Вы находитесь на странице: 1из 267

Microsoft Lync Server 2010 Administration Guide

Microsoft Lync Server 2010


Published: December 2011

This document is provided as-is. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. Copyright 2011 Microsoft Corporation. All rights reserved.

Contents
Lync Server Administrative Tools.................................................................................................1 Administrative Tools Infrastructure Requirements....................................................................2 Requirements to Publish a Topology.....................................................................................3 Planning for Simple URLs.....................................................................................................4 DNS Requirements for Simple URLs....................................................................................7 Edit or Configure Simple URLs.............................................................................................9 Server and Tools Operating System Support.........................................................................15 Administrative Tools Software Requirements.........................................................................17 Administrator Rights and Permissions Required for Setup and Administration......................18 Requirements to Publish a Topology......................................................................................21 Install Lync Server Administrative Tools.................................................................................22 Open Lync Server Administrative Tools..................................................................................23 Lync Server Control Panel.........................................................................................................26 Managing Users.....................................................................................................................27 Search for Lync Server 2010 Users....................................................................................28 Add a New User to Lync Server 2010.................................................................................28 Enable or Disable Users for Lync Server 2010...................................................................29 Set, View, and Send a User's Dial-in Conferencing PIN.....................................................30 Move Users to Another Pool...............................................................................................32 Assign Policies to Users.....................................................................................................34 Assign a Conferencing Policy to Modify a User's Default Meeting Experience................35 Specify Client Versions Supported for Sign-in by a User.................................................36 Assign Specific Dial-in Conferencing PIN Security Settings to a User.............................38 Apply External User Access Policies to Users.................................................................39 Configure Archiving of a User's Communications............................................................40 Assign a Location Policy to a User..................................................................................41 Presence Policy Settings.................................................................................................44 Enable Users for Enterprise Voice......................................................................................46 Configure Telephony for Users............................................................................................48 Managing Computers in Your Topology..................................................................................49 View a List of Computers Running Lync Server 2010.........................................................50 View the Status of Services Running on a Computer..........................................................50 View Details About a Service..............................................................................................51 Start or Stop Lync Server 2010 Services............................................................................51 Prevent Sessions for Services............................................................................................52 View Microsoft SIP Processing Language (MSPL) Server Applications..............................53 Enable or Disable a Microsoft SIP Processing Language (MSPL) Server Application........55 Mark a Microsoft SIP Processing Language (MSPL) Application as Critical or Not Critical.55 View a List of Trusted Applications......................................................................................56 View the Simple URL Details..............................................................................................57 Filtering Instant Messages and Client Versions......................................................................57 Configuring Filtering for Instant Messaging (IM).................................................................57

Modify the Default File Transfer Filter..............................................................................61 Create a New File Transfer Filter for a Specific Site........................................................62 Modify the Default URL Filter...........................................................................................62 Create a New URL Filter to Handle Hyperlinks in IM Conversations...............................63 Specify Client Versions Supported for Sign-in by a User....................................................64 Configuring Voice Routing......................................................................................................65 Configuring Dial Plans and Normalization Rules.................................................................66 Create a Dial Plan...........................................................................................................66 Modify a Dial Plan............................................................................................................68 Defining Normalization Rules..........................................................................................70 Create or Modify a Normalization Rule by Using Build a Normalization Rule..................71 Create or Modify a Normalization Rule Manually.............................................................73 Configuring Voice Policies, PSTN Usage Records, and Voice Routes...............................74 Configuring Voice Policies and PSTN Usage Records to Authorize Calling Features and Privileges......................................................................................................................74 Create a Voice Policy and Configure PSTN Usage Records...........................................75 Modify a Voice Policy and Configure PSTN Usage Records...........................................78 View PSTN Usage Records.............................................................................................81 Configuring Voice Routes for Outbound Calls.................................................................81 Create a Voice Route.......................................................................................................82 Modify a Voice Route.......................................................................................................83 Configuring Trunks and Translation Rules..........................................................................87 Configure Media Bypass on a Trunk................................................................................87 Configure a Trunk Without Media Bypass........................................................................90 Defining Translation Rules...............................................................................................92 Create or Modify a Translation Rule by Using the Build a Translation Rule Tool.............92 Create or Modify a Translation Rule Manually.................................................................94 Exporting and Importing Voice Routing Configuration.........................................................95 Export a Voice Route Configuration File..........................................................................95 Import a Voice Route Configuration File..........................................................................96 Test Voice Routing..............................................................................................................96 Create a Voice Routing Test Case...................................................................................97 Export Voice Routing Test Cases.....................................................................................98 Import Voice Routing Test Cases.....................................................................................99 Running Voice Routing Tests...........................................................................................99 Run Informal Voice Routing Tests....................................................................................99 Run Voice Routing Test Cases......................................................................................101 Publish Pending Changes to the Voice Routing Configuration..........................................103 Configuring Incoming Call Handling Features......................................................................104 Managing Response Groups................................................................................................104 Managing Agent Groups...................................................................................................104 Create an Agent Group..................................................................................................105 Change Agent Group Settings or Members...................................................................107 Delete an Agent Group..................................................................................................110 Managing Response Group Queues.................................................................................110 Create a Response Group Queue.................................................................................110

