP address of the

load balancer of a Front End pool. If you have not deployed a pool and are using a Standard

7


Edition server deployment, the DNS A record must resolve to the IP address of one Standard

Edition server in your organization.

If you have more than one SIP domain in your organization and you use this option, you must

create Meet simple URLs for each SIP domain and you need a DNS A record for each Meet

simple URL. For example, if you have both contoso.com and fabrikam.com, you will create

DNS A records for both https://meet.contoso.com and https://meet.fabrikam.com.

Alternatively, if you have multiple SIP domains and you want to minimize the DNS record and

certificate requirements for these simple URLs, use Option 3 as described later in this topic.

For the Dial-in simple URL, you need a DNS A record that resolves the URL to the IP address

of the Director, if you have one deployed. Otherwise, it should resolve to the IP address of the

load balancer of a Front End pool. If you have not deployed a pool and are using a Standard

Edition server deployment, the DNS A record must resolve to the IP address of one Standard

Edition server in your organization.

The Admin simple URL is internal only. It requires a DNS A record that resolves the URL to

the IP address of the Director, if you have one deployed. Otherwise, it should resolve to the

IP address of the load balancer of a Front End pool. If you have not deployed a pool and are

using a Standard Edition server deployment, the DNS A record must resolve to the IP

address of one Standard Edition server in your organization.

Simple URL Option 2

With Option 2, the Meet, Dial-in, and Admin simple URLs all have a common base URL, such as

lync.contoso.com. Therefore, you need only one DNS A record for these simple URLs, which

resolves lync.contoso.com to the IP address of a Director pool or Front End pool. If you have not

deployed a pool and are using a Standard Edition server deployment, the DNS A record must

resolve to the IP address of one Standard Edition server in your organization.

Note that if you have more than one SIP domain in your organization, you must still create Meet

simple URLs for each SIP domain and you need a DNS A record for each Meet simple URL. In

this example, while three simple URLs are all based on lync.contoso.com, an additional Meet

simple URL for fabrikam.com is set up with a different base URL. In this example, you must

create DNS A records for both https://lync.contoso.com and https://lync.fabrikam.com. Simple

URL Option 3 shows another way to handle naming and DNS A records if you have multiple SIP

domains.

Simple URL Option 2

Simple URL Example

Meet https://lync.contoso.com/Meet,

https://lync.fabrikam.com/Meet, and so on (one

for each SIP domain in your organization)



8


Simple URL Option 3

Option 3 is most useful if you have many SIP domains, and you want them to have separate

simple URLs but want to minimize the DNS record and certificate requirements for these simple

URLs. In this example, you need only one DNS A record, which resolves lync.contoso.com to the

IP address of a Director pool or Front End pool.

Simple URL Option 3

Simple URL Example


https://lync.contoso.com/fabrikamSIPdomain/Meet

Dial-in https://lync.contoso.com/contosoSIPdomain/Dialin

https://lync.contoso.com/fabrikamSIPdomain/Dialin

Admin https://lync.contoso.com/contosoSIPdomain/Admin

https://lync.contoso.com/fabrikamSIPdomain/Admin

Edit or Configure Simple URLs

This procedure does not require membership in a local administrator or privileged domain group.

You should log on to a computer as a standard user.

Microsoft Lync Server 2010 uses simple URLs to direct internal and external calls to services on

the Front End Server or on the Director, if one has been deployed. The three simple URLs that

can be created are:

Meet – Connects users to the conferencing services

Dialin – Provides access for users to use dial-in conferencing

Admin – Optional URL that connects a user, typically an administrator for the Lync Server

2010 system, to Microsoft Lync Server 2010 Control Panel.

There are options to the format that you can define simple URLs. For details about these options,

see DNS Requirements for Simple URLs in the Planning documentation. A brief summary of the

three simple URL formats discussed are shown for reference here:

Simple URL Examples

Meet https://meet.contoso.com

Meet https://lync.contoso.com/Meet




Dial-in https://lync.contoso.com/contosoSIPdomain/Dialin

9


Simple URL Examples

Admin https://admin



Admin https://lync.contoso.com/contosoSIPdomain/Admin

By default, simple URLs will be configured in the form of (for example, the dial-in simple URL):

https://dialin.<SIP Domain>

Warning:

Simple URLs can contain only English alphanumeric characters, defined as a-z, A-Z, 0-9,

and the dot (.). If you use characters that are not part of the character set, the simple

URLs may fail to work as expected.

To configure simple URLs

1. In Topology Builder, right-click the Lync Server 2010 node, and then click Edit

Properties.

2. In the Simple URLs pane, select either Phone access URLs: (Dial-in) or Meeting

URLs: (Meet) to edit. And then click Edit URL.

10


3. Update the URL to the value you want, and then click OK to save the edited URL. The

example shown here has modified the Dial-in URL to https://pool01.contoso.net/dialin.

11


4. Edit the Meet URL by using the same steps, if necessary.

To define the optional Admin simple URL

1. In Topology Builder, right-click the Lync Server 2010 node, and then click Edit

Properties.

2. In the Administrative access URL box, enter the simple URL you want for

administrative access to Lync Server 2010 Control Panel, and then click OK.

Tip:

We recommend using the simplest possible URL for the Admin URL. The

simplest option is https://admin.

12


Important:

If you change a simple URL after initial deployment, you must be aware of what

changes impact your Domain Name System (DNS) records and certificates for

simple URLs. If the change impacts the base of a simple URL, then you must

change the DNS records and certificates as well. For example, changing from

https://lync.contoso.com/Meet to https://meet.contoso.com changes the base

URL from lync.contoso.com to meet.contoso.com, so you would need to change

the DNS records and certificates to refer to meet.contoso.com. If you changed

the simple URL from https://lync.contoso.com/Meet to

https://lync.contoso.com/Meetings, the base URL of lync.contoso.com stays the

same, so no DNS or certificate changes are needed. Whenever you change a

simple URL name, however, you must run the Enable-CsComputer on each

Director and Front End Server to register the change.

13


PowerShell supplement:

Configure Simple URLs

To configure simple URLs

To define simple URLs for dial-in conferencing and meetings, use the following set of commands:$urlEntry = New-CsSimpleUrlEntry -Url "https://dialin.fabrikam.com"$simpleUrl = New-CsSimpleUrl -Component "dialin" -Domain "*" -SimpleUrl $urlEntry -ActiveUrl "https://dialin.fabrikam.com"$urlEntry2 = New-CsSimpleUrlEntry -Url "https://meet.fabrikam.com"$simpleUrl2 = New-CsSimpleUrl -Component "meet" -Domain "fabrikam.com" -SimpleUrl $urlEntry2 New-CsSimpleUrlConfiguration -Identity "site:Redmond" -SimpleUrl @{Add=$simpleUrl,$simpleUrl2}

To define the optional Admin simple URL

To define an Admin simple URL use the following set of commands:$urlEntry = New-CsSimpleUrlEntry -Url "https://admin.fabrikam.com"$simpleUrl = New-CsSimpleUrl -Component "admin" -Domain "*" -SimpleUrl $urlEntry -ActiveUrl "https://admin.fabrikam.com"New-CsSimpleUrlConfiguration -Identity "site:Redmond" -SimpleUrl @{Add=$simpleUrl }

See Also


Server and Tools Operating System SupportAll server roles support the same Windows Server operating systems. The required operating

system support for other server roles, such as database servers, depends on what software you

install on those servers.

Microsoft Lync Server 2010 communications software administrative tools are installed by default

on the server running Lync Server 2010, but you can install administrative tools separately on

other computers running Windows operating systems. For example, you can use a client

computer running Windows 7 as an administrative console for planning purposes.

Important:

Lync Server 2010 is available only in 64-bit, which requires 64-bit hardware and 64-bit

editions of Windows Server. Lync Server 2010 is not available in a 32-bit version. This

14


means that all server roles and computers running Lync Server administrative tools run a

64-bit edition operating system.

Operating Systems for Server Roles

Microsoft Lync Server 2010 supports the 64-bit editions of the following operating systems:

The Windows Server 2008 R2 Standard operating system (required) or latest service pack

(recommended)

The Windows Server 2008 R2 Enterprise operating system (required) or latest service pack

(recommended)

The Windows Server 2008 R2 Datacenter operating system (required) or latest service pack

(recommended)

The Windows Server 2008 Standard operating system with Service Pack 2 (SP2) (required)

or latest service pack (recommended)

The Windows Server 2008 Enterprise operating system with SP2 (required) or latest service

pack (recommended)

The Windows Server 2008 Datacenter operating system with SP2 (required) or latest service

pack (recommended)

Notes:

If you have an existing server running Windows Server 2008 with Service Pack 1 (SP1), you must

upgrade it to either Windows Server 2008 SP2 (or latest service pack), or Windows

Server 2008 R2 (or latest service pack) before deploying Lync Server 2010.

Installation of any Lync Server 2010 server role on a computer running Windows Server 2008

Datacenter or Windows Server 2008 R2 Datacenter that has multiple processor groups

configured is not supported. This is because SQL Server 2008 Express is required and

automatically installed on each server role, and SQL Server 2008 Express does not support

installation on a computer that is partitioned into multiple processors groups. After deploying the

servers, you can upgrade the SQL Server 2008 Express RTC database on the Standard Edition

server and RTCLocal databases on other server roles to SQL Server 2008 R2 Express by

running the SQL Server 2008 R2 Express setup wizard and selecting the upgrade option, but

SQL Server 2008 R2 also does not support installation on a computer that is partitioned into

multiple processors groups.

Lync Server 2010 is not supported on the following operating systems:

The Server Core installation option of Windows Server 2008 R2 or Windows Server 2008

The Windows Web Server°2008 R2 operating system or the Windows Web Server°2008

operating system

Windows Server 2008 R2 HPC Edition or Windows Server 2008 HPC Edition

Operating Systems for Other Servers

Operating system support for servers other than those on which you deploy Lync Server 2010

server roles is dependent on the software you plan to install on those servers. For details about

15


requirements for Back End Servers and other database servers, see Database Software and

Clustering Support. For details about requirements for reverse proxy servers (for edge

deployment), see Internet Information Services (IIS) Support. For details about other software

requirements, including infrastructure and virtualization support, see the other topics in the Server

Software and Infrastructure Support section.

Additional Operating Systems for Administrative Tools

Lync Server 2010 supports installation of the administrative tools, which includes the Topology

Builder, on computers running any of the 64-bit editions of the operating systems supported for

deployment of server roles (as described in the previous section). Additionally, you can install

administrative tools on the 64-bit editions of the following operating systems:

The Windows 7 operating system (required) or latest service pack (recommended)

The Windows Vista operating system with SP2 (required) or latest service pack

(recommended)

Operating System for the Planning Tool

Lync Server 2010 supports installation of the Planning Tool on computers running any of the

following operating systems:

The 32-bit version of Windows 7 operating system (required) or latest service pack

(recommended)

The 64-bit version of Windows 7 operating system (required) or latest service pack

(recommended) using the WOW64 x86 emulator

The 32-bit edition of Windows Vista with SP2 operating system (required) or latest service

pack (recommended)

The 64-bit edition of Windows Vista with SP2 operating system (required) or latest service

pack (recommended) using the WOW64 x86 emulator

The 32-bit edition of Windows XP with SP3 operating system (required) or latest service pack

(recommended)

The 64-bit edition of Windows XP with SP3 operating system (required) or latest service pack

(recommended) using WOW64 x86

The 32-bit edition of Windows Server 2008 operating system (required) or latest service pack

(recommended)

The 64-bit edition of Windows Server 2008 operating system (required) or latest service pack

(recommended) using WOW64 x86

The 32-bit edition of Windows Server 2008 R2 operating system (required) or latest service

pack (recommended)

The 64-bit edition of Windows Server 2008 R2 operating system (required) or latest service

pack (recommended) using WOW64 x86

16


Administrative Tools Software RequirementsThis topic describes the software required to install and use Microsoft Lync Server 2010

administrative tools in addition to the operating system requirements.

Microsoft .NET Framework 3.5 with Service Pack 1 (SP1)

The 64-bit edition of Microsoft .NET Framework 3.5 with SP1 is required for Microsoft Lync Server

2010. Setup prompts you to install this prerequisite and it automatically installs it if it is not already

installed on the computer. .NET Framework 4.0 can be installed on the same computer as well,

but does not take the place of .NET Framework 3.5 with SP1, which is the required version for

Lync Server 2010.

After installing the .NET Framework 3.5 SP1 package, you should immediately install the

following updates:

Microsoft Knowledge Base article 959209, “An update for the .NET Framework Service Pack

1 is available,” at http://go.microsoft.com/fwlink/?linkid=197396, which addresses a set of

known application compatibility issues.

Microsoft Knowledge Base article 967190, “Update for .NET Framework 3.5 SP1

(KB967190),” at http://go.microsoft.com/fwlink/?linkid=197397, which addresses a file

association issue for XPS document types.

Microsoft Knowledge Base article 981575, “A memory leak occurs in a .NET Framework 2.0-

based application that uses the AesCryptoServiceProvider class,” at

http://go.microsoft.com/fwlink/?linkid=202909.

Microsoft Knowledge Base article 974954, “FIX: When you run a .NET Framework 2.0-based

application, a System.AccessViolationException occurs, or a dead-lock occurs on two threads

in an application domain,” at http://go.microsoft.com/fwlink/?linkid=205337.

Windows Installer Version 4.5

Microsoft Lync Server 2010 uses Windows Installer technology to install, uninstall, and maintain

various server roles. Windows Installer version 4.5 is available as a redistributable component for

the Windows Server operating system.

Download Windows Installer 4.5 from the Microsoft Download Center at


Windows PowerShell 2.0

Windows PowerShell 2.0 command-line interface is automatically installed with the Windows

Server 2008 R2 operating system and the Windows 7 operating system. On servers running the

Windows Server 2008 SP2 operating system or Windows Vista operating system with Service

Pack 2 (SP2), you must install Windows PowerShell 2.0 manually. Before doing so, you must

remove any previous versions of Windows PowerShell from the computer.

To install Windows PowerShell 2.0, see the Microsoft Knowledge Base article 968929, “Windows

Management Framework (Windows PowerShell 2.0, WinRM 2.0, and BITS 4.0),” at


17

http://go.microsoft.com/fwlink/?linkid=197390







Microsoft Silverlight 4 browser plug-in

Microsoft Lync Server 2010 Control Panel is a web-based tool and requires that you install

Microsoft Silverlight 4 browser plug-in version 4.0.50524.0 or the latest version. When you start

Lync Server 2010 Control Panel, if this software is not installed or if an earlier version earlier than

4.0.50524.0 is installed, Lync Server Control Panel prompts you to install the required version.

See Also


Administrative Tools Infrastructure Requirements


Administrator Rights and Permissions Required for Setup and AdministrationSetup and deployment of Microsoft Lync Server 2010 requires that the person installing and

deploying the software be a member of local or domain-level groups. Administrative tools for Lync

Server 2010 can require additional permissions.

Group Membership Requirements

The following table summarizes the group or groups that a person should belong to in order to

successfully install, manage, and troubleshoot Lync Server 2010.

Lync Server Executable Group Membership Required

Setup.exe – Executable that starts the

installation of the Lync Server administrative

tools.

Member of the Local Administrators group on

the computer from which the executable is run.

Member of Domain Users group to read

information in Active Directory Domain Services

(AD DS). This level of permission is required

because the automatic installation of required

MSI packages on the local computer requires

privileges that allow reading from and writing to

protected local computer resources such as

Program Files directories, and protected

registry such as the Local Machine hive.

Tip:

You can also delegate setup

permissions to users or groups to

whom you do not want to grant

membership in the Domain Admins

group. For details, see Granting Setup

Permissions in the Deployment

documentation.

18



Deploy.exe – Called by setup.exe, deploy.exe

is responsible for the deployment of the

software components for the server roles.




information in AD DS. This level of permission

is required because the automatic installation of

required MSI packages on the local computer

requires privileges that allow reading from and

writing to protected local computer resources

such as Program Files directories, and

protected registry such as the Local Machine

hive. Membership in

RtcUniversalReadOnlyAdmins group is

necessary to read the Central Management

store.

Note:

If you are running the Windows Vista

operating system or Windows 7

operating system, you will be prompted

by User Account Control (UAC) to

proceed with installation. If you are

logged on with a standard user

account, you will need someone who is

a member of the Local Administrators

group to provide credentials when

prompted for an account with

permissions to install the software.

Bootstrapper.exe – Called by setup.exe,

bootstrapper.exe is responsible for deployment

and configuration of server roles.




information in AD DS. This level of permission

is required because the automatic installation of

required MSI packages on the local computer

requires privileges that allow reading from and

writing to protected local computer resources

such as Program Files directories, and

protected registry such as the Local Machine

hive.

OCSLogger.exe – Administrative

troubleshooting tool for capturing messages on

server roles.



The executable is manifested as

19



requireAdministrator.

TopologyBuilder.msc – Wizard-driven user

interface to create, view, adjust, and validate

Lync Server topologies.


the computer from which the executable is run

to view the topology. Member of the

RTCUniversalServerAdmins group to change

configuration settings. Member of the

RTCUniversalServerAdmins group and Domain

Admins group, or member of the

RTCUniversalServerAdmins group (only if the

group has been granted delegate setup

permissions), to publish the topology. For

details about delegating setup permissions to

allow members of the

RTCUniversalServerAdmins group to publish

the topology without being members of the

Domain Admins group, see Granting Setup

Permissions in the Deployment documentation.

AdminUIHost.exe – Web-based graphical user

interface for managing Lync Server.

Member of CsAdministrator group or member

of another role-based access control (RBAC)

role to which the specific administrative task is

assigned. Microsoft Lync Server 2010 Control

Panel executes configuration changes by

running Lync Server Management Shell

cmdlets. For a list of predefined roles and the

cmdlets members are permitted to run, see

Role-Based Access Control in the Planning

documentation.

PowerShell.exe with the Lync Server

module loaded – Command-line administrative

tool with cmdlets specific to management of

Lync Server.

Member of CsAdministrator group or member

of another RBAC role to which the specific

cmdlet has been assigned. For a list of

predefined roles and the cmdlets members are

permitted to run, see Role-Based Access

Control in the Planning documentation.

Or, member of one or more of the following

groups, depending on the cmdlet:

RTCUniversalServerAdmins

RTCUniversalUserAdmins

RTCUniversalReadOnlyAdmins

20


The group memberships in the preceding table represent the minimum memberships. Other

memberships which will grant the permissions necessary to initiate the setup and deployment are

possible, including membership in the Domain Admins group or Enterprise Admins group.

See Also


Requirements to Publish a TopologyThis topic describes the infrastructure and software requirements that are specific to publishing a

topology, whether by using Topology Builder or the Lync Server Management Shell command-line

interface. These requirements are in addition to the general operating system, software, and

permissions requirements applicable to all Microsoft Lync Server 2010 administrative tools.

Ensure that you satisfy all administrative tools requirements before you publish a topology.

You must run Topology Builder on a computer that is joined to the same domain or forest of

the Lync Server 2010 deployment you are creating so that Active Directory Domain Services

(AD DS) preparation steps are already completed, enabling you to use the administrative

tools on that computer to successfully publish your topology.

Note:

For details about preparing AD DS, see Preparing Active Directory Domain Services

for Lync Server 2010 in the Deployment documentation.

The computers defined in the topology must be joined to the domain, except for Edge

Servers, and in AD DS. However, the computers do not need to be online when you publish

the topology.

The file share for the pool must be created and available to remote users.

In order to publish an Enterprise Edition Front End pool, the SQL Server-based Back End

Server must be joined to the domain in which you are deploying the servers, online, and

configured with the appropriate firewall rules to make it available to remote users. For details

about specifying firewall exceptions, see Understanding Firewall Requirements for SQL

Server. For other details about configuring SQL Server, see Configure SQL Server for Lync

Server 2010.

Note:

Standard Edition server has a collocated database that will accept the published

configuration. You must first run the Prepare first Standard Edition server setup

task in the Lync Server Deployment Wizard.

If you run Topology Builder on a computer where you plan to later install Lync Server, then

you must install the Microsoft SQL Server 2005 backward compatibility components by

running the first setup task in the Lync Server Deployment Wizard before you publish the

topology. For details, see Install the Local Configuration Store or Install the Standard Edition

Local Configuration Store.

21


Note:

You do not need the Microsoft SQL Server 2005 backward compatibility components

to publish the topology if you run Topology Builder on a dedicated administrative

console or if you run Topology Builder on a computer where Lync Server is already

installed. (Lync Server setup automatically installs the backward compatibility

components along with other component files required by Lync Server.)

See Also




22


Install Lync Server Administrative ToolsThis topic describes how to install the administrative tools you need to use to deploy and manage

Microsoft Lync Server 2010. The administrative tools are installed by default on each server

running Lync Server 2010. Additionally, you can install the administrative tools on other

computers, such as dedicated administrative consoles. We strongly recommend that you install

the administrative tools on a computer that is in the same domain or forest as the Microsoft Lync

Server 2010 deployment you are creating because by doing so you ensure that Active Directory

Domain Services (AD DS) preparation steps are already complete, which enables you to use the

administrative tools on that computer later to publish your topology.

Ensure that you review infrastructure, operating system, software, and administrator rights

requirements before you install or use the Lync Server administrative tools. For details about

infrastructure requirements, see Administrative Tools Infrastructure Requirements. For details

about operating system and software requirements to install the Lync Server 2010 administrative

tools, see Server and Tools Operating System Support, Additional Software Requirements, and

Additional Server Support and Requirements. For details about the user rights and permissions

required to install and use the tools, see Administrator Rights and Permissions Required for

Setup and Administration.

Important:

If your organization requires that you locate Internet Information Services (IIS) and all

Web Services on a drive other than the system drive, you can change the installation

location path for the Lync Server files in the Setup dialog box. If you install the Setup files

to this path, including OCSCore.msi, the rest of the Lync Server 2010 files will be

deployed to this drive as well.

To install the Lync Server 2010 administrative tools

1. Log on as a local administrator (minimum requirement) to the computer where you want

to install the administrative tools. If you are logged on as an a standard user on the

Windows Vista or Windows 7 operating systems, and User Account Control (UAC) is

enabled, you will be prompted for the local administrator or a domain equivalent user

name and password.

2. Locate the installation media on your computer, and then double-click \Setup\amd64\

Setup.exe.

3. If you are prompted to install the Microsoft Visual C++ 2008 distributable, click Yes.

4. On the Microsoft Lync Server 2010 Installation Location page, click OK. Change this

path to another location or drive if you need to have the files installed to another location.

Important:

If your organization requires that you locate Internet Information Services (IIS)

and all Web Services on a drive other than the system drive, you can change the

installation location path for the Lync Server files in the Setup dialog box. If you

install the Setup files to this path, including OCSCore.msi, the rest of the Lync

23


Server 2010 files will be deployed to this drive too.

5. On the End User License Agreement page, review the license terms, click I accept,

and then click OK. This step is required before you can continue.

6. On the Microsoft Lync Server 2010 – Deployment Wizard page, click Install Topology

Builder.

7. When the installation successfully completes, click Exit.

See Also

Lync Server Administrative Tools

Open Lync Server Administrative Tools

Open Lync Server Administrative ToolsYou can use the procedures in this topic to open administrative tools to deploy, configure, or

troubleshoot your Microsoft Lync Server 2010 topology.

Deployment Wizard

Topology Builder



Logging Tool

Deployment Wizard

Use the following procedure to start the Deployment Wizard locally to add or remove Lync Server

component files.

To start Lync Server Deployment Wizard

1. Log on to the computer where the Lync Server Deployment Wizard is installed as a

member of the Domain Admins group and the RTCUniversalServerAdmins group.

2. Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync

Server Deployment Wizard.

24


Topology Builder

Use the following procedure to open the Topology Builder to define the servers that you want to

deploy in your Lync Server topology.

To open Lync Server Topology Builder to design the topology

1. Log on to the computer where Topology Builder is installed as a member of the Domain

Admins group and the RTCUniversalServerAdmins group.

Note:

You can define a topology by using an account that is a member of the local

Users group, but to read, publish, or enable a topology, which is required to

install a Lync Server 2010 server, you must use an account that is a member of

the Domain Admins group and the RTCUniversalServerAdmins group, and that

has full control permissions (that is, read, write, and modify) on the file share that

you are going to use for the archiving file store so that Topology Builder can

configure the required discretionary access control list (DACLs), or an account

with equivalent user rights.

2. Start Topology Builder: Click Start, click All Programs, click Microsoft Lync Server

2010, and then click Lync Server Topology Builder.


Use one of the following procedures to open Lync Server Control Panel to manage the

configuration of servers, users, clients, and devices in your environment.

Note:

You can use a user account that is assigned to the CsAdministrator role to perform any

task in Lync Server Control Panel. You can use other roles to log on to Lync Server

Control Panel to perform specific administration tasks, dependent on the task you need to

perform. For example, you can use CSArchivingAdministrator to administer Archiving in

Lync Server Control Panel. For details about roles, see Role-Based Access Control in the

Planning documentation. For details about the roles that you can use to perform a

specific task, see the documentation for the task.

To open Lync Server Control Panel from any computer inside your organization’s firewall

1. From a user account that is assigned to the CsAdministrator role or other role that has

appropriate user rights and permissions for the task to be performed, log on to any

computer in your internal deployment.

Important:

If you have configured an administration simple uniform resource locator (URL),

you can access Lync Server Control Panel from an Internet browser that is

25


running on any computer within your organization’s firewall. For details about

configuring the administration simple URL, see Planning for Simple URLs and

Edit Administration Simple URL.

2. Open a browser window, and then enter the Admin URL configured for your organization.

To open Lync Server Control Panel on a computer running Lync Server 2010

1. From a user account that is a member of the CsAdministrator role or other role that has

appropriate user rights and permissions for the task to be performed, log on to a

computer on which you have installed Lync Server 2010 or, at a minimum, the Lync

Server administrative tools.

2. Start Lync Server Control Panel: Click Start, click All Programs, point to Administrative

Tools, point to Microsoft Lync Server 2010, and then click Lync Server 2010 Control

Panel.


Use the following procedure to open Lync Server Management Shell to administer servers, users,

clients, and devices in your environment by using the command-line.

Notes:

You can use a user account that is assigned to the CsAdministrator role to perform any task in

Lync Server Management Shell. You can log on using other roles to perform specific

administration tasks, depending on the task you need to perform. For example, you can use

CSArchivingAdministrator to run cmdlets related to Archiving administration. For details about

roles, see Role-Based Access Control in the Planning documentation. For details about the roles

that you can use to run a specific cmdlet, see the documentation for the cmdlet.

You can also run certain cmdlets by using a user account in the RTCUniversalServerAdmins,

RTCUniversalUserAdmins, or RTCUniversalReadOnlyAdmins groups, depending on the cmdlet.

To open the Lync Server Management Shell

If you open a Windows PowerShell window rather than the Lync Server Management

Shell, by default you cannot run the Lync Server cmdlets. To run the Lync Server cmdlets

from within Windows PowerShell, type the following at the Windows PowerShell

command prompt:

Import-Module Lync

Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft

Lync Server 2010, and then click Lync Server Management Shell.

26


Logging Tool

Use the following procedure to open the Lync Server 2010 Logging Tool to capture log and trace

files to troubleshoot your deployment while it is running. For details about the Logging Tool, see

the Lync Server 2010 Logging Tool documentation on the TechNet Library at

http://go.microsoft.com/fwlink/?LinkId=199265.

To open the Logging Tool

1. Click Start, click Run, type cmd.exe, and then click OK.

2. At the command prompt, type the path to the folder where OCSLogger.exe is installed,

and then press ENTER. By default, the Logging Tool is installed in the following location:

%ProgramFiles%\Common Files\Microsoft Lync Server 2010\Tracing.

3. Type OCSLogger.exe, and then press Enter.

See Also


Lync Server Administrative Tools

27



Lync Server Control PanelIn Microsoft Lync Server 2010, the web-based Microsoft Lync Server 2010 Control Panel replaces

the Microsoft Management Console (MMC) interface from previous versions. Lync Server 2010

Control Panel provides you with a graphical user interface (GUI) to manage the configuration of

the servers running Lync Server 2010, in addition to the users, clients, and devices in your

organization. Lync Server 2010 Control Panel uses Lync Server Management Shell as the

underlying mechanism to perform Lync Server configuration.

Lync Server 2010 Control Panel is automatically installed on every Lync Server 2010 Front End

Server or Standard Edition server. In this release, you administer Edge Servers remotely. You can

also install Lync Server 2010 Control Panel on another computer, such as a management console

from which you want to centrally manage Lync Server. For details, see Install Lync Server

Administrative Tools.

Important:

To configure settings using Lync Server 2010 Control Panel, you must be logged in using

an account that is assigned to the CsAdministrator role. For details about the predefined

administrative roles available in Lync Server 2010, see Role-Based Access Control.

In This Section Managing Users

Managing Computers in Your Topology

Filtering Instant Messages and Client Versions

Configuring Voice Routing

Configuring Incoming Call Handling Features

Managing Response Groups

Managing On-Premises Meetings

Configuring Support for Clients and Devices

Managing External Connectivity

Managing Monitoring

Managing Archiving

Configuring Security

Configuring Your Network

Change the Web Services URL

Administering the Address Book Service

Prevent New Connections to Lync Server 2010 for Server Maintenance

Delegating Control of Microsoft Lync Server 2010

Configure a New Trusted Application Server

See Also


28


Managing UsersTopics in this section provide step-by-step procedures for tasks you can perform using the Users

page in Lync Server Control Panel.

Important:

You cannot use Lync Server Control Panel to manage users who are members of the

Active Directory Domain Admins group. For Domain Admins users, you can use Lync

Server Control Panel only to perform read-only search operations. To perform write

operations on Domain Admins users (for example, enable or disable for Lync Server,

change pool or policy assignments, telephony settings, SIP address), you must use

Windows PowerShell cmdlets while logged on as a Domain Admins user. For details

about using Windows PowerShell cmdlets to manage users, see Lync Server

Management Shell.

In This Section

Search for Lync Server 2010 Users

Add a New User to Lync Server 2010

Enable or Disable Users for Lync Server 2010

Set, View, and Send a User's Dial-in Conferencing PIN

Move Users to Another Pool

Assign Policies to Users

Enable Users for Enterprise Voice

Configure Telephony for Users

Search for Lync Server 2010 Users

You can use the results of a search query to configure users for Microsoft Lync Server 2010. You

can search for users by display name, first name, last name, Security Accounts Manager (SAM)

account name, SIP address, or line Uniform Resource Identifier (URI).

You can search for users by using the Lync Server Control Panel or the Active Directory Users

and Computers snap-in. The following procedure describes how to use Lync Server Control

Panel.

Note:

In an environment with a central forest topology, search results might not be accurate

when you search for a user by the user’s email address. Instead, you can search for

users by specifying a SIP address prefix, for example, sip:name, add a search filter and

select a SIP address that contains a partial email address, or use the Get-CSUser

cmdlet.

To search for one or more users

1. From a user account that is assigned to the CsUserAdministrator role or the

29


CsAdministrator role, log on to any computer in your internal deployment.

2. Open a browser window, and then enter the Admin URL to open the Lync Server Control

Panel. For details about the different methods you can use to start Lync Server Control

Panel, see Open Lync Server Administrative Tools.

3. In the left navigation bar, click Users.

4. In the Search users box, type all or the first portion of the display name, first name, last

name, SAM account name, SIP address, or line URI of the user account that you want to

search for, and then click Find.

5. (Optional) Specify additional search criteria to narrow the results:

a. Click the expand arrow button in the upper-right corner of the screen above Search

results, and then click Add Filter.

b. Enter the user property by typing it or clicking the arrow in the drop-down list to select

a user property.

c. In the Equal to list, click Equal to or Not equal to.

d. In the text box, type the search criteria you want to use to filter search results, and

then click Find.

6. The search results appear under Search Results. You can select any or all of the users

in the list and perform configuration tasks on the users you select.


To search for a user based on the value of a Microsoft Lync Server-specific attribute, use the Get-CsUser cmdlet and the Filter parameter. For example, this command searches for all users who have not been assigned a per-user voice policy:

Get-CsUser -Filter {VoicePolicy -eq $Null}

To search for a user based on the value of a generic Active Directory attribute, use the Get-CsUser cmdlet and the LdapFilter parameter. For example, this command searches for all users who are members of the Finance department:

Get-CsUser -LDAPFilter "Department=Finance"

Add a New User to Lync Server 2010

You can use Lync Server Control Panel to create new Microsoft Lync Server 2010 user accounts

by adding an Active Directory user to Lync Server 2010.

30


To create a new Lync Server user







4. Click Enable users.

5. On the New Lync Server User dialog, click Add.

6. In the Search users box, type all or the first portion of the name, display name, first

name, last name, Security Accounts Manager (SAM) account name, or phone number of

the Active Directory user account that you want, and then click Find.

7. In the table, select the account you want to add to Lync Server 2010, and then click OK.

8. Assign the user to a pool, specify any additional details, and assign the policies to the

user you want, and then click Enable.


To enable a user to use Lync Server, use the Enable-CsUser cmdlet:

Enable-CsUser -Identity "Pilar Ackerman" -RegistrarPool "atl-cs-001.litwareinc.com" -SipAddressType SamAccountName -SipDomain litwareinc.com

The preceding command includes the SipAddressType and SipDomain parameters; this causes Lync Server to automatically create a SIP address for the user based (in this case) on the user's SamAccountName and the domain name litwareinc.com. Alternatively, you can use the SipAddress parameter to assign a specific SIP address to a user:

Enable-CsUser -Identity "Pilar Ackerman" -RegistrarPool "atl-cs-001.litwareinc.com" –SipAddress "sip:[email protected]"

Enable or Disable Users for Lync Server 2010

After enabling a user account in Active Directory Users and Computers, you can use the following

procedures to enable a new user for Microsoft Lync Server 2010 or disable a previously enabled

user account in Lync Server 2010 without losing the Lync Server 2010 settings that you

configured for the user account. Because you do not lose the Lync Server 2010 user account

settings, you can re-enable a previously enabled user account again without having to

reconfigure the user account.

31


To enable a user account for Lync Server








name, Security Accounts Manager (SAM) account name, SIP address, or line Uniform

Resource Identifier (URI) of the user account that you want to enable, and then click

Find.

5. In the table, click the user account that you want to enable.

6. On the Edit menu, click Modify.

7. In Edit Lync Server User, select the Enabled for Lync Server check box, and then click

Commit.

To disable or re-enable a previously enabled user account for Lync Server









Resource Identifier (URI) of the user account that you want to disable or re-enable, and

then click Find.

5. In the table, click the user account that you want to disable or re-enable.

6. On the Action menu, do one of the following:

To temporarily disable the user account for Lync Server 2010, click Temporarily

disable for Lync Server.

To enable the user account for Lync Server 2010, click Re-enable for Lync Server.


To permanently disable a Lync Server user account, use the Disable-CsUser cmdlet:

Disable-CsUser –Identity "Ken Myer"

32


When you run the preceding command, the user's Lync account will be disabled and all Lync Server-related attributes (including the policies assigned to that user) will be deleted from the user account. (Note that the user's Active Directory user account will not be deleted.) If you later decide to once more give the user access to Lync Server you will need to re-run the Enable-CsUser cmdlet, reassign any per-user policies, and reset property values such as the user's line URI and SIP address.

To temporarily disable a Lync Server user account, use the Set-CsUser cmdlet to set the account's Enabled property to False:

Set-CsUser –Identity "Ken Myer" –Enabled $False

When you run the preceding command the user will still have a valid Lync Server account, and that account will retain all its current settings (including any per-user policies that have been assigned to the user). However, the user will not be able to log on to Lync Server until his or her account has been re-enabled.

To re-enable a user whose Lync Server account has been temporarily disabled, use the Set-CsUser cmdlet to set the account's Enabled property to True:

Set-CsUser –Identity "Ken Myer" –Enabled $True

Set, View, and Send a User's Dial-in Conferencing PIN

To join a dial-in conference as an authenticated user, a Microsoft Lync Server 2010 user with

Active Directory Domain Services (AD DS) credentials requires a personal identification number

(PIN). If a user forgets the dial-in conferencing PIN or has not set the PIN by using Microsoft Lync

2010, you can set the user’s PIN from Lync Server Control Panel. You can automatically generate

the PIN or create one manually.

Note:

Specific characteristics of the PIN, such as its minimum length, can be configured as a

policy. In addition to the global policy, you can configure a PIN policy for individual sites or

users. For details about configuring a PIN policy, see Configure Dial-in Conferencing

Personal Identification Number (PIN) Rules.

To set a user’s PIN







4. Use one of the following methods to locate a user:

In the Search users box, type all or the first portion of the display name, first name,

33


last name, Security Accounts Manager (SAM) account name, SIP address, or line

Uniform Resource Identifier (URI) of the user account, and then click Find.

If you have a saved query, click the Open query icon, use the Open dialog box to

retrieve the query (a .usf file), and then click Find.


a. Click Add Filter.

b. Enter the user property by typing it or by clicking the arrow in the drop-down list to

select the property.

c. In the Equal to drop-down list, click the operator (for example, Equal to or Not equal

to).

d. Depending on the user property you selected, enter the criteria that you want to use

to filter the search results by typing it or by clicking the arrow in the drop-down list.

Tip:

To add additional search clauses to your query, click Add Filter.

e. Click Find.

Note:

If the PIN is locked, you must unlock the PIN before you can set it. To unlock the

PIN, click the user, click Action, and then click Unlock PIN.

6. Click a user in the search results, click Action, and then click Set PIN.

7. In the Set PIN dialog box, do one of the following:

To allow Lync Server 2010 to generate the user’s PIN, select Automatically

generate a valid PIN (the default).

To create your own PIN, click Manually enter a specific PIN, click the text box, and

then type a PIN that meets the PIN requirements specified in your PIN policy

settings.

8. Click OK.

9. In Set PIN, do one of the following:

Select the Show PIN check box to see the PIN, and then copy the PIN and

communicate it to the user using your organization's preferred method.

Click Open my email application to send the new PIN to the user to send the PIN

by email. If Microsoft Office Outlook is your email client, the PIN is automatically

copied into a new email message. If you use a different email client, select the Show

PIN check box to see the PIN and then copy it into your email message.

10. Click Close.


34


To set a user’s PIN

Lync Server PowerShell provides two different ways to assign a PIN number to a user. To have Lync Server randomly generate a PIN number for the user, use a command similar to this one:

Set-CsClientPin -Identity "Ken Myer"

The assigned PIN number will appear onscreen, like this:

Identity Pin PinReset

-------- --- --------

Sip:[email protected] 55279 True

Note. It will be up to you to notify the user of his or her new PIN number; Lync Server will not automatically send these notifications for you.

Alternatively, you can include the Pin parameter and assign a specific PIN number to a user:

Set-CsClientPin -Identity "Ken Myer" -Pin 18723834

You can also pipe multiple user accounts to Set-CsClientPin and Lync Server will automatically assign a new PIN number to each of those accounts. For example:

Get-CsUser –LdapFilter "Department=IT" | Set-CsClientPin

See Also

Configure Dial-in Conferencing Personal Identification Number (PIN) Rules

Move Users to Another Pool

You can use Lync Server Control Panel to assign users to a specific server or pool.

Tip:

Moving all existing users from a source pool that is running Microsoft Office

Communications Server 2007 R2 or earlier to a Microsoft Lync Server 2010 destination

pool in a complex Active Directory environment might result in slower Active Directory

replication. To avoid this, you can use search filters to move users from pools that are

running Microsoft Office Communications Server 2007 R2 or earlier separately, or you

can use Lync Server Management Shell to move users with cmdlets. Also, the filter

functionality works with Lync Server 2010 users.

To move selected users to a different server or pool


35









Resource Identifier (URI) of the user account that you want, and then click Find.

5. In the table, select a specific user or users in the list.

6. On the Action menu, click Move selected users to pool.

7. In Move Users, select the pool that you want to move the users to in Destination

registrar pool.

8. (Optional) If the destination server or pool is unavailable, select the Force check box.

Warning:

If you select Force, the user account is moved, but any associated user data is

deleted (for example, conferences that the user has scheduled). If you do not

select it, both the account and the associated data are moved.

To move all users from one server or pool to a different server or pool







4. On the Action menu, click Move all users to pool.

5. In Move Users, select the pool that contains the user accounts that you want to move in

Source registrar pool.

6. In Destination registrar pool, select the pool that you want to move the users to.


Warning:


deleted (for example, conferences that the user has scheduled). If you do not

select it, both the account and the associated data are moved.

To move users from one pool to a different pool by using a filter



36






4. In User Search, click Search, click Add Filter.

5. In the Search criteria, select Registrar Pool, select Equal to, select Current Pool

FQDN, and then click Find.

6. On the Action menu, click Move all users to pool.

Note:

When a filter is applied to an existing set of users, the option Move all users to

pool is in the context of the filtered subset of users, not all possible users.

7. In Move Users, select the pool that contains the user accounts that you want to move in

Source registrar pool.

8. In Destination registrar pool, select the pool where you want to move the users.


Warning:


deleted (for example, conferences that the user has scheduled and contacts). If

you do not select it, both the account and the associated data are moved.

To move users from one pool to another using the Lync Management shell

1. Depending on how you run Windows PowerShell commands (that is, locally or remotely),

you need to log on as a member of the correct Lync Server administrative roles as

follows:

a. If you are running the commands on the local machine (for example, you log on

directly to a Front End Server): Log on to the computer where Lync Server

Management Shell is installed as a member of the RTCUniversalServerAdmins group

or with the necessary user rights as described in Delegate Setup Permissions.

b. If you are running the commands remotely on another machine (for example, you log

on to your computer and run the commands remotely on a Standard Edition Front

End Server): From a user account that is assigned to the CsUserAdministrator role or

the CsAdministrator role, log on to any computer in your internal deployment.

2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft


3. To move single users, use the Move-CsUser cmdlet as follows:

Move-CsUser -Identity "Pilar Ackerman" -Target

"pool01.contoso.net"

37


Where the user to move is the user Pilar Ackerman, and the user will be moved from their

currently assigned home pool to the pool pool01.contoso.net

4. To move a large number of users, use filters with the Get-CsUser cmdlet and pass the

resulting set of users to Move-CsUser:

Get-CsUser –Filter {RegistrarPool –eq “CurrentPoolFqdn”} | Move-

CsUser –Target “TargetPoolFQDN”

The combined commands of the Get-CsUser and Move-CsUser might result in this:

Get-CsUser –Filter {RegistrarPool –eq “pool02.contoso.net”} |

Move-CsUser –Target “pool01.contoso.net”


To move selected users to a different server or pool

To move a user from one Registrar pool to another, use the Move-CsUser cmdlet:

Move-CsUser -Identity "Pilar Ackerman" -Target "atl-cs-001.litwareinc.com"

You can also move multiple users by piping more than one user Identity (in this case, the Active Directory display name) to the Move-CsUser cmdlet:

"Ken Myer", "Pilar Ackerman", "Aidan Delaney" | Move-CsUser -Target "atl-cs-001.litwareinc.com"

To move all users from one server or pool to a different server or pool

To move all the users from a specified pool to a different pool, first use the Get-CsUser cmdlet to retrieve all the users from that pool; in the following command, the Filter value {RegistrarPool –eq "dublin-cs-001.litwareinc.com"} limits the returned user accounts to those users homed on the pool dublin-cs-001.litwareinc.com. That collection of user accounts can then be piped to the Move-CsUser cmdlet:

Get-CsUser -Filter {RegistrarPool –eq "dublin-cs-001.litwareinc.com"}| Move-CsUser -Target "atl-cs-001.litwareinc.com"

To move users from one pool to a different pool by using a filter

To move a selected group of users (based on an Active Directory attribute) first use the Get-CsUser cmdlet and the LdapFilter parameter to retrieve the desired set of

38


users. After retrieving the appropriate user accounts you can then pipe all those accounts to the Move-CsUser cmdlet:

Get-CsUser -LdapFilter "Department=Finance" | Move-CsUser -Target "atl-cs-001.litwareinc.com"

Assign Policies to Users

You can assign certain policies to a user or a group of users in order to specify particular settings

that deviate from the settings defined in policies assigned to other users, such as global policies.

These policies are called per-user policies.

In This Section

Assign a Conferencing Policy to Modify a User's Default Meeting Experience

Specify Client Versions Supported for Sign-in by a User

Assign Specific Dial-in Conferencing PIN Security Settings to a User

Apply External User Access Policies to Users

Configure Archiving of a User's Communications

Assign a Location Policy to a User

Presence Policy Settings

Assign a Conferencing Policy to Modify a User's Default Meeting Experience

The conferencing policy is one of the individual settings of a user account that you can configure

in Lync Server Control Panel.

Deploying one or more per-user conferencing policies is optional. You can also deploy only a

global-level conferencing policy or site-level conferencing policy. If you do deploy per-user

policies, you must explicitly assign them to users, groups, or contact object. Conferencing user

rights and permissions automatically default to those defined in the global-level conferencing

policy when no specific site-level or per-user policy is assigned.

After creating at least one per-user conferencing policy, use the procedures in this topic to assign

the policy that specifies the user rights and permissions that you want the server to grant to the

meetings organized by a particular user.

For a list of all available conferencing policy settings, see Conferencing Policy Settings

Reference.

For details about creating per-user conferencing policies, see Create or Modify Conferencing

User Experience for a Site or Group of Users.

To assign a per-user conferencing policy





39















to).

d. Depending on the user property you selected, enter the criteria you want to use to

filter the search results by typing it or by clicking the arrow in the drop-down list.

Tip:


e. Click Find.

6. Click a user in the search results, click Action, and then click Assign policies.

Tip:

If you want the same per-user conferencing policy to apply to multiple users,

select multiple users in the search results, then click Actions, and then click

Assign policies.

7. In Assign Policies, under Conferencing policy, do one of the following:

Note:

Because there are multiple policies that you can configure in Assign Policies,

<Keep as is> is selected by default for every policy in the dialog box. Continue

using the policy previously assigned to the user by making no changes to this

setting.

Select <Automatic> to allow Lync Server 2010 to automatically choose either the

global-level policy or, if defined, the site-level policy.

Click the name of a per-user conferencing policy you previously defined on the

Conferencing Policy page.

Tip:

To help you decide the policy you want to assign, after you click a policy

name, click View to view the user rights and permissions defined in the

policy.

40


8. When you are finished, click OK.


To assign a per-user conferencing policy to a user, use a command similar to this, specifying the Identity of the per-user policy as the parameter value for the PolicyName parameter:

Grant-CsConferencingPolicy –Identity "Ken Myer" –PolicyName "RedmondConferencingPolicy"

If you later decide to remove that conferencing policy (and thus have the user managed by the global policy or his or her site policy) use the following command, which sets the PolicyName property to a null value:

Grant-CsConferencingPolicy –Identity "Ken Myer" –PolicyName $Null


The client version policy is one of the individual settings of a user account that you can configure


Deploying one or more per-user client version policies is optional. You can also deploy only a

global-level client version policy, or site-level or pool-level client version policies. If you do deploy

per-user policies, you must explicitly assign them to users, groups, or contact object. When no

specific site-level, pool-level, or per-user policy is assigned, the default clients that are allowed to

register with Lync Server 2010 are those defined in the global-level client version policy.

After creating at least one per-user client version policy, use the procedures in this topic to assign

the policy that specifies the client versions that you want to allow to register with Lync Server

2010.

For details about creating per-user client version policies, see Specify the Client Versions

Supported in Your Organization.

To assign a per-user client version policy








41












to).



Tip:


e. Click Find.


Tip:

If you want the same per-user client version policy to apply to multiple users,


Assign policies.

7. In Assign Policies, under Client version policy, do one of the following:

Note:

Because there are multiple policies that you can configure by using the Assign

Policies dialog box, <Keep as is> is selected by default for every policy in the

dialog box. Continue using the policy previously assigned to the user by making

no changes to this setting.

Allow Lync Server 2010 to automatically choose either the global-level policy or, if

defined, the site-level policy or pool-level policy.

Click the name of a per-user client version policy you previously defined on the

Client Version Policy page.

Tip:



policy.


42




To assign a per-user client version policy to a user, use a command similar to this, specifying the Identity of the per-user policy as the parameter value for the PolicyName parameter:

Grant-CsClientVersionPolicy –Identity "Ken Myer" –PolicyName "RedmondClientVersionPolicy"

If you later decide to remove that client version policy (and thus have the user managed by the global policy, a service policy, or his or her site policy) use the following command, which sets the PolicyName property to a null value:

Grant-CsClientVersionPolicy –Identity "Ken Myer" –PolicyName $Null

Assign Specific Dial-in Conferencing PIN Security Settings to a User

The dial-in conferencing personal identification number (PIN) policy is one of the individual

settings of a user account that can be configured in the Lync Server Control Panel.

Deploying one or more per-user PIN policies is optional. You can also deploy only a global-level

PIN policy or site-level PIN policy. If you do deploy per-user policies, you must explicitly assign

them to users, groups, or contact object. User rights and permissions regarding the use of PINs

for dial-in conferencing automatically default to those defined in the global-level PIN policy when

no specific site-level or per-user policy is assigned.

After creating at least one per-user PIN policy, use the procedures in this topic to assign the

policy that specifies the constraints you want the server to impose on the PINs created by and

used by a particular user.

For details about creating per-user dial-in conferencing PIN policies, see Create or Modify Dial-in

Conferencing PIN Settings for a Site or Group of Users.

To assign a per-user PIN policy










43










to).



Tip:


e. Click Find.


Tip:

If you want the same per-user PIN policy to apply to multiple users, select

multiple users in the search results, then click Actions, and then click Assign

policies.

7. In Assign Policies, under PIN policy, do one of the following:

Note:






defined, the site-level policy.

Click the name of a per-user PIN policy you previously defined on the PIN Policy

page.

Tip:



policy.


44



To assign a per-user PIN policy to a user, use a command similar to this, specifying the Identity of the per-user policy as the parameter value for the PolicyName parameter:

Grant-CsPinPolicy –Identity "Ken Myer" –PolicyName "RedmondPinPolicy"

If you later decide to remove that PIN policy (and thus have the user managed by the global policy or his or her site policy) use the following command, which sets the PolicyName property to a null value:

Grant-CsPinPolicy –Identity "Ken Myer" –PolicyName $Null


If a user has been enabled for Lync Server 2010, you can configure federation, remote user

access, and public instant messaging (IM) connectivity in the Lync Server Control Panel by

applying the appropriate policies to specific users or user groups. For example, if you created a

policy to support remote user access, you must apply it to at least one user or user group before

the user or user group can connect to Lync Server 2010 from a remote location and collaborate

with internal users from the remote location.

