Configuring Lync hybrid (split domain) with Lync 2013 and Skype for Business Online

2017-12-01T17:15:16+00:00 October 23rd, 2015|Office 365|

Lync/Skype for Business are not what I would consider to be my core competencies but I was recently involved in the configuration of Lync/Skype for Business Online hybrid (split domain) for a customer as part of their Office 365 project. It brought up a few challenges (which my Skype-focused colleagues were more than capable of dealing with), added to which MVP Adam Jacobs has a really good step-by-step guide to enabling split-domain within Office 365 Lync Online.

I described Lync Hybrid (split-domain) in a post for TechNet UK earlier this year – and I’ll stress again here that it’s not to be confused with Hybrid Voice… although there is plenty happening about Skype for Business and voice…

Some people say ADFS is required but we had it working with Azure AD Sync (with password sync), so maybe not. The test system I was working on threw up its own set of challenges though so if you do follow what I found (with help from various colleagues including Martin Boam, Kevin Beacon and Mark Vale), your mileage may vary.

The basic steps for configuring Lync hybrid (split domain) are:

  1. Make sure Office 365 is working, your directory is syncing and users have licenses assigned.
  2. Also, make sure that Skype for Business Online and Lync have the same configuration – i.e.:
    • Domain matching (if partner discovery is enabled on the on-premises deployment, then open federation must be configured for the online tenant; if partner discovery is not enabled, then closed federation must be configured for the online tenant).
    • Blocked domains.
    • Allowed domains.
  3. On the Lync Front End server (I was using Lync 2013 but you can use 2010 with the March 2013 update or later and the Lync 2013 administration tools deployed), configure the Edge server Set-CsAccessEdgeConfiguration -UseDnsSrvRouting -AllowOutsideUsers $true -AllowFederatedUsers $true -EnablePartnerDiscovery $true (you may need to adjust the setting for partner discovery, based on the domain matching above).
  4. Set up the hosting provider with New-CSHostingProvider -Identity LyncOnline -ProxyFqdn "sipfed.online.lync.com" -Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root.
  5. Make sure you have the Skype for Business Online Windows PowerShell Module and also the Microsoft Office Online Sign In Assistant (MOS SIA) installed.
  6. Connect to Skype for Business Online.
    • If prompted for a target server, the URL is the same as when you access the Skype for Business Online Admin Center from the Office 365 portal. For me that was admin1e.online.lync.com.
    • You may also need the -AllowClobber switch when importing the session.
    • You may also find that you need to Import-Module SkypeOnlineConnector.
  7. Set up the shared namespace with: Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true.

To move users to Skype for Business Online, all that’s needed is a single PowerShell command:

Move-CsUser -Identity sip:alias@domainname.tld -Target sipfed.online.lync.com -Credential $creds -HostedMigrationOverrideUrl https://admin1e.online.lync.com/hostedmigration/hostedmigrationservice.svc -Confirm:$false

(again, admin1e.online.lync.com works for me but might not for all tenants).

To check for a successful move, either type Get-CsUser -Identity alias@domainname.tld or look in the Lync Control Panel. Office 365 users will show the home pool as LyncOnline and when you click though to the details, Lync will flag that the user is homed in Office 365:

lync-hybrid-user

[This is an edited version of a post that was originally published at markwilson.it]