Change a Response Group Queue................................................................................112 Delete a Response Group Queue..................................................................................114 Managing Response Group Workflows.............................................................................114 Response Group Configuration Tool Requirements.......................................................115 Response Group Audio File Requirements....................................................................115 Design Call Flows by Using Interactive Voice Response...............................................116 (Optional) Define Response Group Business Hours and Holidays................................118 Create a Response Group Workflow.............................................................................122 Create a Hunt Group Workflow......................................................................................122 Create an Interactive Workflow......................................................................................127 Change a Response Group Workflow...........................................................................133 Change a Hunt Group Workflow....................................................................................133 Change an Interactive Workflow....................................................................................137 Delete a Response Group Workflow..............................................................................143 Managing On-Premises Meetings........................................................................................144 Configuring Conferencing Settings...................................................................................144 Modify the Default Conferencing User Experience........................................................144 Create or Modify Conferencing User Experience for a Site or Group of Users..............147 Conferencing Policy Settings Reference.......................................................................149 Delete a Conferencing Policy for a Site or Group of Users............................................151 Configuring the Meeting Join Experience.........................................................................152 Modify the Default Meeting Join Experience..................................................................152 Create or Modify Meeting Join Settings for a Site or Pool.............................................153 Delete Meeting Join Settings for a Site or Pool.............................................................154 Configure Settings for a Dial-in Conferencing Access Number.........................................155 Create or Modify a Dial-in Conferencing Access Number..............................................155 Delete a Dial-in Conferencing Access Number..............................................................157 Configure Dial-in Conferencing Personal Identification Number (PIN) Rules....................158 Modify the Default Dial-in Conferencing PIN Settings....................................................158 Create or Modify Dial-in Conferencing PIN Settings for a Site or Group of Users.........159 Delete Dial-in Conferencing PIN Settings for a Site or Group of Users.........................161 Configuring Support for Clients and Devices........................................................................161 Specify the Client Versions Supported in Your Organization.............................................162 View the Status of Services Running on a Computer........................................................164 Modify the Default Action for Clients Not Explicitly Supported or Restricted.....................164 View Software Updates for Devices in Your Organization.................................................165 Add a Device to Test Update Functionality........................................................................166 Modify Settings for Log Files of Device Update Activity....................................................167 Configure Security Settings for Lync 2010 Phone Edition.................................................168 Configure Voice Quality of Service for Lync 2010 Phone Edition......................................168 Configure Phone Lock for Lync 2010 Phone Edition.........................................................168 Managing External Connectivity...........................................................................................169 Enable or Disable External User Access for Your Organization........................................171 Enable or Disable Remote User Access for Your Organization.....................................171 Enable or Disable Federation for Your Organization......................................................172 Enable or Disable Anonymous User Access for Your Organization...............................174

Manage Communications with External Users..................................................................175 Manage Remote User Access.......................................................................................176 Manage Federated Partner Access...............................................................................178 Configure Policies to Control Federated User Access...................................................178 Enable or Disable Discovery of Federation Partners.....................................................180 Control Access by Individual Federated Domains.........................................................180 Enable or Disable Sending an Archiving Disclaimer to Federated Partners..................182 Manage IM Provider Support.........................................................................................183 Configure Policies to Control Access by Users of IM Service Providers........................183 Specify Supported IM Service Providers.......................................................................185 Configure Conferencing Policies to Support Anonymous Users....................................188 Apply Policies for External User Access to Users..........................................................189 Apply External User Access Policies to Users...............................................................189 Apply Conferencing Policies to Support Anonymous Users...........................................190 Reset or Delete External User Access Policies.............................................................191 Delete a Site or User Policy for External User Access...................................................191 Reset the Global Policy for External User Access.........................................................192 Managing Monitoring............................................................................................................192 Create a Site Policy for Call Detail Recording...................................................................192 Create a Site Policy for Quality of Experience..................................................................193 Enable Call Detail Recording............................................................................................194 Enable Quality of Experience............................................................................................194 Configure Call Detail Recording........................................................................................195 Configure Quality of Experience.......................................................................................196 Delete a Site Policy for Call Detail Recording...................................................................197 Delete a Site Policy for Quality of Experience...................................................................197 Managing Archiving..............................................................................................................197 Configuring Support for Archiving of Internal and External Communications....................198 Change the Global Policy for Archiving of Internal and External Communications........199 Create a Site Policy for Archiving..................................................................................199 Enable or Disable Archiving for a Site............................................................................200 Create a User Policy for Archiving.................................................................................201 Enable or Disable Archiving for Users...........................................................................202 Delete an Archiving Policy.............................................................................................203 Apply an Archiving Policy to a User or User Group.......................................................204 Enable or Disable Archiving..............................................................................................204 Specify the Types of Communications To Be Archived.....................................................205 Enable or Disable Purging for Archiving............................................................................206 Block or Allow IM and Web Conferencing Sessions If Archiving Fails...............................207 Enable or Disable Sending an Archiving Disclaimer to Federated Partners......................207 Configuring Security.............................................................................................................208 Create a New Registrar....................................................................................................209 Modify an Existing Registrar.............................................................................................210 Delete a Registrar.............................................................................................................211 Create a New Web Service...............................................................................................211 Modify an Existing Web Service........................................................................................212

Delete a Web Service.......................................................................................................213 Create a New PIN Policy...................................................................................................213 Modify an Existing PIN Policy...........................................................................................214 Delete a PIN Policy...........................................................................................................215 Configuring Your Network.....................................................................................................216 Enabling Call Admission Control.......................................................................................216 Enabling Media Bypass....................................................................................................217 Configuring Location Policy...............................................................................................219 Configuring Bandwidth Policy Profile................................................................................223 Configuring Network Regions...........................................................................................225 Configuring Network Sites.................................................................................................227 Configuring Network Subnets...........................................................................................230 Configuring Network Region Links....................................................................................231 Configuring Network Region Routes.................................................................................233 Configuring Network Site Links.........................................................................................235 Change the Web Services URL............................................................................................236 Administering the Address Book Service..............................................................................238 Windows PowerShell Cmdlets for Address Book Services...............................................244 New-CsAddressBookConfiguration for Address Book Management.............................245 Set-CsAddressBookConfiguration for Address Book Management...............................245 Get-CsAddressBookConfiguration for Address Book Management...............................246 Remove-CsAddressBookConfiguration for Address Book Management.......................246 Test-CsAddressBookService for Address Book Management.......................................247 Test-CsAddressBookWebQuery for Address Book Management..................................247 Update-CsAddressBook for Address Book Management..............................................248 New-CsClientPolicy for Address Book Management.....................................................249 Set-CsClientPolicy for Address Book Management.......................................................249 Get-CsService for Address Book Management.............................................................250 New-CsWebServiceConfiguration for Address Book Management...............................252 Get-CsWebServiceConfiguration for Address Book Management.................................252 Set-CsWebServiceConfiguration for Address Book Management.................................253 Remove-CsWebServiceConfiguration for Address Book Management.........................253 Prevent New Connections to Lync Server 2010 for Server Maintenance.............................254 Delegating Control of Microsoft Lync Server 2010...............................................................254 Configure a New Trusted Application Server........................................................................256 Configuring Federation Support for a Lync Online 2010 Customer.........................................256 Prerequisites for Federating with a Lync Online Customer...................................................257 Configure Federation Support for a Lync Online Domain.....................................................258 Configure User Access for Federation with a Lync Online Customer...................................259 Verify Communications with a Lync Online Customer..........................................................259