Note:

To support for external user access, you must enable support for each type of external

user access you want to support, and configure the appropriate policies and other options

to control use. For details, see Configuring Support for External User Access in the

Deployment documentation or Managing External Connectivity in the Operations

documentation.

Use the procedure in this topic to apply a previously created external user access policy to one or

more user accounts or user groups.

To apply an external user policy to a user account






3. In the left navigation bar, click Users, and then search on the user account that you want

to configure.

4. In the table that lists the search results, click the user account, click Edit, and then click

Show details.

5. In Edit Lync Server User under External access policy, select the user policy that you

want to apply.

45


Note:

The <Automatic> settings apply the default server installation settings. These

settings are applied automatically by the server.


To assign a per-user external access policy to a user, use a command similar to this, specifying the Identity of the per-user policy as the parameter value for the PolicyName parameter:

Grant-CsExternalAccessPolicy –Identity "Ken Myer" –PolicyName "RedmondExternalAccessPolicy"

If you later decide to remove that external access policy (and thus have the user managed by the global policy or his or her site policy) use the following command, which sets the PolicyName property to a null value:

Grant-CsExternalAccessPolicy –Identity "Ken Myer" –PolicyName $Null

46


Configure Archiving of a User's Communications

The archiving policy is one of the individual settings of a user account that you can configure in

the Lync Server Control Panel.

Deploying one or more per-user archiving policies is optional. You can also deploy only a global-

level archiving policy or site-level archiving policy. If you do deploy per-user policies, you must

explicitly assign them to users, groups, or contact object. Archiving requirements automatically

default to those defined in the global-level conferencing policy when no specific site-level or per-

user policy is assigned.

After creating at least one per-user archiving policy, use the procedures in this topic to assign the

policy that appropriately specifies whether a particular user’s internal communications, external

communications, or both, will be archived by the server.

For details about creating per-user archiving policies, see Create a User Policy for Archiving.

To assign a per-user archiving policy


















to).



Tip:


e. Click Find.


47


Tip:

If you want the same per-user archiving policy to apply to multiple users, select


policies.

7. In Assign Policies, under Archiving policy, do one of the following:

Note:






defined, the site-level policy.

Click the name of a per-user archiving policy you previously defined on the

Archiving Policy page.

Tip:

To help you decide the policy that you want to assign, after you click a policy


policy.


PowerShell supplement: To assign a per-user archiving policy to a user, use a command similar to this, specifying the Identity of the per-user policy as the parameter value for the PolicyName parameter:

Grant-CsArchivingPolicy –Identity "Ken Myer" –PolicyName "RedmondArchivingPolicy"

If you later decide to remove that archiving policy (and thus have the user managed by the global policy or his or her site policy) use the following command, which sets the PolicyName property to a null value:

Grant-CsArchivingPolicy –Identity "Ken Myer" –PolicyName $Null

Assign a Location Policy to a User

The location policy is one of the individual settings of a user account that you can configure in the

Lync Server Control Panel.

Deploying one or more per-user location policies is optional. You can also deploy only a global-

level location policy or subnet-level location policy. If you do deploy per-user policies, you must

explicitly assign them to users, groups, or contact object. Enhanced 9-1-1 (E9-1-1) settings

48


automatically default to those defined in the global-level location policy when no specific subnet-

level or per-user policy is assigned.

After creating at least one per-user location policy, use the procedures in this topic to assign to

the policy that specifies the settings that you want the server to apply for emergency calls placed

by a particular user.

For a list of all available location policy settings, see Location Policy Definition.

For details about creating location policies, see Create Location Policies.

To assign a per-user location policy


















to).



Tip:


e. Click Find.


Tip:

If you want the same per-user location policy to apply to multiple users, select


policies.

7. In Assign Policies, under Location policy, do one of the following:

49


Note:






defined, the subnet-level policy.

Click the name of a per-user location policy you previously defined by running the

New-CsLocationPolicy cmdlet.

Tip:

To help you decide the policy that you want to assign, after you click a policy


policy.



To assign a per-user conferencing policy to a user, use a command similar to this, specifying the Identity of the per-user policy as the parameter value for the PolicyName parameter:

Grant-CsLocationPolicy –Identity "Ken Myer" –PolicyName "RedmondLocationPolicy"


A presence policy is a set of limits and restrictions that affect presence. The following table

describes the presence policy settings available in Lync Server 2010.


XML name Display name Description Type Value

CategorySubscriptions Maximum

Number of

Subscriber

Category

Subscriptions

Limits the number of

subscriber category

subscriptions. For

example, when

Communicator

subscribes to a user’s

presence, it obtains a

Integer 0-3000

50



category subscription

for each of the contact

card, calendar data,

notes, services, and

state categories.

A setting of 0 means

that the user or contact

object cannot be

subscribed to by others.

Note:

This setting can

have a

significant

impact on

performance if

it is set to a

high number,

and the

average user

has a large

number of

users

subscribing to

his or her

presence.

PromptedSubscribers Maximum

Number of

Queued

Presence

Subscription

Alerts

Limits the number of

entries in the prompted

subscribers table. This

setting determines the

maximum number of

prompts that can be

queued for a given

user. For example,

when user A subscribes

to user B’s presence,

user B receives a

prompt that user A is

now subscribed to user

B, and an

acknowledgement

prompt is created in

Integer or

Token

0-500

51



user B’s prompted

subscribers table. After

user B accepts, or

acknowledges, the

subscription, the

acknowledgement

prompt is removed from

user B’s prompted

subscribers table.

A setting of 0 means

that the user is not

prompted when

someone subscribes to

his or her presence.

By default, the Default Policy and Service: Medium presence policies are installed when you

deploy Microsoft Lync Server 2010. The following table describes the specific settings of the two

presence policies.

Presence Policies

Policy name Description CategorySubscriptions PromptedSubscribers

Default Policy Policy for typical

users. This is the

default presence

policy.

1000 200

Service: Medium Policy for

applications that

require more users

to subscribe to the

object’s presence.

1000 0

Enable Users for Enterprise Voice

After installing files for one or more Mediation Servers, configuring outbound call routing, and

optionally deploying one or more advanced Enterprise Voice features, use the following

procedures to enable a user to make calls using Enterprise Voice:

Note:

Of the following procedures, only the first can be performed using Lync Server Control

Panel. For the remaining procedures, you can only use Lync Server Management Shell.

52


Enable the user account for Enterprise Voice.

(Optional) Assign the user account a user-specific voice policy.

(Optional) Assign the user account a user-specific dial plan.

To enable a user account for Enterprise Voice









Resource Identifier (URI) of the user account that you want to enable, and then click

Find.

5. In the table, click the user account that you want to enable for Enterprise Voice.

6. On the Edit menu, click Show details.

7. On the Edit Lync Server User page, under Telephony, click Enterprise Voice.

8. Click Line URI, and then type a unique, normalized phone number (for example, tel:

+14255550200).

9. Click Commit.

To finish enabling a user for Enterprise Voice, ensure that the user is assigned a voice policy

and a dial plan, whether global (assigned by default) or user-specific.

By default, all users are assigned a global voice policy and dial plan. If a voice policy or dial

plan exists at the site level for the site on which the user account is homed, those site policies

will automatically apply to the user. To apply a per-user voice policy or dial plan to a user, you

must run the Grant-CsVoicePolicy and Grant-CsDialPlan cmdlets. For details, see the Lync

Server Management Shell documentation.

Voice Policy Assignment

Global and site-level voice policies are automatically assigned to all user accounts that are

enabled for Enterprise Voice. You can also create voice policies that apply to specific users or

groups. These per-user policies must be explicitly assigned to the users or groups. If you want to

use the global or site voice policy for all users that are enabled for Enterprise Voice, you can skip

this section and continue to Dial Plan Assignment section later in this topic.

To assign a user-specific voice policy




53



3. To assign an existing user voice policy to a user, run the following at the command

prompt:

Grant-CsVoicePolicy –Identity <UserIdParameter> –PolicyName

<String>

For example:

Grant-CsVoicePolicy –Identity “Bob Kelly” –PolicyName

VoicePolicyJapan

In this example, the user with the display name Bob Kelly is assigned the voice policy

with the name VoicePolicyJapan.

For details about assigning a user-specific voice policy or about running the Grant-

CsVoicePolicy cmdlet, see the Lync Server Management Shell documentation.

Dial Plan Assignment

To complete user account configuration for either users of Enterprise Voice or users of dial-in

conferencing, the user must be assigned a dial plan. User accounts will automatically use the

global dial plan or, of one exists, the site-level dial plan when you do not explicitly assign an

existing per-user dial plan. If you want to use the global or site dial plan for all users that are

enabled for Enterprise Voice, you can skip this section.

To assign a dial plan





3. To assign a user-specific dial plan, run the following at the command prompt:

Grant-CsDialPlan –Identity <UserIdParameter> –PolicyName <String>

For example:

Grant-CsDialPlan –Identity “Bob Kelly” –PolicyName DialPlanJapan

In this example, the user with the display name Bob Kelly is assigned the user dial plan

with the name DialPlanJapan.

For details about assigning a user dial plan or about running the Grant-CsDialPlan cmdlet,

see the Lync Server Management Shell documentation.


To enable a user for Enterprise Voice, use Set-CsUser to set the EnterpriseVoiceEnabled property to True and to assign the user a unique line URI:

54


Set-CsUser –Identity "Ken Myer" -EnterpriseVoiceEnabled $True –LineUri "TEL:+14255551297"

Configure Telephony for Users

Telephony settings are some of the individual settings of a user account that can be configured in

Lync Server Control Panel for the user (that is, if the individual user has been enabled for

Microsoft Lync Server 2010 and the organization supports telephony).

Lync Server 2010 user telephony options include the following:

Audio/video disabled The user cannot make calls with audio and video.

PC-to-PC only The user can make only PC-to-PC audio or video calls.

Enterprise Voice The user can use the Lync Server 2010 infrastructure to route all

incoming and outgoing calls. The user can also make PC-to-PC calls.

Remote call control The user can use Lync Server 2010 to control the desktop phone, and

can also make PC-to-PC calls.

For details about configuring telephony for an organization, see Configure Telephony for Users

and Deploying Enterprise Voice in the Deployment documentation.

To configure telephony for a specific user account









Resource Identifier (URI) of the user account that you want, and then click Find.

5. In the table, click the user account that you want to modify.

6. On the Edit menu, click Modify.

7. In Telephony, do the following:

To disable audio and video calls for the user, click Audio/video disabled.

To enable PC-to-PC audio communications for the user, but not remote call control or

Enterprise Voice, click PC-to-PC only. Specify a value for Line URI for the telephone

that the user uses for PC-to-PC audio communications.

To route the user's phone calls by using the Lync Server 2010 infrastructure in

accordance with the class of service policy, including PC-to-PC audio

communication, click Enterprise Voice. In Line URI, specify the telephone number

for Enterprise Voice. In Dial plan policy and Voice policy, specify the appropriate

policies for the user. To specify the normalization rules for translating phone numbers

55


dialed by the user to the E.164 format, select the appropriate location profile in

Location policy.

To enable remote call control, which enables users to control their desktop phone line

from Lync Server 2010 to make PC-to-PC calls and PC-to-phone calls, click Remote

call control. In Line URI, specify the telephone number for remote call control. The

user must have a desktop phone and private branch exchange (PBX) connection for

call routing.


To configure telephony options for a user, use the Set-CsUser cmdlet. The following command enables a user for Enterprise Voice and assigns that user a line URI:

Set-CsUser –Identity "Ken Myer" –EnterpriseVoiceEnabled $True –LineUri "TEL:+14255551219"

To enable remote call control for a user, use the following command:

Set-CsUser –Identity "Ken Myer" -RemoteCallControlTelephonyEnabled $True –LineUri "TEL:+14255551219"

This command enables PC-to-PC audio communications for the user, but without enabling either remote call control or Enterprise Voice:

Set-CsUser –Identity "Ken Myer" –EnterpriseVoiceEnabled $False -RemoteCallControlTelephonyEnabled $False –LineUri "TEL:+14255551219"

56


Managing Computers in Your TopologyTopics in this section provide step-by-step procedures for tasks you can perform using the

Topology page in Lync Server Control Panel.

In This Section

View a List of Computers Running Lync Server 2010

View the Status of Services Running on a Computer

View Details About a Service

Start or Stop Lync Server 2010 Services

Prevent Sessions for Services

View Microsoft SIP Processing Language (MSPL) Server Applications

Enable or Disable a Microsoft SIP Processing Language (MSPL) Server Application

Mark a Microsoft SIP Processing Language (MSPL) Application as Critical or Not Critical

View a List of Trusted Applications

View the Simple URL Details

View a List of Computers Running Lync Server 2010

You can use Lync Server 2010 Control Panel to view a list of all the computers that are running

Lync Server 2010 in your topology and see the service status of each. You can sort the list by

computer, pool, or site.

To view a list of computers running Lync Server

1. From a user account that is assigned to any of the predefined administrative roles for

Lync Server 2010, log on to any computer in your internal deployment. For details about

the predefined administrative roles available in Lync Server 2010, see Role-Based

Access Control.




3. In the left navigation bar, click Topology and then click Status.

4. On the Status page, do any of the following as needed:

Sort the list by clicking the Computer, Pool, or Site column heading, and then

clicking the up arrow or the down arrow.

Click Refresh to view the most up-to-date list.

Search for a specific computer by typing the computer name in the search field.

57



Although not quite a perfect match, the following script largely replicates the information found on the Topology\Status tab in the Lync Server Control Panel:

$errorPref = $errorActionPreference

$errorActionPreference = "SilentlyContinue"

$arrObjects = @()

$computers = Get-CsComputer | Sort-Object Identity

foreach ($objComputer in $computers)

{

$objSite = Get-CsPool -Identity $objComputer.pool | Select-Object Site

$objReplication = $Null

$objReplication = Get-CsManagementStoreReplicationStatus -ReplicaFqdn `

$objComputer.Identity | Select-Object UpToDate

$strReplication = $objSite.site -replace("Site:","")

$objDisplayObject = New-Object PSObject

Add-Member -InputObject $objDisplayObject -memberType NoteProperty `

-Name Identity -Value $objComputer.Identity


-Name Pool -Value $objComputer.Pool


-Name Site -Value $strReplication


-Name UpToDate -Value $objReplication.UpToDate

$arrObjects += $objDisplayObject

58


}

$labels = @{Expression={$_.Identity};Label="Computer"}, `

@{Expression={$_.Pool};Label="Pool"}, `

@{Expression={$_.Site};Label="Site"}, `

@{Expression={$_.UpToDate};Label="Replication"}

$arrObjects | Format-Table $labels

$errorActionPreference = $errorPref

To use this script, copy the code, paste it into a text editor, and then save the file using a .ps1 file extension (for example, C:\Scripts\Status.ps1). From there all you have to do is run the script from within the Lync Server Management Shell. For example:

C:\Scripts\Status.ps1


You can use Lync Server Control Panel to view all the services that are running on a specific

computer in your Lync Server 2010 topology and see the status of each service.

To view the status of services running on a computer




2. In the left navigation bar, click Topology.

3. On the Status page, sort or search the list as needed to find the computer you are

interested in and then click the computer name.

4. Do any of the following:

To see the latest status of services running on the computer, click Get service

status.

To see a list of specific services running on the computer and the status of each

service, click Properties and then click Close to return to the list.


59


To view the status of all the Lync Server services running on all your computers, use the following command:

Get-CsService | Select-Object Role, PoolFqdn | Sort-Object PoolFqdn, Role

To view the services running on a specific computer, use this command, replacing atl-cs-001.litwareinc.com with the fully qualified domain name of the computer to be checked:

Get-CsService | Where-Object {$_.PoolFqdn –eq "atl-cs-001.litwareinc.com"} | Select-Object Role, PoolFqdn | Sort-Object PoolFqdn, Role

View Details About a Service

You can use Lync Server Control Panel to view details about each service that is running on a

specific computer in your topology. You can view the status of each service and details such as

the associated databases, ports, and dependent services.

To view details for a service

1. From a user account that is assigned to any of the predefined administrative roles for

Lync Server 2010, log on to any computer in your internal deployment. For details about

the predefined administrative roles available in Lync Server 2010, see Role-Based

Access Control.





4. In the Status page, sort or search through the list and then click the computer that you

want to view.

5. Click Properties.

6. In the View Computer Detail window, sort the list of services, if necessary, and click the

service you want to view.

7. Do any of the following as needed:

To see the latest status of that specific service, click Get service status.

To see the details for that specific service, click Properties and then click Close.

To return to the list of all computers in your topology, click Close.


60


To view detailed information for a particular Lync Server service or server role, use the Get-CsService cmdlet followed by the service Identity:

Get-CsService –Identity service:Registrar:atl-cs-001.litwareinc.com

To view detailed information for all your Lync Server services or server roles, call Get-CsService without any parameters:

Get-CsService

Start or Stop Lync Server 2010 Services

You can use Lync Server Control Panel to start or stop all the Lync Server 2010 services running

on a specific computer or to start or stop a specific Lync Server 2010 service.

To start or stop all Lync Server services on a computer

1. From a user account that is a member of the RTCUniversalServerAdmins group (or has

equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role,

log on to any computer that is in the network in which you deployed Lync Server 2010.





4. On the Status page, sort or search through the list as needed to find the computer that is

running the services you want to start or stop, and then click it.

5. Click Action.

6. Click Start All services or Stop All services.

To start or stop a specific service








running the service you want to start or stop, and then click it.


6. Sort the list of services, if necessary, and click the service you want to start or stop.

7. Click Action.

8. Click Start service or Stop service.

61


9. Click Close.


To start or stop all Lync Server services on a computer

To start all the Lync Server services on a computer, use the Start-CsWindowsService cmdlet:

Start-CsWindowsService -ComputerName atl-cs-001.litwareinc.com

Note that the ComputerName parameter is not required if you are starting the Lync Server services on the local computer.

To stop all the Lync Server services on a computer, use the Stop-CsWindowsService cmdlet:

Stop-CsWindowsService -ComputerName atl-cs-001.litwareinc.com

To start or stop a specific service

To start a specific service, use the Start-CsWindowsService cmdlet along with the Name parameter:

Start-CsWindowsService –Name "RTCRGS" -ComputerName atl-cs-001.litwareinc.com

Use the Stop-CsWindowsService cmdlet to stop a specified service:

Stop-CsWindowsService –Name "RTCRGS" -ComputerName atl-cs-001.litwareinc.com

62


Prevent Sessions for Services

You can use Microsoft Lync Server 2010 Control Panel to prevent new sessions for all the Lync

Server 2010 services running on a specific computer or to prevent new sessions for a specific

Lync Server 2010 service.

To prevent new sessions for all Lync Server services on a computer









running the services for which you want to prevent new sessions, and then click it.

5. Click Action.

6. Click Prevent new sessions for all services.

To prevent new sessions for a specific service









running the service you want to start or stop, and then click it.


6. Sort the list of services, if necessary, and click the service for which you want to prevent

new sessions.

7. Click Action.

8. Click Prevent new sessions for service.

9. Click Close.


63


To prevent new sessions for all Lync Server services on a computer

To prevent new sessions for all the Lync Server services on a computer use the following command:

Get-CsWindowsService | Stop-CsWindowsService -ComputerName atl-cs-001.litwareinc.com –Graceful

The Graceful parameter used with the Stop-CsWindowsService cmdlet ensures that all existing sessions will be honored but no new sessions will be allowed.

To prevent new sessions for a specific service

To prevent new sessions for a specific Lync Server service, use the following command:

Stop-CsWindowsService -Name "RTCRGS" -ComputerName atl-cs-001.litwareinc.com -Graceful


A Microsoft SIP Processing Language (MSPL) server application is a script-only application that

uses a scripting language instead of the Microsoft Lync 2010 API. MSPL provides more granular

control over filtering and proxy behaviors, in addition to a facility for dispatching specific

messages to transaction-based SIP applications. MSPL is used specifically for filtering and

routing SIP messages. MSPL applications run in the same process as the UserServices module,

while a program that is based on the Lync 2010 API runs in a separate process.

You can use the Server Application page in the Topology group of Lync Server Control Panel to

see a list of MSPL server applications that run on Front End Servers in your Lync Server 2010

environment. The list shows the scripts that are available for each pool, as well as whether they

are enabled or critical. The scripts run in the order they are listed.

These scripts include the following:

ClientVersionFilter provides the administrator with a way to specify the version of clients that

are supported by a pool. The client version filter checks the client version and can either

prevent the client from logging on or present the user with a message that indicates he or she

is using a client that is not supported. The client version filter can also be configured to

display a message to the user that contains the URL of the latest downloadable version of the

client.

TranslationService translates a number that a user dials to an E.164 number according to the

normalization rules defined by the administrator. For details, see Translation Rules.

IncomingFederation enforces tenant-level federation validation for inter-tenant and incoming

messages from external deployments.

64


UserServices is the SIP Registrar, presence, and conferencing component of a Front End

Server. It provides closely integrated IM, presence, and conferencing features built on top of

the SIP Proxy.

InterClusterRouting is responsible for routing calls to the callee’s primary Registrar pool. For

details, see Front End Server VoIP Components.

IIMFilter (Intelligent IM Filter) blocks messages that contain clickable URLs or that attempt to

initiate file transfers. IIMFilter also checks the client version on behalf of the server. IIMFilter

affects file transfers that are initiated by using either Microsoft Lync 2010, Communicator, or

the Live Meeting 2007 client. By default, clickable links are disabled by adding an underscore

character before the first character of the link. An administrator can change this behavior so

that the link is blocked, in which case messages that contain clickable URLs or that attempt to

initiate a file transfer are blocked by the server from reaching their intended destinations.

IIMFilter is installed on all Lync Server except Proxy Servers and Archiving Servers.

UserPinService is used to verify user personal identification numbers (PINs) for dial-in

conferencing.

DefaultRouting is the default routing application for servers running Lync Server. It is enabled

by default. The routing application is installed on all Standard Edition and Enterprise Edition

servers.

ExumRouting routes calls to Exchange Server Unified Messaging (UM). ExumRouting

determines the appropriate Exchange UM server to route the call to when there is a new

voice mail message to deposit. ExumRouting also handles some other Exchange UM

integration aspects, including routing to Auto Attendant and Subscriber Access.

OutboundRouting determines the gateway that routes a call to a phone number according to

the dialed number and the user’s dialing authorization. OutboundRouting also handles

rerouting of calls if a gateway cannot process a call.

QoEAgent receives Quality of Experience (QoE) data reports from endpoints through SIP

SERVICE requests, and sends the data to the destination queue on the Monitoring Server or

to third-party consumers using HTTP POST. For details, see Planning for Monitoring.

OutgoingFederation enforces tenant-level federation validation for messages going to a

targeted external deployment.

AcpRouting proxies INVITE requests destined for the Audio Conferencing Provider (ACP) to

the ACP Gateway.

Scripts that run on Edge Servers include the following:

IIMFilter

OptionsHandler responds to incoming OPTIONS requests with 200 OK if the request is

destined for the current server. This is used for topology validation.


65


To return information for all of your MSPL server applications, use the Get-CsServerApplication cmdlet:

Get-CsServerApplication

The following command returns information for a specific application:

Get-CsServerApplication -Identity "service:Registrar:atl-cs-001.litwareinc.com/ExumRouting"

And this command returns information about all the applications running under a specific service:

Get-CsServerApplication -Identity "service:EdgeServer:atl-edge-001.litwareinc.com"

See Also




You can use Microsoft Lync Server 2010 Control Panel to enable or disable Microsoft SIP

Processing Language (MSPL) server applications that run in your Lync Server 2010 environment.

These applications are script-only applications that use a scripting language instead of the

Microsoft Lync 2010 API.

Not all scripts can be enabled or disabled. For instance, the DefaultRouting script is enabled and

this option cannot be changed for DefaultRouting.

To enable or disable an MSPL server application







3. In the left navigation bar, click Topology and then click Server Application.

4. On the Server Application page, click a column heading to sort the applications, if

needed, and then click the server application that you want to modify.

5. Click Action.

6. Click Enable application or Disable application (that is, if the script supports this

option).

66



To enable an MPSL server application, use the Set-CsServerApplication cmdlet and set the Enabled property to True:

Set-CsServerApplication -Identity "Registrar:atl-cs-001.litwareinc.com/ExumRouting" -Enabled $True

To disable an MPSL server application, set the Enabled property to False:

Set-CsServerApplication -Identity "Registrar:atl-cs-001.litwareinc.com/ExumRouting" -Enabled $False

See Also




Microsoft SIP Processing Language (MSPL) server applications are script-only applications that

use the MSPL scripting language instead of the Microsoft Lync 2010 API. Some MSPL server

applications are specified as critical. If a script is critical, the script must start during system

startup in order for Lync Server 2010 to start. If the script fails while Lync Server 2010 is running,

the server does not shut down, but it stops sending traffic to the script, and it writes errors in the

event log.

You can use Lync Server Control Panel to mark Microsoft SIP Processing Language (MSPL)

server applications as critical or unmark them.

Not all scripts support this option. For example, the DefaultRouting script is marked as critical,

and this option cannot be changed for DefaultRouting.

To mark or unmark an MSPL server application as critical







3. In the left navigation bar, click Topology and then click Server Application.

4. On the Server Application page, click a column heading to sort the applications, if

needed, and then click the server application that you want to modify.

67


5. Click Action.

6. Click Mark as critical or Unselect as critical (that is, if the script supports this option).


To mark an MPSL server application as critical, use the Set-CsServerApplication cmdlet and set the Critical property to True:

Set-CsServerApplication -Identity "Registrar:atl-cs-001.litwareinc.com/QoEAgent" -Critical $True

To mark an MPSL server application as not being critical, set the Critical property to False:

Set-CsServerApplication -Identity "Registrar:atl-cs-001.litwareinc.com/QoEAgent" -Critical $False

See Also



68


View a List of Trusted Applications

You can use Lync Server Control Panel to view a list of the trusted applications that you have

deployed in your Microsoft Lync Server 2010 environment. A trusted application is an application

based on Microsoft Unified Communications Managed API (UCMA) 3.0 Core SDK that is trusted

by Lync Server 2010. This trust relationship is summarized in the following list:

Trusted applications are not challenged for authentication by Lync Server 2010.

Trusted applications are not throttled by Lync Server 2010 for SIP transactions, connections

or outgoing Voice over Internet Protocol (VoIP) calls.

Trusted applications can impersonate any user and can join conferences without appearing in

rosters.

Trusted applications are highly available and resilient.

In Lync Server Control Panel, you can see the name of the applications, the pool where they run,

and the port they use.

To view a list of trusted applications

1. From a user account that is assigned to the CsServerAdministrator, CsAdministrator,

CsHelpDesk, or CsViewOnlyAdministrator role, log on to any computer in your internal

deployment. For details about the predefined administrative roles available in Lync Server

2010, see Role-Based Access Control.




3. In the left navigation bar, click Topology and the click Trusted Application.

4. On the Trusted Application page, click a column heading to sort the applications, if

needed.


To return information for all your trusted applications, call Get-CsTrustedApplication without any parameters:

Get-CsTrustedApplication

To return information about a single application, use the Identity parameter followed by the application Identity:

Get-CsTrustedApplication -Identity TrustPool.litwareinc.com/tapp2

69


View the Simple URL Details

You can use Lync Server Control Panel to view simple URL details for your Microsoft Lync Server

2010 environment. Simple URLs make it easier for users to join meetings, and they make it

easier for administrators to get to Microsoft Lync Server 2010 administrative tools. For details,

see Planning for Simple URLs.

To view Simple URL details

1. From a user account that is assigned to the CsServerAdministrator, CsAdministrator,

CsHelpDesk, or CsViewOnlyAdministrator role, log on to any computer in your internal

deployment. For details about the predefined administrative roles available in Lync Server

2010, see Role-Based Access Control.




3. In the left navigation bar, click Topology and then click Simple URL.

4. On the Simple URL page, click a column heading to sort the list, if needed.

5. Select the name for which you want to see simple URL details, and then click Properties.

6. When you are finished viewing details, click Close.


To return information about the Simple URLs configured for use in your organization, use the following command:

Get-CsSimpleUrlConfiguration | Select-Object –Expand SimpleUrl

70


Filtering Instant Messages and Client VersionsTopics in this section provide step-by-step procedures for tasks that you can perform using the IM

and Presence group in Lync Server Control Panel.

In This Section

Configuring Filtering for Instant Messaging (IM)

Specify the Client Versions Supported in Your Organization


The Intelligent IM Filter tool helps protect your Microsoft Lync Server 2010 deployment against

the spread of the most common forms of viruses with minimal degradation to the user experience.

Use Intelligent IM Filter to configure filters to block unsolicited or potentially harmful instant

messages from unknown endpoints outside the corporate firewall. You configure filters by

specifying the criteria to be used to determine what should be blocked, such as instant messages

containing hyperlinks with specific prefixes and files with specific extensions.

Intelligent IM Filter provides the following:

Enhanced URL filtering.

Enhanced file transfer filtering.

Configuring Intelligent IM Filter includes the following:

Configuring URL filtering.

Configuring file transfer filtering.

How Filtering Options Are Applied to Instant Messages

Before you deploy the Intelligent IM Message Filter tool, you need to understand how filtering

options are applied as messages are routed from one Lync Server 2010 server to another. The

way these filtering options are applied is consistent, regardless of whether the servers are located

in a single organization or across organizational boundaries. This consistency applies to the way

that the customized notice and warning texts are inserted into messages and sent across servers.

Note:

The instant message filter increases the amount of CPU resources required to process

URLs in a message. This increase in CPU demand also affects the performance of Lync

Server 2010.

By using the URL Filter page in the IM and Presence group in Lync Server Control Panel, you

can block some or all hyperlinks or configure a warning. The warning is inserted at the beginning

of an instant message that contains a hyperlink when you choose the Hyperlink prefix option

Send warning message.

When an instant message travels from one server to another, the following general guidelines

apply:

71


If a server blocks an instant message (because you selected the Block URLs with file

extension check box on the URL Filter page or because you chose the Hyperlink prefix

option Block hyperlinks), an error message is returned to the client. Subsequent servers do

not receive this instant message.

If a server (Server1) adds a warning to an instant message that contains an active hyperlink,

a subsequent server (Server2) that receives this instant message can still take a different

action based on this active hyperlink present in the instant message and block the instant

message or add a warning. If Server2 is configured only to add a warning for this URL, the

earlier warning added by Server1 is removed, and the warning configured on Server2 is

added to the beginning of the instant message.

Note:

If you are running Lync Server 2010 in a mixed environment, Live Communications

Server 2005 with SP1 is the minimum version required to use the Intelligent IM Filter

application. The Intelligent IM Filter is not supported on Live Communications Server

2005 without SP1.

URL Filtering

URLs are filtered according to their hyperlink prefix. The following examples are valid prefixes:

www*.

ftp.

http:

If you do not configure the instant message filter to perform any URL filtering, all URLs contained

in instant messages are passed unmodified through the server. If you configure the instant

message filter to perform URL filtering, URLs in instant messages are filtered according to the

options that you select in the Edit URL Filter or New URL Filter dialog box.

Enable URL filter This option enables URL filtering for the global deployment or for the site

that you select.

Block URLs with file extension The instant message filter blocks any active intranet or

Internet URL that contains a file with an extension listed under File type extensions to block

in the Edit File Filter dialog box. When a URL is blocked, an error message is displayed to

the sender. When selected, this option takes precedence over all other filtering options for

any file extensions defined under File type extensions to block.

Important:

Filtering of file extensions is limited to standard file names. Filtering may not work

with file extensions embedded in other names.

To configure how hyperlinks are handled in instant message conversations, you select one of the

following options under Hyperlink prefix:

Do not filter URLs in messages are sent through the server. When you choose this option,

the Allow message box appears. In the Allow message box, specify the notice that you

want to insert at the beginning of each instant message containing hyperlinks. This notice can

consist of no more than 65535 characters.

72


Block hyperlinks Delivery of instant messages containing active hyperlinks is blocked by

Lync Server 2010, and an error message is displayed to the sender.

Send warning message Lync Server 2010 permits active hyperlinks in instant messages,

but it includes a warning. When you choose this option, the Warning message box appears.

In the Warning message box, you must type the warning that you want to include with

instant messages containing valid hyperlinks. For example, this warning might state the

potential dangers of clicking an unknown link, or it might refer to your organization’s relevant

policies and requirements. The warning can be no more than 65535 characters.

If you select Block hyperlinks or Send warning message, the following options are available:

Exclude local intranet hyperlinks The instant message filter blocks only Internet URLs.

URLs for locations within your intranet are passed unmodified through the server. However,

the intranet URLs that individual servers running Lync Server 2010 pass depend on which

types of local websites are considered part of their intranet zone. To check a server’s intranet

zone settings, see the “To configure your intranet settings in Internet Explorer” procedure in

Modify the Default URL Filter.

Filter these hyperlink prefixes To choose which prefixes you want to block, click Select,

and then, in Select Hyperlink Prefix, add the prefixes to the Hyperlink prefixes list.

All prefixes except href must end with a period or a colon, or an asterisk followed by a period.

Valid prefixes can contain any characters in the set of valid URL characters except the

asterisk (*). The set of valid URL characters is:

#*+/0123456789=@ABCDEFGHIJKLMNOPQRSTUVWXYZ^_` abcdefghijklmnopqrstuvwxyz|

~

File Transfer Filtering

Filter transfer filtering affects both instant messages and conferences. For conferences, these

settings affect the handout feature in the Office Live Meeting 2007 client and multimedia playback

features.

Note:

Microsoft Lync 2010 also offers file transfer setting options. This server-side option is

offered in addition to the client-side controls available in Lync 2010.

You can filter file transfers during instant message conversations, when you are using the

handout feature in the Office Live Meeting 2007 client, and for multimedia playback features for

all file types. You can set the following options to control file transfers:

Enable file filter This option enables file filtering for the global deployment or for the site

that you select.

When you enable the file filter, you can choose one of the following options in File transfer:

Block specific file types You specify which file transfer requests are filtered by the

server by specifying a list of file extensions to block. Entries in the list can contain all

standard characters, but not the wildcard character (*). In the Office Live Meeting 2007

client the handout feature is enabled, but any file with this extension cannot be uploaded

or downloaded. If you select the Block URLs with file extension check box on the

settings for a URL filter listed on the URL Filter tab, the URL filter uses this same list to

73


block active hyperlinks that contain any of these file extensions. To choose which file

types you want to block, click Select, and then, in Select File Type, add the file type

extensions to the Selected file type extensions list.

Block All The server drops all instant messages that contain file transfer requests and

returns an error message to the sender of the request. The handout feature in the Office

Live Meeting 2007 client is disabled.

Important:

Filtering of file extensions is limited to standard file names. Filtering may not work with file

extensions embedded in other names.

In This Section

Modify the Default File Transfer Filter

Create a New File Transfer Filter for a Specific Site

Modify the Default URL Filter

Create a New URL Filter to Handle Hyperlinks in IM Conversations


Microsoft Lync Server 2010 provides a global file transfer filter that blocks specific types of files

during the following file-related activities within your Lync Server 2010 deployment:

File transfer requests during instant messaging (IM) conversations

File uploads and downloads while using the handout feature in the Office Live Meeting 2007

client

Multimedia playback during conferences

Depending on the types of files you want to block or allow, you can use Lync Server Control

Panel to modify the global filter. For details about file transfer filtering, see Configuring Filtering for

Instant Messaging (IM).

To modify the default file transfer filter






3. In the left navigation bar, click IM and Presence and then click File Filter.

4. On the File Filter page, double-click the Global filter.

5. In Edit File Filter, select the Enable file filter check box.

6. In the File transfer drop-down list box, click Block All or Block specific file types.

7. If you clicked Block All, skip to step 9.

8. If you clicked Block specific file types, do the following:

a. Click Select to modify the default list of file type extensions that you want to block.

74


b. In Select File Type, select the file types that you want to block or allow by adding or

removing their extensions from the categories under File type extensions.

c. If you do not see the extension for a file type that you want to block, type the

extension in the text box under Add file type extensions to the list, and then click

Add.

d. Click OK.

9. Click Commit.


To modify the default file transfer filter, use the Set-CsFileTransferFilterConfiguration cmdlet and set the Identity to global. For example, this command adds the file extension .ps1 (the file extension used for Windows PowerShell scripts) to the set of file types that cannot be transferred using Microsoft Lync:

Set-CsFileTransferFilterConfiguration -Identity global -Extensions @{Add=".ps1"}

And this command removes the .ps1 file extension from the list of file types that cannot be transferred using Microsoft Lync:

Set-CsFileTransferFilterConfiguration -Identity global -Extensions @{Remove=".ps1"}

See Also






In addition to modifying the global file transfer filter, you can configure custom file transfer filters

for specific sites within your Microsoft Lync Server 2010 deployment. For details about file

transfer filtering, see Configuring Filtering for Instant Messaging (IM).

To create a file transfer filter for a specific site





75



3. In the left navigation bar, click IM and Presence and then click File Filter.

4. On the File Filter page, click New.

5. In the Select a Site dialog box, click the site for which you want to create the file transfer

filter, and then click OK.

6. In New File Filter, click the Enable file filter check box.

7. In File transfer drop-down list box, click Block All or Block specific file types.

8. If you clicked Block All, skip to step 9.

9. If you clicked Block specific file types, do the following:

a. Click Select to modify the default list of file type extensions that you want to block.

b. In the Select File Type dialog box, select the file types that you want to block or

allow by adding or removing their extensions from the categories under File type

extensions.

c. If you do not see the extension for a file type that you want to block, type the

extension in the text box under Add file type extensions to the list, and then click

Add.

d. Click OK.

10. Click Commit.


To create a new collection of file transfer filter configuration settings, use the New-CsFileTransferFilterConfiguration cmdlet:

New-CsFileTransferFilterConfiguration -Identity site:Redmond -Extensions @{Add=".ps1"}

See Also






By using the instant messaging (IM) filter, Microsoft Lync Server 2010 provides a global URL filter

that blocks specific URLs contained in IM conversations among users throughout your Lync

Server 2010 deployment. By using Lync Server Control Panel, you can do the following:

Block all or a subset of URLs in instant message conversations.

76


Allow all URLs. As an option, you can create a notice that is inserted at the beginning of each

instant message that contains a URL.

Allow specific URLs and include a warning with each instant message that contains a URL.

In addition, you can choose to block URLs that contain specific file types, or block only Internet

URLs by allowing URLs that are within the server’s local intranet zone — intranet URLs — to

pass through the server. For details about URL filtering, see Configuring Filtering for Instant

Messaging (IM).


To modify the default URL filter, use the Set-CsFileTransferFilterConfiguration cmdlet and set the Identity to global. For example, this command adds the prefix .urn to the set of Uniform Resource Identifiers (URIs) that either cannot be included in an instant message or cannot be configured as a clickable link within an instant message:

Set-CsImFilterConfiguration -Identity global -Prefixes @{Add="urn:"}

This command removes the prefix .urn from the collection of blocked URIs:

Set-CsImFilterConfiguration -Identity global -Prefixes @{Remove="urn:"}

See Also






In addition to modifying the global URL filter, you can configure custom URL filters for individual

sites within your Microsoft Lync Server 2010 deployment. For details about URL filtering, see

Configuring Filtering for Instant Messaging (IM).

To create a new URL filter






3. In the left navigation bar, click IM and Presence, and then click URL Filter.

4. On the URL Filter page, click New.

77


5. In Select a Site, click the site for which you want to create the URL filter, and then click

OK.

6. In the New URL Filter dialog box, select the Enable URL Filter check box to enable URL

filtering for the site.

7. To block any active URL that contains a file with an extension listed under File type

extensions to block in Edit File Filter, select the Block URLs with file extension

check box.

8. In the Hyperlink prefix drop-down list box, click the option that corresponds to how you

want to handle URLs in instant message conversations.

The Allow message box enables a warning message to be sent to the user when

sending hyperlinks that are allowed to be sent.

9. Click Commit.


To create a new collection of URL filter configuration settings use the New-CsImFilterConfiguration cmdlet:

Set-CsImFilterConfiguration -Identity "site:Redmond" -Prefixes @{Add="urn:"}

See Also






The client version policy is one of the individual settings of a user account that you can configure


Deploying one or more per-user client version policies is optional. You can also deploy only a

global-level client version policy, or site-level or pool-level client version policies. If you do deploy

per-user policies, you must explicitly assign them to users, groups, or contact object. When no

specific site-level, pool-level, or per-user policy is assigned, the default clients that are allowed to

register with Lync Server 2010 are those defined in the global-level client version policy.

After creating at least one per-user client version policy, use the procedures in this topic to assign

the policy that specifies the client versions that you want to allow to register with Lync Server

2010.

78


For details about creating per-user client version policies, see Specify the Client Versions

Supported in Your Organization.



















to).



Tip:


e. Click Find.


Tip:

If you want the same per-user client version policy to apply to multiple users,


Assign policies.

7. In Assign Policies, under Client version policy, do one of the following:

Note:






79


defined, the site-level policy or pool-level policy.

Click the name of a per-user client version policy you previously defined on the

Client Version Policy page.

Tip:



policy.



To assign a per-user client version policy, use the Grant-CsClientVersionPolicy cmdlet:

Grant-CsClientVersionPolicy –Identity "Ken Myer" –PolicyName "RedmondClientVersionPolicy"

To unassign a per-user policy, use the Grant-CsClientVersionPolicy cmdlet and set the PolicyName parameter to a null value:

Grant-CsClientVersionPolicy –Identity "Ken Myer" –PolicyName $Null

Configuring Voice RoutingTopics in this section provide step-by-step procedures for tasks you can perform using the Voice

Routing group in Lync Server Control Panel.

In This Section

Configuring Dial Plans and Normalization Rules

Configuring Voice Policies, PSTN Usage Records, and Voice Routes

Configuring Trunks and Translation Rules

Exporting and Importing Voice Routing Configuration

Test Voice Routing

Publish Pending Changes to the Voice Routing Configuration

80



A Lync Server 2010 dial plan is a named set of normalization rules that translate phone numbers

for a named location, individual user, or contact object for purposes of phone authorization and

call routing.

Note:

For details, see Dial Plans and Normalization Rules in the Planning documentation.

In This Section

Create a Dial Plan

Modify a Dial Plan

Defining Normalization Rules

81


Create a Dial Plan

To create a new dial plan, perform the steps in the following procedure. If you want to edit a dial

plan, see Modify a Dial Plan.

To create a dial plan

1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a

member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role.

For details, see Delegate Setup Permissions.




3. In the left navigation bar, click Voice Routing and then click Dial Plan.

4. On the Dial Plan page, click New and select a scope for the dial plan:

Site dial plan applies to an entire site, except any users or groups that are assigned

to a user dial plan. If you select Site for a dial plan’s scope, you must choose the site

from the Select a Site dialog box. If a dial plan has already been created for a site,

the site does not appear in the Select a Site dialog box.

Pool dial plan can apply to a public switched telephone network (PSTN) gateway or

a Registrar. If you select Pool for a dial plan’s scope, choose the PSTN gateway or

Registrar from the Select a Service dialog box. If a dial plan has already been

created for a service (PSTN gateway or Registrar), the service does not appear in the

list.

User dial plan can be applied to specified users or groups.

Note:

After you select the dial plan scope, it cannot be changed.

5. If you are creating a user dial plan, enter a descriptive name in the Name field on the

New Dial Plan dialog box. After this name is saved, it cannot be changed.

Notes:

For site dial plans, the Name field is prepopulated with the site name and cannot be changed.

For pool dial plans, the Name field is prepopulated with the PSTN gateway or Registrar name

and cannot be changed.

6. The Simple name field is prepopulated with the same name that appears in the Name

field. You can optionally edit this field to specify a more descriptive name that reflects the

site, service, or user to which the dial plan applies.

Important

The Simple name must be unique among all dial plans within the Lync Server deployment. It

cannot exceed 256 Unicode characters, each of which can be an alphabetic or numeric

character, a hyphen (-), a period (.), a plus sign (+), or an underscore (_).

82


Spaces are not allowed in the Simple name.

7. (Optional) In the Description field, you can type additional descriptive information about

the dial plan.

8. (Optional) If you want to use this dial plan as a region for dial-in access numbers, specify

a Dial-in conferencing region. If you do not want to use this dial plan for dial-in access

numbers, leave this field empty.

Note:

Dial-in conferencing regions are required to associate dial-in conferencing

access numbers with one or more dial plans.

9. (Optional) In the External access prefix field, specify a value only if users need to dial

one or more additional leading digits (for example, 9) to get an external line. You can type

in a prefix value of up to four characters (#, *, and 0-9).

Note:

If you specify an external access prefix, you do not need to create a new

normalization rule to accommodate the prefix.

10. Associate and configure normalization rules for the dial plan as follows:

To choose one or more rules from a list of all normalization rules available in your

Enterprise Voice deployment, click Select. In Select Normalization Rules, highlight

the rules you want to associate with the dial plan and then click OK.

To define a new normalization rule and associate it with the dial plan, click New. For

details about defining a new rule, see Defining Normalization Rules.

To edit a normalization rule that is already associated with the dial plan, highlight the

rule name and click Show details. For details about editing the rule, see Defining

Normalization Rules.

To copy an existing normalization rule to use as a starting point for defining a new

rule, highlight the rule name and click Copy, and then click Paste. For details about

editing the copy, see Defining Normalization Rules.

To remove a normalization rule from the dial plan, highlight the rule name and click

Remove.

Note:

Each dial plan must have at least one associated normalization rule. For

information about how to determine all of the normalization rules a dial plan

requires, see Dial Plans and Normalization Rules in the Planning documentation.

11. Verify that the dial plan’s normalization rules are arranged in the correct order. To change

a rule’s position in the list, highlight the rule name and then click the up or down arrow.

Important

Lync Server traverses the normalization rule list from the top down and uses the first rule that

matches the dialed number. If you configure a dial plan so that a dialed number can match

more than one normalization rule, make sure the more restrictive rules are sorted above the

83


less restrictive ones.

The default Prefix All normalization rule ^(\d{11})$ matches any 11-digit number. For

example, if you add a normalization rule that matches 11-digit numbers that start with 1425,

make sure that Prefix All is sorted below the more restrictive ^(1425\d{7})$ rule.

12. (Optional) Enter a number to test the dial plan and then click Go. The test results are

displayed under Enter a number to test.

Note:

You can save a dial plan that does not yet pass the test and then reconfigure it

later. For details, see Test Voice Routing.

13. Click OK.

14. On the Dial Plan page, click Commit, and then click Commit all.

Note:

Any time you create a dial plan, you must run the Commit all command to

publish the configuration change. For details, see Publish Pending Changes to

the Voice Routing Configuration in the Operations documentation.


To create a new dial plan, use the New-CsDialPlan cmdlet:

New-CsDialPlan -Identity site:Redmond -SimpleName RedmondSiteDialPlan

The following command creates a new dial plan, then uses the New-CsVoiceNormalizationRule cmdlet to immediately add a new normalization rule to that dial plan:

New-CsDialPlan -Identity site:Redmond -SimpleName RedmondSiteDialPlan

New-CsVoiceNormalizationRule -Identity "site:Redmond/SeattlePrefix" -Pattern "^9(\d*){1,5}$" -Translation "+1206$1"

See Also

Modify a Dial Plan



Modify a Dial Plan

To modify an existing dial plan, perform the steps in the following procedure. If you want to create

a new dial plan, see Create a Dial Plan.

84


To modify a dial plan







3. In the left navigation bar, click Voice Routing and then click Dial Plan.

4. On the Dial Plan page, double-click a dial plan name.

Note:

The dial plan scope and name were set when the dial plan was created. They

cannot be changed.

5. (Optional) In Edit Dial Plan, edit the Simple name field, which is prepopulated with the

same name that appears in the Name field to specify a more descriptive name that

reflects the site, service, or user to which the dial plan applies.

Important

The Simple name must be unique among all dial plans within the Lync Server

deployment. It cannot exceed 256 Unicode characters, each of which can be an

alphabetic or numeric character, a hyphen (-), a period (.), a plus sign (+), or an

underscore (_).

Spaces are not allowed in the Simple name field.

6. (Optional) In the Description field, type descriptive information about the dial plan.

7. (Optional) If you want to use this dial plan as a region for dial-in access numbers, specify

a Dial-in conferencing region. If you do not want to use this dial plan for dial-in access

numbers, leave this field empty.

Note:

Dial-in conferencing regions are required to associate dial-in conferencing

access numbers with one or more dial plans.

8. (Optional) In the External access prefix field, specify a value only if users need to dial

one or more additional leading digits to get an external line (for example, 9). You can

type in a prefix value of up to four characters (that is, #, *, and 0-9).

Note:

If you specify an external access prefix, you do not need to create a new

normalization rule to accommodate the prefix.

9. Associate and configure normalization rules for the dial plan:

To choose one or more rules from a list of all normalization rules available in your

Enterprise Voice deployment, click Select. In the Select Normalization Rules dialog

box, highlight the rules that you want to associate with the dial plan and then click

85


OK.

To define a new normalization rule and associate it with the dial plan, click New. For

details about defining a new rule, see Defining Normalization Rules.

To edit a normalization rule that is already associated with the dial plan, highlight the

rule name and click Show details. For details about editing the rule, see Defining

Normalization Rules.

To copy an existing normalization rule to use as a starting point for defining a new

rule, highlight the rule name and click Copy, and then click Paste. For details about

editing the copy, see Defining Normalization Rules.

To remove a normalization rule from the dial plan, highlight the rule name and click

Remove.

Note:

Each dial plan must have at least one associated normalization rule. For details

about how to determine all of the normalization rules a dial plan requires, see

Dial Plans and Normalization Rules in the Planning documentation.

10. Verify that the dial plan’s normalization rules are arranged in the correct order. To change

a rule’s position in the list, highlight the rule name and then click the up or down arrow.

Important

Lync Server traverses the normalization rule list from the top down and uses the first

rule that matches the dialed number. If you configure a dial plan so that a dialed

number can match more than one normalization rule, make sure the more restrictive

rules are sorted above the less restrictive ones.

The default Prefix All normalization rule ^(\d{11})$ matches any 11-digit number. If,

for example, you add a normalization rule that matches 11-digit numbers that start

with 1425, make sure that Prefix All is sorted below the more restrictive ^(1425\d{7})

$ rule.

11. (Optional) Enter a number to test the dial plan and then click Go. The test results are

displayed under Enter a number to test.

Note:

You can save a dial plan that does not yet pass the test and then reconfigure it


12. Click OK.


Note:

Any time you create or modify a dial plan, you must run the Commit all

command to publish the configuration change. For details, see Publish Pending

Changes to the Voice Routing Configuration in the Operations documentation.

