Substitution for FIM in Lync Server Resource Forrest\Domain Deployment


Deploying Lync Server in Multi Forrest\Domain require a FIM (Forefront Identity Manager) to replicate the Object SID from user domain to resource domain.

IC444772FIM requires license for a SQL Instance additional WIndows Server and FIM it self. This article describes how to create users in resource domain by copying the attributes from customer domain. Also enable the users in Lync and configure Enterprise Voice by getting the Line URI from a .csv file.

Before getting to users creation, a Trust relationship (Oneway Forests Trust) need to be configured between two domain which will require to get the attributes from customer domain. I’m not going to cover the Trust relationship configuration in this article. below are the users configured in customer domain. notice the “Lync _Users” group. only the users which are added in to this group will get created.

test10

notice the ObjectSid of the “Demo Eight” user

test11

Once the trust relationship is configured with the resource domain and active, run the below command in windows Powershell as an Administrator. change the domain names appropriately (contoso.com = Customer Domain, fabrikam.com.com=Resource Domain)

Import-Module ActiveDirectory

$domain = “dc=contoso,dc=com”

$DC = “contoso-dc01.contoso.com:3268”

$ADSrcGrp = Get-ADGroup -SearchScope Subtree -SearchBase $domain -Server $DC -LDAPFilter “(name=lync_users)”

Get-ADUser -SearchScope Subtree -SearchBase $domain -Filter ‘memberOf -RecursiveMatch $ADSrcGrp.DistinguishedName’ -Server $DC -Properties ObjectSID,name,samAccountName,displayName,givenName,surName,mail | ForEach-Object {New-ADUser -Name $_.name -SamAccountName $_.samAccountName -DisplayName $_.displayName -GivenName $_.givenName -SurName $_.surName -EmailAddress $_.mail -otherAttributes @{‘msRTCSIP-OriginatorSid’=$_.ObjectSID} -Path “OU=AU,DC=fabrikam,DC=local” -UserPrincipalName “$($_.samaccountname)@fabrikam.local” -AccountPassword (ConvertTo-SecureString -AsPlainText “P@ssw0rd” -Force) -PasswordNeverExpires $true -Enabled $false}

Users will be created in the below configured OU as disabled users.

test13

notice the msRTCSIP-originatorsid value of “Demo Eight” user.

test21

Now to enable user in to Lync Server. run the below script to enable the user to Lync Server. Specify the Line URI s in to the .csv file to configure Enterprise Voice in to enabled users

Get-CsAdUser -OU “OU=AU,DC=contoso,DC=com” | Enable-CsUser -RegistrarPool “lyncfe01.fabrikam.local” -SipAddressType firstlastname -SipDomain contoso.com

import-csv “c:\Script\EV_Users.csv” | Select-Object * | foreach-object {set-csuser -identity $_.identity -sipaddress $_.SipAddress -LineURI $_.LineURI -EnterpriseVoiceEnabled $True}

this is what the content of the .csv file should looks like

SIPAddress LineURI Identity
Sip:demo.five@contoso.com tel:+612001 Demo Five
sip:demo.six@contoso.com tel:+612002 Demo Six
sip:demo.one@contoso.com tel:+612003 Demo one

All the users should be now enabled for lync and enabled for Enterprise Voice with a Line URI

test22

now it’s time to test a user to verify that all works fine.

test24

Client signed in successfully with the end user credentials.

Advertisements

6 thoughts on “Substitution for FIM in Lync Server Resource Forrest\Domain Deployment

  1. Hi I am so delighted I found your website, I really found you byy error, while I was looking on Digg
    for something else, Anyways I am here now and would just like to say thanks forr a marvelous post and a all round thrilling blogg (I also love the theme/design),
    I don’t have time to read through it all at the minute but I have
    bookmarked it aand alswo added your RSS feeds, so when I have time I will be back to read much more, Please do keep up the excellent job.

  2. Thanks , I’ve just been searching for information approximately this subject for a while and yours is the best
    I’ve discovered till now. But, what about the conclusion? Are you certain concerning the source?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s