Lync Server Administrative Tools


This topic describes the administrative tools for Microsoft Lync Server 2010. The administrative tools are installed by default on each Lync Server 2010 server. Additionally, you can install the administrative tools on other computers, such as dedicated administrative consoles. For procedures to install the administrative tools, see Install Lync Server Administrative Tools. For procedures to open the tools to perform management tasks, see Open Lync Server Administrative Tools. Ensure that you review infrastructure, operating system, software, and administrator rights requirements before you install or use the Lync Server administrative tools. For details about infrastructure requirements, see Administrative Tools Infrastructure Requirements. For details about operating system and software requirements to install the Lync Server 2010 administrative tools, see Server and Tools Operating System Support, Additional Software Requirements, and Additional Server Support and Requirements. The user rights and permissions required to install and use the tools are described in Administrator Rights and Permissions Required for Setup and Administration. The administrative tools consist of the following: Lync Server Deployment Wizard Use to deploy Lync Server 2010 and to install all administrative tools. Lync Server Topology Builder Use to define components in your deployment. Lync Server Control Panel Use for ongoing management of your deployment by using a web-based interface. Lync Server Management Shell Use for ongoing management of your deployment by using the command line. Lync Server Logging tool Use to troubleshoot problems in your deployment. You can manage your deployment by primarily using Topology Builder and Lync Server Control Panel.

Deployment Wizard
You must use the Lync Server Deployment Wizard included on the installation media to install all administrative tools onto a computer on which you have not already installed Lync Server. During the administrative tools installation process, the Lync Server Deployment Wizard is installed locally along with the other tools so that you can later use it to install files for additional components or remove files for components that you do not want on the computer. For details about how to run the Lync Server Deployment Wizard for the first time from the Lync Server 2010 installation media, see Install Lync Server Administrative Tools.

Topology Builder
For details about deployment tasks that you can you perform by using Topology Builder, see the Deployment documentation for each server role.

Microsoft Lync Server 2010 Administration Guide

Lync Server Control Panel


You can use Lync Server 2010 Control Panel to perform most of the administrative tasks required to manage and maintain Lync Server 2010.For details about administrative tasks you can perform by using Lync Server 2010 Control Panel, see Lync Server Control Panel.

Lync Server Management Shell


In Lync Server 2010, the Lync Server Management Shell provides a new method for administration and management. Lync Server Management Shell is a powerful management interface, built on the Windows PowerShell command-line interface, that includes a comprehensive set of cmdlets that are specific to Lync Server 2010. With Lync Server Management Shell, you gain a rich set of configuration and automation controls. Topology Builder and Lync Server Control Panel both implement subsets of these cmdlets to support management of Lync Server 2010. The Lync Server Management Shell includes cmdlets for all Lync Server 2010 administration tasks, and you can use the cmdlets individually to manage your deployment. For details, see Lync Server Management Shell documentation or the command-line help for each cmdlet.

Logging Tool
The Lync Server Logging Tool facilitates troubleshooting by capturing logging and tracing information from the product while the product is running. You can use the tool to run debug sessions on any Lync Server server role. For details about the Logging Tool, see the Lync Server 2010 Logging Tool documentation on the TechNet Library at http://go.microsoft.com/fwlink/? LinkId=199265.

In This Section
Administrative Tools Infrastructure Requirements Server and Tools Operating System Support Administrative Tools Software Requirements Administrator Rights and Permissions Required for Setup and Administration Requirements to Publish a Topology Install Lync Server Administrative Tools Open Lync Server Administrative Tools

See Also Lync Server Control Panel Lync Server Management Shell

Administrative Tools Infrastructure Requirements


There are no additional infrastructure requirements for you to install Microsoft Lync Server 2010 administrative tools or perform most management tasks using these tools. For infrastructure requirements for specific scenarios, see the topics in this section.

Microsoft Lync Server 2010 Administration Guide

In This Section
Requirements to Publish a Topology Planning for Simple URLs DNS Requirements for Simple URLs Edit or Configure Simple URLs

Related Sections
Lync Server Control Panel Lync Server Management Shell

See Also Administrative Tools Software Requirements Administrator Rights and Permissions Required for Setup and Administration Install Lync Server Administrative Tools

Requirements to Publish a Topology


This topic describes the infrastructure and software requirements that are specific to publishing a topology, whether by using Topology Builder or the Lync Server Management Shell command-line interface. These requirements are in addition to the general operating system, software, and permissions requirements applicable to all Microsoft Lync Server 2010 administrative tools. Ensure that you satisfy all administrative tools requirements before you publish a topology. You must run Topology Builder on a computer that is joined to the same domain or forest of the Lync Server 2010 deployment you are creating so that Active Directory Domain Services (AD DS) preparation steps are already completed, enabling you to use the administrative tools on that computer to successfully publish your topology. Note: For details about preparing AD DS, see Preparing Active Directory Domain Services for Lync Server 2010 in the Deployment documentation. The computers defined in the topology must be joined to the domain, except for Edge Servers, and in AD DS. However, the computers do not need to be online when you publish the topology. The file share for the pool must be created and available to remote users. In order to publish an Enterprise Edition Front End pool, the SQL Server-based Back End Server must be joined to the domain in which you are deploying the servers, online, and configured with the appropriate firewall rules to make it available to remote users. For details about specifying firewall exceptions, see Understanding Firewall Requirements for SQL Server. For other details about configuring SQL Server, see Configure SQL Server for Lync Server 2010.