86



To modify a dial plan, use the Set-CsDialPlan cmdlet:

Set-CsDialPlan -Identity RedmondDialPlan –ExternalAccessPrefix 8

See Also

Create a Dial Plan



87



Lync Server 2010 normalization rules use .NET Framework regular expressions to translate

dialed phone numbers to E.164 format. Each dial plan must be assigned one or more

normalization rules.

For details about normalization rules, see Dial Plans and Normalization Rules in the Planning

documentation.

For details about how to write regular expressions, see ".NET Framework Regular Expressions"

at http://go.microsoft.com/fwlink/?LinkId=140927.

You can use either of the following methods to define or edit a normalization rule:

Use the Build a Normalization Rule tool to specify values for the starting digits, length, digits

to remove and digits to add, and then let Lync Server Control Panel generate the

corresponding matching pattern and translation rule for you.

Write regular expressions manually to define the matching pattern and translation rule.

In This Section

Create or Modify a Normalization Rule by Using Build a Normalization Rule

Create or Modify a Normalization Rule Manually

See Also

Create a Dial Plan

Modify a Dial Plan


Complete the following steps if you want to create or modify a normalization rule by using Build a

Normalization Rule in Microsoft Lync Server 2010 Control Panel. Alternatively, if you want to

create or modify a normalization rule manually, see Create or Modify a Normalization Rule

Manually.

To define a rule by using Build a Normalization Rule







3. (Optional) Follow the steps in Create a Dial Plan through step 11 or Modify a Dial Plan

through step 10.

4. In New Normalization Rule or Edit Normalization Rule, type a name that describes the

number pattern being normalized in Name (for example, 5DigitExtension).

5. (Optional) In Description, type a description of the normalization rule (for example,

"Translates 5-digit extensions").

88



6. In Build a Normalization Rule, enter values in the following fields:

Starting digits (Optional) Specify the leading digits of dialed numbers you want the

pattern to match. For example, type 425 if you want the pattern to match dialed

numbers beginning with 425.

Length Specify the number of digits in the matching pattern and select whether you

want the pattern to match this length exactly, match dialed numbers that are at least

this length, or match dialed numbers of any length.

Digits to remove (Optional) Specify the number of starting digits to be removed

from dialed numbers you want the pattern to match.

Digits to add (Optional) Specify digits to be added to dialed numbers you want the

pattern to match.

The values you enter in these fields are reflected in Pattern to match and Translation

rule. For example, if you leave Starting digits empty, type 7 into the Length field and

select Exactly, and specify 0 in Digits to remove, the resulting regular expression in the

Pattern to match is:

^(\d{7})$

7. In Translation rule, specify a pattern for the format of translated E.164 phone numbers

as follows:

A value that represents the number of digits specified in the matching pattern. For

example, if the matching pattern is ^(\d{7})$ then $1 in the translation rule represents

7-digit dialed numbers.

(Optional) Type a value into the Digits to add field to specify digits to be prepended

to the translated number, for example +1425.

For example, if Pattern to match contains ^(\d{7})$ as the pattern for dialed numbers

and Translation rule contains +1425$1 as the pattern for E.164 phone numbers, the rule

normalizes 5550100 to +14255550100.

8. (Optional) If the normalization rule results in a phone number that is internal to your

organization, select Internal extension.

9. (Optional) Enter a number to test the normalization rule and then click Go. The test

results are displayed under Enter a number to test.

Note:

You can save a normalization rule that does not yet pass the test and then

reconfigure it later. For details, see Test Voice Routing.

10. Click OK to save the normalization rule.

11. Click OK to save the dial plan.


Note:

Any time you create or change a normalization rule, you must run the Commit all


89



See Also


Create a Dial Plan

Modify a Dial Plan

Test Voice Routing



Complete the following steps if you want to create or modify a normalization rule manually. If you

want to create or modify a normalization rule by using Build a Normalization Rule in Microsoft

Lync Server 2010 Control Panel, see Create or Modify a Normalization Rule by Using Build a

Normalization Rule.

To define a normalization rule manually







3. (Optional) Follow the steps in Create a Dial Plan or Modify a Dial Plan.

4. In New Normalization Rule or Edit Normalization Rule, type a name that describes the

number pattern being normalized in Name (for example, name the normalization rule

5DigitExtension).

5. (Optional) In Description field, type a description of the normalization rule (for example,

"Translates 5-digit extensions").

6. In Build a Normalization Rule, click Edit.

7. Enter the following in Type a Regular Expression:

In Match this pattern, specify the pattern that you want to use to match the dialed

phone number.

In Translation rule, specify a pattern for the format of translated E.164 phone

numbers.

For example, if you enter ^(\d{7})$ in Match this pattern and +1425$1 in Translation

rule, the rule normalizes 5550100 to +14255550100.

8. (Optional) If the normalization rule results in a phone number that is internal to your

organization, select Internal extension.

9. (Optional) Enter a number to test the normalization rule and then click Go. The test

results are displayed under Enter a number to test.

90


Note:

You can save a normalization rule that does not yet pass the test and then

reconfigure it later. For details, see Test Voice Routing.

10. Click OK to save the normalization rule.

11. Click OK to save the dial plan.


Note:

Any time you create or change a normalization rule, you must run the Commit all




New-CsVoiceNormalizationRule -Parent SeattleUser -Name SeattleFourDigit -Description "Dialing with internal four-digit extension" -Pattern '^(\d{4})$' -Translation '+1206555$1'

See Also


Create a Dial Plan

Modify a Dial Plan

Test Voice Routing


91



Voice policies, PSTN usage records, and voice routes are integrally related. You configure voice

policies by selecting a set of calling features and then assigning the policy a set of PSTN usage

records, which specify what rights are authorized for the users or groups who are assigned the

voice policy. Voice routes are also assigned PSTN usage records, which serve to match routes

with the users who are authorized to use them. That is, users can only place calls that use the

routes for which they have a matching PSTN usage record.

The recommended workflow for a new Enterprise Voice deployment is to start by configuring a

voice policy that includes the appropriate PSTN usage records, and then associate the

appropriate routes to each PSTN usage record.

Note:

You can also create voice policies with user scope and assign them to individual users or

groups.

For the detailed steps to perform each of these tasks, see the procedures in this section.

In This Section

Configuring Voice Policies and PSTN Usage Records to Authorize Calling Features and

Privileges

View PSTN Usage Records

Configuring Voice Routes for Outbound Calls

Configuring Voice Policies and PSTN Usage Records to Authorize Calling Features and Privileges

A voice policy enables a set of calling features and associates one or more PSTN usage records

to define the calling features and permissions of users who are assigned the policy.

Voice policy scope can be either Site (which defines the default features and permissions for a

network site) or User (which defines the features and permissions to be assigned on a per-user or

group basis). Users not assigned to a voice policy will automatically be assigned to the global

policy, which is the default voice policy that is installed with the product.

Note:

For details, see Voice Policies in the Planning documentation.

In This Section

Create a Voice Policy and Configure PSTN Usage Records

Modify a Voice Policy and Configure PSTN Usage Records


Follow these steps if you want to create a new voice policy. If you want to edit a voice policy, see

Modify a Voice Policy and Configure PSTN Usage Records for the procedure.

92


Note:

Each voice policy must have at least one associated PSTN usage record. To see a listing

of all PSTN usage records available in your Enterprise Voice deployment and view their

properties, see View PSTN Usage Records.

To create a voice policy







3. In the left navigation bar, click Voice Routing and then click Voice Policy.

4. On the Voice Policy page, click New and then select a scope for the new policy:

Site policy applies to an entire site, except any users or groups that are assigned to

a user policy. If you select Site for a policy scope, choose the site from the Select a

Site dialog box. If a voice policy has already been created for a site, the site does not

appear in the Select a Site dialog box.

User policy can be applied to specified users or groups.

5. If the voice policy scope is User, enter a descriptive name for the policy in the Name field.

Note:

If the voice policy scope is Site, the Name field in New Voice Policy is

prepopulated with the site name and cannot be changed.

6. (Optional) Enter additional descriptive information for the voice policy.

7. Select or clear the following check boxes to enable or disable each of the Calling

features for this voice policy:

Call forwarding enables users to forward calls to other phones and client devices.

Enabled by default.

Delegation enables users to specify other users to send and receive calls on their

behalf. Enabled by default.

Call transfer enables users to transfer calls to other users. Enabled by default.

Call park enables users to park calls on hold and then pick up the call from a

different phone or client. Disabled by default.

Simultaneous ringing enables incoming calls to ring on additional phones (for

example, a cell phone) or other endpoint devices. Enabled by default.

Team call enables users on a defined team to answer calls for other members of the

team. Enabled by default.

PSTN re-route enables calls made by users who are assigned this policy to other

enterprise users to be re-routed on the public switched telephone network (PSTN) if

the WAN is congested or unavailable. Enabled by default.

93


Bandwidth policy override enables administrators to override call admission control

policy decisions for a particular user. Disabled by default.

Note:

The policy will be overridden only for incoming calls to the user and not for

outgoing calls that are placed by the user. After the session is established the

bandwidth consumption will be accurately accounted for. This setting should

be used sparingly and should be avoided for appropriate call admission

control decisions.

Malicious call tracing enables users to report malicious calls (such as bomb

threats) using the client UI, and that in turn flags the calls in the call detail records

(CDRs). Disabled by default.

8. To associate and configure PSTN usage records for this voice policy, do any of the

following:

To choose one or more records from a list of all PSTN usage records available in

your Enterprise Voice deployment, click Select. Highlight the records you want to

associate with this voice policy and then click OK.

To remove a PSTN usage record from this voice policy, highlight the record and click

Remove.

To define a new PSTN usage record and associate it with this voice policy, do the

following:

a. Click New.

b. In the Name field, enter a unique descriptive name for the record. For example, you

may want to create a PSTN usage record named Redmond for full-time employees

located in Redmond, and another named RedmondTemps for temporary employees.

Note:

The PSTN usage record name must be unique within the Enterprise Voice

deployment. After the record is saved, the Name field cannot be edited.

c. Use any of the following methods to associate and configure routes for this PSTN

usage record:

To choose one or more routes from the list of all available routes in your Enterprise

Voice deployment, click Select, highlight the routes you want to associate with this

PSTN usage record, and then click OK.

To remove a route from the PSTN usage record, highlight the route and click

Remove.

To define a new route and associate it with this PSTN usage record, click New. For

details, see Create a Voice Route.

To edit a route that is already associated with this PSTN usage record, highlight the

route and click Show details. For details, see Modify a Voice Route.

d. Click OK.

To edit a PSTN usage record that is already associated with this voice policy, do the

94


following:

a. Highlight the PSTN usage record you want to edit and click Show details.

b. Use any of the following methods to associate and configure routes for this PSTN

usage record:




To remove a route from this PSTN usage record, highlight the route and click

Remove.





c. Click OK.

9. Arrange the PSTN usage records for optimum performance. To change a record’s

position in the list, highlight the record name and click the up or down arrow.

Important:

The order in which PSTN usage records are listed in the voice policy is

significant. Lync Server traverses the list from the top down. We recommend that

you organize the list by frequency of use, for example: RedmondLocal,

RedmondLongDist, RedmondInternational, RedmondBackup.

10. (Optional) Enter a number to test the voice policy and click Go. The test results are

displayed under Translated number to test.

Note:

You can save a voice policy that does not yet pass the test and then reconfigure

it later. For details, see Test Voice Routing.

11. Click OK.

12. On the Voice Policy page, click Commit, and then click Commit all.

Note:

Any time you create or modify a voice policy, you must run the Commit all




See Also


95



Create a Voice Route

Modify a Voice Route

Test Voice Routing



Follow these steps if you want to modify a voice policy. If you want to create a new voice policy,

see Create a Voice Policy and Configure PSTN Usage Records for the procedure.

Note:

If a user is assigned to a voice policy has no associated PSTN usage records, the user

cannot place outbound calls. To see a listing of all PSTN usage records available in your

Enterprise Voice deployment and view their properties, see View PSTN Usage Records.

To modify a voice policy







3. In the left navigation bar, click Voice Routing and then click Voice Policy.

4. On the Voice Policy page, double-click a voice policy name.

Note:

The scope and name were set when the voice policy was created. They cannot

be changed.

5. (Optional) In Edit Voice Policy, enter additional descriptive information for the voice

policy.

6. Select or clear the following check boxes to enable or disable each of the Calling

features:

Call forwarding enables users to forward calls to other phones and client devices.

Enabled by default.

Delegation enables users to specify other users to send and receive calls on their

behalf. Enabled by default.

Call transfer enables users to transfer calls to other users. Enabled by default.

Call park enables users to park calls on hold and then pick up the call from a

different phone or client. Disabled by default.

Simultaneous ringing enables incoming calls to ring on additional phones (for

example, a cell phone) or other endpoint devices. Enabled by default.

96


Team call enables users on a defined team to answer calls for other members of the

team. Enabled by default.

PSTN re-route enables calls made by users who are assigned this policy to other

enterprise users to be re-routed on the public switched telephone network (PSTN) if

the WAN is congested or unavailable. Enabled by default.

Bandwidth policy override enables administrators to override call admission control

(CAC) policy decisions for a particular user. Disabled by default.

Note:

The policy will be overridden only for incoming calls to the user and not for

outgoing calls that are placed by the user. After the session is established the

bandwidth consumption will be accurately accounted for. This setting should

be used sparingly and should be avoided for appropriate call admission

control decisions.

Malicious call tracing enables users to report malicious calls (such as bomb

threats) using the client UI, and that in turn flags the calls in the call detail records

(CDRs). Disabled by default.

7. To associate and configure PSTN usage records for this voice policy, do any of the

following:

To choose one or more records from a list of all PSTN usage records available in

your Enterprise Voice deployment, click Select. Highlight the records you want to

associate with this voice policy and then click OK.

To remove a PSTN usage record from this voice policy, highlight the record and click

Remove.

To define a new PSTN usage record and associate it with this voice policy, do the

following:

a. Click New.

b. In the Name field, enter a unique descriptive name for the record. For example, you

may want to create a PSTN usage record named Redmond for full-time employees

located in Redmond, and another named RedmondTemps for temporary employees.

Note:

The PSTN usage record name must be unique within the Enterprise Voice

deployment. After the record is saved, the Name field cannot be edited.

c. Use any of the following methods to associate and configure routes for this PSTN

usage record:




To remove a route from the PSTN usage record, highlight the route and click

Remove.


97





d. Click OK.

To edit a PSTN usage record that is already associated with this voice policy, do the

following:

a. Highlight the PSTN usage record you want to edit and click Show details.

b. Use any of the following methods to associate and configure routes for this PSTN

usage record:




To remove a route from this PSTN usage record, highlight the route and click

Remove.





c. Click OK.



Note:

The order in which PSTN usage records are listed in the voice policy is

significant. Lync Server traverses the list from the top down. We recommend that

you organize the list by frequency of use, for example: RedmondLocal,

RedmondLongDist, RedmondInternational, RedmondBackup.

9. (Optional) Enter a number to test the voice policy and click Go. The test results are

displayed below the Translated number to test field.

Note:

You can save a voice policy that does not yet pass the test and then reconfigure

it later. For details, see Test Voice Routing.

10. Click OK.

11. On the Voice Policy page, click Commit, and then click Commit all.

Note:

Any time you create or modify a voice policy, you must run the Commit all



98



To modify an existing voice policy, use the Set-CsVoicePolicy cmdlet:

Set-CsVoicePolicy UserVoicePolicy2 -AllowSimulRing $False -PstnUsages @{add = "Long Distance"}

See Also





Test Voice Routing



A PSTN usage record specifies a class of call (such as internal, local, or long distance) that can

be made by various users or groups of users in an organization. For details, see PSTN Usage

Records in the Planning documentation.

To view a PSTN usage record







3. In the left navigation bar, click Voice Routing and then click PSTN Usage.

4. On the PSTN Usage page, highlight the PSTN usage record you want to view, click Edit

and then click Show details.

Note:

A read-only page of the selected PSTN usage record shows the associated

routes and associated voice policies.


To view all your PSTN usage records, use the Get-CsPstnUsage cmdlet:

99


Get-CsPstnUsage | Select-Object –ExpandProperty Usage

See Also



Configuring Voice Routes for Outbound Calls

A Lync Server 2010 voice route associates destination phone numbers with one or more PSTN

gateways or SIP trunks and one or more PSTN usage records.

Note:

For details, see Voice Routes in the Planning documentation.

In This Section



100



The following procedure explains how to create a new voice route. To edit an existing route, see

Modify a Voice Route for the procedure.

To create a voice route


member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator

administrative role.




3. In the left navigation bar, click Voice Routing.

4. Click the Route tab.

5. Click New to display the New Voice Route dialog box.

6. In the Name field, type in a descriptive name for the voice route.

7. (Optional) In the Description field, type in additional descriptive information for the voice

route.

8. To specify the patterns you want this route to accommodate, you can either use the Build

a pattern to match tool to generate a regular expression, or write the regular expression

manually.

To use the Build a pattern to match tool to generate a regular expression, enter

values as follows. You can specify two types of pattern matching:

Starting digits for numbers that you want to allow: Enter prefix values that this

route must accommodate (including the leading + if needed). For example, type +425

and then click Add. Repeat this for each prefix value that you want to include in the

route.

Exceptions: If you want to specify one or more exceptions for a prefix value,

highlight the prefix and click Exceptions. Type in one or more values for the

matching patterns that you do not want this route to accommodate. For example, to

exclude numbers starting with +425237 from the route, enter a value of +425237 in

the Exceptions field and then click OK.

To define the matching pattern manually, click Edit in the Build a pattern to match

tool and then type in a .NET Framework regular expression to specify the matching

pattern for destination phone numbers to which the route is applied. For information

about how to write regular expressions, see ".NET Framework Regular Expressions"


9. Select Suppress caller ID if you do not want the ID of the phone making the outbound

call to appear to the call recipient. If you select this option, you must specify an Alternate

caller ID that will appear on the recipient’s caller ID display.

10. To associate one or more PSTN gateways or SIP trunks with the voice route, click Add

101



and then select a gateway or SIP trunk from the list.

Note:

If your deployment includes any Microsoft Office Communications Server 2007

R2 Mediation Servers, they will also be available in the list.

11. To associate one or more PSTN usage records with the voice route, click Select and

choose a record from the list of PSTN usage records that have been defined for your

Enterprise Voice deployment.

Notes:

To view the properties of each of the available PSTN usage records, see View PSTN Usage

Records.

To create or edit PSTN usage records, see Create a Voice Policy and Configure PSTN Usage

Records or Modify a Voice Policy and Configure PSTN Usage Records.



Note:

Unlike in a voice policy where the order in which PSTN usage records are listed

is important, the order in which PSTN usage records are listed in the voice route

is insignificant. However, we recommend that you organize the list by frequency

of use, for example: RedmondLocal, RedmondLongDist, RedmondInternational,

RedmondBackup. (Lync Server traverses the list from the top down.)

13. (Optional) Type a value into the Enter a translated number to test field and click Go.

The test results are displayed under the field.

Note:

You can save a voice route that does not yet pass the test and then reconfigure it


14. Click OK to save the voice route.

Any time you create a voice route, you must run the Commit All command to publish the

configuration change. For details, see Publish Pending Changes to the Voice Routing

Configuration.


To create a new voice route, use the New-CsVoiceRoute cmdlet:

New-CsVoiceRoute -Identity Route1 -PstnUsages @{add="Long Distance"} -PstnGatewayList @{add="PstnGateway:redmondpool.litwareinc.com"}

See Also

102






Test Voice Routing



This topic explains how to edit a voice route. To create a new route, see Create a Voice Route.

To modify a voice route







3. In the left navigation bar, click Voice Routing and then click Route.

4. On the Route page, use either of the following methods to modify a voice route:

Click a voice route name, click Edit, and then click Show details.

Click a voice route name, click Edit, click Copy, and then click Paste. Click the new

copy of the voice route that you just created, click Edit, and then click Show details.

5. In the Name field on the Edit Voice Route page, type a descriptive name for the voice

route.

6. (Optional) In the Description field, type in additional descriptive information for the voice

route.

7. To specify the patterns you want this route to accommodate, you can either use the Build

a pattern to match tool to generate a regular expression, or write the regular expression

manually.

To use the Build a pattern to match tool to generate a regular expression, enter

values as follows. You can specify two types of pattern matching:

Starting digits for numbers that you want to allow: Enter prefix values that this

route must accommodate (including the leading + if needed). For example, type +425

and then click Add. Repeat this for each prefix value that you want to include in the

route.

Exceptions: If you want to specify one or more exceptions for a prefix value,

highlight the prefix and click Exceptions. Type in one or more values for the

matching patterns that you do not want this route to accommodate. For example, to

exclude numbers starting with +425237 from the route, enter a value of +425237 in

the Exceptions field and then click OK.

103


To define the matching pattern manually, click Edit in the Build a pattern to match

tool and then type in a .NET Framework regular expression to specify the matching

pattern for destination phone numbers to which the route is applied. For information

about how to write regular expressions, see ".NET Framework Regular Expressions"


8. Select Suppress caller ID if you do not want the ID of the phone making the outbound

call to appear to the call recipient. If you select this option, you must specify an Alternate

caller ID that will appear on the recipient’s caller ID display.

9. To associate one or more PSTN gateways or SIP trunks with the voice route, click Add

and then select a gateway or SIP trunk from the list.

Note:

If your deployment includes any Microsoft Office Communications Server 2007

R2 Mediation Servers, they will also be available in the list.

10. To associate one or more PSTN usage records with the voice route, click Select and

choose a record from the list of PSTN usage records that have been defined for your

Enterprise Voice deployment.

Notes:

To view the properties of each of the available PSTN usage records, see View PSTN Usage

Records.

To create or edit PSTN usage records, see Create a Voice Policy and Configure PSTN Usage

Records or Modify a Voice Policy and Configure PSTN Usage Records.



Note:

Unlike in a voice policy where the order in which PSTN usage records are listed

is important, the order in a voice route is insignificant. However, we recommend

that you organize the list by frequency of use, for example: RedmondLocal,

RedmondLongDist, RedmondInternational, RedmondBackup. (Lync Server

traverses the list from the top down.)

12. (Optional) Type a value into the Enter a translated number to test field and click Go.

The test results are displayed under the field.

Note:

You can save a voice route that does not yet pass the test and then reconfigure it


13. Click OK.

14. On the Route page, click Commit, and then click Commit all.

Note:

Any time you create or modify a voice route, you must run the Commit all


104





To modify a voice route, use the Set-CsVoiceRoute cmdlet:

Set-CsVoiceRoute -Identity Route1 -Description "Test Route"

The following commands use both the Get-CsVoiceRoute and Set-CsVoiceRoute cmdlets to add a new PSTN gateway to a voice route:

$y = Get-CsVoiceRoute -Identity Route1

$y.PstnGatewayList.Add("PstnGateway:192.168.0.100")

Set-CsVoiceRoute -Instance $y

See Also





Test Voice Routing


Configuring Trunks and Translation Rules

As part of Enterprise Voice deployment, configure a trunk between a Mediation Server and one or

more of the following to provide PSTN connectivity for Enterprise Voice clients and devices in

your organization:

SIP trunk connection to an Internet telephony service provider (ITSP)

PSTN gateway

Private branch exchange (PBX)

For details, see PSTN Connectivity in the Planning documentation.

Important:

Before you begin trunk configuration, verify that the topology has been created and that

the Mediation Server and its peer have been configured and associated with one another

as described in Define a Peer of the Mediation Server for a Site in the Deployment

documentation.

105


Note:

As a part of trunk configuration, you can enable the Lync Server 2010 media bypass

feature, which allows media to bypass the Mediation Server. Trunks can be configured

either with or without media bypass enabled, but we strongly recommend that you enable

it. For details, see Media Bypass in the Planning documentation.

In This Section

Configure Media Bypass on a Trunk

Configure a Trunk Without Media Bypass

Defining Translation Rules


Follow these steps if you want to configure a trunk with media bypass enabled. If you want to

configure a trunk with media bypass disabled, see Configure a Trunk Without Media Bypass.

Although we strongly recommend that you enable media bypass, before you enable media

bypass on a SIP trunk, confirm that your qualified SIP trunk provider supports media bypass and

is able to accommodate the requirements for successfully enabling the scenario. Namely, the

provider must have the IP addresses of servers in your organization’s internal network. If the

provider cannot support this scenario, media bypass will not succeed. For details, see Media

Bypass in the Planning documentation.

Note:

Media bypass will not interoperate with every PSTN gateway, IP-PBX, and SBC.

Microsoft has tested a set of PSTN gateways with certified partners and has done some

testing with Cisco IP-PBXs. Certification for SBCs is underway. Media bypass is

supported only with products and versions listed on Unified Communications Open

Interoperability Program – Lync Server at http://go.microsoft.com/fwlink/?LinkId=214406.

To configure media bypass on a trunk







3. In the left navigation bar, click Voice Routing and then click Trunk Configuration.

4. On the Trunk Configuration page, use one of the following methods to configure a

trunk:

Double-click an existing trunk (for example, the Global trunk) to display the Edit

Trunk Configuration dialog box.

Click New, and then select a scope for the new trunk:

106



Site trunk: Choose the site for this trunk configuration from the Select a Site dialog

box, and then click OK. Note that if a trunk has already been created for a site, the

site does not appear in the Select a Site dialog box.

Pool trunk: Choose the service for this trunk configuration (for example, a PSTN

gateway at a specified site) from the Select a Service dialog box, and then click OK.

Note that if a trunk has already been created for a service, the service does not

appear in the Select a Service dialog box.

Notes:

After you select the trunk’s scope, it cannot be changed.

The Name field is prepopulated with the name of the trunk’s associated site or service and

cannot be changed.

5. Specify a value in the Maximum early dialogs supported box. This is the maximum

number of forked responses a PSTN gateway, IP-PBX, or ITSP Session Border

Controller can receive to an INVITE that it sent to the Mediation Server. The default value

is 20.

Note:

Before you change this value, consult your service provider or equipment

manufacturer for details about the capabilities of your system.

6. Select one of the following Encryption support level options:

Required: Secure real-time transport protocol (SRTP) encryption must be used to

help protect traffic between the Mediation Server and the gateway or PBX.

Optional: SRTP encryption will be used if the service provider or equipment

manufacturer supports it.

Not Supported: SRTP encryption is not supported by the service provider or

equipment manufacturer and therefore will not be used.

7. Select the Enable media bypass check box if you want media to bypass the Mediation

Server for processing by the trunk peer.

Important:

For media bypass to work successfully, the PSTN gateway, IP-PBX, or ITSP

Session Border Controller must support certain capabilities. For details, see

Media Bypass in the Planning documentation.

8. Select the Centralized media processing check box if there is a well-known media

termination point (for example, a PSTN gateway where the media termination has the

same IP as the signaling termination). Clear this check box if the trunk does not have a

well-known media termination point.

Note:

Media bypass is only supported if this option is selected.

9. If the trunk peer supports receiving SIP REFER requests from the Mediation Server,

select the Enable refer support check box. Clear the check box if the trunk peer does

107


not support receiving SIP REFER requests from the Mediation Server.

Note:

If you disable this option while the Enable media bypass option is selected,

additional settings are required. If the trunk peer does not support receiving SIP

REFER requests from the Mediation Server and media bypass is enabled, you

must also run the Set-CsTrunkConfiguration cmdlet to disable RTCP for active

and held calls in order to support proper conditions for media bypass. For details,

see the Lync Server Management Shell documentation.

10. (Optional) Associate and configure translation rules for the trunk:

To choose one or more rules from a list of all translation rules available in your

Enterprise Voice deployment, click Select. In Select Translation Rules, click the

rules that you want to associate with the trunk and then click OK.

To define a new translation rule and associate it with the trunk, click New. See

Defining Translation Rules in the Deployment documentation for information about

defining a new rule.

To edit a translation rule that is already associated with the trunk, click the rule name

and then click Show details. For details, see Defining Translation Rules in the

Deployment documentation.

To copy an existing translation rule to use as a starting point for defining a new rule,

click the rule name and click Copy, and then click Paste. For details, see Defining

Translation Rules.

To remove a translation rule from the trunk, highlight the rule name and click

Remove.

Warning:

Do not associate translation rules with a trunk if you have configured translation

rules on the associated trunk peer because the two rules might conflict.

11. Ensure the trunk’s translation rules are arranged in the correct order. To change a rule’s

position in the list, highlight the rule name and then click the up or down arrow.

Important:

Lync Server traverses the translation rule list from the top down and uses the first

rule that matches the dialed number. If you configure a trunk so that a dialed

number can match more than one translation rule, ensure the more restrictive

rules are sorted above the less restrictive rules. For example, if you have

included a translation rule that matches any 11-digit number and a translation

rule that matches only 11-digit numbers that start with +1425, ensure the rule that

matches any 11-digit number is sorted below the more restrictive rule.

12. When you are finished configuring the trunk, click OK.

13. On the Trunk Configuration page, click Commit, and then click Commit all.

Note:

108


Any time you create or modify a trunk configuration, you must run the Commit all



After you have configured the trunk, continue configuring media bypass by choosing between

global media bypass options, as described in Global Media Bypass Options in the



To enable media bypass for a new SIP trunk, use the New-CsTrunkConfiguration cmdlet and set the EnableBypass property to True:

New-CsTrunkConfiguration -Identity site:Redmond -EnableBypass $True –MaxEarlyDialogs 40 –SRTPMode Required

See Also




Follow these steps if you want to configure a trunk with media bypass disabled. If you want to

configure a trunk with media bypass enabled, see Configure Media Bypass on a Trunk.

To configure a trunk without media bypass







3. In the left navigation bar, click Voice Routing and then click Trunk Configuration.

4. On the Trunk Configuration page, use one of the following methods to configure a

trunk:

Double-click an existing trunk (for example, the Global trunk) to display the Edit

Trunk Configuration dialog box.

Click New, and then select a scope for the new trunk:

Site trunk: Choose the site for this trunk configuration from the Select a Site dialog

box, and then click OK. Note that if a trunk has already been created for a site, the

site does not appear in the Select a Site dialog box.

109


Pool trunk: Choose the service for this trunk configuration (for example, a PSTN

gateway at a specified site) from the Select a Service dialog box, and then click OK.

Note that if a trunk has already been created for a service, the service does not

appear in the Select a Service dialog box.

Notes:

After you select the trunk’s scope, it cannot be changed.

The Name field is prepopulated with the name of the trunk’s associated site or service and

cannot be changed.

5. Select one of the following Encryption support level options:

Required: Secure real-time transport protocol (SRTP) encryption must be used to

help protect traffic between the Mediation Server and the gateway or PBX.

Optional: SRTP encryption will be used if the service provider or equipment

manufacturer supports it.

Not Supported: SRTP encryption is not supported by the service provider or

equipment manufacturer and therefore will not be used.

6. Ensure the Enable media bypass check box is cleared.

7. Select the Centralized media processing check box if there is a well-known media

termination point (for example, a PSTN gateway where the media termination has the

same IP as the signaling termination). Clear this check box if the trunk does not have a

well-known media termination point.

8. If the trunk peer supports receiving SIP REFER requests from the Mediation Server,

select the Enable refer support check box. Clear the check box if the trunk peer does

not support receiving SIP REFER requests from the Mediation Server.

9. (Optional) Associate and configure translation rules for the trunk:

To choose one or more rules from a list of all translation rules available in your

Enterprise Voice deployment, click Select. In Select Translation Rules, click the

rules you want to associate with the trunk and then click OK.

To define a new translation rule and associate it with the trunk, click New. For details,

see Defining Translation Rules in the Deployment documentation.

To edit a translation rule that is already associated with the trunk, click the rule name

and click Show details. For details, see Defining Translation Rules in the


To copy an existing translation rule to use as a starting point for defining a new rule,

click the rule name and click Copy, and then click Paste. For details, see Defining

Translation Rules in the Deployment documentation.

To remove a translation rule from the trunk, click the rule name and click Remove.

Warning:

Do not associate translation rules with a trunk if you have configured translation

rules on the associated trunk peer because the two rules might conflict.

110


10. Ensure the trunk’s translation rules are arranged in the correct order. To change a rule’s

position in the list, highlight the rule name and then click the up or down arrow.

Important:

Lync Server traverses the translation rule list from the top down and uses the first

rule that matches the dialed number. If you configure a trunk so that a dialed

number can match more than one translation rule, ensure the more restrictive

rules are sorted above the less restrictive rules. For example, if you have

included a translation rule that matches any 11-digit number and a translation

rule that matches only 11-digit numbers that start with +1425, ensure the rule that

matches any 11-digit number is sorted below the more restrictive rule.

11. When you are finished configuring the trunk, click OK.


Note:

Any time you create or modify a trunk configuration, you must run the Commit all




To disable media bypass for a new SIP trunk, use the New-CsTrunkConfiguration cmdlet and set the EnableBypass property to False:

New-CsTrunkConfiguration -Identity site:Redmond -EnableBypass $False –MaxEarlyDialogs 40 –SRTPMode Required

See Also



111



Microsoft Lync Server 2010 Enterprise Voice requires that all dial strings be normalized to E.164

format for the purpose of performing reverse number lookup (RNL). The trunk peer (that is, the

associated gateway, PBX, or SIP trunk) might require that numbers be in a local dialing format. To

translate numbers from E.164 format to a local dialing format, you can optionally define one or

more translation rules to manipulate the Request URI before routing it to the trunk peer. For

example, you could write a translation rule to remove +44 from the beginning of a dial string and

replace it with 0144.

Important:

The ability to associate one or more translation rules with an Enterprise Voice trunk

configuration is intended to be used as an alternative to configuring translation rules on

the trunk peer. Do not associate translation rules with an Enterprise Voice trunk

configuration if you have configured translation rules on the trunk peer because the two

rules might conflict.

You can use either of the following methods to create or modify a translation rule:

Use the Build a Translation Rule tool to specify values for the starting digits, length, digits to

remove and digits to add, and then let Lync Server Control Panel generate the corresponding

matching pattern and translation rule for you.

Write regular expressions manually to define the matching pattern and translation rule.

Note:

For information about how to write regular expressions, see ".NET Framework Regular

Expressions" at http://go.microsoft.com/fwlink/?LinkId=140927.

In This Section

Create or Modify a Translation Rule by Using the Build a Translation Rule Tool

Create or Modify a Translation Rule Manually

See Also




Follow the steps if you want to define a translation rule by entering a set of values in the Build a

Translation Rule tool and allowing Lync Server Control Panel to generate the corresponding

matching pattern and translation rule for you. Alternatively, you can a write regular expression

manually to define the matching pattern and translation rule. For details, see Create or Modify a

Translation Rule Manually.

To define a rule by using the Build a Translation Rule tool




112






3. To begin defining a translation rule, follow the steps in Configure Media Bypass on a

Trunk through step 10 or Configure a Trunk Without Media Bypass through step 9.

4. In the Name field on the New Translation Rule or Edit Translation Rule page, type a

name that describes the number pattern being translated.

5. (Optional) In Description field, type a description of the translation rule, for example US

International long-distance dialing.

6. In the Build a Translation Rule section of the dialog box, enter values in the following

fields:

Starting digits: (Optional) Specify the leading digits of numbers you want the pattern

to match. For example, enter + in this field to match numbers in E.164 format (which

begin with +).

Length: Specify the number of digits in the matching pattern and select whether you

want the pattern to match numbers that are this length exactly, at least this length, or

any length. For example, enter 11 and select At least in the drop-down list to match

numbers that are at least 11 digits in length.

Digits to remove: (Optional) Specify the number of starting digits to be removed. For

example, enter 1 to strip out the + from the beginning of the number.

Digits to add: (Optional) Specify digits to be prepended to the translated numbers.

For example, enter 011 if you want 011 to be prepended to the translated numbers

when the rule is applied.

The values you enter in these fields are reflected in the Pattern to match and

Translation rule fields. For example, if you specify the preceding example values, the

resulting regular expression in the Pattern to match field is:

^\+(\d{9}\d+)$

The Translation rule field specifies a pattern for the format of translated numbers. This

pattern has two parts:

A value (for example, $1) that represents the number of digits in the matching pattern

(Optional) A value that you can prepend by entering it in the Digits to add field

Using the preceding example values, 011$1 appears in the Translation rule field.

When this translation rule is applied, +441235551010 becomes 011441235551010.

7. Click OK to save the translation rule.

8. Click OK to save the trunk configuration.


Note:

Any time you create or modify a translation rule, you must run the Commit all


113



See Also





Global Media Bypass Options


Follow these steps if you want to define a translation rule by writing a regular expression for the

matching pattern and translation rule. Alternatively, you can enter a set of values in the Build a

Translation Rule tool and allow Lync Server Control Panel to generate the corresponding

matching pattern and translation rule for you. For details, see Create or Modify a Translation Rule

by Using the Build a Translation Rule Tool.

To define a translation rule manually







3. To begin defining a translation rule, follow the steps in Configure Media Bypass on a

Trunk through step 10 or Configure a Trunk Without Media Bypass through step 9.

4. In the Name field on the New Translation Rule or Edit Translation Rule page, type a

name that describes the number pattern being translated.

5. (Optional) In Description field, type a description of the translation rule, for example US

International long-distance dialing.

6. Click Edit at the bottom of the Build a Translation Rule section.

7. Enter the following in the Type a Regular Expression dialog box:

In the Match this pattern field, specify the pattern that will be used to match the

numbers to be translated.

In the Translation rule field, specify a pattern for the format of translated numbers.

For example, if you enter ^\+(\d{9}\d+)$ in the Match this pattern field and 011$1 in the

Translation rule field, the rule will translate +441235551010 to 011441235551010.

8. Click OK to save the translation rule.

9. Click OK to save the trunk configuration.


Note:

114


Any time you create or modify a translation rule, you must run the Commit all




To create a new translation rule use the New-CsSipResponseCodeTranslationRule cmdlet:

New-CsSipResponseCodeTranslationRule -Identity "PstnGateway:192.168.0.240/Rule404" -ReceivedResponseCode 434 -TranslatedResponseCode 404

See Also





115


Exporting and Importing Voice Routing Configuration

If you want to save your voice routing configuration without publishing it, follow the steps in this

topic to use the Lync Server Control Panel configuration export and import commands to save

and retrieve a snapshot of your voice routing configuration. When you import a voice routing

configuration file (.vcfg), but changes have been made to the voice routing configuration on the

server in the meantime, the pages in the Voice Routing group in Lync Server Control Panel will

indicate that there are uncommitted changes to voice routing. Those uncommitted changes are

the differences between the two configurations that require reconciliation.

Important:

If you have made any uncommitted changes to the settings on any page within the Voice

Routing group, the changes are saved in the exported voice configuration file (.vcfg).

This allows you to make voice routing configuration changes during multiple Lync Server

Control Panel sessions before you publish the changes.

In This Section

Export a Voice Route Configuration File

Import a Voice Route Configuration File


To export a voice routing configuration








4. On the Actions menu, click Export configuration.

5. Specify a location and file name, and then click Save.


th Windows PowerShell you cannot directly export a voice route in the VCFG file format used by the Lync Server Control Panel. However, it is possible to export a voice route in an XML format that can later be imported using Windows PowerShell:

Get-CsVoiceRoute –Identity "RedmondRoute" | Export-Clixml –Path "C:\Routes\RedmondRoute.xml"

116


See Also



To import a voice routing configuration








4. On the Actions menu, click Import configuration.

5. Find the configuration file you want to import and then click Open.

6. Click Commit, and then click Commit all.

Note:

Any time you import a voice configuration file, you must run the Commit all




To import a voice route that was previously exported using the Export-Clixml cmdlet, use the following command:

Import-Clixml –Path "C:\Routes\RedmondRoute.xml" | Set-CsVoiceRoute

See Also



117


Test Voice Routing

You can use the Lync Server Control PanelTest Voice Routing tab to configure test case

scenarios. To define a test case, you specify the dial plan, voice policy, PSTN usage, and voice

route against which to test a specified phone number.

Before you actually deploy your voice routing configuration, we recommend that you test it on

various phone numbers to ensure that the results are what you're expecting.

Tip:

You can use the Export test cases and Import test cases commands to save voice

routing test cases and import them for use on another computer.

Warning:

If you delete any part of your voice routing configuration, such as a dial plan, voice policy,

voice route, or phone usage, you should review and update your voice routing test cases.

The Lync Server Control Panel will not alert you to test cases that are no longer valid due

to changed configurations.

In This Section

Create a Voice Routing Test Case

Export Voice Routing Test Cases

Import Voice Routing Test Cases

Running Voice Routing Tests

118



To create a test case







3. In the left navigation bar, click Voice Routing and then click Test Voice Routing.

4. On the Test Voice Routing page, click New to create a new test case.

5. In the Name field, type in a unique name for the test case.

The name must be unique among all voice routing test cases in your Enterprise Voice

deployment. It can be up to 32 characters in length and may contain any alphanumeric

characters plus the backslash (\), period (.) or underscore (_).

6. In the Dialed number to test field, type in the dialed number you want to use to test the

routing configuration that you specify for this test case. Based on the dial plan, route, and

voice policy, this number will be normalized and displayed as output.

7. In the Dial Plan list, select the dial plan to use when running the test. Default is the

Global dial plan.

8. In the Voice Policy list, select the voice policy to use when running the test. Default is the

Global voice policy.

9. In the Expected translation field, type in the phone number in the format you expect to

see it after translation. This is the value of the phone number you are testing after it has

been translated by the first normalization rule that matches in the selected dial plan.

When you run the test case, if the number you are testing does not result in the value in

the Expected translation field, the test fails.

10. (Optional) In the Expected PSTN usage list, you can select the PSTN usage record that

you expect to be used when you run the test case, based on the specified dial plan and

voice policy. If a different PSTN usage record is used, the test fails.

11. (Optional) In the Expected route list, you can select the voice route that you expect to be

used when you run the test case, based on the specified dial plan and voice policy. If a

different voice route is used, the test fails.

12. (Optional) Click Run to run the test case. The results are shown in the right panel of the

page.

13. Click OK.


Note:

Any time you create a voice routing test case, you must run the Commit all

119





To create a new test case for voice routing, use the New-CsVoiceTestConfiguration cmdlet:

New-CsVoiceTestConfiguration -Identity TestConfig1 -DialedNumber 5551212 -ExpectedTranslatedNumber +5551212

See Also






To export a voice routing test case








4. On the Actions menu, click Export test cases.

5. Specify a location and file name (.vtest), and then click Save.

See Also



To import a voice routing test case






120




4. On the Actions menu, click Import test cases.

5. Find the test case file (.vtest) that you want to import and then click Open.


Note:

Any time you import a .vtest file, you must run the Commit all command to

publish the test case. For details, see Publish Pending Changes to the Voice

Routing Configuration in the Operations documentation.

See Also


Running Voice Routing Tests

This section provides procedures for the various methods you can use to test your voice routing

configurations.

In This Section

Run Informal Voice Routing Tests

Run Voice Routing Test Cases


You can use the Create voice routing test case information dialog box to run informal tests

before creating an actual test case. When you are satisfied with the outcome of a test, you have

the option of saving it as a formal test case.

To run an informal voice routing test








4. On the Test Voice Routing page, click Create voice routing test case information.

5. In the Dialed number field, type in the phone number you want to use for this test. This

number will be normalized and displayed in the Normalized number field of the Results

pane.

6. In the Dial plan list, select the dial plan to use for testing the dialed number. Default is the

Global dial plan.

When you run the test, the first normalization rule in this dial plan that matches the dialed

121


number will be displayed in the Normalization rule field of the Results pane.

7. In the Voice Policy list, select the voice policy to use for testing the dialed number.

Default is the Global voice policy.

When you run the test, the first matching PSTN usage record in this voice policy will be

displayed in the First PSTN usage field of the Results pane. Also, the first matching

voice route that is associated with this PSTN usage record will be displayed in the First

route field.

8. (Optional) Select the Populate from user check box if you want to test the dialed

number against the voice policy assigned to a particular user.

a. Click Browse to display the Select Enterprise Voice Users dialog box.

b. Click Find to display the list of users who are enabled for Enterprise Voice.

c. Double-click the user name whose assigned voice policy you want to use for this test.

The Policy field is now populated with the voice policy assigned to the selected user.

When you run the test, the first matching PSTN usage record in this voice policy will be

displayed in the First PSTN usage field of the Results pane. Also, the first matching

voice route that is associated with this PSTN usage record will be displayed in the First

route field.

9. Click Run to run the test case. The results are shown in the right panel of the dialog box.

10. (Optional) Click Save as if you want to save this test configuration as a formal test case.

a. In the Name field of the Save Voice Routing Test Case Information dialog box,

type a unique name for the test case.

The name must be unique among all voice routing test cases in your Enterprise Voice

deployment. It can be up to 32 characters in length and may contain any

alphanumeric characters plus the backslash (\), period (.) or underscore (_).

b. Note that the remaining fields on the Save Voice Routing Test Case Information

dialog box are read-only, and are prepopulated from the informal test configuration

and results. Verify that this is the configuration you want to save for the test case.

Notes:

Values from the test results are used to prepopulate fields on the Save Voice Routing Test

Case Information dialog box as follows:

Expected translation is prepopulated with the value in the Normalized number field.

Expected route is prepopulated with the value in the First route field.

Expected PSTN usage record is prepopulated with the value in the First PSTN usage field.

If matches for any of these values were not found during the test run, the corresponding field

is empty on the Save Voice Routing Test Case Information dialog box.

c. Click Ok to save the test case, or click Cancel to return to return to the View voice

routing test case information dialog box to further develop the test before saving it.


Note:

122


Any time you create a voice routing test case, you must run the Commit all

command to publish the test case. For details, see Publish Pending Changes to

the Voice Routing Configuration in the Operations documentation.

See Also








You can run all of the test cases in your in your voice routing test case suite, or you can run one

or more selected test cases.

To run all voice routing test cases








4. On the Test Voice Routing page, click Action and then click Run all.

The pass or fail status of each test case is shown in the Pass/fail column. If a test case

has not yet been run, N/A is shown in the Pass/fail column.

5. (Optional) To see detailed results for each test case, double-click the test case name.

Results are shown in the shaded area on the right side of the Edit Test Case page:

a. Test result: Overall pass or fail status of the test case run.

b. Normalization rule: The first normalization rule in the dial plan selected for this test

case that matches the dialed number (the value in the Number to test field).

c. Normalized number: The value of the dialed number after the normalization rule has

translated it.

d. First PSTN usage: The first PSTN usage record in the voice policy selected for this

test case that matches the dialed number.

e. First route: The first voice route in the first PSTN usage record that matches the

dialed number.

Note:

The Expected PSTN usage record and Expected route fields are optional

123


in voice routing test case configuration. If the test case does not specify

these values, the corresponding field in the test results will be empty.


Use the following command to run all your voice routing test cases, one after another:

Get-CsVoiceTestConfiguration | Test-CsVoiceTestConfiguration

To run one or more selected voice routing test cases








4. On the Test Voice Routing page, click the names of the test cases that you want to run.

5. On the Action menu, click Run selected.

The pass or fail status of each test case is shown in the Pass/fail column. If a test case

has not yet been run, N/A is shown in the Pass/fail column.

6. (Optional) To see detailed results for each test case, double-click the test case name.

Results are shown in the shaded area on the right side of the Edit Test Case page:

a. Test result: Overall pass or fail status of the test case run.

b. Normalization rule: The first normalization rule in the dial plan selected for this test

case that matches the dialed number (the value in the Number to test field).

c. Normalized number: The value of the dialed number after the normalization rule has

translated it.

d. First PSTN usage: The first PSTN usage record in the voice policy selected for this

test case that matches the dialed number.

e. First route: The first voice route in the first PSTN usage record that matches the

dialed number.

Note:

The Expected PSTN usage record and Expected route fields are optional

in voice routing test case configuration. If the test case does not specify

these values, the corresponding field in the test results will be empty.

124



Use the following command to run a specific voice routing test case:

Get-CsVoiceTestConfiguration -Identity TestConfig1 | Test-CsVoiceTestConfiguration

See Also





125



After you make changes to any of the configuration settings in pages in the Voice Routing group,

perform this procedure to review, publish, or cancel the pending changes.

Important

Ensure that only one user at a time modifies the Voice Routing configuration settings.

All pending changes must be published at the same time by running the Commit all command.

You cannot selectively publish pending changes. Before you publish pending changes, run the

Review uncommitted changes command and cancel any configuration changes that you do not

want to publish.

If you navigate away from the pages in the Voice Routing group before committing pending

changes, all pending changes will be lost. However, you can export the current configuration

(including any pending changes) to a voice configuration file, and then import and publish the

updated configuration. For details, see Export a Voice Route Configuration File.

To review, publish, or cancel voice routing configuration changes








4. Make the configuration changes you want to the settings on each page of the Voice

Routing group.

5. To review pending changes without publishing them, select Review uncommitted

changes from the Commit menu.

6. If you want to cancel any of the pending changes, do one of the following:

Select Cancel all uncommitted changes from the Commit menu.

Navigate to the tab of the Voice Routing page that has pending changes you want to

cancel, select the item with the pending changes, click Commit, and then click

Cancel selected changes.

7. After you have reviewed all pending changes and canceled any that you do not want to

publish, click Commit, and then click Commit all.

8. In the Uncommitted Voice Configuration Settings dialog box, which displays a list of

all of the pending changes, click OK.

When Lync Server Control Panel has committed the changes, the Successfully

published voice routing configuration message appears.

126


Configuring Incoming Call Handling FeaturesTopics in this section provide step-by-step procedures for tasks you can perform using the Voice

Features group in Lync Server Control Panel.

In This Section

Configure Phone Number Extensions for Parking Calls

Configure Routing of Unassigned Phone Numbers

Configure Phone Number Extensions for Parking Calls

The Call Park application allows an Enterprise Voice user to put a call on hold from one telephone

and then retrieve the call later from any telephone. When the user parks a call, Microsoft Lync

Server 2010 transfers the call to a temporary number, called an orbit, where the call is held until

someone retrieves it or it times out.

You need to configure the Call Park orbit table with the ranges of extension numbers that are

reserved by your organization for parked calls. These extensions need to be virtual extensions

(that is, extensions that have no user or phone assigned to them). Each Lync Server 2010 pool

where a Call Park application is deployed and configured can have one or more orbit ranges.

Orbit ranges must be globally unique across the Lync Server 2010 deployment.

Important:

You must select the Enable call park check box in your voice policy before you can use

Call Park. By default, this option is not selected.

