Step-by-step Guide Enabling Split-domain within Office 365 Lync Online

May 10th, 2013 | Tags: , ,

In my previous post I walked through the process of registering a Lync Phone Edition handset directly with Lync Online, I also promised I’d re-visit this and provide a similar walk through for a split domain configuration.

Introduction to “Split-domain”

Prior to the Wave 15 Office 365 the only option for Lync split tenancy would be the process of deploying Lync on-premises and Federating with Lync Online, there was/is a drawback with the approach. Namely your on-prem Lync accounts are utilising a SIP namespace that is say fabrikam.com and the hosted instance is say contoso.com, directories are also inconsistent and needless to say you end up with a fairly disjointed experience.

Split domain support within the Lync 2013 Edge Server (and respectively Lync Online 2013) delivers a more joined up experience whereby both on-premises users and users homed within Lync Online share the same SIP namespace (see illustration below)

 Split-Domain

This illustrates a Lync Online user hosted within Office 365 (connecting over the Internet) and an on-premises homed user registering either via the Internet (over the Lync 2013 Edge) or internally via the Lync Front End (Microsoft support either Lync 2010 or 2013 Front End Servers, but the Edge can be must be 2013-based Correction: Lync 2013 or Lync 2010 Edge Servers are supported, for 2010 Edge the February CU must be applied and Lync 2013 administrative tools must be deployed, more information on this here). In both instances the users share the contoso.com SIP namespace.

Split-domain Deployment

Microsoft’s TechNet documentation is obviously always a good place to start, but I decided that there would be value in adding some more detail to the process. Also at time of writing there are some minor typos within the PowerShell commands – I’ve informed Microsoft that this needs updating.

First up you need to configure your Office 365 tenancy for ADFS, I won’t cover this process here but there are some great guides/blog posts on this from other MVPs (one I’d recommend from Tim Harrington here). I will however say that this process has become a lot more streamlined within Windows Server 2012, so I’d recommend (where possible) the deployment of both the ADFS (a service that can be added via 2012 Server Manager) and Windows Azure Active Directory Sync Tool (often referred to as “DirSync”) on this platform versus Windows Server 2008.

Also not that the appropriate Office 365 plan is required for split-domain support and ADFS, at time of writing Lync Plan 3 incorporates this capability (alternatively you can purchase an E3 which also includes Lync Plan 3). One last note, if your tenancy has not been upgraded to Wave 15 (2013) you’ll need to hang fire – most at time of writing would have already been migrated.

Once your domain is authorised for use with Office 365 and ADFS is configured you can start the split-domain configuration.

Step 1. Enable Federation within your Office 365 tenancy (naturally you’ll need to be an admin to do this). Within Lync Administration, Organisation and External Communications

splitdomain-step01

Now is also a good time to activate/license the users you wish to move into Lync Online

Step 2. Configure your Lync 2013 Edge Server for Federation, the following cmdlet should be executed via you Front End: (if not already enabled which may be the case is Remote Worker/Federation is already deployed)

Set-CsAccessEdgeConfiguration -UseDnsSrvRouting -AllowOutsideUsers 1 -AllowFederatedUsers 1 -EnablePartnerDiscovery 1

Step 3. Federate with Office 365, if you already have Lync Online configured as an existing hosting provider run the following cmdlet:

Set-CsHostingProvider -Identity LyncOnline -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

If Lync Online is not configured as an existing hosting provider run this cmdlet instead:

New-CSHostingProvider -Identity LyncOnline -ProxyFqdn “sipfed.online.lync.com” -Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

This is effectively where the magic happens, note the new “EnableSharedAddressSpace” switch this is utilised specifically for split-domain capability within Office 365.

Step 4. Enable your Office 365 tenancy for split-domain, unfortunately this is the painful part whereby I can’t provide any magic PowerShell. Alas at time of writing this means a calling into Office 365 technical support, in my case it was reasonably straight forward and this process was complete within 24hrs. Note: Once this is complete Lync-to-Phone is no longer available, this is a shame in my opinion and I hope to see this change.

splitdomain-step04

Step 5. Move your “chosen” Lync users into Lync Online, once your tenancy is enabled you can complete your mission and move users. To make this happen you’ll need to enable PowerShell connectivity for Office 365, this is achieved by installing the Microsoft Online Services Sign-In Assistant (Download: here) – in my case I installed this on my Lync Front End.

Next input your Office 365 administrator credentials by running the following cmdlet within the Lync Server Management Shell

$creds=Get-Credential

Before you can move your chosen user you’ll need to locate your hosted migration service URL, this can be achieved by logging into the Office 365 portal and then accessing the Lync Administration Center. Within the address bar you’ll notice your admin URL (see mine below)

splitdomain-step05

This URL should be appended with:

/HostedMigration/hostedmigrationservice.svc

The resulting URL would therefore in my case be:

https://admin0a.online.lync.com/HostedMigration/hostedmigrationservice.svc

So to move your user the complete command would be: (substituting the SIP URI for the on-premises Lync user you would wish to move)

Move-CsUser -Identity <sipuri@fqdn.com> -Target sipfed.online.lync.com -Credential $creds -HostedMigrationOverrideUrl https://admin0a.online.lync.com/HostedMigration/hostedmigrationservice.svc

To verify the move was successful, run the following cmdlet:

Get-CsUser -Identity sipuri@fqdn.com

The hosting provider should be as follows:

splitdomain-step05b

The other (and more gratifying) way of validating a successful move would be via the Lync Online Administration Center.

Once you’ve successfully registered your Lync client with Office 365 you can also (by referring to the previous guide) register your Lync Phone Edition handset. In my next article I’ll focus on Hybrid Exchange and Lync Phone Edition – stay tuned!