Microsoft Lync Server 2010 Administration Guide

Note: Standard Edition server has a collocated database that will accept the published configuration. You must first run the Prepare first Standard Edition server setup task in the Lync Server Deployment Wizard. If you run Topology Builder on a computer where you plan to later install Lync Server, then you must install the Microsoft SQL Server 2005 backward compatibility components by running the first setup task in the Lync Server Deployment Wizard before you publish the topology. For details, see Install the Local Configuration Store or Install the Standard Edition Local Configuration Store. Note: You do not need the Microsoft SQL Server 2005 backward compatibility components to publish the topology if you run Topology Builder on a dedicated administrative console or if you run Topology Builder on a computer where Lync Server is already installed. (Lync Server setup automatically installs the backward compatibility components along with other component files required by Lync Server.) See Also Publish the Topology Administrative Tools Software Requirements Server and Tools Operating System Support Administrator Rights and Permissions Required for Setup and Administration Delegate Setup Permissions

Planning for Simple URLs


Simple URLs make joining meetings easier for your users, and make getting to Microsoft Lync Server 2010 administrative tools easier for your administrators. Microsoft Lync Server 2010 communications software supports three simple URLs: Meet is used as the base URL for all conferences in the site or organization. An example of a Meet simple URL is https://meet.contoso.com. A particular meeting URL might be https://meet.contoso.com/username/7322994. With the Meet simple URL, links to join meetings are easy to comprehend, and easy to communicate and distribute. Dial-in enables access to the Dial-in Conferencing Settings webpage. This page displays conference dial-in numbers with their available languages, assigned conference information (that is, for meetings that do not need to be scheduled), and in-conference DTMF controls, and supports management of personal identification number (PIN) and assigned conferencing information. The Dial-in simple URL is included in all meeting invitations so that users who want to dial in to the meeting can access the necessary phone number and PIN information. An example of the Dial-in simple URL is https://dialin.contoso.com. Admin enables quick access to the Microsoft Lync Server 2010 Control Panel. From any computer within your organizations firewalls, an admin can open the Lync Server 2010 Control Panel by typing the Admin simple URL into a browser. The Admin simple URL is

Microsoft Lync Server 2010 Administration Guide

internal to your organization. An example of the Admin simple URL is https://admin.contoso.com Simple URL Scope You can configure your simple URLs to have global scope, or you can specify different simple URLs for each central site in your organization. If both a global simple URL and a site simple URL are specified, the site simple URL has precedence. In most cases, we recommend that you set simple URLs only at the global level, so that a users Meet simple URL does not change if they move from one site to another. The exception would be organizations that need to use different telephone numbers for dial-in users at different sites. Note that if you set a one simple URL (such as the Dial-in simple URL) at a site to be a site-level simple URL, you must also set the other simple URLs at that site to be site-level as well. You can set global simple URLs in Topology Builder. To set a simple URL at the site level, you must use the Set-CsSimpleURLConfiguration cmdlet. Naming Your Simple URLs There are three recommended options for naming your simple URLs. Which option you choose has implications for how you set up your DNS A records and certificates which support simple URLs. In each option, you must configure one Meet simple URL for each SIP domain in your organization. You always need just one simple URL in your whole organization for Dial-in, and one for Admin, no matter how many SIP domains you have. For details about the necessary DNS A records and certificates, see DNS Requirements for Simple URLs and Certificate Requirements for Internal Servers in the Planning documentation. In Option 1, you create a new SIP domain name for each simple URL. If you use this option, you need a separate DNS A record for each simple URL, and each Meet simple URL must be named in your certificates. Simple URL Naming Option 1 Simple URL Meet Example https://meet.contoso.com, https://meet.fabrikam.com, and so on (one for each SIP domain in your organization) https://dialin.contoso.com https://admin.contoso.com

Dial-in Admin

With Option 2, simple URLs are based on the domain name lync.contoso.com. Therefore, you need only one DNS A record which enables all three types of simple URLs. This DNS A record references lync.contoso.com. Additionally, you still need separate DNS A records for other SIP domains in your organization. Simple URL Naming Option 2 Simple URL Example

Microsoft Lync Server 2010 Administration Guide

Meet

https://lync.contoso.com/Meet, https://lync.fabrikam.com/Meet, and so on (one for each SIP domain in your organization) https://lync.contoso.com/Dialin https://lync.contoso.com/Admin