In This Section

Create a Call Park Orbit Range

Change a Call Park Orbit Range

Delete a Call Park Orbit Range

Create a Call Park Orbit Range

Follow these steps to create a call park orbit range by using Lync Server Control Panel.

To create a new range of numbers for parking calls







3. In the left navigation bar, click Voice Features and then click Call Park.

4. On the Call Park page, click New.

5. In New Call Park Number Range, in Name, type a name for the number range. After

127


you save the orbit range, this name cannot be changed.

6. In the first Number range field, type the beginning number of the range of extensions for

this call park orbit, and in the second Number range field, type the ending number of the

range.

Notes:

The beginning number of the range must be less than or equal to the ending number

of the range.

The value of the beginning number of the range must be the same length as the

ending number of the range.

The orbit range must be unique. This range cannot overlap with any other range.

If the orbit range begins with the character * or #, the range must be greater than

100.

Valid values: Must match the regular expression string ([\*|#]?[1-9]\d{0,7})|([1-9]\

d{0,8}). This means the value must be a string beginning with either the character * or

# or a number 1 through 9 (the first character cannot be a zero). If the first character

is * or #, the following character must be a number 1 through 9 (it cannot be a zero).

Subsequent characters can be any number 0 through 9 up to seven additional

characters (for example, "#6000", "*92000", "*95551212", and "915551212"). If the

first character is not * or #, the first character must be a number 1 through 9 (it cannot

be zero), followed by up to eight characters, each a number 0 through 9 (for example:

915551212;41212;300).

You should not have more than a total of 50,000 orbits per pool. Each orbit range

typically encompasses 100 or fewer orbits, but it can be much larger as long as it

includes fewer than 10,000 orbits. For example, instead of specifying a starting

number of "7000000" and an ending number of "8000000," consider specifying a

starting number of "7000000" and an ending number of "7000100."

7. In FQDN of destination server, click the fully qualified domain name (FQDN) or service

ID of the Application service that hosts the Call Park application. All calls parked to

numbers within the range specified by the start number and end number in the orbit

range will be routed to this server or pool.

8. Click Commit.


To create a new Call Park orbit range use the New-CsCallParkOrbit cmdlet and specify both the start and end numbers in the range:

128


New-CsCallParkOrbit -Identity "Redmond CPO 1" -NumberRangeStart 100 -NumberRangeEnd 199 -CallParkService ApplicationServer:pool0.litwareinc.com

Change a Call Park Orbit Range

Follow these steps to change an existing call park orbit range by using Lync Server Control

Panel.

To change a range of numbers for parking calls








4. On the Call Park page, in the search field, type all or part of the name of the orbit range

you want to change. In the list of orbits, click the orbit you want, click Edit, and then click

Show details.

5. In Edit Call Park Number Range, in the first Number range field, type the first number

in the range of extensions for this call park orbit, and in the second Number range field,

type the ending number of the range.

Notes:


of the range.

The value of the beginning number of the range must be the same length as the

ending number of the range.

The orbit range must be unique. This range cannot overlap with any other range.

If the orbit range begins with the character * or #, the range must be greater than

100.

Valid values: Must match the regular expression string ([\*|#]?[1-9]\d{0,7})|([1-9]\

d{0,8}). This means the value must be a string beginning with either the character * or

# or a number 1 through 9 (the first character cannot be a zero). If the first character

is * or #, the following character must be a number 1 through 9 (it cannot be a zero).

Subsequent characters can be any number 0 through 9 up to seven additional

characters (for example, "#6000", "*92000", "*95551212", and "915551212"). If the

first character is not * or #, the first character must be a number 1 through 9 (it cannot

be zero), followed by up to eight characters, each a number 0 through 9 (for example:

915551212;41212;300).

You should not have more than a total of 50,000 orbits per pool. Each orbit range

typically encompasses 100 or fewer orbits, but it can be much larger as long as it

includes fewer than 10,000 orbits. For example, instead of specifying a starting

129


number of "7000000" and an ending number of "8000000," consider specifying a

starting number of "7000000" and an ending number of "7000100."

6. In FQDN of destination server, click the fully qualified domain name (FQDN) or service

ID of the Application service that hosts the Call Park application. All calls parked to

numbers within the range specified by the start number and end number in the orbit

range will be routed to this server or pool.

7. Click Commit.


To modify a Call Park Orbit range use the Set-CsCallParkOrbit cmdlet:

Set-CsCallParkOrbit -Identity "Redmond CPO 1" -NumberRangeStart 500 -NumberRangeEnd 699

130


Delete a Call Park Orbit Range

Follow these steps to delete a Call Park orbit range by using Lync Server Control Panel.

To delete a Call Park orbit range








4. On the Call Park page, in the search field, type all or part of the name of the orbit range

you want to delete.

5. In the list of orbits, click the orbit that you want, click Edit, and then click Delete.

6. Click OK.


To delete a Call Park Orbit range, use the Remove-CsCallParkOrbit cmdlet:

Remove-CsCallParkOrbit -Identity "Redmond CPO 1"

Use this command to remove all your Call Park orbit ranges:

Get-CsCallParkOrbit | Remove-CsCallParkOrbit

131


Configure Routing of Unassigned Phone Numbers

In Microsoft Lync Server 2010, you can specify what happens to incoming calls to phone numbers

that are valid for your organization but are not assigned to a user or phone. Calls can be routed to

an Announcement application or to an Exchange Unified Messaging (UM) server.

How you configure the unassigned number table depends on how you want to use it. You can

configure the table with all the valid extensions for your organization, with only unassigned

extensions, or with a combination of both types of numbers. The unassigned number table can

include both assigned and unassigned numbers, but it is invoked only when a caller dials a

number that is not currently assigned. If you include all the valid extensions in the unassigned

number table, you can specify the action that occurs whenever someone leaves your

organization, without needing to reconfigure the table. If you include unassigned extensions in the

table, you can tailor the action that occurs for specific numbers. For example, if you change the

extension for your customer service desk, you can include the old customer service number in the

table and assign it to an announcement that provides the new number.

Before you configure the unassigned number table, you must have already either defined one or

more announcements or set up an Exchange Unified Messaging (UM) Auto Attendant. To create

a new announcement, run the New-CsAnnouncement cmdlet. For details, see New-

CsAnnouncement in the Lync Server Management Shell documentation. To see if you have

configured Exchange UM settings, run the Get-CsExUmContact cmdlet. For details, see Get-

CsExUmContact in the Lync Server Management Shell documentation.

In This Section

Create an Unassigned Number Range

Change an Unassigned Number Range

Delete an Unassigned Number Range

Create an Unassigned Number Range

Follow these steps to create an unassigned number range for Announcements by using Lync

Server Control Panel.

Important:

Before you configure the unassigned number table, you must have already defined one

or more announcements or set up an Exchange Unified Messaging (UM) Auto Attendant.

To configure routing of unassigned phone numbers







132


3. In the left navigation bar, click Voice Features and then click Unassigned Number.

4. Click the Unassigned Number page, and then click New.

5. In New Unassigned Number Range, in Name, type the name for this range of numbers.

Note:

After you commit the new unassigned number range to the database, you cannot

change this name.

6. In the first Number range field, type the beginning number of the range, and in the

second Number range field, type the ending number of the range.

Notes:


of the range.

If the beginning number of the range or the ending number of the range includes an

extension number, both the beginning number and the ending number of the range

must include an extension, and the extension number must be the same for both the

beginning number and the ending number.

The number must match the regular expression (tel:)?(\+)?[1-9]\d{0,17}(;ext=[1-9]\

d{0,9})?. This means the number may begin with the string tel: (if you don’t specify

that string it will be automatically added for you), a plus sign (+), and a digit 1 through

9. The phone number can be up to 17 digits and may be followed by an extension in

the format ;ext= followed by the extension number.

7. In Announcement service, do one of the following:

Click Announcement.

Click Exchange UM.

8. If, in the previous step, you clicked Announcement, do the following:

a. Under FQDN of destination server, click Select, click the service ID of the

Application service that runs the Announcement application that will handle incoming

calls to this range of unassigned numbers, and then click OK.

b. In Announcement, click the announcement to be played for this range of unassigned

numbers.

9. If, in the previous step, you clicked Exchange UM, under Auto Attendant phone

number, click Select, click the phone number to be used for this range of unassigned

numbers, and then click OK.

10. Click OK.

11. On the Unassigned Number page, make sure that the unassigned number ranges are

arranged in the order you want. To change a range's position in the table, click one or

more consecutive names in the list of ranges, and then click the up arrow or down arrow.

Tip:

Lync Server 2010 searches the unassigned number table from top to bottom and

uses the first range that matches the unassigned number. If you have a range

133


that specifies a last resort action, make sure that range is at the bottom of the list.

12. When you have the unassigned number ranges in the order that you want, click Commit

all.


The New-CsUnassignedNumber cmdlet enables you to create a new unassigned number range:

New-CsUnassignedNumber -Identity UNSet1 -NumberRangeStart "+14255551000" -NumberRangeEnd "+14255551100" -AnnouncementService ApplicationServer:redmond.litwareinc.com -AnnouncementName "Welcome Announcement"

Change an Unassigned Number Range

Follow these steps to change an unassigned number range for Announcements by using Lync


To change routing of unassigned phone numbers








4. On the Unassigned Number page, in the search field, type all or part of the name of the

unassigned number range you want to change.

5. In the list of number ranges, click the name you want, click Edit, and then click Show

details.

6. In the first Number range field, type the beginning number of the range, and in the

second Number range field, type the ending number of the range.

Notes:


of the range.

If the beginning number of the range or the ending number of the range includes an

extension number, both the beginning number and the ending number of the range

must include an extension, and the extension number must be the same for both the

beginning number and the ending number.

134


The number must match the regular expression (tel:)?(\+)?[1-9]\d{0,17}(;ext=[1-9]\

d{0,9})?. This means the number may begin with the string tel: (if you don’t specify

that string it will be automatically added for you), a plus sign (+), and a digit 1 through

9. The phone number can be up to 17 digits and may be followed by an extension in

the format ;ext= followed by the extension number.

7. In Announcement service, do one of the following:

Click Announcement.

Click Exchange UM.

8. If, in the previous step, you clicked Announcement, do the following:

a. Under FQDN of destination server, click Select, click the service ID of the

Application service that runs the Announcement application that will handle incoming

calls to this range of unassigned numbers, and then click OK.

b. In Announcement, click the announcement to be played for this range of unassigned

numbers.

9. If, in the previous step, you clicked Exchange UM, under Auto Attendant phone

number, click Select, click the phone number to be used for this range of unassigned

numbers, and then click OK.

10. Click OK.

11. On the Unassigned Number page, make sure that the unassigned number ranges are

arranged in the order you want. To change a range's position in the table, click one or

more consecutive names in the list of ranges, and then click the up arrow or down arrow.

Tip:

Lync Server 2010 searches the unassigned number table from top to bottom and

uses the first range that matches the unassigned number. If you have a range

that specifies a last resort action, make sure that range is at the bottom of the list.

12. When you have the unassigned number ranges in the order you want, click Commit all.


To change an existing unassigned number range, use the Set-CsUnassignedNumber cmdlet. This command changes both the starting number and ending number for an unassigned number range:

Set-CsUnassignedNumber -Identity UNSet1 -NumberRangeStart "+14255551000" -NumberRangeEnd "+14255551900"

Delete an Unassigned Number Range

Follow these steps to delete an unassigned number range for Announcements by using Lync


135


To delete an unassigned number range








4. On the Unassigned Number page, in the search field, type all or part of the name of the

unassigned number range you want to delete.

5. In the list of number ranges, click the name that you want, click Edit, and then click

Delete.

6. Click Commit all.


To delete an unassigned number range, use the Remove-CsUnassignedNumber cmdlet:

Remove-CsUnassignedNumber -Identity UNSet1

The following command enables you to delete all your unassigned number ranges:

Get-CsUnassignedNumber | Remove-CsUnassignedNumber

136


Managing Response GroupsTopics in this section describe how to use Lync Server Control Panel and Response Group

Configuration Tool to manage response groups. Response groups are a call management feature

that allows you to queue calls made to a specific area, such as a Help Desk, and then route the

calls to a designated group of people, called agents. To manage response groups, you configure

agent groups, queues, and workflows, which define what happens to a call from the time it is

placed until an agent answers it.

Note:

If you have more than 300 workflows in a single pool in your Response Group

deployment, it is better to use Lync Server Management Shell cmdlets to create the

workflows. If you use the Response Group Configuration Tool to create workflows for a

pool that has more than 300 workflows, the webpage takes a long time to load.

In This Section

Managing Agent Groups

Managing Response Group Queues

Managing Response Group Workflows

Managing Agent Groups

An agent group is a group of people who are designated to answer Response Group calls. When

you create an agent group, you select the agents who are assigned to the group and specify

additional group settings, such as the routing method and whether an agent can sign in to and out

of the group.

Note:

Users must be enabled for Enterprise Voice before you can add them to agent groups.

For details about how to enable a user for Enterprise Voice, see Enable Users for

Enterprise Voice.

An agent who must sign in and out of the group, which is different from signing in or out of Lync

Server, is called a formal agent. Formal agents must be signed in to the group before they can

receive calls routed to the group. This can be useful for agents who answer calls from the group

on a part-time basis. Formal agents sign in and out of their groups by clicking a menu item in

Lync 2010 to open the Windows Internet Explorer Internet browser and display a webpage

console.

An agent who does not sign in or out of the group is called an informal agent. Informal agents are

automatically signed in to the group when they sign in to Lync Server, and they cannot sign out of

the group.

Important:

When you assign users as response group agents, inform them that, if they have Privacy

mode enabled, they need to search for "RGS Presence Watcher" contacts and add them

137


to their Contacts list. Agents who have Privacy mode enabled but who do not have "RGS

Presence Watcher" in their Contacts list cannot receive calls to the response group.

Agents who do not have Privacy mode enabled are not affected.

In This Section

Create an Agent Group

Change Agent Group Settings or Members

Delete an Agent Group


Follow these steps to create an agent group by using Lync Server Control Panel.

Important:






To create an agent group

1. Log on as a member of the RTCUniversalServerAdmins group, or as a member of one of

the predefined administrative roles that support Response Group. If you are not logged

on as a member of one of these roles, you are prompted for alternate credentials.




3. In the left navigation bar, click Response Groups, and then click Group.

4. On the Group page, click New.

5. In the Select a Service search field, type all or part of the name of the

ApplicationServer service for which you want to add the group, click the service that you

want in the list, and then click OK.

6. On the New Group page, in the Name field, type a descriptive name for the group.

7. In Description, type a description for the group.

8. In the Participation policy, select one of the following to set up the sign-in behavior for

the group:

Select Informal to specify that agents in the group do not need to sign in and out of

the group. Agents are automatically signed in to the group when they sign in to Lync

Server 2010.

Select Formal to specify that agents in the group must sign in and out of the group.

When you select this option, agents click a menu item in Lync 2010 to open Internet

Explorer and display a webpage console for signing in and out of the group.

9. In Alert time (seconds), specify the number of seconds to ring an agent before offering

138


the call to the next available agent (the default is 20 seconds).

10. In Routing method, select the method for routing calls to agents in the group as follows:

To offer a new call first to the agent who has been idle the longest (has had a

presence of Available or Inactive in Lync Server the longest), click Longest idle.

To offer a new call to all available agents at the same time, click Parallel. The call is

sent to the first agent who accepts it.

To offer a new call to each agent in turn, click Round robin.

To always offer a new call to the agents in the order in which they are listed in the

Agent list, click Serial.

To offer a new call to all agents who are signed into Lync Server 2010 and the

Response Group application at the same time, regardless of their current presence,

click Attendant. Lync 2010 Attendant users who are configured as agents can see all

the calls that are waiting and answer waiting calls in any order. The call is sent to the

first agent who accepts it, and the other Lync 2010 Attendant users no longer see the

call.

11. In Agents, specify how you want to create your agents list:

To use a Microsoft Exchange Server distribution list, click Use an existing email

distribution list, and then in Distribution list address, type the email address of

the distribution list (for example, [email protected]).

If you use an email distribution list, you are subject to the following constraints:

You cannot select multiple distribution lists for the agent group. Each group supports

only a single distribution list.

If the distribution list contains one or more distribution lists, members of the nested

distribution lists are not added to the agent list.

If serial and round robin routing are selected, the server offers an incoming call to the

appropriate agent according to the routing method and according to the order in

which agents are listed in the distribution list.

Important:

If you use an email distribution list, hidden memberships or hidden lists might

become visible to the Response Group administrator or users.

Hidden memberships or hidden lists can become visible as follows:

If a distribution list was configured so that the membership is hidden and the

Response Group administrator assigns the distribution list to the agent list, users can

call the group to find out who the members are.

If a distribution list was configured so that it is hidden in the Exchange Global

Address List, the Response Group administrator might be able to see the distribution

list and assign it to the agent list if the Response Group process has the appropriate

user rights and permissions, even if the administrator does not have the appropriate

user rights and permissions.

To use a custom list of agents, click Define a custom group of agents. Click Select,

139


and then in the Select Agents search field, type all or part of the name of the user

you want to assign as an agent to this group, and then click Find. In the list of

agents, select the user, and then click OK.

Note:

If the group is using either round robin or serial routing, arrange the agents in

the order that you want them to be offered calls. To change the order of the

agents in the Agent list, click an agent, and then click the up arrow or down

arrow.

12. Click Commit.


To create a new Response Group agent group, use the New-CsRgsAgentGroup cmdlet. This command uses the AgentsByUri parameter to add individual users to the agent group:

New-CsRgsAgentGroup -Parent service:ApplicationServer:atl-cs-001.litwareinc.com -Name "Help Desk Group" -AgentsByUri "sip:[email protected]","sip:[email protected]"

By comparison, this command uses the DistributionGroupAddress parameter to add all the members of the [email protected] distribution group to the agent group:

New-CsRgsAgentGroup -Parent service:ApplicationServer:atl-cs-001.litwareinc.com -Name "Help Desk Group" -DistributionGroupAddress "[email protected]"

See Also

Create a Response Group Workflow

Change Agent Group Settings or Members

Follow these steps to change an agent group by using Lync Server Control Panel. You can

change settings, such as routing method or how long a call rings for an agent before being routed

to another agent, or you can add or remove agents in the group.

Important:






140


To change agent group settings or membership


the predefined administrative roles that support Response Group.





4. On the Group page, type all or part of the name of the agent group that you want to

change in the search field.

5. In the search results list, click the group that you want, click Edit, and then click Show

details.

6. In Edit Group, in Name, type a descriptive name for the group.

7. In Description, type a description for the group.

8. In the Participation policy, select one of the following to set up the sign-in behavior for

the group:

Select Informal to specify that agents in the group do not need to sign in and out of

the group. Agents are automatically signed in to the group when they sign in to Lync

Server 2010.

Select Formal to specify that agents in the group must sign in and out of the group.

When you select this option, agents click a menu item in Lync 2010 to open Internet

Explorer and display a webpage console for signing in and out of the group.

9. In Alert time (seconds), specify the number of seconds to ring an agent before offering

the call to the next available agent (the default is 20 seconds).

10. In Routing method, select the method for routing calls to agents in the group as follows:

To offer a new call first to the agent who has been idle the longest (has had a

presence of Available or Inactive in Lync Server the longest), click Longest idle.

To offer a new call to all available agents at the same time, click Parallel. The call is

sent to the first agent who accepts it.

To offer a new call to each agent in turn, click Round robin.

To always offer a new call to the agents in the order in which they are listed in the

Agent list, click Serial.

To offer a new call to all agents who are signed into Lync Server 2010 and the

Response Group application at the same time, regardless of their current presence,

click Attendant. Lync 2010 Attendant users who are configured as agents can see all

the calls that are waiting and answer waiting calls in any order. The call is sent to the

first agent who accepts it, and the other Lync 2010 Attendant users no longer see the

call.

11. To change the agents in a custom list of agents, in Agents, click Define a custom group

of agents, and do one of the following:

To add a user to the agent group, click Select, and then in the Select Agents search

141


field, type all or part of the name of the user you want to add to this group, and then

click Find. In the resulting list of agents, click the user you want to add, and then click

OK.

To remove a user from the agent group, in the Edit Group list of agents, click the

user you want to remove, and then click Remove.

To change the order in which agents are offered calls in groups using either round

robin or serial routing, in the Edit Group list of agents, click a user, and then click the

up arrow or down arrow.

12. To use a Microsoft Exchange Server distribution list as your agent group, in Agents, click

Use an existing email distribution list, and then in Distribution list address, type the

email address of the distribution list (for example, [email protected]).

If you use an email distribution list, you are subject to the following constraints:

You cannot select multiple distribution lists for the agent group. Each group supports

only a single distribution list.

If the distribution list contains one or more distribution lists, members of the nested

distribution lists are not added to the agent list.

If serial and round robin routing are selected, the server offers an incoming call to the

appropriate agent according to the routing method and according to the order in

which agents are listed in the distribution list.

Important:

If you use an email distribution list, hidden memberships or hidden lists might

become visible to the Response Group administrator or users.

Hidden memberships or hidden lists can become visible as follows:

If a distribution list was configured so that the membership is hidden and the

Response Group administrator assigns the distribution list to the agent list, users can

call the group to find out who the members are.

If a distribution list was configured so that it is hidden in the Exchange Global

Address List, the Response Group administrator might be able to see the distribution

list and assign it to the agent list if the Response Group process has the appropriate

user rights and permissions, even if the administrator does not have the appropriate

user rights and permissions.

13. Click Commit.


To change a Response Group agent group you must first use the Get-CsRgsAgentGroup cmdlet to retrieve an object reference to the agent group to be changed. After making your changes in memory, use the Set-CsRgsAgentGroup cmdlet to write those changes to Lync Server.

142


These commands change the routing method for an agent group:

$x = Get-CsRgsAgentGroup -Identity service:ApplicationServer:atl-cs-001.litwareinc.com -Name "Help Desk"

$x.RoutingMethod = "RoundRobin"

Set-CsRgsAgentGroup -Instance $x

This set of commands changes the distribution address for an agent group:


$x.DistributionGroupAddress = "[email protected]"


The following commands add a new agent to an agent group:


$x.AgentsByUri.Add("sip:[email protected]")


And these commands remove an agent from an agent group:


$x.AgentsByUri.Remove("sip:[email protected]")


See Also




Follow these steps to delete an agent group by using Lync Server Control Panel.

To delete an agent group





143




4. On the Response Groups page, type all or part of the name of the agent group that you

want to delete in the search field.

5. In the search results list, click the group that you want to delete, click Edit, and then click

Delete.

6. Click OK.


To remove a Response Group agent group, use the Remove-CsRgsAgentGroup cmdlet:

Get-CsRgsAgentGroup -Identity service:ApplicationServer:atl-cs-001.litwareinc.com -Name "Help Desk" | Remove-CsRgsAgentGroup

This command deletes all the agent groups currently configured for use in your organization:

Get-CsRgsAgentGroup | Remove-CsRgsAgentGroup

144


Managing Response Group Queues

Queues hold calls to a response group until an agent answers the call. When you manage a

queue, you assign one or more agent groups to the queue and specify queue settings, such as

the number of calls that the queue can hold before performing an overflow action and the length

of time that a call waits for an agent before performing a time-out action. When the Response

Group application searches for an available agent, it searches agent groups in the order that you

list them.

In This Section

Create a Response Group Queue

Change a Response Group Queue

Delete a Response Group Queue


Follow these steps to create a queue by using Lync Server Control Panel.

To create a queue







3. In the left navigation bar, click Response Groups, and then click Queue.

4. On the Queue page, click New.

5. In Select a Service, type part or all of the name of the ApplicationServer service for

which you want to add the queue in the search field.

6. In the list of services, click the service that you want, and then click OK.

7. In New Queue, in Name, type a descriptive name for the queue.

8. In Description, type a description for the queue.

9. In Groups, click Select.

10. In the Select Groups search field, type part or all of the name of the agent group that

you want to assign to the queue.

Note:

When the server searches for an available agent in the queue, it uses group

order. That is, the first group in the list is searched first, followed by the second

group in the list, and so on. To change the order of the groups in the Groups list,

click a group, and then click the up arrow or down arrow.

11. In the search results list, click the agent group that you want, and then click OK.

145


12. To specify a maximum period of time for a caller to wait on hold before an agent answers

the call, select the Enable queue time-out check box, and then do the following:

a. In Time-out period (seconds), specify the maximum number of seconds a caller

waits for an agent to answer the call.

b. In Call Action, select the action that occurs when a call times out as follows:

To disconnect the call after the timeout, click Disconnect.

To forward the call to voice mail, click Forward to voice mail, and then in the SIP

address field, type a voice mail address in the format

sip:<username>@<domainname> (for example, sip:[email protected]).

To forward the call to another telephone number, click Forward to telephone

number, and then in the SIP address field, type the telephone number in the format

sip:<number>@<domainname> (for example, sip:[email protected]).

To forward the call to another user, click Forward to SIP address, and then in the

SIP address field, type the URI for the user in the format

sip:<username>@<domainname>.

To forward the call to another queue, click Forward to another queue, and then

browse to the queue that you want to use.

13. To specify a maximum number of calls that the queue can hold, select the Enable queue

overflow check box, and then do the following:

a. In Maximum number of calls, select the maximum number of calls that you want the

queue to hold.

b. In Forward the call, select which call is to be forwarded when the queue is full:

Newest Call or Oldest Call.

c. Select the action that occurs when the overflow threshold is met as follows:













14. Click Commit.

146



To create a new Response Group queue, use the New-CsRgsQueue cmdlet. The following set of commands creates a new queue, and uses the New-CsRgsCallAction cmdlet to specify what should happen if the queue receives too many calls at the same time:

$x = New-CsRgsCallAction -Action TransferToVoicemailUri -Uri "sip:[email protected]"

New-CsRgsQueue -Parent service:ApplicationServer:atl-cs-001.litwareinc.com -Name "Help Desk" -OverflowCandidate "OldestCall" -OverflowAction $x -OverflowThreshold 2

See Also


Change a Response Group Queue

Follow these steps to change a queue by using Lync Server Control Panel. You can change

settings that specify the behavior of the queue, such as how long a call rings before taking a time-

out action or how many calls to accept before taking a queue overflow action. You can also

change the agent groups assigned to the queue.

To change a queue







4. In the search field, type part or all of the name of the queue you want to change.

5. In the list of queues, click the queue that you want, click Edit, and then click Show

details.

6. In Name, type a descriptive name for the queue.

7. In Description, type a description for the queue.

8. To assign another agent group to the queue, under Groups, click Select, and then in the

Select Groups search field, type part or all of the name of the agent group that you want

to assign to the queue. In the resulting list of agent groups, select the group you want,

and then click OK.

9. To remove an assigned agent group from the queue, click the group you want in the

Groups list, and then click Remove.

10. When the server searches for an available agent in the queue, it uses group order. That

is, the first group in the list is searched first, followed by the second group in the list, and

147


so on. To change the order of the groups in the Groups list, click a group, and then click

the up arrow or down arrow.

11. To specify a maximum period of time for a caller to wait on hold before an agent answers

the call, select the Enable queue time-out check box, and then do the following:

a. In Time-out period (seconds), specify the maximum number of seconds a caller

waits for an agent to answer the call.

b. In Call Action, select the action that occurs when a call times out as follows:













12. To specify a maximum number of calls that the queue can hold, select the Enable queue

overflow check box, and then do the following:

a. In Maximum number of calls, select the maximum number of calls that you want the

queue to hold.

b. In Forward the call, select which call is to be forwarded when the queue is full:

Newest Call or Oldest Call.

c. Select the action that occurs when the overflow threshold is met as follows:













13. Click Commit.

148



To modify a Response Group queue, you must first use the Get-CsRgsQueue cmdlet to retrieve an object reference to the queue to be changed. After making your changes in memory, use the Set-CsRgsQueue cmdlet to write those changes to Lync Server:

$x = Get-CsRgsQueue -Identity Service:ApplicationServer:atl-cs-001.litwareinc.com -Name "Help Desk"

$x.OverflowCandidate = "NewestCall"

Set-CsRgsQueue -Instance $x

Delete a Response Group Queue

Follow these steps to delete a queue by using Lync Server Control Panel.

To delete a queue







4. In the search field, type part or all of the name of the queue you want to delete.

5. In the list of queues, click the queue that you want, click Edit, and then click Delete.

6. Click OK.


To delete a Response Group queue, use the Remove-CsRgsQueue cmdlet:

Get-CsRgsQueue -Identity service:ApplicationServer:atl-cs-001.litwareinc.com -Name "Help Desk Queue" | Remove-CsRgsQueue

The following command removes all the Response Group queues configured for use in your organization:

Get-CsRgsQueue | Remove-CsRgsQueue

149


Managing Response Group Workflows

A Response Group workflow defines the behavior of a call from the time the phone rings to the

time an agent answers the call. The workflow includes queue and routing information, and

includes either hunt group or interactive voice response (IVR) information.

Topics in this section describe the requirements for workflow audio files and the Response Group

Configuration Tool, identify best practices for designing IVR workflows, and explain how to create,

change, and delete workgroups.

In This Section

Response Group Configuration Tool Requirements

Response Group Audio File Requirements

Design Call Flows by Using Interactive Voice Response

(Optional) Define Response Group Business Hours and Holidays


Change a Response Group Workflow

Delete a Response Group Workflow

Response Group Configuration Tool Requirements

The Response Group Configuration Tool supports the combinations of operating systems and

web browsers described in the following table.

Note:

32-bit or 64-bit versions of the operating systems are supported. Only 32-bit versions of

Internet Explorer are supported.

Supported Operating Systems and Web Browsers

Operating system Web browser

Windows Vista with Service Pack (SP) 2 Internet Explorer 7

Internet Explorer 8 (native mode)

Windows 7 Internet Explorer 8 (native mode)

Windows Server 2008 with SP2 Internet Explorer 7

Internet Explorer 8 (native mode)

Windows Server 2008 R2 Internet Explorer 8 (native mode)

Response Group Audio File Requirements

You can use Windows Media audio (.wma) file format or wave (.wav) file format for unassigned

number Announcements or for Response Group messages, on-hold music, or interactive voice

response (IVR) questions.

150


The Windows Media audio file format requires that the Windows Media Format Runtime is

installed. For details, see Hardware and Software Requirements for Call Management.

Supported Wave File Formats

All wave files must meet the following requirements:

8-bit or 16-bit file

Linear pulse code modulation (LPCM), A-Law, or mu-Law format

Mono or stereo

4MB or less

For the best performance of wave files, a 16 kHz, mono, 16-bit Wave file is recommended.

Supported Windows Media Audio File Formats

If you use a Windows Media audio file, consider using low bitrates, and verify the performance of

your system under load.

You can use the Microsoft Expression Encoder 4 to convert a file to the Windows Media Audio

format. To download Expression Encoder 4, see http://go.microsoft.com/fwlink/?LinkId=202843.

Design Call Flows by Using Interactive Voice Response

You use interactive voice response (IVR) to obtain information from callers and navigate them to

the appropriate queue. You can specify question-and-answer pairs that you use for call

navigation. Depending on the caller’s response, the caller either hears a follow-up question, or is

routed to the appropriate queue. The IVR questions and the caller’s responses are provided to

the responding agent when he or she accepts the call. This system provides valuable information

to the responding agent.

Overview of the IVR Features

The Response Group application offers speech recognition and text-to-speech capabilities in 26

languages. You can enter IVR questions using text-to-speech or a wave (.wav) or Windows Media

audio (.wma) file. Callers can respond by using voice or dual-tone multifrequency (DTMF).

Interactive workflows support up to two levels of questions, with each question having up to four

possible answers. The IVR asks the caller a question that has up to four possible answers, and

depending on the caller’s response, routes the caller to a queue or asks a second question. The

second question can also have four possible answers. Depending on the answer to the second-

level question, the caller is routed to the appropriate queue.

Note:

When you design call flows by using Lync Server Management Shell, you can define any

number levels of IVR questions and any number of answers. However, for caller usability

we recommend that you not use more than three levels of questions, with not more than

five answers each. In addition, if you design a call flow that has more than two levels of

questions with more than four answers each, you cannot edit the call flow by using

Microsoft Lync Server 2010 Control Panel.

The IVR questions and the caller’s responses are provided to the responding agent when he or

she accepts the call.

151



Working with Speech Technologies

Speech technologies, such as speech recognition and text-to-speech, can enhance customer

experience and let people access information more naturally and effectively. However, there can

be cases where the specified text or the user voice response is not recognized correctly by the

speech engine. For example, the “#” symbol is translated by the text-to-speech engine as the

word “number”. This issue can be mitigated by the following:

The speech engine gives the caller five attempts to answer the question. If the caller answers

the question incorrectly (that is, the answer is not one of the specified responses) or does not

provide an answer at all, he or she gets another chance to answer the question. The caller

has five attempts to answer the question before being disconnected. You can configure the

IVR to play a customized message after each caller error. The question is repeated each

time.

To minimize the potential for ambient noise to be interpreted by the speech engine as a

response, use longer responses. For example, responses should have more than one

syllable and should sound significantly different from each other.

If your questions have both speech and DTMF responses, configure the speech responses

with words that represent the concept rather than the DTMF response. For example, instead

of using "Press or say one" use "Press 1 or say billing."

After you design your IVR, call the workflow, listen to the prompts, respond to each of the

prompts using voice, and verify that the IVR sounds and behaves as expected. You can then

modify the IVR to fix any interpretation issues. Following the previous example, if you need to

refer to the # key, you can rewrite your IVR prompt to use the key name, rather than the #

symbol. For example, "To talk to sales, press the pound key."

IVR Design Examples

The following sections contain examples of different IVR scenarios and question-and-answer

pairs.

IVR with One Level of Questions

The following example shows an IVR that uses one level of questions. It uses speech recognition

to detect the caller’s response.

Question: "Thank you for calling Human Resources. If you would like to speak to payroll, say

payroll. Otherwise, say HR."

Option 1 is selected: The caller is routed to the payroll team.

Option 2 is selected: The caller is routed to the human resources team.

The following figure shows the call flow.

One-level interactive call flow

152


IVR with Two Levels of Questions

The following example shows an IVR that uses two levels of questions. It allows callers to

respond using either speech or DTMF keypad input.

Question: "Thank you for calling the IT Help Desk. If you have a network access problem, press

or say 1. If you have a software problem, press or say 2. If you have a hardware problem, press

or say 3."

Option 1 is selected: The caller is routed to the network support team.

Option 2 is selected: The caller is asked a follow-up question:

Question: "If this is an operating system problem, press or say 1. If this is a problem with an

internal application, press or say 2. Otherwise, press or say 3."

Option 1 is selected: The caller is routed to the operating systems support team.

Option 2 is selected: The caller is routed to the internal applications support team.

Option 3 is selected: The caller is routed to the software support team.

Option 3 is selected: The caller is asked a follow-up question:

Question: "If this is a printer problem press 1. Otherwise, press 2."

Option 1 is selected: The caller is routed to the printer support team.

Option 2 is selected: The caller is routed to the hardware support team.

The following figure shows the call flow.

Two-level interactive call flow

153


Best Practices

The following list describes some best practices for designing your IVR:

Let the caller get to the task quickly. Avoid providing too much information or lengthy

marketing messages in your IVR.

If you want to include a lengthy message, consider appending it to the first question instead

of to the welcome message. Callers can bypass the message if it is part of the first question

by answering the question, but they cannot bypass the welcome message.

Speak in the caller’s language. Avoid stilted language. Speak naturally.

Write efficient and effective prompts. Remove any unnecessary options. Structure the

information so that the caller’s expected response is at the end of the sentence. For example,

“To speak to the sales team, press 1."

Make voice responses user friendly. For example, if you specify both DTMF and voice

responses, use something like: "To speak to the sales team, press 1 or say sales."

Test the IVR on a group of users before you deploy it across your organization.

See Also

Create an Interactive Workflow


Workflows identify when the response group is available to take calls and how to handle calls that

are made when the response group is not available. Before you configure your workflows, you

can define your business hours and holidays. Then when you configure a workflow, you just apply

the business hours and holidays that you defined in advance to the workflow.

Note:

To apply holidays to a workflow, you must predefine at least one set of holidays. To apply

business hours to a workflow, you can either predefine the business hours, or you can

create custom business hours. Custom business hours, however, apply only to a specific

workflow and cannot be reused for other workflows. You create custom business hours at

the time you configure the workflow.

Note:

You do not need to predefine business hours if your response group is always open or if

you use only custom business hours.

Defining Business Hours

Business hours define the days of the week and the hours of a day that the response group is

normally available to take calls. A business hours collection consists of the ranges of times for

each day of the week that a response group is available. For example, a response group might

be available from 8:00 A.M. to 4:00 P.M. on weekdays and from 9:00 A.M. to 12:00 P.M. and

again from 1:00 P.M. to 5:00 P.M. on weekends.

To define business hour collections, you must use the New-CsRgsTimeRange and New-

CsRgsHoursOfBusiness cmdlets. The New-CsRgsTimeRange cmdlet defines opening and

closing hours, and the New-CsRgsHoursOfBusiness cmdlet identifies which opening and

154


closing hours apply to each day of the week (the business hours collection). For details about

using these cmdlets, see the Lync Server Management Shell documentation or Lync Server

Management Shell command-line Help.

Important:

Express time for parameters in these cmdlets as 24-hour time notation (for example,

20:00=8:00 P.M.).

To create a business hours collection






3. For each unique range of hours you want to define, run:

$x = New-CsRgsTimeRange [–Name <name of time range>] `

–OpenTime <time when business hours begin> `

-CloseTime <time when business hours end>

To create the business hours collection that uses the ranges you defined, run:

New-CsRgsHoursOfBusiness –Parent <service where the workflow is

hosted> `

-Name <unique name for collection> `

[-MondayHours1 <first set of opening and closing times for

Monday>] `

[-MondayHours2 <second set of opening and closing times for

Monday>] `

[-TuesdayHours1 <first set of opening and closing times for

Tuesday>] `

[-TuesdayHours2 <second set of opening and closing times for

Tuesday>] `

[-WednesdayHours1 <first set of opening and closing times for

Wednesday>] `

[-WednesdayHours2 <second set of opening and closing times for

Wednesday>] `

[-ThursdayHours1 <first set of opening and closing times for

Thursday>] `

[-ThursdayHours2 <second set of opening and closing times for

Thursday>] `

[-FridayHours1 <first set of opening and closing times for

Friday>] `

[-FridayHours2 <second set of opening and closing times for

155


Friday>] `

[-SaturdayHours1 <first set of opening and closing times for

Saturday>] `

[-SaturdayHours2 <second set of opening and closing times for

Saturday>] `

[-SundayHours1 <first set of opening and closing times for

Sunday>] `

[-SundayHours2 <second set of opening and closing times for

Sunday>]

The following example specifies business hours of 9:00 A.M. to 5:00 P.M. for weekdays,

8:00 A.M. to 10:00 A.M. and again from 2:00 P.M. to 6:00 P.M. for Saturdays, and no

business hours for Sundays:

$a = NewRgsTimeRange –Name "Weekday Hours" `

-OpenTime "9:00" –CloseTime "17:00"

$b = NewRgsTimeRange –Name "Saturday Morning Hours" `


$c = NewRgsTimeRange –Name "Saturday Afternoon Hours" `


New-CsRgsHoursOfBusiness –Parent

"ApplicationServer:Redmond.contoso.com" `

-Name "Help Desk Business Hours" `

-MondayHours1 $a `

-TuesdayHours1 $a `

-WednesdayHours1 $a `

-ThursdayHours1 $a `

-FridayHours1 $a `

-SaturdayHours1 $b `

-SaturdayHours2 $c

Defining Holidays

Holidays define the days that agents will not be working and, therefore, are not available to take

calls. Holiday sets are collections of holidays. For example, the national/regional holidays for year

2011 might be a holiday set. Multiple holiday sets can apply to a workflow. For example, you

might define a set of national/regional holidays for the calendar year, another set of holidays for

company days off, and another set of holidays for team events. Any combination of the holiday

sets can apply to a workflow.

To define holidays and holiday sets, you must use the New-CsRgsHoliday and New-

CsRgsHolidaySet cmdlets. The New-CsRgsHoliday cmdlet defines individual holidays, and the

New-CsRgsHolidaySet cmdlet identifies which holidays are in a holiday set. For more details

about these cmdlets, see the Lync Server Management Shell documentation.

156


To create a holiday set






3. For each holiday you want to define, run:

$x = New-CsRgsHoliday [-Name <holiday name>] `

-StartDate <starting date of holiday> -EndDate <ending date of

holiday>

To create the holiday set that contains the holidays you defined, run:

New-CsRgsHolidaySet –Parent <service where the workflow is hosted>

`

-Name <unique name for holiday set> `

-HolidayList <one or more holidays to be included in the holiday

set>

The following example shows a holiday set that includes two holidays:

$a = New-CsRgsHoliday –Name "New Year's Day" –StartDate "1/1/2011"

–EndDate "1/2/2011"

$b = New-CsRgsHoliday –Name "Independence Day" –StartDate

"7/4/2011" –EndDate "7/4/2011"

New-CsRgsHolidaySet –Parent "ApplicationServer:Redmond.contoso.com

`

-Name "2011 Holidays" –HolidayList ($a $b)


Microsoft Lync Server 2010 supports two types of workflow: hunt group and interactive voice

response (IVR). When you create a workflow, you use the Response Group Configuration Tool to

specify the queue to use and other settings, such as a welcome message, music on hold,

business hours, and questions that the Response Group application asks the caller.

Note:

You must create agent groups and queues before you create a workflow that uses them.

If you want to create preset business hours and holidays that you can use for multiple

workflows, you must also define these hours and holidays before you create a workflow

that uses them.

In This Section

Create a Hunt Group Workflow


157


Related Sections




Create a Hunt Group Workflow

A hunt group workflow routes callers to a specified queue without asking the caller any questions.

You specify the queue to which callers are routed. You can also choose a welcome message for

the workflow, the music to play when users are on hold, and the days and hours that the workflow

is available.

Note:

Office Communications Server 2007 R2 supported two types of hunt groups: basic and

enhanced. In Microsoft Lync Server 2010, the hunt group workflow covers both of these

types.

You can use Windows Media audio (.wma) or wave (.wav) files for messages and music that is

played while users are on hold. For details about supported audio file formats, see Response

Group Audio File Requirements. After you upload an audio file, you can listen to it to verify that

you selected the correct file. To listen to the audio file, click the name of the file.

To create a hunt group workflow







3. In the left navigation bar, click Response Groups, and then click Workflow.

4. On the Workflow page, click Create or edit a workflow.

5. In the Select a Service search field, type part or all of the name of the

ApplicationServer service for which you want to add the workflow.

6. In the list of services, select the service that you want, and then click OK.

Note:

The Response Group Configuration Tool webpage opens. You can also open the

Response Group Configuration Tool webpage directly from a web browser by

connecting to https://<webPoolFqdn>/RgsConfig.

7. Under Create a New Workflow, next to Hunt Group, click Create.

8. If you are not ready for users to start calling the workflow, clear the Activate the

workflow check box.

9. To allow federated users to call the group, select the Enable for federation check box.

10. To hide the identity of agents during calls, select the Enable agent anonymity check

158


box.

Note:

Anonymous calls cannot start with instant messaging (IM) or video, although the

agent or the caller can add IM and video after the call is established. An

anonymous agent can also put calls on hold, transfer calls (both blind and

consultative transfers), and park and retrieve calls. Anonymous calls do not

support conferencing, application sharing and desktop sharing, file transfer,

whiteboarding and data collaboration, and call recording.

11. Under Enter the address of the group that will receive the calls, type the SIP address

of the group that you want to answer calls to the workflow.

12. In Display name, type the name that you want clients to display for the workflow (for

example, Lync 2010).

Note:

Do not include the "<" or ">" characters in the display name. Do not use the

following display names because they are reserved: RGS Presence Watcher or

Announcement Service.

13. Under Telephone number, type the line URI for the response group (for example,

+14255550165).

14. In Display number, type the number as you want it to appear for the response group (for

example, +1 (425) 555-0165).

15. (Optional) In Description, type a description for the workflow as you want it to appear on

the contact card in Lync 2010.

16. Under Step 2 Select a Language, click the language that you want to use for speech

recognition and text-to-speech.

17. If you want to configure a welcome message, under Step 3 Configure a Welcome

Message, select the Play a welcome message check box, and then do one of the

following:

To enter the welcome message as text that is converted to speech for callers, click

Use text-to-speech, and then type the welcome message in the text box.

Note:

Do not include HTML tags in the text you enter. If you include HTML tags,

you will receive an error message.

To use a wave (.wav) or Windows Media audio (.wma) file recording for the welcome

message, click Select a recording. If you want to upload a new audio file, click the a

recording link. In the new browser window, click Browse, select the audio file that

you want to use, and then click Open. Click Upload to load the audio file.

Note:

All user-provided audio files must meet certain requirements. For details

about supported file formats, see Response Group Audio File Requirements.

159


18. Under Step 4 Specify Your Business Hours, in Your time zone, click the time zone for

the workflow.

Note:

The time zone is the time zone where the callers and agents of the workflow

reside. It is used to calculate the open and close hours. For example, if the

workflow is configured to use the North American Eastern Time zone and the

workflow is scheduled to open at 7:00 A.M. and close at 11:00 P.M., the open and

close times are assumed to be 7:00 Eastern Time and 23:00 Eastern Time

respectively. (You must enter the times in 24-hour time notation.)

19. Select the type of business hours schedule you want to use by doing one of the following:

To use a predefined schedule of business hours, click Use a preset schedule, and

then select the schedule you want to use from the drop-down list.

Note:

You must have defined at least one preset schedule previously to be able to

select this option. You define preset schedules by using the New-

CSRgsHoursOfBusiness cmdlet. For details, see (Optional) Define

Response Group Business Hours and Holidays.

Note:

When you select a preset schedule, Day, Open, and Close are automatically

filled with the days and hours that the response group is available.

To use a custom schedule that applies only to this workflow, click Use a custom

schedule.

20. If you are creating a custom schedule for this workflow, click the check boxes for the days

of the week that the response group is available.

21. If you are creating a custom schedule, type the Open and Close hours for each day of

the week that the response group available.

Note:

The Open and Close hours must be in 24-hour time notation. For example, if

your office works a 9-to-5 work day and closes at noon for lunch, the business

hours are specified as Open 9:00, Close 12:00, Open 13:00, and Close 17:00.

22. If you want to play a message when the office is not open, select the Play a message

when the response group is outside of business hours check box, and then specify

the message to play by doing one of the following:

To enter the message as text that is converted to speech for the caller, click Use text-

to-speech, and then type the message in the text box.

Note:



To use an audio file recording for the message, click Select a recording. If you want

160


to upload a new audio file, click the a recording link. In the new browser window,

click Browse, select the file that you want to use, and then click Open. Click Upload

to load the audio file.

Note:


about supported audio file formats, see Response Group Audio File

Requirements.

23. Specify how to handle calls after the message is played (if a message is configured):

To disconnect the call, click Disconnect Call.

To forward the call to voice mail, click Forward to voice mail, and then type the

voice mail address. The format for the voice mail address is

<username>@<domainname> (for example, [email protected]).

To forward the call to another user, click Forward to SIP URI, and then type a user

address. The format for the user address is <username>@<domainname>.


number, and then type the telephone number. The format for the telephone number

is <number>@<domainname> (for example, [email protected]). The

domain name is used to route the caller to the correct destination.

24. Under Step 5 Specify Your Holidays, click the check boxes for one or more sets of

holidays that define the days when the response group is closed for business.

Note:

You need to define holidays and holiday sets before you configure the workflow.

Use the New-CsRgsHoliday and New-CsRgsHolidaySet cmdlets to define

holidays and holiday sets. For details, see (Optional) Define Response Group

Business Hours and Holidays.

25. If you want to play a message on holidays, select the Play a message during holidays

check box, and then specify the message to play by doing one of the following:



Note:







Note:



161


Requirements.












27. Under Step 6 Configure a Queue, in Select the queue that will receive the calls,

select the queue that you want to hold callers until an agent becomes available.

28. Under Step 7 Configure Music on Hold, choose the music you want callers to listen to

while waiting for an agent by doing one of the following:

To use the default music-on-hold recording, click Use default.

To use an audio file recording for the music on hold, click Select a music file. If you

want to upload a new audio file, click the a music file link. In the new browser

window, click Browse, select the file that you want to use, and then click Open. Click

Upload to load the audio file.

Note:

All user provided audio files must meet certain requirements. For details


Requirements.

29. Click Deploy.


To create a hunt group workflow, use the New-CsRgsWorkflow cmdlet:

$prompt = New-CsRgsPrompt -TextToSpeechPrompt "Welcome to the help desk."

$queue = (Get-CsRgsQueue -Identity service:ApplicationServer:atl-cs-001.litwareinc.com -Name "Help Desk").Identity

$callAction = New-CsRgsCallAction -Prompt $prompt -Action TransferToQueue -QueueId $queue

162


New-CsRgsWorkflow -Parent service:ApplicationServer:atl-cs-001.litwareinc.com -Name "Help Desk" -PrimaryUri "sip:[email protected]" -DefaultAction $callAction


When you create an interactive workflow you can choose a welcome message for the workflow,

the music to play when users are on hold, and the days and hours that the workflow is available.

Interactive workflows support up to two levels of questions, with each question having up to four

possible answers. The interactive voice response (IVR) asks the caller a question that has up to

four possible answers, and depending on the caller’s response, routes the caller to a queue or

asks a second question. The second question can also have four possible answers. Depending

on the answer to the second-level question, the caller is routed to the appropriate queue. For

details about IVR design, see Design Call Flows by Using Interactive Voice Response.

You can use wave (.wav) or Windows Media audio (.wma) files for settings such as messages or

the music that is played when users are on hold. For details about supported audio file formats,

see Response Group Audio File Requirements.

To create an Interactive workflow










ApplicationServer service that you want to add.

6. In the list of services, select the service you want, and then click OK.

Note:


Response Group Configuration Tool webpage directly from a Web browser by


7. Under Create a New Workflow, next to Interactive, click Create.

8. If you are not ready for users to start calling the workflow, clear the Activate the

workflow check box.



box.

Note:


163







11. In Enter the address of the group that will receive the calls, type the address of the

group that you want to answer calls to the workflow.

12. In Display name, type the name that clients, such as Lync 2010, are to display.

Note:




13. In Telephone number, type the line URI for the response group (for example,

+14255550165).


example, +1 (425) 555-0165).

