Step-by-step Guide Enabling Split-domain within Office 365 Lync Online
In my previous post I walked through the process of registering a Lync Phone Edition handset directly with Lync Online, I also promised I’d re-visit this and provide a similar walk through for a split domain configuration.
Introduction to “Split-domain”
Prior to the Wave 15 Office 365 the only option for Lync split tenancy would be the process of deploying Lync on-premises and Federating with Lync Online, there was/is a drawback with the approach. Namely your on-prem Lync accounts are utilising a SIP namespace that is say fabrikam.com and the hosted instance is say contoso.com, directories are also inconsistent and needless to say you end up with a fairly disjointed experience.
Split domain support within the Lync 2013 Edge Server (and respectively Lync Online 2013) delivers a more joined up experience whereby both on-premises users and users homed within Lync Online share the same SIP namespace (see illustration below)
This illustrates a Lync Online user hosted within Office 365 (connecting over the Internet) and an on-premises homed user registering either via the Internet (over the Lync 2013 Edge) or internally via the Lync Front End (Microsoft support either Lync 2010 or 2013 Front End Servers, but the Edge can be must be 2013-based Correction: Lync 2013 or Lync 2010 Edge Servers are supported, for 2010 Edge the February CU must be applied and Lync 2013 administrative tools must be deployed, more information on this here). In both instances the users share the contoso.com SIP namespace.
Split-domain Deployment
Microsoft’s TechNet documentation is obviously always a good place to start, but I decided that there would be value in adding some more detail to the process. Also at time of writing there are some minor typos within the PowerShell commands – I’ve informed Microsoft that this needs updating.
First up you need to configure your Office 365 tenancy for ADFS, I won’t cover this process here but there are some great guides/blog posts on this from other MVPs (one I’d recommend from Tim Harrington here). I will however say that this process has become a lot more streamlined within Windows Server 2012, so I’d recommend (where possible) the deployment of both the ADFS (a service that can be added via 2012 Server Manager) and Windows Azure Active Directory Sync Tool (often referred to as “DirSync”) on this platform versus Windows Server 2008.
Also not that the appropriate Office 365 plan is required for split-domain support and ADFS, at time of writing Lync Plan 3 incorporates this capability (alternatively you can purchase an E3 which also includes Lync Plan 3). One last note, if your tenancy has not been upgraded to Wave 15 (2013) you’ll need to hang fire – most at time of writing would have already been migrated.
Once your domain is authorised for use with Office 365 and ADFS is configured you can start the split-domain configuration.
Step 1. Enable Federation within your Office 365 tenancy (naturally you’ll need to be an admin to do this). Within Lync Administration, Organisation and External Communications
Now is also a good time to activate/license the users you wish to move into Lync Online
Step 2. Configure your Lync 2013 Edge Server for Federation, the following cmdlet should be executed via you Front End: (if not already enabled which may be the case is Remote Worker/Federation is already deployed)
Set-CsAccessEdgeConfiguration -UseDnsSrvRouting -AllowOutsideUsers 1 -AllowFederatedUsers 1 -EnablePartnerDiscovery 1
Step 3. Federate with Office 365, if you already have Lync Online configured as an existing hosting provider run the following cmdlet:
Set-CsHostingProvider -Identity LyncOnline -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root
If Lync Online is not configured as an existing hosting provider run this cmdlet instead:
New-CSHostingProvider -Identity LyncOnline -ProxyFqdn “sipfed.online.lync.com” -Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root
This is effectively where the magic happens, note the new “EnableSharedAddressSpace” switch this is utilised specifically for split-domain capability within Office 365.
Step 4. Enable your Office 365 tenancy for split-domain, unfortunately this is the painful part whereby I can’t provide any magic PowerShell. Alas at time of writing this means a calling into Office 365 technical support, in my case it was reasonably straight forward and this process was complete within 24hrs. Note: Once this is complete Lync-to-Phone is no longer available, this is a shame in my opinion and I hope to see this change.
Step 5. Move your “chosen” Lync users into Lync Online, once your tenancy is enabled you can complete your mission and move users. To make this happen you’ll need to enable PowerShell connectivity for Office 365, this is achieved by installing the Microsoft Online Services Sign-In Assistant (Download: here) – in my case I installed this on my Lync Front End.
Next input your Office 365 administrator credentials by running the following cmdlet within the Lync Server Management Shell
$creds=Get-Credential
Before you can move your chosen user you’ll need to locate your hosted migration service URL, this can be achieved by logging into the Office 365 portal and then accessing the Lync Administration Center. Within the address bar you’ll notice your admin URL (see mine below)
This URL should be appended with:
/HostedMigration/hostedmigrationservice.svc
The resulting URL would therefore in my case be:
https://admin0a.online.lync.com/HostedMigration/hostedmigrationservice.svc
So to move your user the complete command would be: (substituting the SIP URI for the on-premises Lync user you would wish to move)
Move-CsUser -Identity <sipuri@fqdn.com> -Target sipfed.online.lync.com -Credential $creds -HostedMigrationOverrideUrl https://admin0a.online.lync.com/HostedMigration/hostedmigrationservice.svc
To verify the move was successful, run the following cmdlet:
Get-CsUser -Identity sipuri@fqdn.com
The hosting provider should be as follows:
The other (and more gratifying) way of validating a successful move would be via the Lync Online Administration Center.
Once you’ve successfully registered your Lync client with Office 365 you can also (by referring to the previous guide) register your Lync Phone Edition handset. In my next article I’ll focus on Hybrid Exchange and Lync Phone Edition – stay tuned!
Thanks for the great post- very informative! I don’t see my first post so I’m re-posting my question. We would like to move to a hybrid Lync 2013 split-domain configuration so we can maintain the 365 Lync accounts but use a local SIP gateway to make and receive phone calls. Is this option that is not available once the Office 365 tenancy for split-domain is enabled?
Hi David,
This functionality has recently been deprecated by Microsoft, for more information on this see here
– Adam
With remote Powershell access to your O365 tenant, you can enable split-domain for SIP.
Follow this article to connect to Lync Online remote powershell: http://technet.microsoft.com/en-us/library/dn362795.aspx
Then, run this powershell command: Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true
Use Get-CsTenantFederationConfiguration to view the setting in your tenant. FYI…it took about 30 minutes for the change to fully populate, before I could move people from our on-premise Lync to Lync Online.
It took me hours to find this missing piece of the puzzle. I hope this helps someone else!
Thanks for the great post – I am able migrate user easily with help of this document.
Thanks, you’re DNS SRV records should all point to the on-premises instance of Lync. This will in turn re-direct Lync accounts to Office 365 (where homed within Lync Online).
– Adam
Thanks adam.. it wasn’t working when I did yesterday, henced asked the Qn. But was just a matter of time – too impatient I guess. 🙂
I contacted tech support about enabling split-domain operation and they have absolutely no idea what to do. Can you provide some more information so I can ask more specific questions to point them in the right direction?
You’ve referred to this configuration as “split-domain”?
– Adam