Dial-in Admin

Option 3 is most useful if you have many SIP domains, and you want them to have separate Meet simple URLs but want to minimize the DNS record and certificate requirements for these simple URLs. Simple URL Naming Option 3 Simple URL Meet Example https://lync.contoso.com/contosoSIPdomain/Meet https://lync.contoso.com/fabrikamSIPdomain/Meet Dial-in Admin Simple URL Naming and Validation Rules Topology Builder and the Lync Server Management Shell cmdlets enforce several validation rules for your simple URLs. You are required to set simple URLs for Meet and Dialin, but setting one for Admin is optional. Each SIP domain must have a separate Meet simple URL, but you need only one Dialin simple URL and one Admin simple URL for your whole organization. Each simple URL in your organization must have a unique name, and cannot be a prefix of another simple URL (for example, you could not set lync.contoso.com/Meet as your Meet simple URL and lync/contoso.com/Meet/Dialin as your Dialin simple URL). Simple URL names cannot contain the FQDN of any of your pools, or any port information (for example, https://FQDN:88/meet is not allowed). All simple URLs must start with the https:// prefix. Simple URLs can contain only alphanumeric characters (that is, a-z, A-Z, 0-9, and the period (.). If you use other characters, the simple URLs might not work as expected. Changing Simple URLs after Deployment If you change a simple URL after initial deployment, you must be aware of what changes impact your DNS records and certificates for simple URLs. If the change impacts the base of a simple URL, then you must change the DNS records and certificates as well. For example, changing from https://lync.contoso.com/Meet to https://meet.contoso.com changes the base URL from lync.contoso.com to meet.contoso.com, so you would need to change the DNS records and certificates to refer to meet.contoso.com. If you changed the simple URL from https://lync.contoso.com/Meet to https://lync.contoso.com/Meetings, the base URL of lync.contoso.com stays the same, so no DNS or certificate changes are needed. Whenever you change a simple URL name, however, you must run Enable-CsComputer on each Director and Front End Server to register the change. https://lync.contoso.com/Dialin https://lync.contoso.com/Admin

Microsoft Lync Server 2010 Administration Guide

See Also DNS Requirements for Simple URLs

DNS Requirements for Simple URLs


Microsoft Lync Server 2010 introduces simple URLs, which make joining meetings easier for your users, and make getting to Microsoft Lync Server 2010 administrative tools easier for your administrators. For details about simple URLs, see Planning for Simple URLs. Lync Server 2010 supports the following three simple URLs: Meet, Dial-In, and Admin. You are required to set up simple URLs for Meet and Dial-In, and the Admin simple URL is optional. The Domain Name System (DNS) records that you need to support simple URLs depend on how you have defined these simple URLs. There are three different ways you can define the URLs. Simple URL Option 1 In Option 1, you create a new base URL for each simple URL. Note: When a user clicks a simple URL meeting link, the server that the DNS A record resolves to determines the correct client software to start. After the client software is started, it automatically communicates with the pool where the conference is hosted. This way, users are directed to the appropriate server for meeting content no matter which server or pool the simple URL DNS A records resolve to. Simple URL Option 1 Simple URL Meet Example https://meet.contoso.com, https://meet.fabrikam.com, and so on (one for each SIP domain in your organization) https://dialin.contoso.com https://admin.contoso.com

Dial-in Admin

If you use Option 1, you must define the following: For each Meet simple URL, you need a DNS A record that resolves the URL to the IP address of the Director, if you have one deployed. Otherwise, it should resolve to the IP address of the load balancer of a Front End pool. If you have not deployed a pool and are using a Standard Edition server deployment, the DNS A record must resolve to the IP address of one Standard Edition server in your organization. If you have more than one SIP domain in your organization and you use this option, you must create Meet simple URLs for each SIP domain and you need a DNS A record for each Meet simple URL. For example, if you have both contoso.com and fabrikam.com, you will create DNS A records for both https://meet.contoso.com and https://meet.fabrikam.com. Alternatively, if you have multiple SIP domains and you want to minimize the DNS record and certificate requirements for these simple URLs, use Option 3 as described later in this topic.

Microsoft Lync Server 2010 Administration Guide

For the Dial-in simple URL, you need a DNS A record that resolves the URL to the IP address of the Director, if you have one deployed. Otherwise, it should resolve to the IP address of the load balancer of a Front End pool. If you have not deployed a pool and are using a Standard Edition server deployment, the DNS A record must resolve to the IP address of one Standard Edition server in your organization. The Admin simple URL is internal only. It requires a DNS A record that resolves the URL to the IP address of the Director, if you have one deployed. Otherwise, it should resolve to the IP address of the load balancer of a Front End pool. If you have not deployed a pool and are using a Standard Edition server deployment, the DNS A record must resolve to the IP address of one Standard Edition server in your organization. Simple URL Option 2 With Option 2, the Meet, Dial-in, and Admin simple URLs all have a common base URL, such as lync.contoso.com. Therefore, you need only one DNS A record for these simple URLs, which resolves lync.contoso.com to the IP address of a Director pool or Front End pool. If you have not deployed a pool and are using a Standard Edition server deployment, the DNS A record must resolve to the IP address of one Standard Edition server in your organization. Note that if you have more than one SIP domain in your organization, you must still create Meet simple URLs for each SIP domain and you need a DNS A record for each Meet simple URL. In this example, while three simple URLs are all based on lync.contoso.com, an additional Meet simple URL for fabrikam.com is set up with a different base URL. In this example, you must create DNS A records for both https://lync.contoso.com and https://lync.fabrikam.com. Simple URL Option 3 shows another way to handle naming and DNS A records if you have multiple SIP domains. Simple URL Option 2 Simple URL Meet Example https://lync.contoso.com/Meet, https://lync.fabrikam.com/Meet, and so on (one for each SIP domain in your organization) https://lync.contoso.com/Dialin https://lync.contoso.com/Admin

Dial-in Admin

Simple URL Option 3 Option 3 is most useful if you have many SIP domains, and you want them to have separate simple URLs but want to minimize the DNS record and certificate requirements for these simple URLs. In this example, you need only one DNS A record, which resolves lync.contoso.com to the IP address of a Director pool or Front End pool. Simple URL Option 3 Simple URL Meet Example https://lync.contoso.com/contosoSIPdomain/Meet

Microsoft Lync Server 2010 Administration Guide

https://lync.contoso.com/fabrikamSIPdomain/Meet Dial-in https://lync.contoso.com/contosoSIPdomain/Dialin https://lync.contoso.com/fabrikamSIPdomain/Dialin Admin https://lync.contoso.com/contosoSIPdomain/Admin https://lync.contoso.com/fabrikamSIPdomain/Admin