15. (Optional) In Description, type a description for the workflow that you want to appear on


16. Under Step 2 Select a Language, click the language to use for speech recognition and

text-to-speech.



following:



Note:



To use a Wave or Windows Media Audio file recording for the welcome message,

click Select a recording. If you want to upload a new audio file, click the a recording

link. In the new browser window, click Browse, select the audio file that you want to

use, and then click Open. Click Upload to load the audio file.

Note:



18. Under Step 4 Specify Your Business Hours, in the Your time zone box, click the time

zone of the workflow.

Note:


164










Note:




Response Group Business Hours and Holidays

Note:




schedule.



21. If you are creating a custom schedule, type the Open and Close hours when the

response group available.

Note:







To enter the message as text that is converted to speech for the caller, click Use

text-to-speech, and then type the message in the text box.

Note:







Note:

165

















Note:









Note:







Note:



Requirements.





166









27. Under Step 6 Configure Music on Hold, choose what you want callers to listen to while

waiting for an agent by doing one of the following:

To use the default music on-hold recording, click Use default.

To use an audio file recording for the on-hold music, click Select a music file. If you




Note:



28. Under Step 7 Configure Interactive Voice Response, under the The user will hear the

following text or recorded message heading, specify the question to ask callers as

follows:

To enter the question in text format, click Use text-to-speech, and type the question

in the text box.

Note:



Note:

The "#" symbol is translated by the text-to-speech engine as the word

"number". If you need to refer to the # key, you should use the key name,

rather than the symbol, in your prompt. For example, "To talk to sales, press

the pound key."

To use a prerecorded audio file that contains the question, click Select a recording,

and then click the a recording link to upload the file. In the new browser window,

click Browse, select the audio file, and then click Open. Click Upload to load the file,

and then optionally you can type the question in the text box (this enables the

question, and the caller’s response, to be forwarded to the responding agent).

Note:



29. Under Response 1, specify the first possible answer to the question by doing the

167


following:

Important:

Do not use quotation marks (") in any voice responses. Quotation marks cause

the IVR to fail.

Note:

You can choose to allow callers to answer using speech, alphanumeric keypad

input, or both.

If you want to allow the caller to respond using speech, enter the answer in Enter a

voice response.

If you want to allow the caller to respond by pressing a key on the keypad, in Digit,

click the keypad digit.

30. Specify whether to route the caller to a queue, or to ask another question as follows:

To route the caller to a queue, click Send to a queue, and in Select a queue, click

the queue that you want to use.

To ask another question, click Ask another question, and then click Use text-to-

speech and type the question, or click Select a recording. Use the response

groupings in this section to specify up to four possible responses to the additional

question and the queue to use for each response. To specify a third or fourth possible

response, click the Response 3 check box or the Response 4 check box.

31. Specify up to three more possible answers to the original question by repeating steps 28

and 29 to specify the possible responses and the action to take for each response. To

specify a third or fourth possible answer, click the Response 3 check box or the

Response 4 check box.

32. Click Deploy.


To create an interactive workflow, use the New-CsRgsWorkflow cmdlet:

$ServiceId = "service:ApplicationServer:rtc.contoso.com"

$Group_Sales = New-CsRgsAgentGroup -Parent $ServiceId -Name "Contoso Sales" -AgentAlertTime 20 -ParticipationPolicy Informal -RoutingMethod LongestIdle -AgentsByUri("sip:[email protected]","sip:[email protected]")

$Group_Support = New-CsRgsAgentGroup -Parent $ServiceId -Name "Contoso Support" -AgentAlertTime 20 -ParticipationPolicy Informal -RoutingMethod LongestIdle -AgentsByUri("sip:[email protected]","sip:[email protected]")

168


$Queue_Sales = New-CsRgsQueue -Parent $ServiceId -Name "Contoso Sales"

-AgentGroupIDList($Group_Sales.Identity)

$Queue_Support = New-CsRgsQueue -Parent $ServiceId -Name "Contoso Support" -AgentGroupIDList($Group_Support.Identity)

$PromptA1 = New-CsRgsPrompt -TextToSpeechPrompt "Please wait while we're connecting you with the Contoso Sales department."

$ActionA1 = New-CsRgsCallAction -Prompt $PromptA1 -Action TransferToQueue -QueueID $Queue_Sales.Identity

$Answer1 = New-CsRgsAnswer -Action $ActionA1 -DtmfResponse 1

$PromptA2 = New-CsRgsPrompt -TextToSpeechPrompt "Please wait while we're connecting you with the Contoso Support department."

$ActionA2 = New-CsRgsCallAction -Prompt $PromptA2 -Action TransferToQueue -QueueID $Queue_Support.Identity

$Answer2 = New-CsRgsAnswer -Action $ActionA2 -DtmfResponse 2

$PromptQ = New-CsRgsPrompt -TextToSpeechPrompt "Thank you for calling Contoso. To speak with a Sales representative, press 1. To be connected with our Support line, press 2."

$Question = New-CsRgsQuestion -Prompt $PromptQ -AnswerList ($Answer1, $Answer2)

$ActionWM = New-CsRgsCallAction -Action TransferToQuestion -Question $Question

$Workflow = New-CsRgsWorkflow -Parent $ServiceId -Name "Contoso Helpdesk" -Description "The Contoso Helpdesk line." -PrimaryUri "sip:[email protected]" -LineUri "tel:+14255554321" -DisplayNumber "+1 (425) 555-4321" -Active $true -Anonymous $true -DefaultAction $ActionWM

Change a Response Group Workflow

The topics in this section describe how to change existing workflows by using Microsoft Lync

Server 2010 Control Panel and the Response Group Configuration Tool.

In This Section

Change a Hunt Group Workflow

Change an Interactive Workflow

Change a Hunt Group Workflow

Follow these steps to change the settings for a Response Group hunt group workflow by using

Lync Server Control Panel and the Response Group Configuration Tool.

169


To change settings for a hunt group workflow









ApplicationServer service that hosts the workflow that you want to change.


Note:




7. Under Manage an Existing Workflow, locate the workflow you want to change, and then

under Action, click Edit.

8. If you are ready for users to start calling the workflow, select the Activate the workflow

check box.



box.

Note:







11. Under Enter the address of the group that will receive the calls, type the SIP address

of the group that you want to answer calls to the workflow.

12. In Display name, type the name that you want clients to display for the workflow (for

example, Lync 2010).

Note:




13. Under Telephone number, type the line URI for the response group (for example,

+14255550165).

170



example, +1 (425) 555-0165).

15. (Optional) In Description, type a description for the workflow as you want it to appear on


16. Under Step 2 Select a Language, click the language that you want to use for speech

recognition and text-to-speech.



following:



Note:



To use a wave (.wav) or Windows Media audio (.wma) file recording for the welcome

message, click Select a recording. If you want to upload a new audio file, click the a

recording link. In the new browser window, click Browse, select the audio file that

you want to use, and then click Open. Click Upload to load the audio file.

Note:



18. Under Step 4 Specify Your Business Hours, in Your time zone, click the time zone for

the workflow.

Note:










Note:




Response Group Business Hours and Holidays.

Note:

171





schedule.



21. If you are creating a custom schedule, type the Open and Close hours for each day of

the week that the response group available.

Note:









Note:







Note:



Requirements.












172




Note:









Note:







Note:



Requirements.












27. Under Step 6 Configure a Queue, in Select the queue that will receive the calls,

select the queue that you want to hold callers until an agent becomes available.

28. Under Step 7 Configure Music on Hold, choose the music you want callers to listen to

while waiting for an agent by doing one of the following:

To use the default music-on-hold recording, click Use default.

To use an audio file recording for the music on hold, click Select a music file. If you

173





Note:

All user provided audio files must meet certain requirements. For details


Requirements.

29. Click Save.


To modify a hunt group workflow, use the Get-CsRgsWorkflow cmdlet to create an object reference to the workflow to be modified, make your changes in memory, and then use the Set-CsRgsWorfklow cmdlet to write those changes to Lync Server:

$businessHours = Get-CsRgsHoursOfBusiness service:ApplicationServer:atl-cs-001.litwareinc.com -Name "US Business Hours"

$y = Get-CsRgsWorkflow service:ApplicationServer:atl-cs-001.litwareinc.com -Name "Help Desk"

$y.BusinessHoursId = $businessHours.Identity

Set-CsRgsWorkflow -Instance $y

Change an Interactive Workflow

Follow these steps to change the settings for a Response Group interactive voice response (IVR)

workflow by using Lync Server Control Panel and the Response Group Configuration Tool.

To change an interactive workflow









ApplicationServer service that hosts the workflow that you want to change.


174


Note:




7. Under Manage an Existing Workflow, locate the workflow that you want to change, and

then under Action, click Edit.

8. If you are ready for users to start calling the workflow, select the Activate the workflow

check box.



box.

Note:







11. In Enter the address of the group that will receive the calls, type the address of the

group that you want to answer calls to the workflow.

12. In Display name, type the name that clients, such as Lync 2010, are to display.

Note:




13. In Telephone number, type the line URI for the response group (for example,

+14255550165).


example, +1 (425) 555-0165).

15. (Optional) In Description, type a description for the workflow that you want to appear on


16. Under Step 2 Select a Language, click the language to use for speech recognition and

text-to-speech.



following:



Note:

175




To use a Wave or Windows Media Audio file recording for the welcome message,

click Select a recording. If you want to upload a new audio file, click the a recording

link. In the new browser window, click Browse, select the audio file that you want to

use, and then click Open. Click Upload to load the audio file.

Note:



18. Under Step 4 Specify Your Business Hours, in the Your time zone box, click the time

zone of the workflow.

Note:










Note:




Response Group Business Hours and Holidays

Note:




schedule.



21. If you are creating a custom schedule, type the Open and Close hours when the

response group available.

Note:




176





To enter the message as text that is converted to speech for the caller, click Use

text-to-speech, and then type the message in the text box.

Note:







Note:
















Note:









Note:


177







Note:



Requirements.












27. Under Step 6 Configure Music on Hold, choose what you want callers to listen to while

waiting for an agent by doing one of the following:

To use the default music on-hold recording, click Use default.

To use an audio file recording for the on-hold music, click Select a music file. If you




Note:



28. Under Step 7 Configure Interactive Voice Response, under the The user will hear the

following text or recorded message heading, specify the question to ask callers as

follows:

To enter the question in text format, click Use text-to-speech, and type the question

in the text box.

Note:



Note:

178


The "#" symbol is translated by the text-to-speech engine as the word

"number". If you need to refer to the # key, you should use the key name,

rather than the symbol, in your prompt. For example, "To talk to sales, press

the pound key."

To use a prerecorded audio file that contains the question, click Select a recording,

and then click the a recording link to upload the file. In the new browser window,

click Browse, select the audio file, and then click Open. Click Upload to load the file,

and then optionally you can type the question in the text box (this enables the

question, and the caller’s response, to be forwarded to the responding agent).

Note:



29. Under Response 1, specify the first possible answer to the question by doing the

following:

Important:

Do not use quotation marks (") in any voice responses. Quotation marks cause

the IVR to fail.

Note:

You can choose to allow callers to answer using speech, alphanumeric keypad

input, or both.

If you want to allow the caller to respond using speech, enter the answer in Enter a

voice response.

If you want to allow the caller to respond by pressing a key on the keypad, in Digit,

click the keypad digit.

30. Specify whether to route the caller to a queue, or to ask another question as follows:

To route the caller to a queue, click Send to a queue, and in Select a queue, click

the queue that you want to use.

To ask another question, click Ask another question, and then click Use text-to-

speech and type the question, or click Select a recording. Use the response

groupings in this section to specify up to four possible responses to the additional

question and the queue to use for each response. To specify a third or fourth possible

response, click the Response 3 check box or the Response 4 check box.

31. Specify up to three more possible answers to the original question by repeating steps 28

and 29 to specify the possible responses and the action to take for each response. To

specify a third or fourth possible answer, select the Response 3 check box or the

Response 4 check box.

32. Click Save.

179



To modify an interactive workflow, use the Get-CsRgsWorkflow cmdlet to create an object reference to the workflow to be modified, make your changes in memory, and then use the Set-CsRgsWorfklow cmdlet to write those changes to Lync Server:

$musicFile = Get-Content -ReadCount 0 -Encoding Byte C:\MediaFiles\Hold.wav | Import-CsRgsAudioFile -Identity Service:ApplicationServer:atl-cs-001.litwareinc.com -FileName "HelpDeskHoldMusic.wav"

$y = Get-CsRgsWorkflow -Identity Service:ApplicationServer:atl-cs-001.litwareinc.com -Name "Help Desk"

$y.CustomMusicOnHoldFile = $musicFile

Set-CsRgsWorkflow -Instance $y

Delete a Response Group Workflow

Follow these steps to delete a workflow by using Lync Server Control Panel and the Response

Group Configuration Tool.

To delete a workflow









ApplicationServer service that hosts the workflow that you want to delete.


Note:




7. Under Manage an Existing Workflow, locate the workflow you want to delete, and then

under Action, click Delete.

8. Click Yes.

180



To delete a Response Group workflow use the Get-CsRgsWorkflow cmdlet to return an instance of the workflow to be deleted, then pipe that instance to the Remove-CsRgsWorkflow cmdlet:

Get-CsRgsWorkflow service:ApplicationServer:atl-cs-001.litwareinc.com -Name "Help Desk Workflow" | Remove-CsRgsWorkflow

This command deletes all the workflows configured for use in your organization

Get-CsRgsWorkflow | Remove-CsRgsWorkflow

181


Managing On-Premises MeetingsTopics in this section provide step-by-step procedures for tasks you can perform using the pages

in the Conferencing group in Lync Server Control Panel.

In This Section

Configuring Conferencing Settings

Configuring the Meeting Join Experience

Configure Settings for a Dial-in Conferencing Access Number


Configuring Conferencing Settings

Conferencing policy defines the features and capabilities that users have available during a

conference (also known as a meeting). Conferencing policy settings encompass a wide variety of

scheduling and participation options, ranging from whether a meeting can include IP audio and

video to the maximum number of people who can attend. Administrators can use conferencing

policy to manage security, bandwidth, and legal aspects of meetings.

You can define conferencing policy on three levels: global scope, site scope, and user scope.

Settings apply to a specific user from the narrowest scope to the widest scope. If you assign a

user policy to a user, those settings take precedence. If you do not assign a user policy, site

settings apply. If no user or site policies apply, global policy provides the default settings.

A global policy exists by default, so you cannot create a new global policy. You also cannot delete

the existing global policy, but you can change the existing global policy to customize your default

settings.

In This Section

Modify the Default Conferencing User Experience

Create or Modify Conferencing User Experience for a Site or Group of Users

Conferencing Policy Settings Reference

Delete a Conferencing Policy for a Site or Group of Users

Modify the Default Conferencing User Experience

The global conferencing policy defines default meeting settings at the forest level for your

organization. Use Lync Server Control Panel to make changes to this global policy.

For details about how to configure the conferencing policy with a site scope or a user scope, see

Create or Modify Conferencing User Experience for a Site or Group of Users.


Reference.

182


To modify the global conferencing policy







3. In the left navigation bar, click Conferencing.

4. On the Conferencing Policy page, in the list of conferencing policies, click Global, click

Edit, and then click Show details.

5. Under Organizer policy, in Maximum meeting size, type the maximum number of users

that you want to allow at a meeting. By default, the maximum meeting size is 250.

6. To prevent users from inviting anonymous users to meetings, clear the Allow

participants to invite anonymous users check box. Anonymous users are users who

do not have credentials in your organization’s Active Directory Domain Services (AD DS)

and who, therefore, are not authenticated. By default, users can invite anonymous users

to meetings.

7. In Recording, do one of the following:

To prevent participants from recording meetings, click None. This is the default

setting.

To allow participants to record meetings, click Enable recording.

8. To allow external participants to record meetings, select the Allow federated and

anonymous participants to record check box. The default is to prevent external

participants from recording meetings.

9. In Audio/video, do one of the following:

To prevent the use of audio and video, click None.

To allow the use of audio but not video, click Enable IP audio.

To allow the use of audio and video, click Enable IP audio/video. This is the default

setting.

10. If you chose to allow the use of audio in Audio/video, do the following:

To prevent users from joining the meeting by dialing in, clear the Enable PSTN dial-

in conferencing check box. By default, users can dial in to meetings by using the

public switched telephone network (PSTN).

If you allow users to dial in to meetings and you want to allow unauthenticated

(anonymous) users to join a meeting by using dial out phoning, select the Allow

anonymous participants to dial out check box. With dial-out phoning, the

conference server calls the user, and the user answers the phone to join the meeting.

By default, anonymous users cannot join a meeting by using dial-out phoning.

11. If you chose to allow the use of video in Audio/video, in Maximum video resolution

allowed for conferencing, click the setting that you want to use. By default, the

183


maximum video resolution is 640*480(VGA).

12. In Data collaboration, do one of the following:

To prevent data collaboration, click None.

To allow data collaboration, click Enable data collaboration. This is the default

setting.

13. If you chose to allow data collaboration in Data collaboration, do the following:

To prevent external downloads, clear the Allow federated and anonymous

participants to download content check box. By default, external users can

download content.

To prevent file transfers, clear the Allow participants to transfer files check box. By

default, users can transfer files.

To prevent the use of annotations, clear the Enable annotations check box. By

default, annotations are allowed.

To prevent the use of polls, clear the Enable polls check box. By default, polls are

allowed.

14. In Application sharing, do one of the following:

To prevent the use of application sharing, click Disable application sharing.

To allow the use of application sharing, click Enable application sharing. This is the

default setting.

15. If you chose to allow application sharing in Application sharing, do the following:

To prevent meeting participants from taking control of application sharing, clear the

Allow participants to take control check box. By default, participants can take

control of application sharing.

If you chose to allow meeting participants to take control of application sharing, select

the Allow federated and anonymous participants to take control check box to

allow external users to take control of application sharing. By default, external users

cannot take control of application sharing.

16. Under Participant policy, do one of the following:

To prevent both application sharing and desktop sharing, click Disable application

and desktop sharing.

To allow application sharing but not desktop sharing, click Enable application

sharing.

To allow both application sharing and desktop sharing, click Enable application and

desktop sharing. This is the default setting.

17. To prevent peer-to-peer file transfers, clear the Enable peer-to-peer file transfer check

box. By default, peer-to-peer file transfers are allowed.

18. To allow peer-to-peer recording, select the Enable peer-to-peer recording check box.

By default, peer-to-peer recording is not allowed.

19. Click Commit

184



To modify the global policy, use the Set-CsConferencingPolicy cmdlet and set the Identity to global:

Set-CsConferencingPolicy –Identity global -AllowAnonymousParticipantsInMeetings $False -EnableDialInConferencing $False

Note that you can also modify the global policy by leaving out the Identity parameter altogether:

Set-CsConferencingPolicy -AllowAnonymousParticipantsInMeetings $False -EnableDialInConferencing $False

Create or Modify Conferencing User Experience for a Site or Group of Users

Follow these steps to create a user-level or a site-level conferencing policy. For details about how

to assign a user-level policy to a user, see Assign a Conferencing Policy to Modify a User's

Default Meeting Experience.

For details about how to change the global meeting policy at the forest level for your organization,

see Modify the Default Conferencing User Experience.


Reference.

To create a new user or site conferencing policy








4. On the Conferencing Policy tab, click New, and then do one of the following:

To create a user-level policy, click User policy. In New Conferencing Policy, in

Name, type a descriptive name for the policy.

To create a site-level policy, click Site policy. In the Select a Site search field, type

all or part of the name of the site for which you want to create a policy. In the list of

sites, click the site that you want, and then click OK.

Note:

The site name becomes the conferencing policy name, and it cannot be

185


changed.

5. In Description, type a description for the policy.

6. Under Organizer policy, in Maximum meeting size, type the maximum number of users

that you want to allow at a meeting. By default, the maximum meeting size is 250.

7. To prevent users from inviting anonymous users to meetings, clear the Allow

participants to invite anonymous users check box. Anonymous users are users who

do not have credentials in your organization’s Active Directory Domain Services (AD DS)

and who, therefore, are not authenticated. By default, users can invite anonymous users

to meetings.

8. In Recording, do one of the following:

To prevent participants from recording meetings, click None. This is the default

setting.

To allow participants to record meetings, click Enable recording.

9. To allow external participants to record meetings, select the Allow federated and

anonymous participants to record check box. The default is to prevent external

participants from recording meetings.

10. In Audio/video, do one of the following:

To prevent the use of audio and video, click None.

To allow the use of audio but not video, click Enable IP audio.

To allow the use of audio and video, click Enable IP audio/video. This is the default

setting.

11. If you chose to allow the use of audio in Audio/video, do the following:

To prevent users from joining the meeting by dialing in, clear the Enable PSTN dial-

in conferencing check box. By default, users can dial in to meetings by using the

public switched telephone network (PSTN).

If you allow users to dial in to meetings and you want to allow unauthenticated

(anonymous) users to join a meeting by using dial out phoning, select the Allow

anonymous participants to dial out check box. With dial-out phoning, the

conference server calls the user, and the user answers the phone to join the meeting.

By default, anonymous users cannot join a meeting by using dial-out phoning.

12. If you chose to allow the use of video in Audio/video, in Maximum video resolution

allowed for conferencing, click the setting that you want to use. By default, the

maximum video resolution is 640*480(VGA).

13. In Data collaboration, do one of the following:

To prevent data collaboration, click None.

To allow data collaboration, click Enable data collaboration. This is the default

setting.

14. If you chose to allow data collaboration in Data collaboration, do the following:

To prevent external downloads, clear the Allow federated and anonymous

participants to download content check box. By default, external users can

186


download content.

To prevent file transfers, clear the Allow participants to transfer files check box. By

default, users can transfer files.

To prevent the use of annotations, clear the Enable annotations check box. By

default, annotations are allowed.

To prevent the use of polls, clear the Enable polls check box. By default, polls are

allowed.

15. In Application sharing, do one of the following:

To prevent the use of application sharing, click Disable application sharing.

To allow the use of application sharing, click Enable application sharing. This is the

default setting.

16. If you chose to allow application sharing in Application sharing, do the following:

To prevent meeting participants from taking control of application sharing, clear the

Allow participants to take control check box. By default, participants can take

control of application sharing.

If you chose to allow meeting participants to take control of application sharing, select

the Allow federated and anonymous participants to take control check box to

allow external users to take control of application sharing. By default, external users

cannot take control of application sharing.

17. Under Participant policy, do one of the following:

To prevent both application sharing and desktop sharing, click Disable application

and desktop sharing.

To allow application sharing but not desktop sharing, click Enable application

sharing.

To allow both application sharing and desktop sharing, click Enable application and

desktop sharing. This is the default setting.

18. To prevent peer-to-peer file transfers, clear the Enable peer-to-peer file transfer check

box. By default, peer-to-peer file transfers are allowed.

19. To allow peer-to-peer recording, select the Enable peer-to-peer recording check box.

By default, peer-to-peer recording is not allowed.

20. Click Commit.


To create a per-site conferencing policy, use the site: prefix and the name of the site as the Identity:

New-CsConferencingPolicy –Identity site:Redmond -

187


AllowAnonymousParticipantsInMeetings $False -EnableDialInConferencing $False

To create a per-user conferencing policy, simply use a unique name for the policy Identity:

New-CsConferencingPolicy –Identity "RedmondConferencingPolicy" -AllowAnonymousParticipantsInMeetings $False -EnableDialInConferencing $False

To modify an existing user or site policy







3. On the left navigation bar, click Conferencing.

4. On the Conferencing Policy page, in the list of conferencing policies, click the policy

that you want to change, click Edit, and then click Show details.

5. In Edit Conferencing Policy, modify any of the policy settings, except for the policy

name, which cannot be modified.

6. Click Commit.


Use the Set-CsConferencingPolicy cmdlet to modify a per-user or per-site policy:

Set-CsConferencingPolicy –Identity site:Redmond -AllowAnonymousParticipantsInMeetings $True -EnableDialInConferencing $True

Be sure to specify a policy Identity. If you leave off the Identity Set-CsConferencingPolicy will modify the global policy instead.

To make the same modification to all your conferencing policies (including the global policy), use a command similar to this one:

Get-CsConferencingPolicy | Set-CsConferencingPolicy -AllowAnonymousParticipantsInMeetings $True

This command modifies only your per-user conferencing policies:

188


Get-CsConferencingPolicy –Filter "tag:*" | Set-CsConferencingPolicy -AllowAnonymousParticipantsInMeetings $True

Conferencing Policy Settings Reference

The tables in this topic list all the conferencing policy settings that you can specify by using


Organizer Policy Settings

The following table lists all the conferencing policy settings that you can apply to conference

organizers.

Organizer Policy Settings

Setting Description

Maximum meeting size Sets the maximum number of participants

allowed in a meeting.

Allow participants to invite anonymous users Allows meeting organizers to invite

unauthenticated users to meetings.

Enable recording Allows presenters or attendees to record the

meeting.

Allow federated and anonymous participants to

record

Allows external and unauthenticated

participants to record the meeting.

Enable IP audio Allows the use of audio in a meeting.

Enable IP audio/video Allows the use of audio and video in a meeting.

Enable PSTN dial-in conferencing Allows the user to attend a meeting by dialing in

from the public switched telephone network

(PSTN).

Allow anonymous participants to dial out Allows unauthenticated users to join a meeting

by using dial-out phoning. With dial-out

phoning, the conference server calls the user,

and the user answers the phone to join the

meeting.

Maximum video resolution allowed for

conferencing

Sets the maximum resolution for video

conferencing. Valid values are 640*480(VGA)

and 352*288(CIF).

Enable data collaboration Enables data collaboration conferencing or web

conferencing.


download content

Allows external and unauthenticated

participants to download content from the

189


Setting Description

meeting.

Allow participants to transfer files Allows meeting participants to transfer files

during a meeting.

Enable annotations Allows meeting participants to create

annotations in content.

Enable polls Allows meeting participants hold a poll during a

meeting.

Enable application sharing Allows users to schedule meetings that support

application sharing.

Allow participants to take control Allows participants to take control of another

user’s shared application.


take control

Allows external and anonymous participants to

take control of another user’s shared

application.

Note:

If this setting is set to True and Allow

participants to take control is set to

False, this setting is overridden.

Participant Policy Settings

The following table lists all the conferencing policy settings that you can apply to conference

participants.

Participant Policy Settings

Setting Description

Enable application sharing Allows users to schedule meetings that support

application sharing.

Enable application and desktop sharing Allows users to schedule meetings that support

application sharing and desktop sharing.

Enable peer-to-peer file transfer Allows participants to perform peer-to-peer file

transfers during a meeting. A peer-to-peer file

transfer does not involve all the meeting

participants.

Enable peer-to-peer recording Allows participants to record peer-to-peer

conferencing sessions.

190


Delete a Conferencing Policy for a Site or Group of Users

Follow these steps to delete a user-level or a site-level conferencing policy.

Note:

You cannot delete the global conferencing policy.

To delete a user or site conferencing policy








4. On the Conferencing Policy page, in the search field, type all or part of the name of the

policy you want to delete.

5. In the list of policies, click the policy that you want, click Edit, and then click Delete.

6. Click OK.


To delete a per-user or per-site policy, using a command similar to this:

Remove-CsConferencingPolicy –Identity site:Redmond

If you try to remove a per-user policy that is currently assigned to one or more users you will be prompted to first unassign the policy from each user and then delete the policy. (You can remove a policy without unassigning it, but, from then on, any time you call a user management cmdlet you will receive warnings about policies that can no longer be found.) To unassign a per-user policy and then remove that policy use commands similar to these:

Get-CsUser -Filter {ConferencingPolicy -eq "RedmondConferencingPolicy"} | Grant-CsConferencingPolicy -PolicyName $Null

Remove-CsConferencingPolicy –Identity "RedmondConferencingPolicy"

Configuring the Meeting Join Experience

In Microsoft Lync Server 2010, conferencing policy defines the user scheduling and participation

experience, and meeting join settings define the following:

Whether users dialing in from the public switched telephone network (PSTN) go to the lobby

191


Who can be a presenter

Whether conference type is assigned by default

Whether anonymous (unauthenticated) users are admitted by default

The topics in this section describe how to configure meeting join settings.

In This Section

Modify the Default Meeting Join Experience

Create or Modify Meeting Join Settings for a Site or Pool

Delete Meeting Join Settings for a Site or Pool

Modify the Default Meeting Join Experience

The global meeting join settings define the default meeting join experience at the forest level for

your organization. You can use Lync Server Control Panel to make changes to these global

settings.

For details about how to configure the meeting join experience at a site or pool level, see Create

or Modify Meeting Join Settings for a Site or Pool.

To modify the default meeting join settings







3. In the left navigation bar, click Conferencing and then click Meeting Configuration.

4. On the Meeting Configuration page, in the list of configuration settings, click Global,

click Edit, and then click Show details.

5. To route participants who dial in from the public switched telephone network (PSTN)

through the lobby, clear the PSTN callers bypass lobby check box. By default,

participants dialing in from the PSTN go directly to the meeting.

6. To configure who can be a presenter in the meeting, in Designate as presenter, do one

of the following:

To not allow anyone other than the organizer to be a presenter, click None.

To allow only participants who are members of your organization to be a presenter,

click Company. This is the default setting.

To allow any participants to be a presenter, click Everyone.

7. To have the organizer select a conference type when scheduling a meeting, clear the

Assigned conference type by default check box. By default, the conference type is

automatically assigned.

8. To prevent anonymous (unauthenticated) users from being automatically admitted, clear

the Admit anonymous users by default check box. By default, anonymous users are

192


automatically admitted to meetings.

9. Click Commit.


To modify the default meeting join settings use the Set-CsMeetingConfiguration cmdlet and set the Identity to global:

Set-CsMeetingConfiguration -Identity global -DesignateAsPresenter Everyone

Alternatively, you can omit the Identity altogether:

Set-CsMeetingConfiguration -DesignateAsPresenter Everyone

If you leave off the Identity, Set-CsMeetingConfiguration will automatically modify the global settings.

Create or Modify Meeting Join Settings for a Site or Pool

Meeting join settings define various characteristics of the meeting join experience. By default, the

global settings define the join experience. You can also create site-level and pool-level meeting

join settings. If you create pool-level settings, those settings apply to all meetings hosted by that

pool. If you do not create pool-level settings, site-level settings apply, if they exist. If you do not

define site-level settings, the global settings apply to all meetings.

This topic describes how to create pool-level or site-level meeting join settings. For details about

how to change the global meeting join settings, see Modify the Default Meeting Join Experience.

To create new meeting join settings








4. On the Meeting Configuration page, click New, and then do one of the following:

To create a site-level policy, click Site configuration. In the Select a Site search

field, type all or part of the name of the site for which you want to define meeting join

settings. In the resulting list of sites, click the site you want, and then click OK.

To create a pool-level policy, click Pool configuration. In the Select a Service

search field, type all or part of the name of the pool service for which you want to

193


define meeting join settings. In the resulting list of services, click the pool you want,

and then click OK.

5. To route participants who dial in from the public switched telephone network (PSTN)

through the lobby, clear the PSTN callers bypass lobby check box. By default,

participants dialing in from the PSTN go directly to the meeting.

6. To configure who can be a presenter in the meeting, in Designate as presenter, do one

of the following:

To not allow anyone other than the organizer to be a presenter, click None.

To allow only participants who are members of your organization to be a presenter,

click Company. This is the default setting.

To allow any participants to be a presenter, click Everyone.

7. To have the organizer select a conference type when scheduling a meeting, clear the

Assigned conference type by default check box. By default, the conference type is

automatically assigned.

8. To prevent anonymous (unauthenticated) users from being automatically admitted, clear

the Admit anonymous users by default check box. By default, anonymous users are

automatically admitted to meetings.

9. Click Commit.


To create new meeting configuration settings for a site, use a command similar to this:

New-CsMeetingConfiguration -Identity site:Redmond -DesignateAsPresenter Everyone

To create new meeting configuration settings for a pool, set the Identity parameter to the service location for the User Server used in that pool:

New-CsMeetingConfiguration -Identity "service:UserServer:atl-cs-001.litwareinc.com" -DesignateAsPresenter Everyone

To modify an existing site or pool meeting join configuration







194



4. On the Meeting Configuration page, in the list of configurations, click the configuration

that you want to change, click Edit, and then click Show details.

5. In Edit Meeting Configuration, modify any of the meeting join settings, except for the

name, which cannot be modified.

6. Click Commit.


To modify an existing collection of meeting configuration settings, use the Set-CsMeetingConfiguration cmdlet:

Set-CsMeetingConfiguration -Identity site:Redmond -DesignateAsPresenter None

When calling Set-CsMeetingConfiguration, be sure to include the Identity for the meeting configuration settings to be modified. If you do not, Set-CsMeetingConfiguration will automatically modify the global settings instead.

Delete Meeting Join Settings for a Site or Pool

Follow these steps to delete meeting join settings for a site or pool.

Note:

You cannot delete the global meeting join configuration.

To delete meeting join settings for a site or pool








4. On the Meeting Configuration page, in the search field, type all or part of the name of

the site or pool configuration that you want to delete.

5. In the list, click the configuration that you want, click Edit, and then click Delete.

6. Click OK.

195



To remove the meeting configuration settings for a site, use a command similar to this:

Remove-CsMeetingConfiguration -Identity site:Redmond

To remove the meeting configuration settings for a pool, use a command similar to this one, which specifies the identity of the User Server in the pool:

Remove-CsMeetingConfiguration -Identity "service:UserServer:atl-cs-001.litwareinc.com"

Configure Settings for a Dial-in Conferencing Access Number

To enable users to join the audio portion of on-premises conferences by dialing in from the public

switched telephone network (PSTN), you must configure dial-in conferencing access numbers.

Dial-in conferencing access numbers are the numbers that users call to join a conference.

Dial-in access numbers are displayed in meeting invitations and on the Dial-in Conferencing

Settings webpage.

Note:

You cannot use a new dial-in access number until Active Directory replication of that

access number is complete. Replication can take several hours.

In This Section

Create or Modify a Dial-in Conferencing Access Number

Delete a Dial-in Conferencing Access Number

Create or Modify a Dial-in Conferencing Access Number

Follow these steps if you want to create or modify a dial-in conferencing access number.

Important:

Before you create a new dial-in access number, you must set a dial-in conferencing

region in the dial plan that is associated with the new dial-in access number. Multiple dial

plans can use the same region.

To create or modify a dial-in access number







3. In the left navigation bar, click Conferencing and then click Dial-in Access Number.

196


4. On the Dial-in Access Number page, do one of the following:

Click New to open New Dial-in Access Number.

Click one of the dial-in access numbers in the list, click Edit, and then click Show

details.

Note:

Using the search field to search for the contents of a column in the list of dial-

in access numbers may not yield the results you expect. Instead, sort the list

by the column of interest to identify the dial-in access number you want to

view or change.

5. In Display number, type the phone number that public switched telephone network

(PSTN) phone users dial to join a conference.

Note:

This number is displayed in meeting invitations and on the Dial-in Conferencing

Settings webpage.

6. In Display name, type a description for the dial-in access number. This is the name that

is associated with the dial-in access number in Lync 2010 search results.

Note:

This name is displayed in the client when a user calls the access number.

7. In Line URI, type the E.164 number of the dial-in access number in TEL URI format,

including the + symbol before the number and excluding spaces. For example, tel:

+14255550200.

Note:

The same Line URI cannot be reused by another dial-in conferencing access

number.

8. In SIP URI, do the following:

In the text box, type a unique SIP URI for this dial-in conferencing access number.

This SIP URI is displayed in various locations including, but not limited to, call

notification messages and previous versions of Communicator clients.

Note:

The same SIP URI cannot be reused by another dial-in conferencing access

number. The SIP URI cannot be modified after the access number is created.

The only way to change the SIP URI is to delete and recreate the access

number.

In the drop-down list box, click the domain of the Conferencing Attendant application

that supports this dial-in access number.

9. In Pool, click the pool that is running the instance of Conferencing Attendant that

supports this dial-in access number.

Note:

197


If you need to change the pool after you create the access number, you must use

the Move-CsApplicationEndpoint cmdlet or delete and recreate the access

number.

10. In Primary language, click the language in which prompts are played for this dial-in

access number.

Note:

The primary language is the language that the Conferencing Attendant uses to

answer the call. Supported languages are displayed alongside each access

phone number on the Dial-in Conferencing Settings webpage.

11. (Optional) In Secondary languages (maximum of four), click Add, select one or more

additional languages that you want to support for callers to this dial-in access number,

and then click OK.

Note:

You can choose up to four secondary languages for each dial-in access number.

Users can select a secondary language before entering the conference ID when

they dial in to a conference.

12. To add a region for the dial-in access number, under Associated regions, click Add,

click one or more regions that are associated with the dial plans for this dial-in access

number, and then click OK.

13. To delete a region from the dial-in access number, under Associated regions, click the

region you want to delete, and then click Remove.

14. Click Commit.


To create a new dial-in conferencing access number, use the New-CsDialInConferencingAccessNumber cmdlet:

New-CsDialInConferencingAccessNumber -PrimaryUri "sip:[email protected]" -DisplayNumber "1-800-555-1234" -LineUri "tel:+18005551234" -Pool atl-cs-001.litwareinc.com -PrimaryLanguage "en-US" -Regions "Redmond"

Use the Set-CsDialInConferencingAccessNumber cmdlet to modify an existing access number:

Set-CsDialInConferencingAccessNumber -Identity "sip:[email protected]" -Regions "Redmond", "Seattle"

198


Delete a Dial-in Conferencing Access Number

Follow these steps to delete a dial-in conferencing access number.

To delete a dial-in conferencing access number







3. In the left navigation bar, click Conferencing and then click Dial-in Access Number.

4. On the page, click the dial-in number you want to delete in the list, click Edit, and then

click Delete.

5. Click OK.


To delete a dial-in access number, use the Remove-CsDialInConferencingAccessNumber cmdlet and specify the number's SIP address as the Identity:

Remove-CsDialInConferencingAccessNumber -Identity "sip:[email protected]"

You can also use a command like this one to delete all your dial-in access numbers:

Get-CsDialInConferencingAccessNumber | Remove-CsDialInConferencingAccessNumber


Microsoft Lync Server 2010 users who have Active Directory Domain Services (AD DS)

credentials in your organization can join dial-in conferences as authenticated users by using a

personal identification number (PIN). PIN policy defines the rules for how dial-in conferencing

PINs work.

You can create a new PIN policy if you want a specific policy to apply to a site or to a certain

group of users. If you want to use the same PIN policy for your entire organization, you can use

the global PIN policy and modify it as needed. PIN policies apply to users from the narrowest

scope to the widest scope. If you assign a user-level PIN policy to a user, those settings take

precedence. If you do not assign a user policy, the site-level PIN policy applies, if it exists. If no

user or site policies apply, global PIN policy provides the default settings.

199


In This Section

Modify the Default Dial-in Conferencing PIN Settings

Create or Modify Dial-in Conferencing PIN Settings for a Site or Group of Users

Delete Dial-in Conferencing PIN Settings for a Site or Group of Users

Modify the Default Dial-in Conferencing PIN Settings

The global PIN policy defines the rules for dial-in conferencing PINs at the forest level. Follow

these steps to modify the global dial-in conferencing PIN policy. For details about creating or

modifying a dial-in conferencing PIN policy at the site or user level, see Create or Modify Dial-in

Conferencing PIN Settings for a Site or Group of Users.

To modify the global PIN policy







3. In the left navigation bar, click Conferencing and then click PIN Policy.

4. On the PIN Policy page, click the Global policy, click Edit, and then click Show details.

5. In Edit PIN Policy, in Minimum PIN length, type or select the minimum PIN length that

you want to allow. The default minimum length is five digits.

6. To be able to specify the maximum number of logon attempts before a user is locked out,

select the Specify maximum logon attempts check box. If you do not select this option,

the maximum number of allowed attempts is automatically determined based on the PIN

length. By default, the maximum number of attempts is automatically determined.

7. If you selected the Specify maximum logon attempts check box, in Maximum logon

attempts, type or select the maximum number of logon attempts that you want to allow.

8. To have PINs expire, select the Enable PIN expiration check box. If you do not select

this option, PINs will never expire. By default, PINs never expire.

9. If you selected the Enable PIN expiration check box, in PIN expires after (days), type

or select the number of days after which PINs expire.

10. In PIN history count, type the number of PINs that a user must create before the user

can reuse a PIN. By default, users can reuse their PINs.

11. To allow common patterns of digits in PINs, such as sequential numbers and repetitive

sets of numbers, select the Allow common patterns check box. If you do not select this

option, only complex patterns of digits are allowed. By default, only complex patterns of

digits are allowed.

Important:

We recommend that you do not allow common patterns.

200


12. Click Commit.


To modify the global PIN policy, use the Set-CsPinPolicy cmdlet and set the Identity to global:

Set-CsPinPolicy -Identity global -MinPasswordLength 10

Alternatively, you can leave out the Identity parameter altogether:

Set-CsPinPolicy -MinPasswordLength 10

If you do not specify an Identity, Set-CsPinPolicy will modify the global policy.

Create or Modify Dial-in Conferencing PIN Settings for a Site or Group of Users

Follow these steps to create or modify a user-level or a site-level dial-in conferencing personal

identification number (PIN) policy. For details about how to change the global PIN policy, see

Modify the Default Dial-in Conferencing PIN Settings.

To create a user or site PIN policy








4. On the PIN Policy page, click New, and then do one of the following:

To create a user-level policy, click User policy. In New PIN Policy, in Name, type a

name that describes the policy.


all or part of the name of the site for which you want to create a policy. In the list of

sites, click the site you want, and then click OK.

5. In the Description field, type a description of the PIN policy.

6. In the Minimum PIN length field, type or select the minimum PIN length that you want to

allow. The default minimum length is five digits.




201














digits are allowed.

Important:


13. Click Commit.


To create a per-site policy, set the Identity to the prefix site: followed by the name of the site:

New-CsPinPolicy -Identity "site:Redmond" -MinPasswordLength 10

To create a per-user policy, simply use a unique policy name as the Identity:

New-CsPinPolicy -Identity "RedmondPinPolicy" -MinPasswordLength 10

To change a user or site PIN policy








4. On the PIN Policy page, click the PIN policy that you want to change, click Edit, and

then click Show details.

5. In Edit PIN Policy, modify any of the policy settings (except for the policy name, which

202


cannot be modified).

6. Click Commit.


To modify a per-user or per-site PIN policy, use the Set-CsPinPolicy cmdlet:

Set-CsPinPolicy -Identity "site:Redmond" -MinPasswordLength 6

Delete Dial-in Conferencing PIN Settings for a Site or Group of Users

Follow these steps to delete a user-level or a site-level PIN policy.

Note:

You cannot delete the global PIN policy.

To delete a user or site PIN policy








4. On the PIN Policy page, in the search field, type all or part of the name of the policy you

want to delete.


6. Click OK.


To delete a per-user or per-site policy, use the Remove-CsPinPolicy cmdlet:

Remove-CsPinPolicy –Identity site:Redmond

This command removes all the per-site PIN policies:

Get-CsPinPolicy –Filter "site:*" | Remove-CsPinPolicy

203


And this one removes all the per-user PIN policies:

Get-CsPinPolicy –Filter "tag:*" | Remove-CsPinPolicy

204


Configuring Support for Clients and DevicesThe topics in this section provide step-by-step procedures for tasks that you can perform by using

the Clients group in Microsoft Lync Server 2010 Control Panel.

In This Section


View Software Updates for Devices in Your Organization

Modify the Default Action for Clients Not Explicitly Supported or Restricted


Add a Device to Test Update Functionality

Modify Settings for Log Files of Device Update Activity

Configure Voice Quality of Service for Lync 2010 Phone Edition

Configure Security Settings for Lync 2010 Phone Edition

Configure Phone Lock for Lync 2010 Phone Edition


Microsoft Lync Server 2010 enables you to specify the version of clients that are supported in

your environment. When two clients that are running different versions interact, the features that

are available to either client can be limited by the capabilities of the other client. To make the

greatest use of features included in Lync Server 2010 and to improve the overall user experience,

you can use the client version filter to restrict the client versions that are used in your Lync Server

environment. By using the client version filter, you can also help reduce costs associated with

supporting multiple client versions.

In addition to creating a global policy, you can create client version policies for a particular service

or site, or user-scoped policies that can be assigned to individual users. The user-scoped client

version policy can be assigned to individual users from the Users group in Lync Server Control

Panel.

Note:

Because anonymous users are not associated with a user, site, or service, anonymous

users are affected by global-level policies only.

Important:

Filters are listed in order of precedence. For example, if you have a filter that allows

clients running version 1.5 or later to connect, followed by a filter that blocks clients

running a version earlier than 2.0, the first filter takes precedence, and clients running

version 1.5 are allowed to connect.

205


To edit the default client version policy




2. In the left navigation bar, click Clients.

Note:

The Client Version Policy tab is selected by default.

3. On the Client Version Policy page, double-click the Global policy in the list.

4. In Edit Client Version Policy, do one of the following:

Click New to create a new client version rule.

Click one of the defined client types in the list, and then click Show details….

Note:

You can use wildcards to indicate the client type.

5. In Application, select a client type.

6. Under Version number, do the following:

In Major version, type the number that corresponds to the major release of the

client.

In Minor version, type the number that corresponds to the minor release of the

client.

In Build, type the number that corresponds to the major and minor release of the

client.

In Update, type the number that corresponds to the updated release of the client.

Note:

You can use wildcards to indicate the client version number.

7. To specify the matching operation for the client version you specified in the preceding

steps, in Comparison operation, click one of the following:

Same as

Is not

Newer than

Newer than or same as

Older than

Older than or same as

8. To specify the action to perform when the criteria in the preceding steps are met, click

one of the following in Action:

To allow the client to log on, click Allow.

To allow the client to log on and receive updates from Windows Server Update

206


Service or Microsoft Update, click Allow and Upgrade. This action is available only

when Microsoft Lync 2010 is selected.

To allow the client to log on and display a message about where to download another

client version, click Allow with URL. You specify the URL later in this procedure.

To prevent the client from logging on, click Block.

To prevent the client from logging on and allow the client to receive updates from

Windows Server Update Service or Microsoft Update, click Block and Upgrade. This

action is available only when the Lync 2010 application is selected.

To prevent the client from logging on and display a message about where to

download another client version, click Block with URL. You specify the URL later in

this procedure.

9. (Optional) If you clicked Allow with URL or Block with URL in the previous step, type

the client download URL to include in the message in URL.

10. Click OK, and then click Commit.


As a general rule, client version policies are most-easily edited by modifying the client version policy rules associated with those policies. However, there might be times when you find it useful to use the Set-CsClientVersionPolicy cmdlet to directly modify a policy. For example, the following set of commands removes all the current client version policy rules from the Redmond site policy, copies the client version policy rules from the Dublin site policy, then assigns those same rules to the Redmond site:

Set-CsClientVersionPolicy -Identity site:Redmond -Rules $Null

$x = Get-CsClientVersionPolicy -Identity site:Dublin | Select-Object -ExpandProperty Rules

Set-CsClientVersionPolicy -Identity site:Redmond -Rules $x


You can use Lync Server Control Panel to view all the services that are running on a specific

computer in your Lync Server 2010 topology and see the status of each service.

To view the status of services running on a computer




207


2. In the left navigation bar, click Topology.

3. On the Status page, sort or search the list as needed to find the computer you are

interested in and then click the computer name.

4. Do any of the following:

To see the latest status of services running on the computer, click Get service

status.

To see a list of specific services running on the computer and the status of each

service, click Properties and then click Close to return to the list.


To view the status of all the Lync Server services running on all of your computers, use the following command:

Get-CsService | Select-Object Role, PoolFqdn | Sort-Object PoolFqdn, Role

To view the services running on a specific computer, use this command, replacing atl-cs-001.litwareinc.com with the fully qualified domain name of the computer to be viewed:

Get-CsService | Where-Object {$_.PoolFqdn –eq "atl-cs-001.litwareinc.com"} | Select-Object Role, PoolFqdn | Sort-Object PoolFqdn, Role

Modify the Default Action for Clients Not Explicitly Supported or Restricted

In addition to specifying the version of clients that you want to support in your Microsoft Lync

Server 2010 environment, you can also specify a default action for clients that do not already

have a version policy defined. This enables you to restrict which client versions are used in your

Lync Server 2010 environment, which can help you control the costs associated with supporting

multiple client versions.

To modify the default action for clients not explicitly supported or restricted




2. In the left navigation bar, click Clients, and then click Client Version Configuration.

3. On the Client Version Configuration page, double-click the Global configuration in the

list.

4. In the Edit Client Version Configuration dialog box, verify that the Enable version

208


control check box is selected and then, under Default action, select one of the

following:

Allow Allows the client to log on if the client version does not match any filter in the

Client version policies list.

Block Prevents the client from logging on if the client version does not match any

filter in the Client version policies list.

Block with URL Prevents the client from logging on if the client version does not

match any filter in the Client version policies list, and include an error message

containing a URL where a newer client can be downloaded.

Allow with URL Allows the client to log on if the client version does not match any

filter in the Client version policies list, and include an error message containing a

URL where a newer client can be downloaded.

5. If you selected Block with URL, type the client download URL to include in the error

message in the URL box.

6. Click Commit.


To modify the default action for client applications that do not appear in a client version policy, use the Set-CsClientVersionConfiguration cmdlet and set the value of the DefaultAction property.

Set-CsClientVersionConfiguration –Identity global -DefaultAction "BlockWithUrl" -DefaultURL "https://litwareinc.com/csclients"

To disable client version control

To disable version control to allow all clients to log on regardless of the client version,

clear the Enable version control check box, and then click Commit.


To disable client version control, use the Set-CsClientVersionConfiguration cmdlet and set the Enabled property to False:

Set-CsClientVersionConfiguration –Identity global –Enabled $False

To enable client version control, set the Enabled property to True:

209


Set-CsClientVersionConfiguration –Identity global –Enabled $True


With Microsoft Lync Server 2010, you use Device Update Web service to view and manage

software updates for your organization’s devices. These updates are available in .cab (cabinet)

files from the Microsoft Support website at http://go.microsoft.com/fwlink/?LinkId=204091. After

you download the .cab file, run the Import-CSdeviceUpdate cmdlet to import the device update

rules from the .cab file. For details about the Import-CSdeviceUpdate cmdlet, see Import-

CsDeviceUpdate in the Lync Server Management Shell documentation.

Tip:

Before deploying a new update to your organization, verify that it functions correctly on a

test device.

To view software updates for UC devices

1. From the Microsoft Support website at http://go.microsoft.com/fwlink/?LinkId=204091,

download the .cab file to a location on a Lync Server 2010 computer (for example, C:\

Updates\UCUpdates.cab).

2. Import the device update rules from the C:\Updates\UCUpdates.cab file by running one of

the following cmdlets:

If the .cab file is located on the same computer as the one running the service to be

updated (service:Redmond-websvc-2), run the following cmdlet:

Import-CsDeviceUpdate –Identity service:Redmond-websvc-2 –

FileName C:\Updates\UCUpdates.cab

If the .cab file is located on a different computer than the one running the service to

be updated (service:Redmond-websvc-3), run the following cmdlet:

Import-CsDeviceUpdate –Identity service:Redmond-websvc-3 –

ByteInput C:\Updates\UCUpdates.cab




4. In the left navigation bar, click Clients, and then click Device Update.

5. On the Device Update page, click an update in the list, and then do one of the following:

Cancel a pending update. To prevent the selected update from being deployed to

your organization’s devices, click the Action menu, and then click Cancel pending

updates.

Approve an update. To allow the selected update to be deployed to your

organization’s devices, click the Action menu, and then click Approve.

Restore an update. To allow a previously approved update to be deployed to your

organization’s devices, click the Action menu, and then click Restore.

210





To review all the device update rules currently in use in your organization, use the Get-CsDeviceUpdateRule cmdlet:

Get-CsDeviceUpdateRule

This command returns all the device update rules assigned to a specified Web Server:

Get-CsDeviceUpdateRule -Filter "service:WebServer:atl-cs-001.litwareinc.com*"

To approve a device update rule for widespread use, use the Approve-CsDeviceUpdate cmdlet:

Approve-CsDeviceUpdateRule -Identity service:WebServer:atl-cs-001.litwareinc.com/d5ce3c10-2588-420a-82ac-dc2d9b1222ff9

To reject a device update rule, use the Reset-CsDeviceUpdateRule cmdlet:

Reset-CsDeviceUpdateRule -Identity service:WebServer:atl-cs-001.litwareinc.com/d5ce3c10-2588-420a-82ac-dc2d9b1222ff9

To rollback a previously-approved device update rule, use the Restore-CsDeviceUpdateRule cmdlet:

Restore-CsDeviceUpdateRule -Identity service:WebServer:atl-cs-001.litwareinc.com/d5ce3c10-2588-420a-82ac-dc2d9b1222ff9

Add a Device to Test Update Functionality

You can add a test device to the Test Device page and then use this device to verify the

functionality of new updates before deploying the updates to production devices. You can test a

device globally (throughout your entire Microsoft Lync Server 2010 environment) or within a single

site. You identify a test device by its Media Access Control (MAC) address or serial number.

When you add a device, it appears in the list on the Test Device page of the Lync Server Control

Panel.

To add a test device




2. In the left navigation bar, click Clients, and then click Test Device.

211


3. Click New, and then click either Global test device or Site test device.

4. Do one of the following:

If you clicked Global test device, skip to the next step.

If you clicked Site test device, select a site from the list of available sites, and then

click OK.

5. In New Test Device, type a name for the device in Device name.

6. Under Identifier type, click either MAC address or Serial number.

7. In the Unique identifier box, type the MAC address or serial number of the device.

8. Click Commit.


The New-CsTestDevice cmdlet enables you to create a new test device. The following command creates a new test device, using the serial number of the device as the unique identifier:

New-CsTestDevice -Identity site:Redmond/UCPhone -IdentifierType SerialNumber -Identifier "07823-A345"

Modify Settings for Log Files of Device Update Activity

Device Update Web service automatically creates log files that record device update activity. As

part of your organization’s data management strategy, you may want to periodically purge the log

files to free up disk space. You can also configure a time of day when you want Device Update

Web service to automatically delete log files that are older than the number of days you

configured the service to keep log files (by default, that is log files that are more than 10 days

old).

Note:

Some settings, including the time of day that Device Update Web service automatically

deletes expired log files, cannot be modified using Lync Server Control Panel. Instead,

you must use Lync Server Management Shell. To specify the time of day to delete

expired log files, use the New-CsDeviceUpdateConfiguration cmdlet with the –

LogCleanUpTimeOfDay parameter. For details, see New-CsDeviceUpdateConfiguration

in the Lync Server Management Shell documentation.

You can change these settings according to your organization’s requirements. If you do not want

Device Update Web service to purge log files automatically, you can purge them manually, as

needed. Log settings can be changed globally or per site.

212


Caution:

Purging files permanently removes them from the file system. After you purge a file, it

cannot be recovered.

To change logging settings




2. In the left navigation bar, click Clients, and then click Device Log Configuration.

3. On the Device Log Configuration page, double-click the configuration that you want to

change.

4. In the Edit Log Setting dialog box, change any of the following settings as necessary:

Maximum file size (bytes) Specifies the maximum size a log file can become

before it is purged. The default is 1,024,000 bytes (1 MB).

Maximum cache size (bytes) Specifies the maximum amount of information (in

bytes) that can be held in the log file cache before that cache must be cleared and

the data is written to a log file. The default is 512,000 bytes (0.5 MB).

Number of minutes to flush cache (1-60) Indicates how often information stored

in the log file cache is written to the actual log file. After the data is logged, the cache

is cleared. The default is five minutes.

Number of days to keep log files (1-365) Specifies the number of days the log

files are kept before they are purged. The default is 10 days.

5. Click Commit.


To modify logging settings for the device update service, use the Set-CsDeviceUpdateConfiguration cmdlet:

Set-CsDeviceUpdateConfiguration -Identity global -MaxLogFileSize 2048000 -MaxLogCacheLimit 1024000

Configure Security Settings for Lync 2010 Phone Edition

You can configure transport and authentication requirements for Microsoft Lync 2010 Phone

Edition devices in a pool by setting the SIP security level for IP phones connecting to Microsoft

Lync Server 2010.

To configure security settings for Lync 2010 Phone Edition


213




2. In the left navigation bar, click Clients, and then click Device Configuration.

3. On the Device Configuration page, in the list of device configurations, double-click the

configuration for which you want to change security settings.

4. In Edit Device Configuration, under SIP security, specify the SIP security level. The

default level is High.


To change the security mode for Lync 2010 Phone Edition, use the Set-CsUCPhoneConfiguration cmdlet:

Set-CsUCPhoneConfiguration -Identity global -SIPSecurityMode "Medium"

Configure Voice Quality of Service for Lync 2010 Phone Edition

You can configure voice Quality of Service (QoS) requirements for Microsoft Lync 2010 Phone

Edition devices in a pool by setting the QoS level for IP phones connecting to Microsoft Lync

Server 2010.

To configure voice Quality of Service for Lync 2010 Phone Edition




2. In the left navigation bar, click Clients, and then click Device Configuration.

3. On the Device Configuration page, in the list of device configurations, double-click the

configuration for which you want to change QoS settings.

4. In Edit Device Configuration, under Voice quality of service, specify the QoS level.

The default level is 40.


To modify the quality of service settings for Lync 2010 Phone Edition, use the Set-CsUCPhoneConfiguration cmdlet and the VoiceDiffServTag property:

Set-CsUCPhoneConfiguration -Identity global –VoiceDiffServTag 50

214


Configure Phone Lock for Lync 2010 Phone Edition

Microsoft Lync 2010 Phone Edition devices can be locked for security purposes. If you choose to

enforce the phone lock, you can specify whether the phone lock is enforced globally or only within

the site for which it is configured. When you configure the phone lock, you specify the following

settings:

Minimum PIN length The minimum length for the personal identification number (PIN) that

is used to unlock the phone. The range for the PIN length is four to 15 digits. The default

length is six digits.

Phone lock time-out The minimum length of time before the phone locks itself. The range

for the time-out is 0 to 60 minutes; the default value is 10 minutes. Enter the value in the

format HH:MM:SS.

To configure the phone lock




2. Click Clients, and then click Device Configuration.

3. On the Device Configuration tab, in the list of device configurations, double-click the

configuration for which you want to change the phone lock settings.

4. In the Edit Device Configuration dialog box, verify that the Enforce device locking

check box is selected.

5. In Minimum PIN length, accept the default value or specify a new value.

6. In Phone lock time-out, accept the default value or specify a new value.

7. Click Commit.


To enforce phone locking for Lync 2010 Phone Edition, use the Set-CsUCPhoneConfiguration cmdlet and set the EnforcePhoneLock property to True. If desired, you can also change the value of the PhoneLockTimeout property:

Set-CsUCPhoneConfiguration -Identity global –EnforcePhoneLock $True –PhoneLockTimeout 00:30:00

215


Managing External ConnectivityAfter installing and configuring you internal deployment of Microsoft Lync Server 2010, internal

users in your organization can collaborate with other internal users who have SIP accounts in

your Active Directory Domain Services (AD DS). Collaboration can include exchanging instant

messages and presence information and, if configured, participating in conferences (also known

as "meetings"). By default, only users who are logged on to your internal network can log on to

Lync Server 2010. You enable and configure external user access to control whether supported

external users can collaborate with internal Lync Server users. External users can include remote

users, federated users (including supported users of public instant messaging (IM) service

providers), and anonymous participants in conferences, depending on how you configure external

user access.

Deploying an Edge Server or Edge pool is the first step to supporting external users. For details

about deploying Edge Servers, see Deploying Edge Servers in the Deployment documentation.

After completing the setup of an Edge Server or Edge pool, you must enable the types of external

user access that you want to support and configure support for the external users that your

organization wants to support. In Lync Server 2010, you enable and configure external user

access using the Lync Server Control Panel and the Lync Server Management Shell. For details

about these management tools, see Lync Server Control Panel in the Operations documentation,

Lync Server Management Shell in the Operations documentation, Lync Server Control Panel in

the Operations documentation, and Install Lync Server Administrative Tools in the Operations

documentation.

To support external user access, you must do both of the following:

Enable support for your organization. To enable support for external user access in your

deployment, you enable each type external user access that you want to support. You enable

and disable support for external user access Lync Server 2010 Control Panel by editing the

global settings on the Access Edge Configuration page in the External User Access

group. Enabling support for external user access specifies that your servers running the Lync

Server Access Edge service support communications with external users, but external users

cannot communicate with internal users until you also configure at least one policy to manage

the use of external user access. External users cannot communicate with users of your

organization when external user access is disabled or if no policies are configured to support

it.

Configure and assign one or more policies to support external user access, which can include

the following.

External user access policies, which you can create and configure to control use of one

or more types of external user access, including access for your remote users, access by

users of federated domains, and access for users of supported public IM service

providers. You configure external user policies in Lync Server 2010 Control Panel using

the global policy and, optionally, one or more site and user policies, on the External

Access Policy page in the External User Access group. The global policy is created

when you first deploy an Edge Server or Edge pool and cannot be deleted. You create

216


and configure any site and user policies that you want to use to limit external user access

to specific sites or users. Global and site policies are automatically assigned. If you

create and configure a user policy, you must then assign it to the specific users or users

groups to whom you want it to apply. Each external user access policy can support one or

more of the following: remote user access, federated user access, and public IM

connectivity.

Conferencing policies, which you can create and configure to control conferencing in your

organization, including which users in your organization can invite anonymous users to

conferences that they host. After creating a conferencing policy and enabling support for

anonymous users in the policy, you must then assign the policy to the specific users or

user groups that need to be able to invite anonymous users to their conferences.

You can configure external user access settings, including any policies that you want to use to

control external user access, even if you have not enabled external user access for your

organization. However, the policies and other settings that you configure are in effect only when

you have external user access enabled for your organization. External users cannot communicate

with users of your organization when external user access is disabled or if no external user

access policies are configured to support it.

Your edge deployment authenticates the types of external users and controls access based on

how you configure your edge support. In order to control communications across the firewall, you

can configure one or more policies and configure other settings that define how users inside and

outside your firewall communicate with each other. This includes the default global policy for

external user access, in addition to site and user policies that you can create and configure to

enable one or more types of external user access for specific sites or users.

In This Section

Enable or Disable External User Access for Your Organization

Manage Communications with External Users

Enable or Disable External User Access for Your Organization

After deploying one or more Edge Servers, you must enable the specific types of external user

access to be supported for your organization. This includes the following types of external user

access:

Remote user access Enable this if you want users in your organization who are outside

your firewall, such as telecommuters and users who are traveling, to be able to connect to

Lync Server 2010.

Federation Enable this if you want to support access by users of federated partner

domains, users of public IM service providers, or both.

Anonymous user access Enable this if you want internal users to be able to invite

anonymous users to their conferences.

217


Note:

In addition to enabling external user access support, you must also configure policies to

control the use of external user access in your organization before any type of external

user access is available to users. For details about creating, configuring, and applying

policies for external user access, see Manage Communications with External Users in

the Deployment documentation or Operations documentation.

In This Section

Enable or Disable Remote User Access for Your Organization

Enable or Disable Federation for Your Organization

Enable or Disable Anonymous User Access for Your Organization

Enable or Disable Remote User Access for Your Organization

Remote users are users in your organization who have a persistent Active Directory identity within

the organization. Remote users often sign in to Lync Server your network from outside the firewall

by using a virtual private network (VPN) when they are not connected internally to your

organization’s network. Remote users include employees working at home or on the road and

other remote workers, such as trusted vendors, who have been granted enterprise credentials. If

you enable remote user access for remote users, supported remote users do not have to connect

using a VPN in order to collaborate with internal users using Lync Server 2010.

To support remote user access, you must enable it. When you enable it, you enable it for your

entire organization. If you later want to temporarily or permanently prevent remote user access,

you can disable it for your organization. Use the procedure in this section to enable or disable

remote user access for your organization.

Note:

Enabling remote user access only specifies that your servers running the Access Edge

service support communications with remote users, but remote users cannot participate

in instant messaging (IM) or conferences in your organization until you also configure at

least one policy to manage the use of remote user access. For details about configuring

policies for the use of remote user access, see Manage Remote User Access in the

Deployment documentation or the Operations documentation.

To enable or disable remote user access for your organization


equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer

in your internal deployment.




3. In the left navigation bar, click External User Access, and then click Access Edge

Configuration.

4. On the Access Edge Configuration page, click Global, click Edit, and then click Show

218


details.

5. In Edit Access Edge Configuration, do one of the following:

To enable remote user access for your organization, select the Enable remote user

access check box.

To disable remote user access for your organization, clear the Enable remote user

access check box.

6. Click Commit.

To enable remote users to sign in to your servers running Lync Server 2010, you must also

configure at least one external access policy to support remote user access. For details, see

Manage Remote User Access in the Deployment documentation or the Operations

documentation.


To enable remote user access, use the Set-CsAccessEdgeConfiguration cmdlet to set the AllowOutsideUsers property to True:

Set-CsAccessEdgeConfiguration –Identity global –AllowOutsideUsers $True

To disable remote user access, set the AllowOutsideUsers property to False:

Set-CsAccessEdgeConfiguration –Identity global –AllowOutsideUsers $False

Enable or Disable Federation for Your Organization

Support for federation is required to enable users who have an account with a trusted customer

or partner organization, including partner domains and users of public instant messaging (IM)

provider users that you support, to collaborate with users in your organization. When you have

established a trust relationship with such external domains, you can authorize users in those

domains to access your deployment and participate in Lync Server communications. This trust

relationship is called federation and it is not related to or dependent upon an Active Directory trust

relationship.

To support access by users of federated domains, you must enable federation. If you enable

federation for your organization, you must also specify whether to implement the following

options:

Enable partner domain discovery. If you enable this option, Lync Server 2010 uses Domain

Name System (DNS) records to try to discover domains not listed in the allowed domains list,

automatically evaluating incoming traffic from discovered federated partners and limiting or

blocking that traffic based on trust level, amount of traffic, and administrator settings. If you do

not select this option, federated user access is enabled only for users in the domains that you

include on the allowed domains list. Whether or not you select this option, you can specify

219


that individual domains to be blocked or allowed, including restricting access to specific

servers running the Access Edge service in the federated domain. For details about

controlling access by federated domains, see Control Access by Individual Federated

Domains.

Send an archiving disclaimer to federated partners to advise them that communications are

recorded. If you support archiving of external communications with federated partner

domains, you should enable the archiving disclaimer notification to warn partners that their

messages are being archived.

If you later want to temporarily or permanently prevent access by users of federated domains,

you can disable federation for your organization. Use the procedure in this section to enable or

disable federated user access for your organization, including specifying the appropriate

federation options to be supported for your organization.

Note:

Enabling federation for your organization only specifies that your servers running the

Access Edge service support communications with users of federated domains, including

public IM providers. Users in federated domains cannot participate in IM or conferences

in your organization until you also configure at least one policy to support federated user

access. Users of public IM service providers cannot participate in IM or conferences in

your organization until you also configure at least one policy to support public IM

connectivity. For details about configuring policies for communication with users of

federated domains in other organizations, see Manage Federated Partner User Access in

the Deployment documentation or the Operations documentation. Additionally, if you want

to support communication with users of IM service providers, you must configure policies

to support it and also configure support for the individual service providers that you want

to support. For details, see Manage IM Provider Support in the Deployment

documentation or the Operations documentation.

To enable or disable federated user access for your organization








Configuration.


details.


To enable federated user access for your organization, select the Enable

communications with federated users check box.

220


To disable federated user access for your organization, clear the Enable

communications with federated users check box.

6. If you selected the Enable communications with federated users check box, do the

following:

a. If you want to support automatic discovery of partner domains, select the Enable

partner domain discovery check box.

b. If your organization supports archiving of external communications, select the Send

archiving disclaimer to federated partners check box.

7. Click Commit.

To enable federated users to collaborate with users in your Lync Server 2010 deployment,

you must also configure at least one external access policy to support federated user access.

For details, see Manage Federated Partner User Access in the Deployment documentation or

the Operations documentation. To control access for specific federated domains, see Control

Access by Individual Federated Domains in the Deployment documentation or Operations

documentation.


To enable federated user access, use the Set-CsAccessEdgeConfiguration cmdlet to set the AllowFederatedUsers property to True:

Set-CsAccessEdgeConfiguration –Identity global –AllowFederatedUsers $True

To disable federated user access, set the AllowFederatedUsers property to False:

Set-CsAccessEdgeConfiguration –Identity global –AllowFederatedUsers $False

Enable or Disable Anonymous User Access for Your Organization

Anonymous users are users who do not have a user account in your organization's Active

Directory Domain Services (AD DS) or in a supported federated domain, can be invited to

participate remotely in an on-premises conference. By allowing anonymous participation in

meetings you enable anonymous users (that is, users whose identity is verified through the

meeting or conference key only) to join meetings. Allowing anonymous participation requires

enabling it for your organization.

If you later want to temporarily or permanently prevent access by anonymous users, you can

disable it for your organization. Use the procedure in this section to enable or disable anonymous

user access for your organization.

221


Note:

Enabling anonymous user access for your organization only specifies that your servers

running the Access Edge service support access by anonymous users. Anonymous users

cannot participate in any meetings in your organization until you also configure at least

one conferencing policy and apply it to one or more users or user groups. The only users

that can invite anonymous users to meetings are those users that are assigned a

conferencing policy that is configured to support anonymous users. For details about

configuring conferencing policies to support anonymous users, see Configure

Conferencing Policies to Support Anonymous Users in the Deployment documentation or

the Operations documentation.

To enable or disable anonymous user access for your organization








Configuration.


details.


To enable anonymous user access for your organization, select the Enable

communications with anonymous users check box.

To disable anonymous user access for your organization, clear the Enable

communications with anonymous users check box.

6. Click Commit.

To enable anonymous users to participate in conferences hosted by users in your Lync

Server 2010 deployment, you must also configure and assign at least one conferencing policy

to support anonymous users. For details, see Configure Conferencing Policies to Support

Anonymous Users in the Deployment documentation or the Operations documentation.


To enable anonymous user access, use the Set-CsAccessEdgeConfiguration cmdlet to set the AllowAnonymousUsers property to True:

222


Set-CsAccessEdgeConfiguration –Identity global –AllowAnonymousUsers $True

To disable anonymous user access, set the AllowAnonymousUsers property to False:

Set-CsAccessEdgeConfiguration –Identity global –AllowAnonymousUsers $False

Manage Communications with External Users

By default, no policies are configured to support external user access, including remote user

access, federated user access, even if you have already enabled external user access support

for your organization. To control the use of external user access, you must configure one or more

policies, specifying the type of external user access supported for each policy. This includes the

following external access policies:

Global policy The global policy is created when you deploy your Edge Servers. By default,

no external user access options are enabled in the global policy. To support external user

access at the global level, you configure the global policy to support one or more types of

external user access options. The global policy applies to all users in your organization, but

site policies and user policies override the global policy. If you delete the global policy, you do

not remove it. Instead, you reset it to the default setting.

Site policy You can create and configure one or more site policies to limit support for

external user access to specific sites. The configuration in the site policy overrides the global

policy, but only for the specific site covered by the site policy. For example, if you enable

remote user access in the global policy, you might specify a site policy that disables remote

user access for a specific site. By default, a site policy is applied to all users of that site, but

you can assign a user policy to a user to override the site policy setting.

User policy You can create and configure one or more user policies to limit support for

remote user access to specific users. The configuration in the user policy overrides the global

and site policy, but only for the specific users to whom the user policy is assigned. For

example, if you enable remote user access in the global policy and site policy, you might

specify a user policy that disables remote user access and then assign that user policy to

specific users. If you create a user policy, you must apply it to one or more users before it

takes effect.

To support participation by anonymous users in conferences, you must configure a conferencing

policy and assign the policy to users. Assigning a conferencing policy in which anonymous

participation is enabled to users or user groups enables those users to invite anonymous users to

conferences that they host.

In addition to external user access policies and conferencing policies, some external user access

options, including access by federated users and access by public users, require configuration of

other options. This includes the following:

Specifying allowed and blocked domains for federated partners, in addition to any specific

servers running the Access Edge service that you want to allow or block.

223


Specifying which specific service providers your organization supports, including the name of

the server running the Access Edge service and the verification level supported for the

provider.

In This Section

Manage Remote User Access

Manage Federated Partner User Access

Manage IM Provider Support

Configure Conferencing Policies to Support Anonymous Users

Apply Policies for External User Access to Users

Reset or Delete External User Access Policies

Manage Remote User Access

You configure one or more external user access policies to control whether remote users can

collaborate with internal Lync Server users. To control remote user access, you can configure

policies at the global, site, and user level. Site policies override the global policy, and user policies

override site and global policies. For details about the types of policies that you can configure,

see Manage Communications with External Users in the Deployment documentation or the

Planning documentation.

Note:

You can configure policies to control remote user access, even if you have not enabled

remote user access for your organization. However, the policies that you configure are in

effect only when you have remote user access enabled for your organization. For details

about enabling remote user access, see Enable or Disable Remote User Access for Your

Organization in the Deployment documentation or the Operations documentation.

Additionally, if you specify a user policy to control remote user access, the policy applies

only to users that are enabled for Lync Server 2010 and configured to use the policy. For

details about specifying users that can sign in to Lync Server 2010 from remote locations,

see Apply External User Access Policies to Users in the Deployment documentation or

the Operations documentation.

Use the following procedure to configure each external access policy that you want to use to

control remote user access.

Note:

This procedure describes how to configure a policy only to enable communications with

remote users, but each policy that you configure to support remote user access can also

support federated user access and public user access. For details about configuring

policies to support federated users, see Configure Policies to Control Federated User

Access. For details about configuring policies to support public users, see Configure

Policies to Control Access by Users of IM Service Providers.

224


To configure an external access policy to support remote user access







3. In the left navigation bar, click External User Access, and then click External Access

Policy.

4. On the External Access Policy page, do one of the following:

To configure the global policy to support remote user access, click the global policy,


To create a new site policy, click New, and then click Site policy. In Select a Site,

click the appropriate site from the list and then click OK.

To create a new user policy, click New, and then click User policy. In New External

Access Policy, create a unique name in the Name field that indicates what the user

policy covers (for example, EnableRemoteUsers for a user policy that enables

communications for remote users).

To change an existing policy, click the appropriate policy listed in the table, click Edit,


5. (Optional) If you want to add or edit a description, specify the information for the policy in

Description.


To enable remote user access for the policy, select the Enable communications

with remote users check box.

To disable remote user access for the policy, clear the Enable communications

with remote users check box.

7. Click Commit.

To enable remote user access, you must also enable support for remote user access in your

organization. For details, see Enable or Disable Remote User Access for Your Organization in

the Deployment documentation or the Operations documentation.

If this is a user policy, you must also apply the policy to users that you want to be able to

connect remotely. For details, see Apply External User Access Policies to Users in the



225


To create an external user access policy that allows access by remote users, use the New-CsExternalAccessPolicy cmdlet and set the EnableOutsideAccess property to True:

New-CsExternalAccessPolicy –Identity "RedmondExternalAccess" –EnableOutsideAccess $True

Manage Federated Partner Access

To manage support for users of federated domains, you need to do the following:

Configure one or more external user access policies to support users of federated domains.

Specify whether to allow discovery of federated partners.

Specify any specific federated domains that you want to allow or block.

To perform these tasks, use the procedures in this this section.

In This Section

Configure Policies to Control Federated User Access

Enable or Disable Discovery of Federation Partners

Control Access by Individual Federated Domains

Enable or Disable Sending an Archiving Disclaimer to Federated Partners

Configure Policies to Control Federated User Access

When you configure policies to support for federated partners, the policies apply to users of

federated domains, but not for users of instant messaging (IM) service providers (for example,

Windows Live), unless you also enable support for service provider users in the policy. You can

configure one or more external user access policies to control whether users of federated

domains can collaborate with internal Lync Server users. To control federated user access, you

can configure policies at the global, site, and user level. Site policies override the global policy,

and user policies override site and global policies. For details about the types of policies that you

can configure, see Manage Communications with External Users in the Deployment

documentation or the Planning documentation.

Note:

You can configure policies to control federated user access, even if you have not enabled

federation for your organization. However, the policies that you configure are in effect

only when you have federation enabled for your organization. For details about enabling

federation, see Enable or Disable Federation for Your Organization in the Deployment

documentation or the Operations documentation. Additionally, if you specify a user policy

to control federated user access, the policy applies only to users that are enabled for

Lync Server 2010 and configured to use the policy. For details about specifying federated

users that can sign in to Lync Server 2010, see Apply External User Access Policies to

Users in the Deployment documentation or the Operations documentation.

To configure a policy to support access by users of federated domains


226








Policy.


To configure the global policy to support federated user access, click the global

policy, click Edit, and then click Show details.





policy covers (for example, EnableFederatedUsers for a user policy that enables

communications for federated domain users).




Description.


To enable federated user access for the policy, select the Enable communications

with federated users check box.

To disable federated user access for the policy, clear the Enable communications

with federated users check box.

7. Click Commit.

To enable federated user access, you must also enable support for federation in your

organization. For details, see Enable or Disable Federation for Your Organization in the


If this is a user policy, you must also apply the policy to users that you want to be able to

collaborate with federated users. For details, see Apply External User Access Policies to

Users in the Deployment documentation or the Operations documentation.


To create an external user access policy that allows access by federated users, use the New-CsExternalAccessPolicy cmdlet and set the EnableFederationAccess property to True:

227


New-CsExternalAccessPolicy –Identity "RedmondExternalAccess" –EnableFederationAccess $True

Enable or Disable Discovery of Federation Partners

At the time you deployed your Edge Servers and enabled federation for your organization, you

should have specified whether to support automatic discovery of federated partner domains. Use

the procedure in this topic to change that configuration.

Note:

The following procedure assumes that you have already enabled federation for your

organization. For details about enabling federation, see Enable or Disable Federation for

Your Organization in the Deployment documentation or the Operations documentation.

To enable or disable automatic discovery of federated domains for your organization







3. In the left navigation bar, click External User Access, click Access Edge

Configuration.


details.

5. In Edit Access Edge Configuration, under Enable communications with federated

users, select or clear the Enable partner domain discovery check box to enable or

disable automatic discovery of partner domains.

6. Click Commit.


you must have also configured at least one external access policy to support federated user

access. For details, see Manage Federated Partner User Access in the Deployment

documentation or the Operations documentation. For details about controlling access for

specific federated domains, see Control Access by Individual Federated Domains in the

Deployment documentation or Operations documentation.


To enable automatic discovery of federated domains, use the Set-CsAccessEdgeConfiguration cmdlet and the UseDnsSrvRouting parameter, and set EnablePartnerDiscovery to True:

228


Set-CsAccessEdgeConfiguration -UseDnsSrvRouting -EnablePartnerDiscovery $True

To disable automatic routing, use the UseDefaultRouting parameter, and set DefaultRouteFqdn to the fully qualified domain name of the Edge Server used for federation requests:

Set-CsAccessEdgeConfiguration -UseDefaultRouting -DefaultRouteFqdn "atl-edge-001.litwareinc.com"

Control Access by Individual Federated Domains

If you have configured support for federated partners, you can manage which specific domains

can federate with your organization by doing either or both of the following:

Configure one or more specific external domains as allowed federated domains. To do this,

add each domain to the list of allowed domains. Even if partner discovery is enabled for your

organization, do this if the domain is a federated partner that might need to communicate with

more than 1,000 of your users or might need to send more than 20 messages per second. If

partner discovery is not enabled for your organization, only users of external domains that

you add to the allowed domains list can participate in IM and conferencing with users in your

organization. If you want to restrict access for a federated domain to a specific server running

the Access Edge service of the federated partner, you can specify the domain name of the

server running the Access Edge service for each domain in the list of allowed domains.

Block one or more external domains from connecting to your organization. To do this, add the

domain to the list of blocked domains.

Note:

This procedure describes how to configure support for specific domains, but

implementing support for federated users also requires that you enable support for

federated users for your organization, and configure and apply policies to control which

users can collaborate with federated users. For details about enabling support for

federated users, see Enable or Disable Federation for Your Organization in the

Deployment documentation or the Operations documentation. For details about

configuring policies to control federation, see Configure Policies to Control Federated

User Access in the Deployment documentation or the Operations documentation.

To add an external domain to the list of allowed domains







3. In the left navigation bar, click External User Access, and then click Federated

Domains.

229


4. On the Federated Domains page, click New, and then click Allowed domain.

5. In New Federated Domains, do the following:

In Domain name (or FQDN), type the name of the federated partner domain.

Notes:

This name must be unique and cannot already exist as an allowed domain for this server

running the Access Edge service. The name cannot exceed 256 characters in length.

The search on the federated partner domain name performs a suffix match. For example, if

you type contoso.com, the search will also return the domain it.contoso.com.

A federated partner domain cannot simultaneously be blocked and allowed. Lync Server 2010

prevents this from happening so that you do not have to synch up your lists.

If you want to restrict access for this federated domain to users of a specific server

running the Access Edge service, in Access Edge service (FQDN), type the FQDN

of the federated domain’s server running the Access Edge service.

If you want to provide additional information, in Comment, type information that you

want to share with other system administrators about this configuration.

6. Click Commit.

7. Repeat steps 4 through 6 for each federated partner domain that you want to allow.

To enable federated user access, you must also enable support for federated user access in

your organization. For details, see Enable or Disable Federation for Your Organization in the


Additionally, you must configure and apply the policy to users that you want to be able to

collaborate with federated users. For details, see Configure Policies to Control Federated

User Access in the Deployment documentation or the Operations documentation.


To add a domain to the list of domains your users are allowed to communicate with, use the New-CsAllowedDomain cmdlet followed by the fully qualified domain name of the allowed domain:

New-CsAllowedDomain -Identity "fabrikam.com"

To add an external domain to the list of blocked domains






230



3. In the left navigation bar, click External User Access.

4. Click Federated Domains, click New, and then click Blocked domain.

5. In New Federated Domains, do the following:

In Domain name (or FQDN), type the name of the federated partner domain that you

want to block.

Notes:

The name cannot exceed 256 characters in length.

The search on the federated partner domain name performs a suffix match. For example, if

you type contoso.com, the search will also return the domain it.contoso.com.

A federated partner domain cannot simultaneously be blocked and allowed. Lync Server 2010

prevents this from happening so that you do not have to synch up your lists.

(Optional) In Comment, type information that you want to share with other system

administrators about this configuration.

6. Click Commit.

7. Repeat steps 4 through 6 for each federated partner that you want to block.


To add a domain to the list of domains your users are not allowed to communicate with, use the New-CsBlockedDomain cmdlet followed by the fully qualified domain name of the "outlawed" domain:

New-CsBlockedDomain -Identity "contoso.com"



should have specified whether to automatically send the archiving disclaimer to federated

partners. If you archive external communications, you should enable the sending of an archiving

disclaimer. Use the procedure in this topic to change that configuration.

Note:




To enable or disable sending an archiving disclaimer to federated partners



231







Configuration.

4. On the Access Edge Configuration tab, click Global, click Edit, and then click Show

details.


users, select or clear the Send archiving disclaimer to federated partners check box

to enable or disable automatically sending the archiving disclaimer.

6. Click Commit.








To display an archiving disclaimer to federated partners at the beginning of an instant messaging session, use the Set-CsAccessEdgeConfiguration cmdlet and set the EnableArchivingDisclaimer property to True:

Set-CsAccessEdgeConfiguration –Identity global -EnableArchivingDisclaimer $True

To prevent the display of the archiving disclaimer, set the EnableArchivingDisclaimer property to False:

Set-CsAccessEdgeConfiguration –Identity global -EnableArchivingDisclaimer $False

Manage IM Provider Support

To configure support for users of public instant messaging (IM) providers, you need to do both of

the following:

Configure one or more external user access policies to support the use of public IM services.

Specify which public IM providers you want to support.

To perform these tasks, use the procedures in this this section.

232


In This Section

Configure Policies to Control Access by Users of IM Service Providers

Specify Supported IM Service Providers

Configure Policies to Control Access by Users of IM Service Providers

Public instant messaging (IM) connectivity enables users in your organization to use IM to

communicate with users of IM services provided by public IM service providers, including the

Windows Live network of Internet services, Yahoo!, and AOL. You configure one or more external

user access policies to control whether public users can collaborate with internal Lync Server

users. To control public user access, you can configure policies at the global, site, and user level.

Site policies override the global policy, and user policies override site and global policies. For

details about the types of policies that you can configure, see Manage Communications with

External Users in the Deployment documentation or the Planning documentation.

In the case of IM invitations, the response depends on the client software. The request is

accepted unless external senders are explicitly blocked by a user-configured rule (that is, the

settings in the user’s client Allow and Block lists). Additionally, IM invitations can be blocked if a

user elects to block all IM from users who are not on his or her Allow list.

Note:

You can configure policies to control public user access, even if you have not enabled

federation for your organization. However, the policies that you configure are in effect

only when you have federation enabled for your organization. For details about enabling

federation, see Enable or Disable Federation for Your Organization in the Deployment

documentation or the Operations documentation. Additionally, if you specify a user policy

to control public user access, the policy applies only to users that are enabled for Lync

Server 2010 and configured to use the policy. For details about specifying public users

that can sign in to Lync Server 2010, see Apply External User Access Policies to Users in

the Deployment documentation or the Operations documentation.

Use the following procedure to configure a policy to support access by users of one or more

public IM providers.

To configure an external access policy to support public user access








Policy.


To configure the global policy to support public user access, click the global policy,

233







policy covers (for example, EnablePublicUsers for a user policy that enables

communications for public users).




Description.


To enable public user access for the policy, select the Enable communications with

public users check box.

To disable public user access for the policy, clear the Enable communications with

public users check box.

7. Click Commit.

To enable public user access, you must also enable support for federation in your



If this is a user policy, you must also apply the policy to public users that you want to be able

to collaborate with public users. For details, see Apply External User Access Policies to Users

in the Deployment documentation or the Operations documentation.


To enable users to communicate with a public provider such as MSN or AOL, use the Set-CsExternalAccessPolicy cmdlet to set the EnablePublicCloudAccess property of the appropriate external access policy to True:

New-CsExternalAccessPolicy -Identity site:Redmond -EnablePublicCloudAccess $True

234


Specify Supported IM Service Providers

Users of public instant messaging (IM) services, including any or all of the following: Windows

Live, AOL, and Yahoo!, and Extensible Messaging and Presence Protocol (XMPP) providers and

servers (for example, Google Talk or Jabber) by using an XMPP gateway. A public IM service

provider is a specific type of federated partner. Support for public IM users has specific

requirements that are different from the requirements for users of other federated partners.

Customers that do not have a volume license for Lync Server 2010 require a separate license if

they choose to configure public IM connectivity with Windows Live, AOL, and Yahoo! For details,

see "Changes in Office Communications Server Public IM Federation" at

http://go.microsoft.com/fwlink/?linkid=197275 and "Microsoft Lync: Pricing and Licensing" at


Note:

To use XMPP, you must install the XMPP Gateway. You can download the XMPP

Gateway from the Microsoft Download Center at http://go.microsoft.com/fwlink/?

LinkId=204552. After you install the XMPP Gateway, you need to install the hotfix, which

is available for download from http://go.microsoft.com/fwlink/?LinkId=204561.

You can add or remove an IM service provider, and change other settings for any IM service

provider (including temporarily blocking the IM service provider). The settings that you can specify

for each IM service provider include the following:

Whether the IM service provider is hosted or public. Hosted IM service providers are internal

to your organization, running as hosted services. Some organizations allow external users to

establish federation with internal servers as a hosting provider, similar to establishing

federation with a public provider, such as MSN.

Whether to permit the IM service provider to federate with your organization.

The network address of the IM service provider’s Access Edge, which you specify by using

the fully qualified domain name (FQDN) of the server running the Access Edge service.

The filtering options for incoming communications are as follows:

Allow communications only with users verified by this provider This setting is the

default. It means that you trust the IM service provider's verification level and handle

incoming messages accordingly. Requests marked as unverified are handled as

described for the Allow communications only with users on recipients' contact lists

option. Requests marked as verified are handled as described for the Allow all

communications with this provider option.

Allow communications only with users on recipients' contact lists This setting

means you do not trust verification levels asserted by the IM service provider. If you

choose this option, the server running the Access Edge service marks all incoming

presence subscription requests as unverified. If the sender is already on the recipient’s

Allow list, the internal server responds to that request. Otherwise, the request is rejected.

Similarly, requests for an IM session that are marked unverified are rejected by the client.

Allow all communications with this provider This setting means that you accept all

messages regardless of whether they are verified or not. If you choose this option, the

235







server running the Access Edge service marks all messages as verified. The recipient's

home pool or server notifies the client, and all messages are handled according to

settings on the client. In the case of presence subscription requests, the client settings

determine how the message is handled.

By default, the Windows Live, AOL, and Yahoo! are available in the list, but are not enabled. For a

public IM service provider, public IM connectivity may require the purchase of additional service

licenses and provisioning the connections. For details, see the Lync Server 2010 licensing

information at http://go.microsoft.com/fwlink/?LinkId=202848. Pricing and licensing information for

public IM connectivity are available through Microsoft Volume Licensing programs. For details,

see the Microsoft Volume Licensing page at http://go.microsoft.com/fwlink/?LinkId=144874. For

details about specific requirements for public IM service providers, see the "Office

Communications Server Public IM Connectivity Provisioning Guide" at


Note:

You can configure support for public IM providers, even if you have not enabled

federation for your organization. However, the provider support that you configure is in

effect only when you have federation enabled for your organization. For details about

enabling federation, see Enable or Disable Federation for Your Organization in the

Deployment documentation or the Operations documentation. Additionally, support for IM

service providers requires configuration of policies to support user access. For details

about configuring policies to support access by users of IM service providers, see

Configure Policies to Control Access by Users of IM Service Providers.

Use the following procedure to configure IM provider support for one or more hosted or public IM

service providers.

To configure support for an IM service provider







3. In the left navigation bar, click External User Access, click Providers, and then do one

of the following:

To create a new provider, click New, and then click Public or Hosted.

Note:

Select Hosted if your IM service provider is internal to your organization,

running as hosted services. Some organizations allow external users to

establish federation with internal servers as a hosting provider, similar to

establishing federation with a public provider like MSN.

In Provider name, create a unique name.

236





In Access Edge (or FQDN), type the name of each individual server running the

Access Edge service.


To enable this provider, select the Enable communications with this provider

check box, and then do one of the following:

Click Allow communications only with users verified by this provider.

Select the Allow communications only with users on recipients' contact lists

check box.

Select the Allow all communications with this provider check box.

To prevent communications with this provider, clear the Enable communications

with this provider check box.

5. To modify an existing provider, click the appropriate provider listed in the table, click Edit,

and then click Show details. Then, do one of the following:

To enable this provider, select the Enable communications with this provider

check box, and then do one of the following:

Click Allow communications only with users verified by this provider.

Select the Allow communications only with users on recipients' contact lists

check box.

Select the Allow all communications with this provider check box.

To prevent communications with this provider, clear the Enable communications

with this provider check box.

6. Click Commit.

To enable public user access, you must also enable support for federation in your



Support for IM service providers also requires configuration of policies to support user

access. For details about configuring policies to support access by users of IM service

providers, see Configure Policies to Control Access by Users of IM Service Providers.


To enable users to communicate with a new public provider, use the New-CsPublicProvider cmdlet to add the new organization to the list of approved providers:

New-CsPublicProvider -Identity "Fabrikam" -ProxyFqdn "proxyserver.fabrikam.com" -Enabled $True -VerificationLevel "AlwaysUnverifiable"

237


Configure Conferencing Policies to Support Anonymous Users

By allowing anonymous participation in meetings you enable anonymous users (that is, users

whose identity is verified through the meeting or conference key only) to join your meetings. By

default, all users are prevented from inviting anonymous users to participate in a meeting. You

control who can invite anonymous users by configuring a conferencing policy to support

anonymous users, and applying that conferencing policy to specific users.

Use the procedure in this section to configure a global policy to support participation of

anonymous users in conferences. For details about creating and applying a conferencing policy

to support participation of anonymous users in conferences, see Create or Modify Conferencing

User Experience for a Site or Group of Users and Apply Conferencing Policies to Support

Anonymous Users in the Deployment documentation or the Operations documentation.

At the global level, you can specify whether or not you want to enable anonymous user

access to conferences.

At the user account level, you can control a user’s ability to invite anonymous users by

specifying which conferencing policy to apply to individual users.

To configure policies to allow anonymous participation in meetings







3. In the left navigation bar, click External User Access.

4. In the Access Edge Configuration page, click the global policy, click Edit, and then click

Show details.

5. In Edit Access Edge Configuration, select the Enable anonymous user access to

conferences check box.

6. Click Commit.

7. In the left navigation bar, click Conferencing, and then do one of the following:

a. To create a new site policy, click New, and then click Site policy. In Select a Site,


b. To configure an existing policy, click the appropriate policy listed in the table, click

Edit, then Show details.

8. In Conferencing Policies, select the Allow participants to invite anonymous users

check box.

9. Click Commit.

To enable users to invite anonymous users to conferences, you must also enable support for

anonymous users in your organization. For details, see Enable or Disable Anonymous User

Access for Your Organization in the Deployment documentation or the Operations

238


documentation.

Additionally, you must apply the policy to users that you want to be able to invite anonymous

users. For details, see Apply External User Access Policies to Users in the Deployment

documentation or the Operations documentation.


To allow users to host meetings that include anonymous users, use the Set-CsConferencingPolicy cmdlet to set the AllowAnonymousParticipantsInMeetings property of the appropriate conferencing policy to True:

Set-CsConferencingPolicy –Identity global -AllowAnonymousParticipantsInMeetings $True

Apply Policies for External User Access to Users

If you configure user policies for external user access or conferencing policies to support

anonymous users, you must assign the policies to users or user groups before support is

available to the users.

In This Section


Apply Conferencing Policies to Support Anonymous Users


If a user has been enabled for Lync Server 2010, you can configure federation, remote user

access, and public instant messaging (IM) connectivity in the Lync Server Control Panel by

applying the appropriate policies to specific users or user groups. For example, if you created a

policy to support remote user access, you must apply it to at least one user or user group before

the user or user group can connect to Lync Server 2010 from a remote location and collaborate

with internal users from the remote location.

Note:

To support for external user access, you must enable support for each type of external

user access you want to support, and configure the appropriate policies and other options

to control use. For details, see Configuring Support for External User Access in the

Deployment documentation or Managing External Connectivity in the Operations

documentation.

Use the procedure in this topic to apply a previously created external user access policy to one or

more user accounts or user groups.

To apply an external user policy to a user account


239







to configure.


Show details.

5. In Edit Lync Server User under External access policy, select the user policy that you

want to apply.

Note:




To assign a per-user external access policy to a user, use the Grant-CsExternalAccessPolicy cmdlet.

Grant-CsExternalAccessPolicy –Identity "Ken Myer" –PolicyName "RedmondExternalAccess"

To unassign a per-user policy, use Grant-CsExternalUserAccess and set the PolicyName to a null value:

Grant-CsExternalAccessPolicy –Identity "Ken Myer" –PolicyName $null

Apply Conferencing Policies to Support Anonymous Users

By default, all users are prevented from inviting anonymous users to participate in a meeting. You

control who can invite anonymous users by configuring a conferencing policy to support

anonymous users, and applying that conferencing policy to specific users. For details about how

to configure a conferencing policies to support anonymous users, see Configure Conferencing

Policies to Support Anonymous Users in the Deployment documentation or Managing External

Connectivity the Operations documentation.

Use the procedure in this section to apply a conferencing policy that you have already created to

one or more users or user groups.

Note:

In addition to configuring and applying a policy to enable users to invite anonymous

users, you must also enable support for anonymous users for your organization. For

details, see Enable or Disable Anonymous User Access for Your Organization.

240


To configure a user policy for anonymous participation in meetings







3. In the left navigation bar, click Conferencing, and then do one of the following:

a. To create a new user policy, click New, and then click User policy. Create a unique

name in the Name field that indicates what the user policy covers (for example,

EnableAnonymous for a user policy that enables communications with anonymous

users).

b. To configure an existing user policy, click the appropriate policy listed in the table,


4. In the Conferencing Policies dialog box, select the Allow participants to invite

anonymous users check box.

5. Click Commit.

6. In the left navigation bar, click Users, search on the user account that you want to

configure.


Show details.

8. In Edit Lync Server User under Conferencing policy, select the user policy with the

anonymous user access configuration that you want to apply to this user.

Note:

The <Automatic> settings apply the default server installation settings and are

applied automatically by the server.

To enable users to invite anonymous users to conferences, you must also enable support for

anonymous users in your organization. For details, see Enable or Disable Anonymous User

Access for Your Organization in the Deployment documentation or the Operations

documentation.


To allow users to host meetings that include anonymous participants, use the Set-CsConferencingPolicy cmdlet and set AllowAnonymousParticipantsInMeetings to True:

Set-CsConferencingPolicy –Identity site:Redmond -AllowAnonymousParticipantsInMeetings $True

241


To prevent users from hosting meetings that include anonymous participants, set AllowAnonymousParticipantsInMeetings to False:

Set-CsConferencingPolicy –Identity site:Redmond -AllowAnonymousParticipantsInMeetings $False

Reset or Delete External User Access Policies

If you have created or configured external user access policies that you no longer want to use,

you can do the following:

Delete any site or user policy that you created.

Reset the global policy to the default settings. The default global policy settings deny any

external user access. The global policy cannot be deleted.

In This Section

Delete a Site or User Policy for External User Access

Reset the Global Policy for External User Access

Delete a Site or User Policy for External User Access

You can delete any site or user policy that is listed in Microsoft Lync Server 2010 Control Panel

on the External Access Policy page. Deleting the global policy does not actually delete it, but

only resets it to the default settings, which do not include support for any external user access

options. For details about resetting the global policy, see Reset the Global Policy for External

User Access.

To delete a site or user policy for external user access







3. Click External User Access, click External Access Policy.

4. On the External Access Policy tab, click the site or user policy you want to delete, click

Edit, and then click Delete.

5. When prompted to confirm the deletion, click OK.


To delete a per-site external access policy, use the Remove-CsExternalAccessPolicy cmdlet followed by the policy Identity:

242


Remove-CsExternalAccessPolicy –Identity site:Redmond

You can also use this command to remove all the per-site policies:

Get-CsExternalAccessPolicy –Filter "site:*" | Remove-CsExternalAccessPolicy

To delete a per-user policy, use the Remove-CsExternalAccessPolicy cmdlet followed by the policy Identity:

Remove-CsExternalAccessPolicy –Identity "RedmondExternalAccessPolicy"

This command removes all the per-user policies:

Get-CsExternalAccessPolicy –Filter "tag:*" | Remove-CsExternalAccessPolicy

Reset the Global Policy for External User Access

You cannot completely delete a global policy. Using the Delete option on the global policy only

resets the global policy to the default settings, which do not include support for any external user

access options.

To reset the global policy to the default settings







3. In the left navigation bar, click External User Access, click External Access Policy.

4. On the External Access Policy tab, click the global policy, click Edit, and then click

Delete.

5. When prompted to confirm the deletion, click OK. A message appears at the top of the

page informing you that the global policy has been reset.


To reset all the properties in the global external user access policy to their default values, use the Remove-CsExternalAccessPolicy cmdlet:

Remove-CsExternalAccessPolicy –Identity global

243


Note that this command will not remove the global policy. However, all the properties in that policy will be reset to their default values.

244


Managing MonitoringTopics in this section provide step-by-step procedures for tasks you can perform using the

Monitoring and Archiving group in Lync Server Control Panel to configure monitoring.

In This Section

Create a Site Policy for Call Detail Recording

Create a Site Policy for Quality of Experience

Enable Call Detail Recording

Enable Quality of Experience

Configure Call Detail Recording

Configure Quality of Experience

Delete a Site Policy for Call Detail Recording

Delete a Site Policy for Quality of Experience

Create a Site Policy for Call Detail Recording

Follow these steps to create a new call detail recording (CDR) policy for a site.

To create a CDR policy for a site







3. In the left navigation bar, click Monitoring and Archiving, and then click Call Detail

Recording.

4. On the Call Detail Recording page, click New.

5. In Select a Site, click the site to which the policy is to be applied and click OK.

6. In New Call Detail Recording Setting, do the following:

In Name, specify a name for the new site policy.

Select the Enable monitoring of call detail recordings (CDR) check box to turn on

monitoring.

Select the Enable purging of call detail recordings (CDR) check box to turn on

purging.

In Keep call detail recordings for maximum duration (days), select the maximum

number of days that call detail recordings should be retained.

In Keep error report data for maximum duration (days), select the maximum

245


number of days that error reports should be retained.

7. Click Commit.


To enable Call Detail Recording for a site, use the New-CsCdrConfiguration cmdlet:

New-CsCdrConfiguration -Identity site:Redmond -EnableCDR $True –EnablePurging $True –KeepCallDetailForDays 30 –KeepErrorReportForDays 30

Create a Site Policy for Quality of Experience

Follow these steps to create a Quality of Experience (QoE) policy for a site.