Edit or Configure Simple URLs


This procedure does not require membership in a local administrator or privileged domain group. You should log on to a computer as a standard user. Microsoft Lync Server 2010 uses simple URLs to direct internal and external calls to services on the Front End Server or on the Director, if one has been deployed. The three simple URLs that can be created are: Meet Connects users to the conferencing services Dialin Provides access for users to use dial-in conferencing

Admin Optional URL that connects a user, typically an administrator for the Lync Server 2010 system, to Microsoft Lync Server 2010 Control Panel. There are options to the format that you can define simple URLs. For details about these options, see DNS Requirements for Simple URLs in the Planning documentation. A brief summary of the three simple URL formats discussed are shown for reference here:
Simple URL Examples

Meet Meet Meet Dial-in Dial-in Dial-in Admin Admin Admin Admin

https://meet.contoso.com https://lync.contoso.com/Meet https://lync.contoso.com/contosoSIPdomain/Meet https://dialin.contoso.com https://lync.contoso.com/Dialin https://lync.contoso.com/contosoSIPdomain/Dialin https://admin https://admin.contoso.com https://lync.contoso.com/Admin https://lync.contoso.com/contosoSIPdomain/Admin

By default, simple URLs will be configured in the form of (for example, the dial-in simple URL): https://dialin.<SIP Domain>

Microsoft Lync Server 2010 Administration Guide

Warning: Simple URLs can contain only English alphanumeric characters (including AZ, az, 09, and hyphens (-)). Do not use Unicode characters or underscores. Nonstandard characters in an FQDN are often not supported by external DNS and public certification authorities (CAs). To configure simple URLs 1. In Topology Builder, right-click the Lync Server 2010 node, and then click Edit Properties.

2. In the Simple URLs pane, select either Phone access URLs: (Dial-in) or Meeting URLs: (Meet) to edit. And then click Edit URL.

10

Microsoft Lync Server 2010 Administration Guide

3. Update the URL to the value you want, and then click OK to save the edited URL. The example shown here has modified the Dial-in URL to https://pool01.contoso.net/dialin.

11

Microsoft Lync Server 2010 Administration Guide

4. Edit the Meet URL by using the same steps, if necessary. To define the optional Admin simple URL 1. In Topology Builder, right-click the Lync Server 2010 node, and then click Edit Properties.

12

Microsoft Lync Server 2010 Administration Guide

2. In the Administrative access URL box, enter the simple URL you want for administrative access to Lync Server 2010 Control Panel, and then click OK. Tip: We recommend using the simplest possible URL for the Admin URL. The simplest option is https://admin.

13

Microsoft Lync Server 2010 Administration Guide

Important: If you change a simple URL after initial deployment, you must be aware of what changes impact your Domain Name System (DNS) records and certificates for simple URLs. If the change impacts the base of a simple URL, then you must change the DNS records and certificates as well. For example, changing from https://lync.contoso.com/Meet to https://meet.contoso.com changes the base URL from lync.contoso.com to meet.contoso.com, so you would need to change the DNS records and certificates to refer to meet.contoso.com. If you changed the simple URL from https://lync.contoso.com/Meet to https://lync.contoso.com/Meetings, the base URL of lync.contoso.com stays the same, so no DNS or certificate changes are needed. Whenever you change a simple URL name, however, you must run the Enable-CsComputer on each Director and Front End Server to register the change. See Also Planning for Simple URLs

14

Microsoft Lync Server 2010 Administration Guide

Server and Tools Operating System Support


All server roles support the same Windows Server operating systems. The required operating system support for other server roles, such as database servers, depends on what software you install on those servers. Microsoft Lync Server 2010 communications software administrative tools are installed by default on the server running Lync Server 2010, but you can install administrative tools separately on other computers running Windows operating systems. For example, you can use a client computer running Windows 7 as an administrative console for planning purposes. Important: Lync Server 2010 is available only in 64-bit, which requires 64-bit hardware and 64-bit editions of Windows Server. Lync Server 2010 is not available in a 32-bit version. This means that all server roles and computers running Lync Server administrative tools run a 64-bit edition operating system.

Operating Systems for Server Roles


Microsoft Lync Server 2010 supports the 64-bit editions of the following operating systems: The Windows Server 2008 R2 Standard operating system (required) or latest service pack (recommended) The Windows Server 2008 R2 Enterprise operating system (required) or latest service pack (recommended) The Windows Server 2008 R2 Datacenter operating system (required) or latest service pack (recommended) The Windows Server 2008 Standard operating system with Service Pack 2 (SP2) (required) or latest service pack (recommended) The Windows Server 2008 Enterprise operating system with SP2 (required) or latest service pack (recommended) The Windows Server 2008 Datacenter operating system with SP2 (required) or latest service pack (recommended) Notes: If you have an existing server running Windows Server 2008 with Service Pack 1 (SP1), you must upgrade it to either Windows Server 2008 SP2 (or latest service pack), or Windows Server 2008 R2 (or latest service pack) before deploying Lync Server 2010. To deploy Lync Server 2010 on a computer that is running either the Windows Server 2008 R2 Datacenter operating system or the Windows Server 2008 Datacenter operating system with Service Pack 2 (SP2) and that is configured for multiple processor groups (dynamic hardware partitioning), you must upgrade Microsoft SQL Server 2008 Express database software, which is installed by default when you install Lync Server 2010, to Microsoft SQL Server 2008 R2 Express. The SQL instance name is RTC for a Standard Edition server back-end database and RTCLocal for the local configuration store (on each server role). A server running Lync Server 2010 Standard Edition has both SQL instances, and each needs to be upgraded separately. Lync Server 2010 is not supported on the following operating systems:

15

Microsoft Lync Server 2010 Administration Guide

The Server Core installation option of Windows Server 2008 R2 or Windows Server 2008

The Windows Web Server 2008 R2 operating system or the Windows Web Server 2008 operating system Windows Server 2008 R2 HPC Edition or Windows Server 2008 HPC Edition

Operating Systems for Other Servers


Operating system support for servers other than those on which you deploy Lync Server 2010 server roles is dependent on the software you plan to install on those servers. For details about requirements for Back End Servers and other database servers, see Database Software and Clustering Support. For details about requirements for reverse proxy servers (for edge deployment), see Internet Information Services (IIS) Support. For details about other software requirements, including infrastructure and virtualization support, see the other topics in the Server Software and Infrastructure Support section.