To create a QoE policy for a site







3. In the left navigation bar, click Monitoring and Archiving, and then click Quality of

Experience Data.

4. On the Quality of Experience Data page, click New.

5. In Select a Site, click the site to which the policy is to be applied and click OK.

6. In New Quality of Experience Setting, do the following:

Select Enable monitoring of Quality of Experience (CDR) data to turn on

monitoring.

Select Enable purging of Quality of Experience (CDR) data to turn on purging.

In Keep call detail recordings for maximum duration (days), select the maximum


7. Click Commit.


To enable Quality of Experience monitoring for a site, use the New-CsQoEConfiguration cmdlet:

246


New-CsQoEConfiguration -Identity site:Redmond –EnableQoE $True –EnablePurging $True -KeepQoEDataForDays 30

Enable Call Detail Recording

Call detail recording (CDR) records usage and diagnostic information about peer-to-peer activities

including instance messaging, Voice over Internet Protocol (VoIP) calls, application sharing, file

transfer, and meetings. The usage data can be used to calculate return on investment (ROI) and

the diagnostic data can be used to troubleshoot peer-to-peer activities and meetings. For details,

see Planning for Monitoring in the Planning documentation.

Use the following procedure to enable CDR for your whole organization or each site in your

organization.

Note:

In order to enable CDR you must first install the Monitoring Server and connect it to a

Monitoring back-end database. For details, see Deploying Monitoring.

To enable CDR








Recording.

4. On the Call Detail Recording page, click the appropriate site from the table, click

Action, and then click Enable CDR.

Note:

CDR is enabled by default.


To enable Call Detail Recording for a site, set the value of the EnableCDR property to True:

Set-CsCdrConfiguration -Identity site:Redmond -EnableCDR $True

247


Enable Quality of Experience

Quality of Experience (QoE) records numeric data that indicates the media quality and

information about participants, device names, drivers, IP addresses, and endpoint types involved

in calls and sessions. For details, see Planning for Monitoring in the Planning documentation.

Use the following procedure to enable QoE for your whole organization or each site in your

organization.

Note:

In order to enable QoE you must first install the Monitoring Server and connect it to a

Monitoring back-end database. For details, see Deploying Monitoring.

To enable QoE







3. In the left navigation bar, click Topology, and then click Server Application.

4. On the Server Application page, click the service with QoEAgent in the Name column,

click Action, and then click Enable Application.

Note:

The QoEAgent is enabled by default.


To enable Quality of Experience monitoring for a site, set the value of the EnableQoE property to True:

Set-CsQoEConfiguration -Identity site:Redmond –EnableQoE $True

248


Configure Call Detail Recording

By default, call detail recording (CDR) data is purged after 60 days. You can use the settings on

the Call Detail Recording page to retain the data for a longer or shorter period of time. If you

disable CDR, data that was captured before CDR was enabled will also be subject to purging.

Note:

You should configure CDR and Quality of Experience (QoE) to retain data for the same

number of days. Each call in the call detail reports (CDRs), available from the Monitoring

Server Reports webpage, includes CDR and QoE information. If the purging duration for

CDR and QoE is different, some calls might only include CDR data, while other may only

include QoE data.

The following procedure describes how to configure purge settings CDR data.

To specify retention of CDR data








Recording.

4. On the Call Detail Recording page, click the appropriate site in the table, click Edit, and

then click Show Details.

5. To turn on purging, select Enable Purging for Monitoring Servers.

6. In Keep call detail recordings for maximum duration (days): select the maximum


7. In Keep error report data for maximum duration (days): select the maximum number

of days that error reports should be retained.

8. Click Commit.


To specify the number of days CDR data will be retained, use the Set-CsCdrConfiguration cmdlet and the KeepCallDetailForDays and KeepErrorReportForDays parameters:

Set-CsCdrConfiguration -Identity site:Redmond –EnablePurging $True –KeepCallDetailForDays 30 –KeepErrorReportForDays 30

249


Configure Quality of Experience

By default, Quality of Experience (QoE) data is purged after 60 days. You can use the settings on

the Quality of Experience Data page to retain the data for a longer or shorter period of time. If

you disable QoE, data that was captured before QoE was enabled will also be subject to purging.

Note:

You should configure call detail recording (CDR) and QoE to retain data for the same

number of days. Each call in the call detail reports (CDRs), available from the Monitoring

Server reports homepage, includes CDR and QoE information. If the purging duration for

CDR and QoE is different, some calls may only include CDR data, while other may only

include QoE data.

The following procedure describes how to configure purge settings for QoE data.

To specify retention of QoE data








Experience Data.

4. On the Quality of Experience Data page, click the appropriate site from the table, click

Edit, and then click Show Details.

5. To turn on purging, select Enable Purging for Monitoring Servers.

6. In Keep call detail recordings for maximum duration (days): select the maximum

number of days that QoE data should be retained.

7. Click Commit.


To specify the number of days QoE data will be retained, use the Set-CsQoEConfiguration cmdlet and the KeepQoEDataForDays parameter:

Set-CsQoEConfiguration -Identity site:Redmond –EnablePurging $True -KeepQoEDataForDays 30

250


Delete a Site Policy for Call Detail Recording

Follow these steps to delete a site policy for call detail recording (CDR).

To delete a CDR policy








Recording.

4. In the search field, type all or part of the name of the policy you want to delete.


6. Click OK.


To delete the Call Detail Recording configuration settings for site, use the Remove-CsCdrConfiguration cmdlet:

Remove-CsCdrConfiguration -Identity site:Redmond

To delete all the per-site settings, use this command:

Get-CsCdrConfiguration –Filter "site:*" | Remove-CsCdrConfiguration

Delete a Site Policy for Quality of Experience

Follow these steps to delete a site policy for Quality of Experience (QoE).

To delete a QoE policy








Experience Data.

251


4. On the Quality of Experience Data page, in the search field, type all or part of the name

of the policy you want to delete.


6. Click OK.


To delete the Quality of Experience configuration settings for site, use the Remove-CsQoEConfiguration cmdlet:

Remove-CsQoEConfiguration -Identity site:Redmond

To delete all the per-site settings, use this command:

Get-CsQoEConfiguration –Filter "site:*" | Remove-CsQoEConfiguration

252


Managing ArchivingTopics in this section provide step-by-step procedures for tasks you can perform using the

Monitoring and Archiving page in Lync Server Control Panel to configure archiving.

Note:

In order to configure and use archiving, you must first install the Archiving Server and the

archiving database. For details, see Deploying Archiving in the Deployment

documentation.

In This Section

Configuring Support for Archiving of Internal and External Communications

Enable or Disable Archiving

Specify the Types of Communications To Be Archived

Enable or Disable Purging for Archiving

Block or Allow IM and Web Conferencing Sessions If Archiving Fails


Configuring Support for Archiving of Internal and External Communications

In Lync Server 2010 Control Panel, you can use the Archiving Policy page of the Archiving and

Monitoring group to manage policies at a global, site, or user level, including configuring the

default global policy and creating one or more additional user and site policies for your

deployment. The global policy is created automatically when you deploy Archiving Server and can

be configured, but not deleted. You can create and configure multiple site and user policies that,

together with the global policy, control which communications are archived. In each policy, you

can enable or disable archiving of internal communications, external communications, or both. By

default, archiving is not enabled for internal or external communications. Site archiving policies

override the global archiving policy, but only for users of that site. User policies override both

global and site policies for the users to whom the user policy is assigned.

Notes:


archiving database. For details, see Deploying Archiving in the Deployment documentation.

To configure archiving support, you must enable support for each type of archiving you want to

support, as well as configure and, if appropriate, assign policies and configure other options to

control how archiving is implemented. For details, see Managing External Connectivity in the

Operations documentation.

In This Section

Change the Global Policy for Archiving of Internal and External Communications

Create a Site Policy for Archiving

253


Enable or Disable Archiving for a Site

Create a User Policy for Archiving

Enable or Disable Archiving for Users

Delete an Archiving Policy

Apply an Archiving Policy to a User or User Group

Change the Global Policy for Archiving of Internal and External Communications

The global policy is created by default when you install your first Archiving Server. You can

change the settings to control whether archiving is enabled for internal users and external users.

The global policy cannot be deleted. You can also enable or disable archiving for specific sites

and users by creating site policies and user policies. For details, see Create a Site Policy for

Archiving and Create a User Policy for Archiving, both of which are available in the Deployment

documentation and the Operations documentation.

Notes:







Use the procedure in this topic to configure the global policy.

To change the global policy for archiving

1. From a user account that is assigned to the CsArchivingAdministrator or CsAdministrator

role, log on to any computer in your internal deployment.




3. In the left navigation bar, click Monitoring and Archiving, and then click Archiving

Policy.

4. Click Global in the list of policies, click Edit, and then click Show details.

5. In Edit Archiving Policy - Global, do the following:

To enable or disable internal archiving for the deployment, select or clear the Archive

internal communications check box.

To enable or disable external archiving for the deployment, select or clear the

Archive external communications check box.

6. Click Commit.

254



To modify the global archiving policy, use the Set-CsArchivingPolicy cmdlet and set the Identity to global:

Set-CsArchivingPolicy -Identity global -ArchiveInternal $True –ArchiveExternal $True

Alternatively, you can leave off the Identity parameter. If you do not specify an Identity, Set-CsArchivingPolicy will automatically modify the global policy:

Set-CsArchivingPolicy -ArchiveInternal $True –ArchiveExternal $True

Create a Site Policy for Archiving

For each site you have deployed, you can create an archiving policy to control whether archiving

for that site is enabled or disabled for the following:

Internal communications

External communications

The configuration in the site policy overrides the global policy, but only for the specific site

covered by the site policy. For example, if you enable archiving of internal and external

communications in the global policy, you might specify a site policy that disables archiving for

internal communications, external communications, or both for that one site.

Notes:





control how archiving is implemented. For details, see Configuring Support for External User

Access and Configure Archiving Options for a Site in the Deployment documentation or Managing

External Connectivity in the Operations documentation.

To create an archiving policy for a site







Policy.

4. Click New, and the click Site policy.

5. In Select a Site, click the site to which the policy is to be applied.

6. In New Archiving Policy, do the following:

255


In Name, specify a name for the new site policy (for example, externalContoso).

In Description, provide details about what the site policy is (for example, External

user archiving policy for Contoso).

To control archiving of internal communications for the site, select or clear the

Archive internal communications check box.

To control archiving of communications with external users for the site, select or clear

the Archive external communications check box.

7. Click Commit.


To create a new archiving policy at the site scope, use the New-CsArchivingPolicy cmdlet:

New-CsArchivingPolicy -Identity "site:Redmond" -ArchiveInternal $True –ArchiveExternal $True

Enable or Disable Archiving for a Site

You can change the settings of a site policy to control whether archiving is enabled for internal

instant messaging (IM) communications and external IM communications of a specific site. You

can also enable or disable archiving globally and for specific users by configuring the global

policy and by creating user policies. For details, see Configure the Global Policy for Archiving and

Create a User Policy for Archiving, both of which are available in the Deployment documentation

and the Operations documentation.

Notes:







Use the procedure in this topic to configure a site policy.

To change a site policy






256



Policy.

4. Select the appropriate site policy from the list of policies, click Edit, click Show details,

and then do the following:

To enable or disable internal archiving for the policy, select or clear the Archive


To enable or disable external archiving for the policy, select or clear the Archive

external communications check box.

5. Click Commit.


To modify an archiving policy configured at the site scope, use the Set-CsArchivingPolicy cmdlet:

Set-CsArchivingPolicy -Identity "site:Redmond" -ArchiveInternal $False –ArchiveExternal $False

Create a User Policy for Archiving

You can create an archiving policy to control whether archiving for specific users is enabled or

disabled for the following:

Internal communications

External communications

In Microsoft Lync Server 2010 Control Panel, you define user policies that can be assigned to

users in Users.

The user policy overrides the global policy and site policies, but only for the specific users

assigned the user policy. For example, if you enable archiving of internal and external

communications in the global policy, you might specify a site policy that disables it for internal

communications, external communications, or both for that one site, and then specify a user

policy that enables archiving for a specific group of users at that site.

Notes:








257


To create a user policy for archiving







Policy.

4. Click New, and then click User policy.

5. In New Archiving Policy, do the following:

In Name, specify a name for the new user policy.

In Description, provide details about what the user policy is (for example, External

user archiving policy for Contoso)

To control archiving of internal communications for the specified users, select or clear

the Archive internal communications check box.

To control external archiving for the specifying users, select or clear the Archive


6. Click Commit.


To create a new per-user archiving policy, use the New-CsArchivingPolicy cmdlet:

New-CsArchivingPolicy -Identity "RedmondArchivingPolicy" -ArchiveInternal $True –ArchiveExternal $True

258


Enable or Disable Archiving for Users

You can change the settings of a user policy to control whether archiving is enabled for internal

instant messaging (IM) communications and external IM communications of specific users. A user

policy can be assigned to users defined in Users. For details, see Apply an Archiving Policy to a

User or User Group in the Deployment documentation and Operations documentation. You can

also enable or disable archiving globally and for specific sites by configuring the global policy and

by creating site policies. For details, see Configure the Global Policy for Archiving and Create a

Site Policy for Archiving, both of which are available in the Deployment documentation and the


Notes:




support, configure and, if appropriate, assign policies and configure other options to control how

archiving is implemented. For details, see Managing External Connectivity in the Operations

documentation.

Use the procedure in this topic to configure a user policy.

To change a user policy for archiving







Policy.

4. Select the appropriate user policy from the list, click Edit, click Show details, and then

do the following:

To enable or disable internal archiving for the users, select or clear the Archive


To enable or disable external archiving for the users, select or clear the Archive


5. Click Commit.


To modify a per-user archiving policy, use the Set-CsArchivingPolicy cmdlet:

259


Set-CsArchivingPolicy -Identity "RedmondArchivingPolicy" -ArchiveInternal $False

260


Delete an Archiving Policy

You can delete a user policy or site policy. The global policy cannot be removed. If you delete the

global policy, it is automatically reset to the default values.

Note:


archiving database. For details, see Deploying Archiving in the Deployment

documentation.

To delete a user or site policy for archiving







Policy.

4. In the list of policies, click the user or site policy you want to delete, click Edit, and then

click Delete.

5. Click Commit.


To delete a per-user or per-site archiving policy use the Remove-CsArchivingPolicy cmdlet:

Remove-CsArchivingPolicy -Identity "RedmondArchivingPolicy"

This command removes all the archiving policies configured at the site scope:

Get-CsArchivingPolicy –Filter "site:*" | Remove-CsArchivingPolicy

And this one removes all the archiving policies configured at the per-user scope:

Get-CsArchivingPolicy –Filter "tag:*" | Remove-CsArchivingPolicy

Apply an Archiving Policy to a User or User Group

If a user has been enabled for Lync Server 2010, you can configure archiving support by applying

the appropriate policies to specific users or user groups. For example, if you create a policy to

support archiving of internal communications, you can apply it to at least one user or user group

to support archiving of the user’s Lync Server 2010 communications.

261


Notes:








Use the procedure in this topic to apply a previously created archiving user policy to one or more

user accounts or user groups.

262


To apply an archiving user policy to a user account







to configure.


Show details.

5. In Edit Lync Server User under Archiving policy, select the archiving user policy that

you want to apply.

Note:



6. Click Commit.


To assign a per-user archiving policy to a user, use the Grant-CsArchivingPolicy cmdlet:

Grant-CsArchivingPolicy –Identity "Ken Myer" –PolicyName "RedmondArchiving"

To unassign a per-user archiving policy, use the Grant-CsArchivingPolicy cmdlet and set the value of the PolicyName property to null:

Grant-CsArchivingPolicy –Identity "Ken Myer" –PolicyName $Null

Enable or Disable Archiving

You can use the Archiving Configuration page to enable archiving globally or for a specific site.

Notes:





263




To enable or disable archiving for a policy







Configuration.

4. Click Global or one of the sites in the list, click Edit, and then click Show details.

5. In Archiving setting drop-down list box, do one of the following:

To enable archiving only for instant messaging (IM) sessions, click Archive IM

sessions.

To enable archiving for both IM sessions and conferences, click Archive IM and web


To disable archiving for the policy, click Disable archiving.

6. Click Commit.


To disable archiving, use the Set-CsArchivingConfiguration cmdlet and set the EnableArchiving property to None:

Set-CsArchivingConfiguration –Identity global –EnableArchiving None

Specify the Types of Communications To Be Archived

You can use the Archiving Configuration page to specify the communications, such as instant

messaging (IM) or IM and web conferencing, that are to be archived globally or for a site.

Notes:






documentation.

264


To specify the communications to be archived







Configuration.


5. In Archiving setting drop-down list, do one of the following:

To enable archiving only for IM sessions, click Archive IM sessions.

To enable archiving for both IM sessions and conferences, click Archive IM and web


6. Click Commit.


To archive only instant message sessions, use the Set-CsArchivingConfiguration cmdlet and set the EnableArchiving property to ImOnly:

Set-CsArchivingConfiguration –Identity global –EnableArchiving ImOnly

To archive both instant message sessions and conferences, set EnableArchiving to ImAndWebConf:

Set-CsArchivingConfiguration –Identity global –EnableArchiving ImAndWebConf

To disable archiving altogether, set EnableArchiving to None:

Set-CsArchivingConfiguration –Identity global –EnableArchiving None

Enable or Disable Purging for Archiving

You can use the Archiving Configuration page to define the purging settings for archived

content globally or for a specific site.

Notes:



265



support and configure, and, if appropriate, assign policies and configure other options to control

how archiving is implemented. For details, see Managing External Connectivity in the Operations

documentation.

To enable or disable purging for archiving







Configuration.

4. Click Global or one of the sites in the list, click Edit, click Show details, and then do the

following:

To enable purging, select the Enable purging of archiving data check box and then

do one of the following:

To purge all records, click the Purge exported archiving data and stored archiving

data after maximum duration (days), and then specify the number of days.

To purge only the data that has been exported, click Purge exported archiving data

only.

To disable purging, clear the Enable purging of archiving data check box.

5. Click Commit.


To enable the purging of old records from the archiving database, use the Set-CsArchivingConfiguration cmdlet to set the EnablePurging property to True:

Set-CsArchivingConfiguration –Identity global –EnablePurging $True –KeepArchivingDataForDays 30

As shown above, you can also use the KeepArchivingDataForDays parameter to specify the number of days that records should be kept in the database.

To disable purging, set the EnablePurging property to False:

Set-CsArchivingConfiguration –Identity global –EnablePurging $False

266


Block or Allow IM and Web Conferencing Sessions If Archiving Fails

You can use the Archiving Configuration page to specify whether to block instant messaging

(IM) and web conferencing if archiving fails.

Notes:






documentation.

To enable or disable blocking of IM and web conferencing sessions if archiving fails







Configuration.


5. To set how archiving behaves when a failure occurs, select or clear the Block instant

messaging (IM) or web conferencing sessions if archiving fails check box.

6. Click Commit.


To disable instant message sessions and conferences if archiving fails, use the Set-CsArchivingConfiguration cmdlet and set the BlockOnArchiveFailure property to True:

Set-CsArchivingConfiguration –Identity global –BlockOnArchiveFailure $True

To allow instant message sessions and conferences if archiving fails set the BlockOnArchiveFailure property to False:

Set-CsArchivingConfiguration –Identity global –BlockOnArchiveFailure $False

267




should have specified whether to automatically send the archiving disclaimer to federated

partners. If you archive external communications, you should enable the sending of an archiving

disclaimer. Use the procedure in this topic to change that configuration.

Note:




To enable or disable sending an archiving disclaimer to federated partners








Configuration.

4. On the Access Edge Configuration tab, click Global, click Edit, and then click Show

details.


users, select or clear the Send archiving disclaimer to federated partners check box

to enable or disable automatically sending the archiving disclaimer.

6. Click Commit.








To display an archiving disclaimer to federated partners at the beginning of an instant messaging session, use the Set-CsAccessEdgeConfiguration cmdlet and set the EnableArchivingDisclaimer property to True:

268


Set-CsAccessEdgeConfiguration –Identity global -EnableArchivingDisclaimer $True

To prevent the display of the archiving disclaimer, set the EnableArchivingDisclaimer property to False:

Set-CsAccessEdgeConfiguration –Identity global -EnableArchivingDisclaimer $False

Configuring SecurityTopics in this section provide step-by-step procedures for tasks you can perform using the

Security group in Lync Server Control Panel.

In This Section

Create a New Registrar

Modify an Existing Registrar

Delete a Registrar

Create a New Web Service

Modify an Existing Web Service

Delete a Web Service

Create a New PIN Policy

Modify an Existing PIN Policy

Delete a PIN Policy

See Also

Managing On-Premises Meetings

Create a New Registrar

You can use the Registrar to configure proxy server authentication methods. The authentication

protocol you specify determines which type of challenges the servers in the pool issue to clients.

The available protocols are:

Kerberos This is the strongest password-based authentication scheme available to clients,

but it is normally available only to enterprise clients because it requires client connection to a

Key Distribution Center (Kerberos domain controller). This setting is appropriate if the server

authenticates only enterprise clients.

NTLM This is the password-based authentication available to clients that use a challenge-

response hashing scheme on the password. This is the only form of authentication available

to clients without connectivity to a Key Distribution Center (Kerberos domain controller), such

as remote users. If a server authenticates only remote users, you should choose NTLM.

Certificate authentication This is the new authentication method when the server needs to

obtain certificates from Microsoft Lync 2010 Phone Edition clients, common area phones and

Microsoft Lync 2010. On Lync Phone Edition clients, after a user signs in and is successfully

269


authenticated by providing a personal identification number (PIN), Microsoft Lync Server

2010 then provisions the SIP URI to the phone and provisions a Lync Server signed

certificate or a user certificate that identifies Joe (Ex: [email protected] ) to the phone.

This certificate is used for authenticating with the Registrar and Web Services.

Note:

We recommend that you enable both Kerberos and NTLM when a server supports

authentication for both remote and enterprise clients. The Edge Server and internal

servers communicate to ensure that only NTLM authentication is offered to remote

clients. If only Kerberos is enabled on these servers, they cannot authenticate remote

users. If enterprise users also authenticate against the server, Kerberos is used.

Follow these steps to create a new Registrar.

To create a Registrar







3. In the left navigation bar, click Security and then click Registrar.

4. On the Registrar page, click New

5. In Select a Service, click the service to which the Registrar is to be applied and then

click OK.

6. In New Registrar Setting, select one or more of the following depending on the

capabilities of the clients and support in your environment:

Enable Kerberos authentication to have the servers in the pool issue challenges

using Kerberos authentication.

Enable NTLM authentication to have the servers in the pool issue challenges using

NTLM.

Enable certificate authentication to have the servers in the pool issue certificates

to clients.

7. Click Commit.


To create a new collection of proxy configuration settings, use the New-CsProxyConfiguration cmdlet:

270


New-CsProxyConfiguration -Identity "service:Registrar:atl-cs-001.litwareinc.com" -UseCertificateForClientToProxyAuth $True –UseKerberosForClientToProxyAuth $True –UseNtlmForClientToProxyAuth $True

Modify an Existing Registrar

You can use the Registrar to configure proxy server authentication protocols. For information

about the available protocols, see Create a New Registrar.

Note:

We recommend that you enable both Kerberos and NTLM when a server supports

authentication for both remote and enterprise clients. The Edge Server and internal

servers communicate to ensure that only NTLM authentication is offered to remote

clients. If only Kerberos is enabled on these servers, they cannot authenticate remote

users. If enterprise users also authenticate against the server, Kerberos is used.

Follow these steps to modify an existing Registrar.

To modify an existing Registrar








4. On the Registrar page, click a service, click Edit, and then click Show details.

5. In Edit Registrar Setting, select one or more of the following depending on the

capabilities of the clients and support in your environment:

Enable Kerberos authentication to have the servers in the pool issue challenges

using Kerberos authentication.

Enable NTLM authentication to have the servers in the pool issue challenges using

NTLM.


to clients.

6. Click Commit.


To modify an existing collection of proxy configuration settings, use the Set-CsProxyConfiguration cmdlet:

271


Set-CsProxyConfiguration -Identity "service:Registrar:atl-cs-001.litwareinc.com" -UseCertificateForClientToProxyAuth $False

Delete a Registrar

Follow these steps to delete a Registrar.

To delete a Registrar








4. On the Registrar page, and in the search field, type all or part of the name of the

Registrar you want to delete.

5. In the list, click the Registrar that you want, click Edit, and then click Delete.

6. Click OK.


To delete a collection of proxy configuration settings, use the Remove-CsProxyConfiguration cmdlet:

Remove-CsProxyConfiguration -Identity "service:Registrar:atl-cs-001.litwareinc.com"

This command removes all the proxy configuration settings assigned to the service scope:

Get-CsProxyConfiguration –Filter "service:*" | Remove-CsProxyConfiguration

And this command removes all the proxy configuration settings assigned to your Registrars:

Get-CsProxyConfiguration –Filter "service:Registrar:*" | Remove-CsProxyConfiguration

272


Create a New Web Service

You can use the Web Service page to configure the authentication methods for accessing

Microsoft Lync Server 2010 related web servers and Web Services.

Follow these steps to create a new Web Service policy.

To create a Web Service policy







3. In the left navigation bar, click Security and then click Web Service.

4. On the Web Service page, click New, and then do one of the following:

To configure the Web Service for a site, click Site configuration. In Select a Site,

click the site to which the Web Service policy will be applied a site and click OK.

To configure the Web Service for a pool, click Pool configuration. In Select a

Service, click the service to which the Web Service policy will be applied and click

OK.

5. In New Web Service Setting, in Windows authentication, select Negotiate, NTLM, or

None.

6. Select one or more of the following depending on the capabilities of the clients and

support in your environment:

Enable PIN Authentication to enable clients to be authenticated using PIN numbers.


to clients.

Enable certificate chain download to have servers presented with an

authentication certificate download the certificate chain for that certificate.

Show Lync Attendee download link to give the users the option to download Lync

2010 Attendee.

Show the link for user to join meeting using legacy client to give users the option

to join meetings using a previous version of Communicator.

7. Click Commit.


273


To create a new collection of Web Service configuration settings, use the New-CsWebServiceConfiguration cmdlet:

New-CsWebServiceConfiguration -Identity site:Redmond –UseWindowsAuth Negotiate –UsePinAuth $False

274


Modify an Existing Web Service

You can use the Web Service page to configure the authentication methods for accessing

Microsoft Lync Server 2010 related web servers and Web Services.

Follow these steps to modify an existing Web Service policy.

To modify an existing Web Service








4. On the Web Service page, click a configuration, click Edit, and then click Show details.

5. In Edit Web Service Setting, in Windows authentication, select Negotiate, NTLM, or

None.

6. Select one or more of the following depending on the capabilities of the clients and

support in your environment:

Enable PIN Authentication to enable clients to be authenticated using PIN numbers.


to clients.

Enable certificate chain download to have servers presented with an

authentication certificate download the certificate chain for that certificate.

Show Lync Attendee download link to give the users the option to download Lync

2010 Attendee.

Show the link for user to join meeting using legacy client to give users the option

to join meetings using a previous version of Communicator.

7. Click Commit.


To modify an existing collection of Web Service configuration settings, use the Set-CsWebServiceConfiguration cmdlet:

Set-CsWebServiceConfiguration -Identity site:Redmond –UseWindowsAuth None –UsePinAuth $True

275


Delete a Web Service

Follow these steps to delete a Web Service policy.

To delete a Web Service policy








4. On the Web Service page, and in the search field, type all or part of the name of the

policy you want to delete.


6. Click OK.


To delete an existing collection of Web Service configuration settings, use the Remove-CsWebServiceConfiguration cmdlet:

Remove-CsWebServiceConfiguration -Identity site:Redmond

This command deletes all the Web Service configuration settings assigned to the site scope:

Get-CsWebServiceConfiguration –Filter "site:*" | Remove-CsWebServiceConfiguration

Create a New PIN Policy

You can use the PIN Policy page to provide personal identification number (PIN) authentication

to users who are connecting to Microsoft Lync 2010 with IP Phones. To use PIN authentication,

make sure that Enable PIN Authentication is selected in Web Service settings. For details, see

Modify an Existing Web Service.

Follow these steps to create a user-level or a site-level PIN policy.

To create a user or site PIN policy


276







3. In the left navigation bar, click Security and then click PIN Policy.

4. On the PIN Policy page, click New, and then do one of the following:

To create a user-level policy, click User policy. In New PIN Policy, in Name, type a

name that describes the policy.


all or part of the name of the site for which you want to create a policy. In the resulting

list of sites, click the site you want, and then click OK.

5. In the Description field, type a description of the PIN policy.

6. In the Minimum PIN length field, type or select the minimum PIN length that you want to

allow. The default minimum length is five digits.
















digits are allowed.

Important:


13. Click Commit.


277


To create a new per-user or per-site PIN policy, use the New-CsPinPolicy cmdlet:

New-CsPinPolicy –Identity "site:Redmond" –MinPasswordLength 8

Modify an Existing PIN Policy

You can use the PIN Policy tab to provide personal identification number (PIN) authentication to

users who are connecting to Microsoft Lync 2010 with IP Phones. To use PIN authentication,

make sure that Enable PIN Authentication is selected in Web Service settings. For details, see

Modify an Existing Web Service.

Follow these steps to modify a user-level or a site-level PIN policy.

To modify an existing PIN policy








4. On the PIN Policy page, click a policy, click Edit, and then click Show details.

5. In Edit PIN Policy, in Minimum PIN length, type or select the minimum PIN length that

you want to allow. The default minimum length is five digits.
















digits are allowed.

Important:


278


12. Click Commit.


To modify an existing PIN policy, use the Set-CsPinPolicy cmdlet:

Set-CsPinPolicy –Identity "site:Redmond" –MinPasswordLength 6

Delete a PIN Policy

Follow these steps to delete a personal identification number (PIN) policy.

Note:

You cannot delete the global PIN policy.

To delete a PIN policy








4. On the PIN Policy page, and in the search field, type all or part of the name of the policy

you want to delete.


6. Click OK.


To remove a PIN policy, use the Remove-CsPinPolicy cmdlet:

Remove-CsPinPolicy –Identity "site:Redmond"

This command removes all the PIN policies configured at the site scope:

Get-CsPinPolicy –Filter "site:*" | Remove-CsPinPolicy

279


And this command removes all the per-user PIN policies:

Get-CsPinPolicy –Filter "tag:*" | Remove-CsPinPolicy

Configuring Your NetworkMicrosoft Lync Server 2010 includes support for call admission control (CAC) and media bypass.

To implement these features you must configure a network of regions, sites, subnets, and so on

that will allow you to manage bandwidth in situations where audio and video transmissions need

to be restricted.

You can use the Lync Server Control Panel to set up and manage CAC and media bypass. The

following topics provide steps for how to do this.

In This Section

Enabling Call Admission Control

Enabling Media Bypass

Configuring Location Policy

Configuring Bandwidth Policy Profile

Configuring Network Regions

Configuring Network Sites

Configuring Network Subnets

Configuring Network Region Links

Configuring Network Region Routes

Configuring Network Site Links

Enabling Call Admission Control

Call admission control (CAC) is a network of regions, sites, and subnets that enable you to place

restrictions on audio and video transmissions based on available bandwidth. After you configure

the CAC network, you must enable CAC to enforce the bandwidth limitations. You can use Lync

Server Control Panel to do this.

To enable CAC from Lync Server Control Panel







3. In the left navigation bar, click Network Configuration and then click Global.

4. On the Global page, click the Global configuration.

280


Note:

Only one network can be configured for any Microsoft Lync Server 2010

deployment, so there will never be more than one network configuration in the

list. You cannot rename the Global configuration.


6. On the Edit Global Setting page, select the Enable call admission control check box,

and then click Commit.

When you click Commit, you run a test of the configuration. The Edit Global Settings dialog

box closes, returning you to the Global page. You will receive a warning if any errors or

inconsistencies are discovered in your network configuration that will prevent it from working

correctly (for example, if every region is not connected to every other region through an

interregion route).

If you make changes to your network configuration, you can run the validation check again by

opening the Global configuration and clicking Commit. You do not need to disable CAC first:

leave the check box checked and click Commit. You can do this at any time without making

any configuration changes.

Enabling Media Bypass

Media bypass settings apply globally across a Microsoft Lync Server 2010 deployment. Media

bypass allows calls to bypass the Mediation Server. For details on when to use Media bypass,

see Media Bypass in the Planning section.

You can enable and configure media bypass from the Lync Server Control Panel.

To enable and configure media bypass







3. In the left navigation bar, click Network Configuration and then click Global.

4. On the Global page, click the Global configuration. There is always only one

configuration, and it is always named Global.

5. On the Edit menu, click View details.

6. On the Edit Global Setting page, click the Enable media bypass check box.

7. Select one of the following options:

Always bypass Select this option to attempt media bypass on all calls. This option

will be unavailable if call admission control (CAC) is enabled. If CAC is not enabled,

select this option in the following situations:

281


There is no need for bandwidth control.

There is no need for fine-grained configuration to determine when bypass should

happen.

There is full connectivity between gateways and clients.

Use sites and region configuration If CAC is enabled, this option is selected by

default and cannot be changed. When this option is selected, network configuration

sites and regions will be used to determine when media bypass is possible. If you

select this option, you can choose to enable bypass for sites that are not mapped.

Click the Enable bypass for non-mapped sites check box only if you have one or

more large sites associated with the same region that do not have bandwidth

constraints (for example, a large central site) and you also have some branch sites

associated with the same region that do have bandwidth constraints. When you

enable bypass for non-mapped sites, configuration is streamlined because you

specify only the subnets associated with the branch sites rather than needing to

specify all subnets associated with all sites. We recommend that you do not select

the Enable bypass for non-mapped sites check box if CAC is enabled.

8. Click Commit to save your changes.

Configuring Location Policy

The location policy is used to apply settings that relate to Enhanced 9-1-1 (E9-1-1) functionality

and to location settings for users or contacts. The location policy determines whether a user is

enabled for E9-1-1, and if so what the behavior is of an emergency call. For example, you can

use the location policy to define what number constitutes an emergency call (911 in the United

States), whether corporate security should be automatically notified, and how the call should be

routed.

You can configure location policies from the Network Configuration group in Lync Server

Control Panel. From the Lync Server Control Panel you can view, create, modify, or delete

location policies.

To view location policies







3. In the left navigation bar, click Network Configuration and then click Location Policy.

A single policy, called Global, exists by default and cannot be deleted or renamed. However,

you can modify the Global policy. This policy will apply to all users and contacts, unless you

create site policies or per-user policies. Per-user policies must be applied to specific users.

282


To create a new location policy








4. On the Location Policy page, click New and then select the type of policy you want to

create:

To create a site policy, click Site policy. In Select a Site, choose the site to which

you want the policy applied and click OK. On the New Location Policy page, the

Scope field contains the value Site, and the Name field contains the name of the site

you chose. You cannot modify either of these fields. A site policy is automatically

applied to all users on the specified site and overrides the global policy for those

users.

To create a User policy, click User policy. In the New Location Policy, the Scope

field contains the value User. You cannot modify this value. In the Name field, type

the name you want to give this policy. A user policy does not automatically apply to

any users. After creating the user policy, you must manually grant the policy to the

users or network sites to which you want to policy to apply.

5. Fill in the remaining fields as follows:

Enable enhanced emergency services Select this check box to enable the users

associated with this policy for E9-1-1. When emergency services are enabled,

Microsoft Lync Server 2010 clients will retrieve location information on registration

and include that information when an emergency call is made.

Location Specify one of the following values:

Required The user will be prompted to input location information when the client

registers at a new location. The user can dismiss the prompt without entering any

information. If information is entered, an emergency call will first be answered by the

emergency services provider to verify the location before being routed to the Public

Safety Answering Point (PSAP) operator (that is, the 911 operator).

Not Required The user will not be prompted for a location. When a call is made

with no location information, the emergency services provider will answer the call and

ask for a location.

Disclaimer This option is the same as Required except that the user cannot

dismiss the prompt without entering location information. The user can still complete

an emergency call, but no other calls can be completed without entering the

information. In addition, disclaimer text will be displayed to the user that can alert

them to the consequences of declining to enter location information. To set the

disclaimer text, you must run the Set-CsEnhancedEmergencyServiceDisclaimer

283


cmdlet at command line by using the Lync Server Management Shell. For details,

see Set-CsEnhancedEmergencyServiceDisclaimer in the Lync Server Management

Shell documentation.

Use location for emergency services only Location information can be used by

the Microsoft Lync 2010 client for various reasons (for example, to notify teammates

of your current location). Select this check box to ensure location information is

available only for use with an emergency call.

PSTN usage The public switched telephone network (PSTN) usage that will be

used to determine which voice route will be used to route emergency calls from

clients using this profile. The route associated with this usage should point to a SIP

trunk dedicated to emergency calls.

Emergency dial number The number that is dialed to reach emergency services.

In the United States this value is 911. The string must be made of the digits 0 through

9 and can be from 1 to 10 digits in length.

Emergency dial mask A number that you want to translate into the value of the

emergency dial number value when it is dialed. For example, if you enter a value of

212 in this field and the emergency dial number field has a value of 911, if a user

dials 212 the call will be made to 911. This allows for alternate emergency numbers

to be dialed and still have the call reach emergency services (for example, if

someone from a country or region with a different emergency number attempts to dial

that country or region’s number rather than the number for the country or region they

are currently in). You can define multiple emergency dial masks by separating the

values with semicolons. For example, 212;414. Maximum length of the string is 100

characters. Each character must be a digit 0 through 9.

Important:

Ensure that the specified dial mask value is not the same as a number in a

call park orbit range. Call park routing will take precedence over emergency

dial string conversion. To see the existing call park orbit ranges, click Voice

Features in the left navigation bar and then click Call Park. For details, see

Configure Phone Number Extensions for Parking Calls.

Notification URI One or more SIP Uniform Resource Identifiers (URIs) to be

notified when an emergency call is made. For example, the company security office

could be notified through an instant message whenever an emergency call is made. If

the caller’s location is available that location will be included in the notification.

Multiple SIP URIs can be included as a comma-separated list. For example,

"sip:[email protected]","sip:[email protected]". Keep in mind that

distribution lists and group URIs are not supported. The string must be from 1 to 256

characters in length and must begin with the prefix "sip:". Before you click in the

Notification URI field an example is displayed.

Conference URI The SIP URI, in this case the telephone number, of a third party

that will be conferenced in to any emergency calls that are made. For example, the

company security office could receive a call when an emergency call is made and

284


listen in or participate in that call (depending on the value supplied in the Conference

mode field). The string must be from 1 to 256 characters in length and must begin

with the prefix sip:. An example is displayed until you click inside this field.

Conference mode If you specify a value in the Conference URI field, the

Conference mode determines whether a third party can participate in the call or can

only listen in. Specify one of the following options:

One-way A third party can only listen to the conversation between the caller and the

PSAP operator.

Two-way A third party can listen in and participate in the call between the caller and

the PSAP operator.

6. Click Commit.

Important

When you create a user policy, initially that policy does not apply to any users or network

sites. To apply the policy to a user, click Users in the left navigation bar. Find the user to

which you want to apply the policy. On the Edit menu, click Show details. On the Edit Lync

Server User page, select the new location policy from the Location policy drop-down list

and then click Commit.

To apply the policy to a network site, click Network Configuration in the left navigation bar

and then click Site. Find the network site to which you want to apply the policy. On the Edit

menu, click Show details. In Edit Site, select the new location policy from the Location

policy drop-down list and then click Commit.

To modify a location policy








4. On the Location Policy page, select the location policy that you want to modify.


6. On the Edit Location Policy page, modify the fields as necessary (for details, see Step 5

in the "To create a new location policy" procedures earlier in this topic).

7. Click Commit.

To delete a location policy



285







4. On the Location Policy page, select the location policy that you want to delete.

Note:

You can delete more than one location policy at a time. To do this, press CTRL

and select multiple policies while holding down the CTRL key. Or, to select all

policies, click Select all on the Edit menu.

5. On the Edit menu, click Delete.

6. Click OK.

Important:

You cannot delete the Global location policy. If you attempt to delete the Global

policy you will receive a warning message and that policy will be reset to its

default values.

Configuring Bandwidth Policy Profile

As part of call admission control (CAC), a bandwidth policy is used to define bandwidth limitations

for certain modalities. In Microsoft Lync Server 2010, only audio and video modalities can be

assigned bandwidth limitations. You can set overall bandwidth limitations and session limitations.

You can use the Lync Server Control Panel to create or modify a container profile for these

policies. Each bandwidth policy profile can be associated with one or more network sites.

To create a new bandwidth policy profile







3. In the left navigation bar, click Network Configuration and then click Policy Profile.

4. On the Policy Profile page, click New.

5. In New Bandwidth Policy Profile, type a name in the Name field. This name must be

unique among all bandwidth policy profiles.

6. In the Audio limit field, type a numeric value. This value is the maximum amount of

bandwidth to allocate for all audio connections, expressed in kbps.

7. Enter a numeric value in the Audio session limit field. This value is the maximum

amount of bandwidth to allocate for an individual audio connection, expressed in kbps.

286


This value must be 40 or higher.

8. Enter a numeric value in the Video limit field. This value is the maximum amount of

bandwidth to allocate for all video connections, expressed in kbps.

9. Enter a numeric value in the Video session limit field. This value is the maximum

amount of bandwidth to allocate for an individual video connection, expressed in kbps.

This value must be 100 or higher.

10. (Optional) Type a value in the Description field to provide more information about this

bandwidth policy profile that cannot be expressed by the name alone.

11. Click Commit.

Note:

Creating a new bandwidth policy profile does not automatically enforce

bandwidth restrictions. You must first associate the policy profile with a site. For

details about how to associate a policy profile with a site, see Configuring

Network Sites.

To modify a bandwidth policy profile








4. On the Policy Profile page, click the bandwidth policy profile that you want to modify.


6. On the Edit Bandwidth Policy Profile page, modify the fields as necessary (for details,

see the "To create a bandwidth policy profile" section earlier in this topic).

7. Click Commit.

Note:

When you modify the bandwidth policy profile, it will immediately update the

bandwidth limitations of all network sites associated with this bandwidth policy

profile.

To delete a bandwidth policy profile






287




4. On the Policy Profile page, click the bandwidth policy profile that you want to delete.

Note:

You can delete more than one profile at a time. To do this, press CTRL and select

multiple profiles while holding down the CTRL key. Or, to select all profiles, click

Select all on the Edit menu.


Warning:

You cannot delete a bandwidth policy profile that is associated with a network

site. You must first remove the association with the network site before you can

delete the profile. For details about how to modify the network site, see

Configuring Network Sites.

Configuring Network Regions

A network region interconnects various parts of a network across multiple geographic areas.

Every network region must be associated with a central site. The central site is the data center

site on which the call admission control (CAC) bandwidth policy service is running. You can use

Lync Server Control Panel to configure network regions. Network regions include settings that

determine whether alternate paths through the Internet are allowed for audio and video

connections. From the Lync Server Control Panel, you can create, modify, or delete a network

region.

To create a network region







3. In the left navigation bar, click Network Configuration and then click Region.

4. On the Region page, click New.

5. In the New Region page, type a value in the Name field. This value must be unique

within your Microsoft Lync Server 2010 deployment.

6. From the Central site drop-down list, select the central site for this network region.

7. The Enable audio alternate path check box is checked by default. This field determines

whether audio calls will be routed through an alternate path if adequate bandwidth does

not exist in the primary path. Clear this check box only if you need to turn off the offload

to the Internet.

288


8. The Enable video alternate path check box is checked by default. This field determines

whether video calls will be routed through an alternate path if adequate bandwidth does

not exist in the primary path. Clear this check box only if you need to turn off the offload

to the Internet.


region that cannot be expressed by the name alone.

10. Click Commit.

The Associated sites table is not used for creating a network region. You associate a site

with a region when you create or modify the site. For details, see Configuring Network Sites.

To modify a network region








4. On the Region page, click the region that you want to modify.


6. On the Edit Region page, you can modify the settings for enabling and disabling audio

and video alternate paths, and change the description (for details, see the "To create a

network region" section earlier in this topic.

7. Click Commit.

You cannot modify the Associated sites on this page. The list of associated sites is provided

for reference so you are aware of which sites will be affected when you modify the region

settings.

To delete a network region








4. On the Region page, click the region that you want to delete.

Note:

You can delete more than one region at a time. To do this, press CTRL and select

289


multiple regions while holding down the CTRL key. Or, to select all regions, click



6. Click OK.

Warning:

A network region cannot be removed if it is associated with a network site. If you

attempt to remove a region associated with a site you will receive an error

message. To see if a region is associated with any sites, select the region and

then click Show details on the Edit menu.

Configuring Network Sites

Network sites are the offices or locations configured within each region of a call admission control

(CAC) or Enhanced 9-1-1 deployment. You can use the Lync Server Control Panel to configure

sites and associate them with regions. For example, a network region for North America might be

associated with networks sites such as Chicago, Redmond, and Vancouver. A CAC network site

must be created for every site within an organization, even if that site has no bandwidth

limitations. From the Lync Server Control Panel you can create, modify, and delete network sites.

To create a network site







3. In the left navigation bar, click Network Configuration and then click Site.

4. On the Site page, click New.

5. In New Site, type a name for this site in the Name field.

Note:

Site names must be unique within the Microsoft Lync Server 2010 deployment.

6. In the Region drop-down list, select a network region to associate with this site.

7. (Optional) If you want to place bandwidth limitations on audio or video calls to this site,

select the bandwidth policy profile with the appropriate settings from the Bandwidth

policy drop-down list.

Note:

You can view the details of the available bandwidth policy profiles, or create a

new bandwidth policy profile, on the Policy Profile page of the Network

Configuration group. For details, see Configuring Bandwidth Policy Profile.

8. (Optional) If you want to provide location settings for this site, select a location policy from

290


the Location policy drop-down list.

Note:

The location policy assigns specific Enhanced 9-1-1 (E9-1-1) and client location

settings to the site. You can view the details of the available location policies, or

create a new location policy, from the Location Policy page of the Network

Configuration group. For details, see Configuring Location Policy.


site that cannot be expressed by the name alone.

10. Click Commit.

Note:

You do not use the Associated Subnets table when you create a new network

site. You associate a subnet with a site when you create or modify the subnet.

For details, see Configuring Network Subnets.

To modify a network site








4. On the Site page, click the site that you want to modify.


6. On the Edit Site page, you can modify the description, region, bandwidth policy profile,

and location policy associated with the site. For details, see "To create a network site"

section earlier in this topic.

7. Click Commit.

You cannot modify the Associated Subnets table on this page. The list of associated

subnets is provided for reference so that you are aware of what subnets will be affected when

you modify the site settings.

To delete a network site







291



4. On the Site page, click the site that you want to delete.

Note:

You can delete more than one site at a time. To do this, press CTRL and select

multiple sites while holding down the CTRL key. Or, to select all sites, click



6. Click OK.

Warning:

You cannot remove a network site if it is associated with a network subnet. If you

attempt to remove a site associated with a subnet you will receive an error

message. To see if a site is associated with any subnets, click the site and then

click Show details on the Edit menu.

Configuring Network Subnets

A network subnet must be associated with a network site for the purposes of determining the

geographic location of the host belonging to this subnet. You can use Lync Server Control Panel

to configure subnets. From the Lync Server Control Panel, you can create, modify, or delete a

network subnet.

In most deployments of Microsoft Lync Server 2010 where call admission control (CAC) is

implemented, there will typically be a large number of subnets. Because of this, it is often best to

configure subnets from the Lync Server Management Shell. From there you can call New-

CsNetworkSubnet in conjunction with the Windows PowerShell cmdlet Import-CSV. By using

these cmdlets together, you can read in subnet settings from a comma-separated values (.csv)

file and create multiple subnets at the same time. For examples of how to create subnets from

a .csv file, see New-CsNetworkSubnet.

To create a network subnet







3. In the left navigation bar, click Network Configuration and then click Subnet.

4. On the Subnet page, click New.

5. In New Subnet, enter a value in the Subnet ID field. This must be an IP address (for

example, 174.11.12.0), and it must be the first address in the IP address range defined by

the subnet.

292


6. In the Mask field, enter a numeric value from 1 through 32.

Note:

This value is the bitmask that is to be applied to the subnet being created.

7. In Network site ID, select the site to which this subnet belongs.


subnet that cannot be expressed by the name alone.

9. Click Commit.

To modify a network subnet








4. On the Subnet page, click the subnet that you want to modify.


6. On the Edit Subnet page, you can modify the bitmask, associated network site, or

description. If you modify the bitmask, keep in mind that the Subnet ID must still be the

first address in the IP address range defined by the subnet.

7. Click Commit.

To delete a network subnet








4. On the Subnet page, click the subnet that you want to delete.

Note:

You can delete more than one subnet at a time. To do this, press CTRL and

select multiple subnets while holding down the CTRL key. Or, to select all

subnets, click Select all on the Edit menu.


6. Click OK.

293


Configuring Network Region Links

You can configure links between two network regions as part of call admission control (CAC).

Regions within a network are linked through physical wide area network (WAN) connectivity. You

can use the Lync Server Control Panel to define a link between two network regions and set the

bandwidth limitations on audio and video connections between these regions.

To create a network region link







3. In the left navigation bar, click Network Configuration and then click Region Link.

4. On the Region Link page, click New.

5. In New Region Link, type a value in the Name field.

Note:

This value must be unique within your Microsoft Lync Server 2010 deployment.

6. From the Network region #1 drop-down list, select one of the two regions to be linked.

7. From the Network region #2 drop-down list, select the other region to be linked. This

region must be different from the region selected for Network region #1.

8. (Optional) If you want to place bandwidth limitations on audio or video calls between

these regions, select a bandwidth policy profile from the Bandwidth policy drop-down

list.

9. Click Commit.

To modify a network region link








4. On the Region Link page, click the region link that you want to modify.


6. In Edit Region Link, you can modify the regions that are linked or the bandwidth policy

profile for this link.

294


7. Click Commit.

To delete a network region link








4. On the Region Link page, click the region link that you want to delete.

Note:

You can delete more than one region link at a time. To do this, press CTRL and

select multiple region links while holding down the CTRL key. Or, to select all

region links, click Select all on the Edit menu.

5. From the Edit menu, select Delete.

6. Click OK.

Configuring Network Region Routes

Every region within a call admission control (CAC) configuration must have some way to access

every other region. While region links set bandwidth limitations on the connections between

regions and also represent the physical links, a route determines which linked path the

connection will traverse from one region to another. You can use Lync Server Control Panel to

configure network region routes. From Lync Server Control Panel, you can create, modify, or

delete a network region route.

To create a network region route







3. In the left navigation bar, click Network Configuration and then click Region Route.

4. On the Region Route page, click New.

5. In New Region Route, type a value in the Name field.

Note:

This value must be unique within your Microsoft Lync Server 2010 deployment.

6. From the Network region #1 drop-down list, select one of the two regions to be

295


connected by this route.

7. From the Network region #2 drop-down list, select the other region for this route. This

region must be different from the region selected for Network region #1.

8. Use the Network region links list box to add region links to the route. Click the Add

button to display the Region Link page. Click a region link to add to this route, and then

click OK.

Note:

Continue to click the Add button to add more links, or select a link and click

Remove to remove a link.

9. Click Commit.

To modify a network region route








4. On the Region Route page, click the region route that you want to modify.


6. In Edit Region Route, you can modify the regions joined by this route and the region

links associated with the route.

7. Click Commit.

To delete a network region route








4. On the Region Route page, click the region route that you want to delete.

Note:

You can delete more than one region route at a time. To do this, press CTRL and

select multiple region routes while holding down the CTRL key. Or, to select all

region routes, click Select all on the Edit menu.


6. Click OK.

296


Configuring Network Site Links

Within a call admission control (CAC) configuration, you can create network inter-site policies that

define bandwidth limitations between sites that are directly linked. When network sites share a

direct link, bandwidth limitations for audio and video connections can be defined between those

two sites. You cannot use the Lync Server Control Panel to configure network site policies, this

can be done only by using cmdlets from the Lync Server Management Shell. You can create,

modify, and remove a network site link (also known as a network inter-site policy) from the Lync

Server Management Shell.

To create a network site link

1. Log on to the computer where Lync Server Management Shell is installed as a member

of the RTCUniversalServerAdmins group or with the necessary user rights as described

in Delegate Setup Permissions.



3. From the command prompt, type the following command, substituting values that are

valid for your configuration:

New-CsNetworkInterSitePolicy -Identity Reno_Portland -

NetworkSiteID1 Reno -NetworkSiteID2 Portland -BWPolicyProfileID

LowBWLimits

This example creates a new network site link named Reno_Portland that sets bandwidth

limitations between the Reno and Portland network sites. The network sites and the

bandwidth policy profile must already exist before running this command.

For detailed parameter descriptions, see New-CsNetworkInterSitePolicy in the Lync Server

Management Shell documentation. To retrieve a list of bandwidth policy profiles that can be

applied to the network site link, call the Get-CsNetworkBandwidthPolicyProfile cmdlet. For

details, see Get-CsNetworkBandwidthPolicyProfile in the Lync Server Management Shell

documentation.

To modify a network site link






3. Use the Set-CsNetworkInterSitePolicy cmdlet to modify the properties of a given

network site link. You can modify either (or both) or the connected sites, and you can

modify the bandwidth policy profile associated with the link. Here is an example of

modifying the bandwidth policy profile of a site link named Reno_Portland:

Set-CsNetworkInterSitePolicy -Identity Reno_Portland -

BWPolicyProfileID HighBWLimits

297


For detailed parameter descriptions, see Set-CsNetworkInterSitePolicy in the Lync Server

Management Shell documentation.

To delete a network site link






3. Use the Remove-CsNetworkInterSitePolicy cmdlet to remove a network site link. The

following example deletes the Reno_Portland network site link:

Remove-CsNetworkInterSitePolicy -Identity Reno_Portland

For detailed parameter descriptions, see Remove-CsNetworkInterSitePolicy in the Lync

Server Management Shell documentation.

298


Change the Web Services URLWhen you set up your Front End pools and Standard Edition servers, you have the option to

configure an external Web farm fully qualified domain name (FQDN) and associated ports. If you

did not configure this URL when you ran the Lync Server Deployment Wizard, you need to

manually configure these settings. An administrator typically does not need to modify these

settings, as these are the recommended and default ports.

Configure Web Services





3. In Topology Builder, in the console tree under Standard Edition Front End Servers,

Enterprise Edition Front End pools, and Directory pools, select the pool name. Right-

click the name, click Edit Properties, and then click Web Services.

4. Add or edit the External Web Services FQDN, and then click OK.

5. Verify the listening and published ports are configured correctly for your environment.

6. Repeat these steps for all Standard Edition servers, Front End Pools, and Director pools

299


in your environment.

7. In the console tree, click Lync Server 2010, and then, in the Actions pane, click Publish

Topology.

There are a few requirements you should be aware of when configuring the Listening and

Publishing ports:

The listening ports shown are the ports that are configured for Internet Information Server

(IIS) on each Front End Server.

The internal and external listening ports must be different for IIS. For the external

listening ports, these are typically the same because one represents the hardware load

balancer for internal web traffic and one represents the reverse proxy server for external

web traffic.

The published ports must be configured on the reverse proxy or hardware load balancer

as listening ports.

For an Front End pool (not shown in the example), the internal SIP pool FQDN must be

different from the internal web services FQDN, because web traffic comes through the

hardware load balancer and the internal SIP pool traffic travels comes through the DNS

load balancer. This requirement must be met.

A Lync Server Standard Edition deployment does not need or allow an internal web

services FQDN to be overridden because this server cannot be load balanced.

If you have a hardware load balancer in your environment that you use for both internal

SIP and web traffic, the Topology Builder cannot make the distinction.

The external web services works in conjunction with a reverse proxy in the perimeter network.

It provides clients external access to Microsoft Lync Server 2010 by using these web

services. The FQDNs configured here are sent to clients when they log on, and are used to

make an HTTPS connection back to the reverse proxy when connecting remotely. The

reverse-proxy server forwards the external web service FQDN to an internal hardware load

balancer, or directly to the pool. The reverse proxy must be able to resolve the external web

services FQDN to the IP address of the internal Web server. The external web services

FDQN must be resolvable in the public Internet.

If your internal server is a Standard Edition server, the internal FQDN is the Standard Edition

server FQDN. If your internal server is a Front End pool, the FQDN is a hardware load

balancer virtual IP (VIP) that load balances the internal web farm servers. A hardware load

balancer is required in a Front End pool with more than one Enterprise Edition server. A load

balancer is not required for a Standard Edition server or a single Enterprise Edition Front End

Server.


300


To modify the Web Services URL used by external users, use the Set-CsWebServer cmdlet and set the value of the ExternalFqdn property:

Set-CsWebServer –Identity WebServer:atl-cs-001.litwareinc.com –ExternalFqdn atl-ext-001.litwareinc.com

301


Administering the Address Book ServiceAs a part of the deployment of Microsoft Lync Server 2010 Enterprise Edition server or Standard

Edition server, the Address Book Service is installed by default. The databases used by the

Address Book Service – RTCab and RTCab1 – are created on the SQL Server (for Enterprise

Edition server, this is the back end SQL Server, for Standard Edition server, the collocated SQL

Server).

Address Book Server Phone Number Normalization

Lync Server 2010 requires standardized RFC 3966/E.164 phone numbers. To use phone

numbers that are unstructured or inconsistently formatted, Lync Server relies on the Address

Book Server to preprocess phone numbers before they are handed off to the normalization rules.

When a phone number is used from the address book and the normalization rule is applied,

clients, such as Microsoft Lync 2010, Microsoft Lync 2010 Phone Edition and Microsoft Lync 2010

Mobile, can use these normalized numbers.

As discussed in the New Address Book Features, the normalization rules that were used in

previous versions may not work properly without some adjustments. Because the white space

and non-mandatory characters are removed prior to the normalization rules, if your regex

expression is specifically looking for a dash or other character that was removed, your

normalization rule might fail. You should review your normalization rules to ensure that either they

are not looking for these non-mandatory characters, or that the rule can fail gracefully and

continue in the event that the character is not present where the rule anticipates it will be.

User Replicator and Address Book Server

The Address Book Server uses data provided by User Replicator to update the information that it

initially obtains from the global address list (GAL). User Replicator writes the Active Directory

Domain Services (AD DS) attributes for each user, contact, and group into the AbUserEntry table

in the database and the Address Book Server syncs the user data from the database into files in

the Address Book Server file store and into the Address Book database RTCab or RTCab1. The

schema for the AbUserEntry table uses two columns, UserGuid and UserData. UserGuid is the

index column and contains the 16-byte GUID of the Active Directory object. UserData is an image

column which contains all of the previously mentioned Active Directory Domain Services (AD DS)

attributes for that contact.

User Replicator determines which Active Directory attributes to write by reading a configuration

table located in the same SQL Server-based instance as the AbUserEntry table. The AbAttribute

table contains three columns, ID, Name and Flags. The table is created during database setup. If

the AbAttribute table is empty, User Replicator skips its AbUserEntry table processing logic.

Address Book Server attributes are dynamic and are retrieved from the AbAttribute table, which is

initially written by the Address Book Server when the Address Book Server is activated.

Address Book Server activation populates the AbAttribute table with the values needed to support

Lync Server. The following table shows those current values.

302


ID Name Flags

1 givenName 0x01400000

2 Sn 0x02400000

3 displayName 0x03420000

4 Title 0x04000000

5 mailNickname 0x05400000

6 Company 0x06000000

7 physicalDeliveryOfficeName 0x07000000

8 msRTCSIP-PrimaryUserAddress 0x08520C00

9 telephoneNumber 0x09022800

10 homePhone 0x0A302800

11 Mobile 0x0B622800

12 otherTelephone 0x0C302000

13 ipPhone 0x0D302000

14 Mail 0x0E500000

15 groupType 0x0F010800

16 Department 0x10000000

17 Description 0x11000100

18 Manager 0x12040001

19 proxyAddress 0x00500105

20 msExchHideFromAddressLists 0xFF000003

99 entryID 0x99000000

The numbers in the ID column must be unique and should never be reused. Also, keeping the ID

values under 256 saves space in the output files written by the Address Book Server. However,

the maximum ID value is 65535. The Name column corresponds to the Active Directory attribute

name that User Replicator should put in the AbUserEntry table for each contact. The value in the

Flags column is used to define the type of attribute. The following types of Address Book Server

attributes are recognized by User Replicator, indicated by the low byte of the value in the Flags

column.

303


Attribute Description

0x0 A string attribute. User Replicator converts this

type to UTF-8 before storing it in the

AbUserEntry table.

0x1 A binary attribute. User Replicator stores this in

the blob without any conversion.

0x2 A string attribute, but is included only if the

attribute value begins with "tel:". This is

primarily for multi-valued string attributes,

specifically proxyAddresses. In this case,

Address Book Server is interested only in

proxyAddresses entries that begin with "tel:".

Therefore, in the interest of saving space, User

Replicator stores only the entries that begin

with "tel:".

0x3 A Boolean string attribute, which if TRUE

causes User Replicator to not include this

contact in the AbUserEntry table. If FALSE, it

causes User Replicator to include the attributes

for this contact in the AbUserEntry table, but not

the particular attribute with this flag. This is

another special case type that is primarily for

the msExchHideFromAddressLists attribute.


attribute value begins with "smtp:" and includes

the "@" symbol.


attribute value begins with either "tel:" or

"smtp:" and includes the "@" symbol.

0x100 If set, this is a multi-valued attribute that can

appear more than once for each contact.

0x400 If set, this identifies the email user account

name attribute for a contact. Address Book

Server uses this flag to identify which attribute

value to show in the phone normalization event

log entry.

0x800 If set, this identifies a required attribute for a

contact. Address Book Server includes a user

in the AbUserEntry table only if there is a value

304



for this attribute in Active Directory. If there is

more than one required attribute, only one of

them is required to have a value to include the

user in the AbUserEntry table.

0x1000 If set, Address Book Server always normalizes

the value of this attribute.

0x2000 If set, Address Book Server uses the

normalized number from proxyAddresses, if

the UseNormalizationRules CMS setting is

FALSE; otherwise it behaves the same as when

the flag bit is 0x1000.

0x4000 If set, Address Book Server does not include

objects in the AbUserEntry table that have this

value for the specified attribute. For example, if

the msRTCSIP-PrimaryUserAddress attribute

has this flag bit set, then contacts that have this

attribute are not written to the database.

0x8000 If set, Address Book Server does not include

objects in the AbUserEntry table that do not

have this value for the specified attribute. If

both the 0x4000 and 0x8000 flag bits are set on

an object, the attribute with the flag bit value set

to 0x4000 takes precedence, and the object is

excluded from the AbUserEntry table.

0x10000 If set, this represents a group object. User

Replicator uses this flag bit to include contacts

with the groupType attribute whose presence

indicates a group (for example, a distribution list

or security group).

0x20000 If set, User Replicator uses this flag bit to

include this attribute in device-specific Address

Book Server files (that is, files with a .dabs

extension).

305


Filtering the Address Book

The users populated in the Address Book Server files can be controlled based on certain Active

Directory Domain Services (AD DS) attributes listed in the AbAttribute table. One such attribute

used for filtering is the msExchangeHideFromAddressBook attribute. This is a user attribute

added by the Exchange schema. If the value of this attribute is TRUE, Exchange Server uses this

attribute to hide the contact from the Outlook Global Address List (GAL). Similarly, if the value of

this attribute is TRUE, User Replicator does include that user in the AbUserEntry table and this

user will not be in the Address Book Server files.

You can use some flag bits to define a filter to use on Address Book Server attributes. For

example, the presence of certain flag bits can identify an attribute as an include attribute or an

exclude attribute. User Replicator filters out contacts that contain an exclude attribute and filters

out contains that do not contain an include attribute.

Currently, there are three different filters. The following table lists these filters.


0x800 If set, this identifies a required attribute for a

contact. User Replicator uses this flag bit to

filter out contacts that do not contain at least

one required attribute. The OuPathId is a

required attribute, which is always set. So at

least one of other required attributes should be

set. Otherwise, contact (that is, with value of

required attribute OuPathId) will still not be

written to database. For example, if

telephoneNumber and homePhone are

defined as required attributes, only the contacts

that have at least one of these attributes are

written to the database.

0x4000 If set, this identifies an exclude attribute. User

Replicator uses this flag bit to filter out contacts

that contain this attribute. For example, if

msRTCSIP-PrimaryUserAddress is defined

as an exclude attribute, contacts that have this

attribute are not written to the database.

0x8000 If set, this identifies an include attribute. User

Replicator uses this flag bit to filter out contacts

that do not contain this attribute. For example, if

msRTCSIP-PrimaryUserAddress is defined

as an include attribute, only the contacts that

have this attribute are written to the database.

306


Note:

If both the 0x4000 (exclude attribute) and 0x8000 (include attribute) flag bits are set, the

0x4000 bit overrides the 0x8000 bit and the contact is excluded.

Although you can filter the Address Book to include only certain users, limiting entries does not

limit other users' ability to contact the filtered users or to see their presence status. Users can

always find, manually send instant messages, or manually initiate calls to users not in the

Address Book by entering a user's complete sign-in name. Also, contact information for a user

could also be found in Outlook or the Windows Address Book.

While having full contact records in the Address Book files enables you to use Lync 2010 to

initiate email, telephone, or Enterprise Voice calls (that is, if Enterprise Voice is enabled on the

server) with users that are not configured for Session Initiation Protocol (SIP), some organizations

prefer to include only SIP-enabled users in their Address Book Server entries. You can filter the

Address Book to include only SIP-enabled users by clearing the 0x800 bit in the Flags column of

the following required attributes: mailNickname, telephoneNumber, homePhone, and mobile.

You can also filter the Address Book to include only SIP-enabled users by setting the 0x8000

(include attribute) in the Flags column of the msRTCSIP-PrimaryUserAddress attribute. This

also helps to exclude service accounts from the Address Book files.

After you modify the AbAttribute table, you can refresh the data in the AbUserEntry table by

running the cmdlet Update-CsUserDatabase command. After UR replication completes, you can

update the file in the Address Book Server file store by manually running the cmdlet

UpdateCsAddressBook command.

Note:

The Front End that the Address Book Server is placed is not administratively

configurable. One is chosen during deployment – typically the first Front End deployed. In

the event of failure, the Address Book Service will move to another Front End, and

requires no administrative attention. Also, there are two databases for the Address Book

Service – RTCab and RTCab1. The databases are updated daily, but alternate which

database is updated. If the RTCab database is being updated, queries are preformed

against the RTCab1 database while the update is in progress. The next day, RTCab1 is

updated and queries are preformed against RTCab while the update is in progress. This

ensures that at least one of the databases will be available for query and Address Book

file creation.

Important:

If you have consolidated or otherwise modified your infrastructure from a multi-forest

deployment or a parent/child deployment (such as consolidating your infrastructure

before moving to Lync Server 2010), you may find that the Address Book service

download and the Address Book Web Query fails for some users. When in a deployment

that had multiple domains or forests, the attribute MsRTCSIP-OriginatorSid is populated

on the user objects that are exhibiting the problem. The MsRTCSIP-OriginatorSid

attribute must be set to NULL on these objects to resolve the problem.

307


Windows PowerShell Cmdlets for Address Book Services

Microsoft Lync Server 2010 introduces a number of Windows PowerShell command-line interface

cmdlets to manage and configure the Address Book service. Some of these cmdlets are

replacements for the ABServer.exe commands used in previous versions of Office

Communications Server. In the following topics are the cmdlets that are used to set, create, and

retrieve information about the Address Book service, its configuration and information about the

Web services that the Address Book service uses when clients retrieve Address Book service

files and settings.

All of these cmdlets are issued through the Lync Server Management Shell found in the Lync

Server 2010 tools on a server or workstation where the administration tools have been installed.

In This Section

New-CsAddressBookConfiguration for Address Book Management

Set-CsAddressBookConfiguration for Address Book Management

Get-CsAddressBookConfiguration for Address Book Management

Remove-CsAddressBookConfiguration for Address Book Management

Test-CsAddressBookService for Address Book Management

Test-CsAddressBookWebQuery for Address Book Management

Update-CsAddressBook for Address Book Management

New-CsClientPolicy for Address Book Management

Set-CsClientPolicy for Address Book Management

Get-CsService for Address Book Management

New-CsWebServiceConfiguration for Address Book Management

Get-CsWebServiceConfiguration for Address Book Management

Set-CsWebServiceConfiguration for Address Book Management

Remove-CsWebServiceConfiguration for Address Book Management

See Also


New-CsAddressBookConfiguration for Address Book Management

Who can run this cmdlet: By default, members of the following groups are authorized to run the

New-CsAddressBookConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of

all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any

custom RBAC roles you have created yourself), run the following command from the Windows

PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "New-

CsAddressBookConfiguration"}

The New-CsAddressBookConfiguration cmdlet creates a new configuration to manage the

behavior of the Address book. Specific to this cmdlet is the ability to define if the Address Book

Service creates the client download files, how and if normalization rules are used, how long to

308



retain delta and compact delta files, delta file size before incorporating a new full file creation,

what time of day the full file Address Book is created, and what the internal should be for

synchronization of information in the User database.

For example:

New-CsAddressBookConfiguration -Identity site:Redmond -KeepDuration 15 -

SynchronizePollingInterval 00:10:00

For a detailed description of the full command, refer to the following in the main Lync Server

Windows PowerShell RTCCmdlets reference.

Set-CsAddressBookConfiguration for Address Book Management


Set-CsAddressBookConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of



PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Set-


Set-CsAddressBookConfiguration is similar to the New-CsAddressBookConfiguration cmdlet,

except it is used to modify an existing configuration.

For example:

Set-CsAddressBookConfiguration -identity site:Redmond -RunTimeOfDay

23:00



Get-CsAddressBookConfiguration for Address Book Management


Get-CsAddressBookConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of



PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Get-


The cmdlet Get-CsAddressBookConfiguration returns information about a configuration that

already exists.

For example:

Get-CsAddressBookConfiguration -Identity site:Redmond

309


Combining the functionality of Get-CsAddressBookConfiguration and Set-

CsAddressBookConfiguration allows the administrator to define which configurations to modify

and then apply the modifications. For example, this combined:

Get-CsAddressBookConfiguration -Filter site:* | Set-

CsAddressBookConfiguration -RunTimeOfDay 23:00

Returns all configurations in all sites and applies the RunTimeOfDay of 23:00 hours to the

configurations.



Remove-CsAddressBookConfiguration for Address Book Management


Remove-CsAddressBookConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a

list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including

any custom RBAC roles you have created yourself), run the following command from the

Windows PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Remove-


As the name implies, Remove-CsAddressBookConfiguration will remove the configuration based

on the defined Site Identity.

For example:

Remove-CsAddressBookConfiguration -Identity site:Redmond



Test-CsAddressBookService for Address Book Management


Test-CsAddressBookService cmdlet: RTCUniversalServerAdmins. To return a list of all the role-

based access control (RBAC) roles this cmdlet has been assigned to (including any custom

RBAC roles you have created yourself), run the following command from the Windows

PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Test-

CsAddressBookService"}

Lync Server 2010 contains a number of cmdlets that initiate synthetic commands to confirm that a

specific function or feature is working properly. Test-CsAddressBookService confirms that a

defined user can connect and request the local files from the Address Book Web service.

For example:

Test-CsAddressBookService -TargetFqdn atl-cs-001.contoso.com -

UserCredential contoso\bob -UserSipAddress "sip:[email protected]"

310




Test-CsAddressBookWebQuery for Address Book Management


Test-CsAddressBookWebQuery cmdlet: RTCUniversalServerAdmins. To return a list of all the

role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom


PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Test-

CsAddressBookService"}

Similar to the Test-CsAddressBookService synthetic transaction, Test-CsAddressBookWebQuery

performs a query against the Address Book Web Query to ensure that it is operating properly. The

cmdlet will connect to the Web Ticket authentication and present the credentials specified in –

UserCredential. If authenticated, the cmdlet then present the –TargetSipAddress information. The

cmdlet should report success if it was able to retrieve the information about the contact.

For example:

Test-CsAddressBookWebQuery -TargetFqdn atl-cs-001.contoso.com -

UserCredential contoso\bob -UserSipAddress "sip:[email protected]" -

TargetSipAddress "sip:[email protected]"



Update-CsAddressBook for Address Book Management


Update-CsAddressBook cmdlet locally: RTCUniversalUserAdmins, RTCUniversalServerAdmins.

To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to

(including any custom RBAC roles you have created yourself), run the following command from

the Windows PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Update-

CsAddressBook"}

The Update-CsAddressBook cmdlet replaces the abserver.exe –syncNow command from Office

Communications Server. The cmdlet’s purpose is to initiate a synchronization immediately rather

than waiting for the scheduled time. The first example command updates all Address Books in the

organization. The second updates only the Address Book associated with the defined server.

For example:

Update-CsAddressBook

311


Update-CsAddressBook -Fqdn atl-abs-001.contoso.com



New-CsClientPolicy for Address Book Management


New-CsClientPolicy cmdlet: RTCUniversalServerAdmins. To return a list of all the role-based

access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles

you have created yourself), run the following command from the Windows PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "New-CsClientPolicy"}

The cmdlet New-CsClientPolicy defines a large number of settings for provisioning clients for

features that are available in Lync Server 2010. For the Address Book Service, the parameter

AddressBookAvailability is of interest. This parameter, which directly impacts the options available

to clients, has three possible options:

WebSearchAndFileDownload

WebSearchOnly

FileDownloadOnly

When defined, it determines how the Address Book is accessed by clients. If you define this

parameter, you must define one of the options. If you do not modify this setting, the default

WebSearchAndFileDownload remains in effect.

For example:

New-CsClientPolicy -Identity RedmondClientPolicy -

DisableCalendarPresence $True -DisablePhonePresence $True -DisplayPhoto

"PhotosFromADOnly" –AddressBookAvailability “WebSearchOnly”



Set-CsClientPolicy for Address Book Management


Set-CsClientPolicy cmdlet locally: RTCUniversalServerAdmins. To return a list of all the role-

based access control (RBAC) roles this cmdlet has been assigned to (including any custom


PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Set-CsClientPolicy"}

Similar to New-CsClientPolicy, the Set-CsClientPolicy cmdlet allows you to modify client settings

that are already in place.

312


For example:

Set-CsClientPolicy -Identity RedmondClientPolicy -WebServicePollInterval

"00:15:00" –AddressBookAvailability “WebSearchAndFileDownload”



Get-CsService for Address Book Management


Get-CsService cmdlet locally: RTCUniversalUserAdmins, RTCUniversalServerAdmins. To return

a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to

(including any custom RBAC roles you have created yourself), run the following command from

the Windows PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Get-CsService"}

Get-CsService is valuable to retrieve and display the current configuration of your infrastructure’s

defined Web Services. By defining the pool’s fully qualified domain name (FQDN) and the

parameter WebServer, the cmdlet returns the web-based services offered by your server,

including the Address Book handler and distribution list expansion URIs.

For example:

Get-CsService -PoolFqdn "fe01.contoso.net" –WebServer

This cmdlet returns the following:

Identity : WebServer:pool01.contoso.net

FileStore : FileStore:dc01.contoso.net

UserServer : UserServer:pool01.contoso.net

PrimaryHttpPort : 80

PrimaryHttpsPort : 443

ExternalHttpPort : 8080

ExternalHttpsPort : 4443

PublishedPrimaryHttpPort : 80

PublishedPrimaryHttpsPort : 443

PublishedExternalHttpPort : 80

PublishedExternalHttpsPort : 443

ReachPrimaryPsomServerPort : 8060

ReachExternalPsomServerPort : 8061

AppSharingPortStart : 49152

AppSharingPortCount : 16383

LIServiceInternalUri : https://internalweb.contoso.net/locationinformation/liservice.svc

313


ABHandlerInternalUri : https://internalweb.contoso.net/abs/handler

ABHandlerExternalUri : https://csweb.contoso.com/abs/handler

DLExpansionInternalUri : https://internalweb.contoso.net/groupexpansion/service.svc

DLExpansionExternalUri : https://csweb.contoso.com/groupexpansion/service.svc

CAHandlerInternalUri :

https://internalweb.contoso.net/CertProv/CertProvisioningService.svc

CAHandlerInternalAnonUri :

http://internalweb.contoso.net/CertProv/CertProvisioningService.svc

CollabContentInternalUri : https://internalweb.contoso.net/CollabContent

CollabContentExternalUri : https://csweb.contoso.com/CollabContent

CAHandlerExternalUri : https://csweb.contoso.com/CertProv/CertProvisioningService.svc

DeviceUpdateDownloadInternalUri :

https://internalweb.contoso.net/RequestHandler/ucdevice.upx

DeviceUpdateDownloadExternalUri :

https://csweb.contoso.com/RequestHandlerExt/ucdevice.upx

DeviceUpdateStoreInternalUri : http://internalweb.contoso.net/RequestHandler/Files

DeviceUpdateStoreExternalUri : https://csweb.contoso.com/RequestHandlerExt/Files

RgsAgentServiceInternalUri : https://internalweb.contoso.net/RgsClients/AgentService.svc

RgsAgentServiceExternalUri : https://csweb.contoso.com/RgsClients/AgentService.svc

MeetExternalUri : https://csweb.contoso.com/Meet

DialinExternalUri : https://csweb.contoso.com/Dialin

CscpInternalUri : https://internalweb.contoso.net/Cscp

ReachExternalUri : https://csweb.contoso.com/Reach

ReachInternalUri : https://internalweb.contoso.net/Reach

WebTicketExternalUri : https://csweb.contoso.com/WebTicket/WebTicketService.svc

WebTicketInternalUri : https://internalweb.contoso.net/WebTicket/WebTicketService.svc

ExternalFqdn : csweb.contoso.com

InternalFqdn : internalweb.contoso.net

DependentServiceList : {Registrar:pool01.contoso.net,

ConferencingServer:pool01.contoso.net}

ServiceId : 1-WebServices-1

SiteId : Site:Redmond

PoolFqdn : pool01.contoso.net

Version : 5

Role : WebServer



314


New-CsWebServiceConfiguration for Address Book Management


New-CsWebServiceConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of



PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "New-

CsWebServiceConfiguration"}

The cmdlet New-CsWebServiceConfiguration defines a new configuration for Web Services in

your organization. The scope for the Web Services configuration can only be at the site or service

level. It cannot create a new Web Services configuration at the global level. Specifically of interest

to the Address Book is the EnableGroupExansion attribute. If set to True, the Web Services can

respond to requests for group expansion.

For example:

New-CsWebServiceConfiguration -Identity site:Redmond -

EnableGroupExpansion $False -UseCertificateAuth $True



Get-CsWebServiceConfiguration for Address Book Management


Get-CsWebServiceConfiguration cmdlet locally: RTCUniversalUserAdmins,

RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this

cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run

the following command from the Windows PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Get-


Get-CsWebServiceConfiguration returns information of the Web Services configuration currently

in use in your organization. Of interest to the Address Book Services is the status of Distribution

List Expansion function. If the attribute EnableGroupExpansion is True, your organization

currently allows group expansion.

For example:

Get-CsWebServiceConfiguration -Identity site:Redmond



315


Set-CsWebServiceConfiguration for Address Book Management


Set-CsWebServiceConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of all

the role-based access control (RBAC) roles this cmdlet has been assigned to (including any


PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Set-


The Set-CsWebServiceConfiguration cmdlet allows the administrator to redefine an existing

attribute in the configuration of the Web Services.

For example:

Set-CsWebServiceConfiguration -Identity site:Redmond -

EnableGroupExpansion $True



Remove-CsWebServiceConfiguration for Address Book Management


Remove-CsWebServiceConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list

of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any


PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Remove-


The Remove-CsWebServiceConfiguration cmdlet allows an administrator to remove a previously

created Web Services configuration. The cmdlet cannot remove the global Web Services

configuration.

For example:

Remove-CsWebServiceConfiguration -Identity site:Redmond



316


Prevent New Connections to Lync Server 2010 for Server MaintenanceOne of the ways you can prepare your Microsoft Lync Server 2010 environment for maintenance

tasks is by preventing new connections to either servers in a pool or individual Lync Server 2010

services that are running. For example, if you anticipate server restarts as part of the

maintenance process and want to minimize the disruption of service to users, you can prevent

new connections to the server that you plan to take offline prior to beginning maintenance. By

setting the state of the Lync Server 2010 Windows service from "Started" to "Paused", active

connections remain connected, while no new connections are accepted. When all existing

sessions have ended, the server is ready to be taken offline.

To prevent new connections to Lync Server 2010:

1. Log on to the local computer as a member of the Administrators group.

2. Open the Services snap-in console: Click Start, point to All Programs,point to

Administrative Tools, and then click Services.

3. In the list, double-click the Lync Server Windows service to which you want to prevent

new connections.

4. In the Properties dialog box, under Service status: Started, click Pause.

5. Optionally, but recommended, next to Startup type, click Manual.

Important:

When you set a server to prevent new connections, and then restart the server,

by default the server will immediately begin accepting new connections after it

starts. To prevent this, set the server to only pause and resume manually, before

you restart the server.


317


Delegating Control of Microsoft Lync Server 2010In Microsoft Lync Server 2010, administrative tasks are delegated to users by using the new role-

based access control (RBAC) feature. When you install Lync Server 2010, a number of RBAC

roles are created for you. These roles correspond to universal security groups in Active Directory;

for example, the RBAC role CsHelpDesk corresponds to the CsHelpDesk group found in the

Users container in Active Directory. In addition, each RBAC role is associated with a set of Lync

ServerWindows PowerShell cmdlets; these cmdlets represent the tasks that can be carried out by

users who have been assigned the given RBAC role. For example, the CsHelpDesk role has

been assigned the Lock-CsClientPin and UnlockCsClientPin cmdlets; that means users who have

been assigned the CsHelpDesk role can lock and unlock user PIN numbers. However, the

CsHelpDesk role has not been assigned the New-CsVoicePolicy cmdlet. That means that users

who have been assigned the CsHelpDesk role cannot create new voice policies.

Viewing Information About RBAC Roles

You can retrieve basic information about your RBAC roles by running the following command

from within the Lync Server Management Shell:

Get-CsAdminRole

Keep in mind that the Identity of the RBAC role (for example, CsVoiceAdministrator) has a direct

mapping to security group found in the Users container in Active Directory.

To view a list of the cmdlets that have been assigned to a role, use a command similar to this:

Get-CsAdminRole –Identity "CsHelpDesk" | Select-Object –ExpandProperty

Cmdlets

Assigning an RBAC Role to a User

In order to assign an RBAC role to a user, you must add that user to the appropriate Active

Directory security group. For example, to assign the CsLocationAdministrator role to a user, you

must add that user to the CsLocationAdministrator group. That can be done by carrying out the

following procedure:

Assigning a User to a Security Group

1. Using an account that has permission to modify the membership of an Active Directory

group, log on to a computer where Active Directory Users and Computers has been

installed.

2. Click Start, click All Programs, click Administrative Tools, and then click Active

Directory Users and Computers.

3. In Active Directory Users and Computers, expand the name of your domain and click the

Users container.

4. Right-click the security group CsLocationAdministrator and then click Properties.

5. In the Properties dialog box, on the Members tab, click Add.

318


6. In the Select Users, Computers, Contacts, or Groups dialog box, type the user name

or display name of the user to be added to the group (for example, Ken Myer) in the

Enter the object names to select box and then click OK.

7. In the Properties dialog box, click OK.


To assign an RBAC role to a user you simply make that user a member of the security group associated with the RBAC role; for example, to assign a user to the CsHelpDesk role all you have to do is make that user a member of the CsHelpDesk group. Microsoft Lync Server 2010 does not provide any cmdlets that can be used to assign a user to a security group. However, you can assign a user to a security group by using the following Windows PowerShell script:

$strFilter = "(&(objectCategory=Group)(SamAccountName=" + $args[0] +"))"

$objDomain = New-Object System.DirectoryServices.DirectoryEntry

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher$objSearcher.SearchRoot = $objDomain$objSearcher.Filter = $strFilter$objSearcher.SearchScope = "Subtree"

$colProplist = "distinguishedName"foreach ($i in $colPropList){[void] $objSearcher.PropertiesToLoad.Add($i)}

$colResults = $objSearcher.FindAll()

foreach ($objResult in $colResults){$groupDN = $objResult.Path}

$userDN = (Get-CsUser -Identity $args[1]).DistinguishedName$user = [ADSI] "LDAP://$userDN"

$group = [ADSI] $groupDN

$group.Add($user.PsBase.Path)

To use this script, copy the code, paste it into a text editor, and then save the file using a .ps1 file extension (for example, C:\Scripts\Assign-RBACRole.ps1). From there all you have to do is run the script, taking care to supply the RBAC role name (e.g., CsHelpDesk) and the Identity of the user being assigned the role (e.g., Ken Myer):

C:\Scripts\Assign-RBACRole.ps1 "CsHelpDesk" "Ken Myer"

319


To verify that the RBAC role has been assigned, use the Get-CsAdminRoleAssignment cmdlet,

passing the cmdlet the SamAccountName (Active Directory logon name) of the user. For

example, run this command from within the Lync Server Management Shell:

Get-CsAdminRoleAssignment -Identity "kenmyer"

320


Configure a New Trusted Application ServerA trusted application is an application based on Microsoft Unified Communications Managed API

(UCMA) 3.0 Core SDK that is trusted by Lync Server 2010. For details about UCMA applications,

see “Unified Communications Managed API 3.0 Core SDK Documentation” at


For information about configuring Microsoft Outlook Web Access (OWA) and Lync Server, see

“Configure Outlook Web App and Lync Server 2010 Integration” at http://go.microsoft.com/fwlink/?

LinkId=210321.

To successfully publish, enable, or disable a topology when adding or removing a server role, you

should be logged on as a user who is a member of the RTCUniversalServerAdmins and Domain

Admins groups. It is also possible to delegate the proper administrator permissions and rights for

adding server roles. For details, see Delegate Setup Permissions in the Deployment

documentation. For other configuration changes, only membership in the

RTCUniversalServerAdmins group is required.

To configure a trusted application server





3. Select Download topology from existing deployment, and then click OK.

4. In the Save Topology As dialog box, click the Topology Builder file you want to use, and

then click Save.

5. In the right pane, right-click Trusted application servers, and then click New Trusted

Application Pool.

6. Enter the Pool FQDN of the trusted application pool, select whether it will be a single-

server or multiple-server, and then click Next.

7. On the Select the next hop page, from the list, select the Lync Server 2010 Front End

pool.

8. Click Finish.

9. Select the top node Lync Server 2010, and then, from the Actions pane, click Publish.

The Trusted Application Pool should have been created successfully and associated

with the correct Front End pool.


321





To create a new trusted application pool, use the New-CsTrustedApplicationPool cmdlet:

New-CsTrustedApplicationPool -Identity TrustPool.litwareinc.com -Registrar pool0.litwareinc.com -Site Redmond

Enable-CsTopology

322


Troubleshooting Lync Server 2010 Control PanelThis topic provides information and procedures that can help you troubleshoot access to


Internet Browser Requirements

Lync Server 2010 Control Panel requires that Microsoft Silverlight browser plug-in version

4.0.50524.0 or latest version is installed. If Silverlight is not installed or if an earlier version is

installed, follow the instructions in the message to install the required version.

Note:

Other software requirements for Lync Server Control Panel pertain to the operating

system on which Lync Server 2010 Control Panel and all other Microsoft Lync Server

2010 administrative tools can be installed. For details, see Server and Tools Operating

System Support in the Supportability documentation.

If your Internet browser blocks installation of Silverlight due to security considerations, add the

Uniform Resource Locator (URL) that opens Lync Server Control Panel to the list of trusted sites.

In Internet Explorer security settings, ensure that Run ActiveX controls and plug-ins is set to

Enabled. For details, see http://go.microsoft.com/fwlink/?LinkId=214060. Furthermore, ensure

that the browser is configured to use SSL 3.0.

If the Internet browser is configured to use a proxy server, verify that the browser is configured to

bypass the proxy server for sites that are automatically detected as internal sites. Or, add the

address to the browser's exception list in the proxy server configuration settings.

DNS Record and Certificate Requirements for the Administrative Access URL

If you configured a simple URL to access Lync Server Control Panel, ensure that you also

configured the static Domain Name System (DNS) host (A) resource record and certificate

necessary to use that administrative access URL. If you change the base URL at any time,

ensure that the change is reflected in the appropriate DNS record and certificate and that you run

the Enable-CsComputer on each Director and Front End Server to register the change. For

details, see the following topics in the Planning documentation:



Certificate Requirements for Internal Servers

For step-by-step procedures to configure the administrative access URL, see Edit or Configure

Simple URLs in the Deployment documentation.

Note:

If you have more than one network adapter on the web server, you must manually

configure DNS for each additional network adapter in order for DNS resolution to function

properly.

323



Internet Information Services (IIS) Requirements

Lync Server Control Panel is one of the components of Lync Server 2010 that requires Internet

Information Services (IIS). In particular, ensure that HTTP redirection and Windows authentication

features are enabled, and that the World Wide Web Publishing Service (W3SVC) is running.

World Wide Publishing Service (Windows Service) Dependency

When the World Wide Web Publishing Service is stopped, you cannot access Lync Server 2010

Control Panel. You can restart the service by using the Windows Services Microsoft Management

Console (MMC).

To start the World Wide Web Publishing Service

1. Log on to the computer where the World Wide Web Publishing Service is installed as part

of Internet Information Services (IIS).

2. Click Start, click Administrative Tools, and then click Services.

3. Right-click World Wide Web Publishing Service, and then click Start.

Application Pool Mode

Configure IIS so that the CsManagementAppPool application pool uses the Network Service

account as its process model identity.

User Rights and Permissions

You must sign in to Lync Server Control Panel either by using a domain account that is a member

of the CsAdministrator group or by using an account to which you have delegated user rights and

permissions. You cannot sign in to Lync Server Control Panel by using a local machine account.

For details about delegating administrative tasks through role-based access control (RBAC), see

Role-Based Access Control in the Planning documentation.

If you use a simple URL to access Lync Server Control Panel, ensure that web servers are added

to the RTCUniversalServerAdmins and RTCUniversalUserAdmins groups.

324


Configuring Federation Support for a Lync Online 2010 CustomerYou can provide communications services to users in your organization in any of the following

ways:

Deploying Microsoft Lync Server 2010 in your organization (known as an on-premises

services) and setting up Microsoft Lync 2010user accounts in your organization.

Setting up a Microsoft Lync Online 2010 customer account with a host provider and setting up

user accounts with the host provider (known as online services).

Setting up a combination of on-premises support for some of your organization’s users and

online services for some users.

If you deploy Lync Server 2010 in your organization, you can federate with the domains of one or

more Microsoft Lync Online 2010 customers, including for any customer you set up for your

organization and customers set up by other organizations. To enable federation between users of

your on-premises Lync Server 2010 deployment and users of a Lync Online 2010 customer, you

must configure support for the domain and users of the Lync Online customer. For details about

Lync Online 2010, see Lync Online at http://go.microsoft.com/fwlink/?LinkId=218941.

In This Section Prerequisites for Federating with a Lync Online Customer

Configure Domain Access for Federation with a Lync Online Customer

Configure User Access for Federation with a Lync Online Customer

Verify Communications with a Lync Online Customer

Prerequisites for Federating with a Lync Online CustomerTo configure federation support for a Lync Online 2010 customer, you should have already

completed initial deployment and configuration of Lync Server 2010 in your organization. This

includes the following:

Deploying at least one Standard Edition Server or one Enterprise Front End pool in your

organization. For details about deploying internal servers, see Deploying Lync Server 2010 in

the Deployment documentation.

Enabling internal user accounts for Lync Server 2010. For details, see Enable or Disable

Users for Lync Server 2010 in the Deployment documentation or the Operations

documentation.

Deploying at least one Edge Server and the other components required to support external

user access. For details, see Managing External Connectivity in the Deployment

documentation.

Enabling federation support within your organization and configuring the appropriate method

for controlling access by federated domains. For details, see Enable or Disable Federation for

325



Your Organization and Manage Federated Partner Access in the Deployment documentation

or Operations documentation.

Enabling external user access for users in your organization. For details, see Apply External

User Access Policies to Users and in the Deployment documentation or Operations

documentation.

Additionally, the Lync Online 2010 customer must have the required Lync Online licenses and

must enable federation for the Lync Online domain with which you want to federate. For details

about setting up Lync Online 2010, including enabling federation for a Lync Online domain, see

Set up Microsoft Lync Online at http://go.microsoft.com/fwlink/?LinkId=218917.

Important:

The domain name of the Lync Online 2010 customer with which you want to federate

cannot be the same as the domain name in your internal Microsoft Lync Server 2010

deployment.

Configure Domain Access for Federation with a Lync Online CustomerConfiguring domain access for federation with a Microsoft Lync Online 2010 customer requires

configuring support within your deployment, as well as configuring support in the Lync Online

2010 customer’s account.

Note:

A Lync Online customer can have multiple domains. If you want to federate with more

than one of the domains, you must configure support for each individual domain with

which you want to support federation, and the administrator of the Lync Online customer

must enable federation for each of the domains to be federated.

In This Section

Configure Federation for a Lync Online Domain

Enable or Disable Domain Access for a Lync Online Customer

Configure Federation for a Lync Online Domain

Supporting federation with a Microsoft Lync Online 2010 customer requires you to complete the

following steps:

Enabling support for the domain of the Lync Online 2010 customer with which you want to

federate (for example, contoso.onmicrosoft.com). As specified in the Prerequisites for

Federating with a Lync Online Customer section of this documentation, you should have

already enabled federation for your organization. Enabling federation requires specifying the

method to be used to control access by federated domains. If you configured your

organization to use discovery, adding the domain to your organization’s allowed list is

optional. If you did not enable domain discovery, then you must add the domain name of the

Lync Online customer to your allowed domains list. You can add a domain name either by

326



using Lync Server 2010 Control Panel or by running the New-CSAllowedDomain cmdlet.

For details about using Lync Server 2010 Control Panel, including enabling discovery of

domains, see Manage Federated Partner Access in the Operations documentation. For

details about using the New-CSAllowedDomain cmdlet to add a domain, see New-

CsAllowedDomain in the Operations documentation.

Configure support for a hosting provider for the domain of the Lync Online 2010 customer

with which you want to federate. Use the procedure in this section to configure support for the

Lync Online customer domain.

Note:

This step is only required for federation with a domain of a Lync Online customer, not

for federation with any domain that is deployed on premises at the federated partners

location.

Note:

A Lync Online customer can have multiple domains. If you want to federate with more

than one of the domains, you must configure support for each of the domains with which

you want to federate.

To configure support for a hosting provider

1. From a Front End Server, Start the Lync Server Management Shell: Click Start, click All

Programs, click Microsoft Lync Server 2010, and then click Lync Server Management

Shell.

2. Run the New-CsHostingProvider cmdlet to create and configure the hosting provider.

For example, run:

New-CsHostingProvider -Identity LyncOnline –ProxyFqdn

“sipfed.online.lync.com” –VerificationLevel AlwaysVerifiable -

Enabled $True -EnabledSharedAddressSpace $False -HostsOCSUsers

$False -IsLocal $False

The preceding example sets the following parameters:

Identity specifies a unique string value identifier for the hosting provider you are

creating. Note that the command will fail if an existing provider has already been

configured with that Identity.

ProxyFQDN specifies the fully qualified domain name (FQDN) for the proxy server

used by the hosting provider. This value cannot be modified. If the hosting provider

changes its proxy server you will need to delete and then recreate the entry for that

provider.

VerificationLevel specifies how (or if) messages sent from a hosting provider are

verified to ensure that they were sent from that provider.

Enabled indicates whether the network connection between your domain and the

hosting provider is enabled. Messages cannot be exchanged between the two

organizations until this value is set to True.

327


EnabledSharedAddressSpace indicates whether the hosting provider is being used

in a shared SIP address space (split domain) scenario.

HostsOCSUsers indicates whether the hosting provider is used to host Lync Server

accounts. If False, the provider hosts other account types, such as Microsoft

Exchange accounts.

IsLocal indicates whether the proxy server used by the hosting provider is contained

within your Lync Server topology.

For details about use of this cmdlet, see New-CsHostingProvider in the Operations

documentation.


The Microsoft Lync Online 2010 customer account with which you want to federate be enabled for

federation with your domain. By default, domain federation is enabled for Lync Online 2010

customers, so users can communicate with all domains. To verify that federation is enabled and

your domain is allowed, the administrator of the Lync Online 2010 customer account must verify

the settings and make any configuration changes required. For details about how the

administrator of the Lync Online 2010 customer account can verify that federation support is

configured as needed, see "View your company’s Lync Online settings" at

http://go.microsoft.com/fwlink/?LinkId=219139. For details about enabling federation and

configuring domain support, see "Edit domain federation settings" at


Note:

A Lync Online customer can have multiple domains, including the tenant domain of the

account and one or more individual domains hosted by the tenant. You can federate with

the tenant domain, one or more of the domains hosted by the tenant, or both the tenant

and any hosted domains. If you want to federate with more than one of the domains, the

administrator of the Lync Online customer must enable federation for each of the

domains to be federated.

328




Configure User Access for Federation with a Lync Online CustomerIn addition to configuring domain access for a Microsoft Lync Online 2010 customer, you must

configure user access to support federation. This includes configuring user access for users in

your deployment and configuring user access for users of the Lync Online 2010 customer.

In This Section

Configure User Access for Internal Lync Users


Configure User Access for Lync Online Users

You can create and manage user accounts for a Microsoft Lync Online 2010 customer with which

you federate in either of the following ways:

The administrator of the Microsoft Lync Online 2010 customer account can create the

accounts directly with the hosted provider, using the Microsoft Online portal.

You can create the accounts in Active Directory Domain Services (AD DS) in your

organization, and then synchronize with the hosted provider using the Microsoft Online

Directory Synchronization utility.

The administrator of the Lync Online 2010 customer account must also enable user accounts for

Lync Online 2010 services.

For details about how to configure user accounts for a Lync Online customer, see "Change Lync

Online user settings" at http://go.microsoft.com/fwlink/?LinkId=219143.

Note:

A Lync Online customer can have multiple domains. If you want to federate with users in

more than one of the domains, the administrator of the Lync Online customer account

must enable users in each of the domains to be federated, including the tenant domain of

the account and one or more individual domains hosted by the tenant. You can federate

with the tenant domain, one or more of the domains hosted by the tenant, or both the

tenant and any hosted domains. If you enable federation with multiple domains of a Lync

Online customer, the administrator of the Lync Online customer account must enable

users for each domain for which federation with your on-premises domain is to be

supported.

To enable users of a Lync Online customer for federation

1. Go to https://portal.microsoftonline.com and log in using your Office365 Admin

credentials.

2. Click Admin at the top of the page.

3. Under Admin Overview in the navigation pane, click Users.

329

https://portal.microsoftonline.com/



4. Click the user that you want to enable for Lync Online services, and then click Edit.

5. Click Properties, and then specify the information for the user.

6. Click Settings, and then verify that the user is allowed to sign in to access services.

7. Click Licenses, and then click Microsoft Office 365 (Plan E3).

8. Click More, and then click Lync Online / Configure User Settings.

9. Click Options, and then verify that the user is enabled for File Transfer and for

Audio/Video.

10. Click External Access, and then verify that the user is enabled for Domain Federation.

Configure User Access for Internal Lync Users

You must configure the user accounts of all users to be allowed to communicate with federated

partners. This configuration is applied for all federated partners, including any Microsoft Lync

Online 2010 customer domains with which you support federation. For details about configuring

federation support for user accounts, see Configure Policies to Control Federated User Access

and Apply External User Access Policies to Users in the Operations documentation.

Verify Communications with a Lync Online CustomerTo enable Microsoft Lync 2010 users in your organization to communicate with users of a

Microsoft Lync Online 2010 customer, you must have completed the following steps:

Met all prerequisites. This includes deploying your internal and edge servers, enabling

federation support for your organization, and setting up user accounts. For details, see

Prerequisites for Federating with a Lync Online Customer.

Configured domain access support in your internal deployment and for the Lync Online 2010

customer’s account. This includes creating a host provider entry and configuring your

deployment to allow access from the Lync Online customer’s domain. For details, see

Configure Domain Access for Federation with a Lync Online Customer.

Configured user accounts to support federation. This includes configuring your internal user

accounts and the user accounts of the Lync Online customer. For details, see Configure User

Access for Federation with a Lync Online Customer.

After completing all of these steps, verify communications by testing communications between an

internal user in your organization and a user of the Lync Online customer. If communication is not

successful, use Lync Server 2010 Logging Tool from your Edge Server to capture log and trace

files to troubleshoot the problem. For details about using the Logging Tool, see Open Lync Server

Administrative Tools in the Operations documentation. For details about the Logging Tool, see the

Lync Server 2010 Logging Tool documentation on the TechNet Library at


330


admin guide lync

Documents