Additional Operating Systems for Administrative Tools


Lync Server 2010 supports installation of the administrative tools, which includes the Topology Builder, on computers running any of the 64-bit editions of the operating systems supported for deployment of server roles (as described in the previous section). Additionally, you can install administrative tools on the 64-bit editions of the following operating systems: The Windows 7 operating system (required) or latest service pack (recommended) The Windows Vista operating system with SP2 (required) or latest service pack (recommended)

Operating System for the Planning Tool


Lync Server 2010 supports installation of the Planning Tool on computers running any of the following operating systems: The 32-bit version of Windows 7 operating system (required) or latest service pack (recommended) The 64-bit version of Windows 7 operating system (required) or latest service pack (recommended) using the WOW64 x86 emulator The 32-bit edition of Windows Vista with SP2 operating system (required) or latest service pack (recommended) The 64-bit edition of Windows Vista with SP2 operating system (required) or latest service pack (recommended) using the WOW64 x86 emulator The 32-bit edition of Windows XP with SP3 operating system (required) or latest service pack (recommended) The 64-bit edition of Windows XP with SP3 operating system (required) or latest service pack (recommended) using WOW64 x86 The 32-bit edition of Windows Server 2008 operating system (required) or latest service pack (recommended)

16

Microsoft Lync Server 2010 Administration Guide

The 64-bit edition of Windows Server 2008 operating system (required) or latest service pack (recommended) using WOW64 x86 The 64-bit edition of Windows Server 2008 R2 operating system (required) or latest service pack (recommended) using WOW64 x86

Administrative Tools Software Requirements


This topic describes the software required to install and use Microsoft Lync Server 2010 administrative tools in addition to the operating system requirements.

Microsoft .NET Framework 3.5 with Service Pack 1 (SP1)


The 64-bit edition of Microsoft .NET Framework 3.5 with SP1 is required for Microsoft Lync Server 2010. Setup prompts you to install this prerequisite and it automatically installs it if it is not already installed on the computer. .NET Framework 4.0 can be installed on the same computer as well, but does not take the place of .NET Framework 3.5 with SP1, which is the required version for Lync Server 2010. After installing the .NET Framework 3.5 SP1 package, you should immediately install the following updates: Microsoft Knowledge Base article 959209, An update for the .NET Framework Service Pack 1 is available, at http://go.microsoft.com/fwlink/?linkid=197396, which addresses a set of known application compatibility issues. Microsoft Knowledge Base article 967190, Update for .NET Framework 3.5 SP1 (KB967190), at http://go.microsoft.com/fwlink/?linkid=197397, which addresses a file association issue for XPS document types. Microsoft Knowledge Base article 981575, A memory leak occurs in a .NET Framework 2.0-based application that uses the AesCryptoServiceProvider class, at http://go.microsoft.com/fwlink/?linkid=202909. Microsoft Knowledge Base article 974954, FIX: When you run a .NET Framework 2.0based application, a System.AccessViolationException occurs, or a dead-lock occurs on two threads in an application domain, at http://go.microsoft.com/fwlink/?linkid=205337.

Windows Installer Version 4.5


Microsoft Lync Server 2010 uses Windows Installer technology to install, uninstall, and maintain various server roles. Windows Installer version 4.5 is available as a redistributable component for the Windows Server operating system. Download Windows Installer 4.5 from the Microsoft Download Center at http://go.microsoft.com/fwlink/?linkid=197395.

Windows PowerShell 2.0


Windows PowerShell 2.0 command-line interface is automatically installed with the Windows Server 2008 R2 operating system and the Windows 7 operating system. On servers running the Windows Server 2008 SP2 operating system or Windows Vista operating system with Service

17

Microsoft Lync Server 2010 Administration Guide

Pack 2 (SP2), you must install Windows PowerShell 2.0 manually. Before doing so, you must remove any previous versions of Windows PowerShell from the computer. To install Windows PowerShell 2.0, see the Microsoft Knowledge Base article 968929, Windows Management Framework (Windows PowerShell 2.0, WinRM 2.0, and BITS 4.0), at http://go.microsoft.com/fwlink/?linkid=197390.

Microsoft Silverlight 4 browser plug-in


Microsoft Lync Server 2010 Control Panel is a web-based tool and requires that you install Microsoft Silverlight 4 browser plug-in version 4.0.50524.0 or the latest version. When you start Lync Server 2010 Control Panel, if this software is not installed or if an earlier version earlier than 4.0.50524.0 is installed, Lync Server Control Panel prompts you to install the required version. See Also Server and Tools Operating System Support Administrative Tools Infrastructure Requirements Administrator Rights and Permissions Required for Setup and Administration

Administrator Rights and Permissions Required for Setup and Administration


Setup and deployment of Microsoft Lync Server 2010 requires that the person installing and deploying the software be a member of local or domain-level groups. Administrative tools for Lync Server 2010 can require additional permissions.

Group Membership Requirements


The following table summarizes the group or groups that a person should belong to in order to successfully install, manage, and troubleshoot Lync Server 2010.
Lync Server Executable Group Membership Required

Setup.exe Executable that starts the installation of the Lync Server administrative tools.

Member of the Local Administrators group on the computer from which the executable is run. Member of Domain Users group to read information in Active Directory Domain Services (AD DS). This level of permission is required because the automatic installation of required MSI packages on the local computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as the Local Machine hive. Tip: You can also delegate setup permissions to users or groups to whom

18

Microsoft Lync Server 2010 Administration Guide Lync Server Executable Group Membership Required

you do not want to grant membership in the Domain Admins group. For details, see Granting Setup Permissions in the Deployment documentation. Deploy.exe Called by setup.exe, deploy.exe is responsible for the deployment of the software components for the server roles. Member of the Local Administrators group on the computer from which the executable is run. Member of Domain Users group to read information in AD DS. This level of permission is required because the automatic installation of required MSI packages on the local computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as the Local Machine hive. Membership in RtcUniversalReadOnlyAdmins group is necessary to read the Central Management store. Note: If you are running the Windows Vista operating system or Windows 7 operating system, you will be prompted by User Account Control (UAC) to proceed with installation. If you are logged on with a standard user account, you will need someone who is a member of the Local Administrators group to provide credentials when prompted for an account with permissions to install the software. Bootstrapper.exe Called by setup.exe, bootstrapper.exe is responsible for deployment and configuration of server roles. Member of the Local Administrators group on the computer from which the executable is run. Member of Domain Users group to read information in AD DS. This level of permission is required because the automatic installation of required MSI packages on the local computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as the Local Machine hive.

19

Microsoft Lync Server 2010 Administration Guide Lync Server Executable Group Membership Required

OCSLogger.exe Administrative troubleshooting tool for capturing messages on server roles. TopologyBuilder.msc Wizard-driven user interface to create, view, adjust, and validate Lync Server topologies.

Member of the Local Administrators group on the computer from which the executable is run. The executable is manifested as requireAdministrator. Member of the Local Administrators group on the computer from which the executable is run to view the topology. Member of the RTCUniversalServerAdmins group to change configuration settings. Member of the RTCUniversalServerAdmins group and Domain Admins group, or member of the RTCUniversalServerAdmins group (only if the group has been granted delegate setup permissions), to publish the topology. For details about delegating setup permissions to allow members of the RTCUniversalServerAdmins group to publish the topology without being members of the Domain Admins group, see Granting Setup Permissions in the Deployment documentation.

AdminUIHost.exe Web-based graphical user Member of CsAdministrator group or member of interface for managing Lync Server. another role-based access control (RBAC) role to which the specific administrative task is assigned. Microsoft Lync Server 2010 Control Panel implements configuration changes by running Lync Server Management Shell cmdlets. For a list of predefined roles and the cmdlets members are permitted to run, see Role-Based Access Control in the Planning documentation. PowerShell.exe with the Lync Server module loaded Command-line administrative tool with cmdlets specific to management of Lync Server. Member of CsAdministrator group or member of another RBAC role to which the specific cmdlet has been assigned. For a list of predefined roles and the cmdlets members are permitted to run, see Role-Based Access Control in the Planning documentation. Or, member of one or more of the following groups, depending on the cmdlet: RTCUniversalServerAdmins RTCUniversalUserAdmins RTCUniversalReadOnlyAdmins

20

Microsoft Lync Server 2010 Administration Guide

The group memberships in the preceding table represent the minimum memberships. Other memberships which will grant the permissions necessary to initiate the setup and deployment are possible, including membership in the Domain Admins group or Enterprise Admins group. See Also Install Lync Server Administrative Tools

Requirements to Publish a Topology


This topic describes the infrastructure and software requirements that are specific to publishing a topology, whether by using Topology Builder or the Lync Server Management Shell command-line interface. These requirements are in addition to the general operating system, software, and permissions requirements applicable to all Microsoft Lync Server 2010 administrative tools. Ensure that you satisfy all administrative tools requirements before you publish a topology. You must run Topology Builder on a computer that is joined to the same domain or forest of the Lync Server 2010 deployment you are creating so that Active Directory Domain Services (AD DS) preparation steps are already completed, enabling you to use the administrative tools on that computer to successfully publish your topology. Note: For details about preparing AD DS, see Preparing Active Directory Domain Services for Lync Server 2010 in the Deployment documentation. The computers defined in the topology must be joined to the domain, except for Edge Servers, and in AD DS. However, the computers do not need to be online when you publish the topology. The file share for the pool must be created and available to remote users. In order to publish an Enterprise Edition Front End pool, the SQL Server-based Back End Server must be joined to the domain in which you are deploying the servers, online, and configured with the appropriate firewall rules to make it available to remote users. For details about specifying firewall exceptions, see Understanding Firewall Requirements for SQL Server. For other details about configuring SQL Server, see Configure SQL Server for Lync Server 2010. Note: Standard Edition server has a collocated database that will accept the published configuration. You must first run the Prepare first Standard Edition server setup task in the Lync Server Deployment Wizard. If you run Topology Builder on a computer where you plan to later install Lync Server, then you must install the Microsoft SQL Server 2005 backward compatibility components by running the first setup task in the Lync Server Deployment Wizard before you publish the topology. For details, see Install the Local Configuration Store or Install the Standard Edition Local Configuration Store.

21

Microsoft Lync Server 2010 Administration Guide

Note: You do not need the Microsoft SQL Server 2005 backward compatibility components to publish the topology if you run Topology Builder on a dedicated administrative console or if you run Topology Builder on a computer where Lync Server is already installed. (Lync Server setup automatically installs the backward compatibility components along with other component files required by Lync Server.) See Also Publish the Topology Administrative Tools Software Requirements Server and Tools Operating System Support Administrator Rights and Permissions Required for Setup and Administration Delegate Setup Permissions

Install Lync Server Administrative Tools


This topic describes how to install the administrative tools you need to use to deploy and manage Microsoft Lync Server 2010. The administrative tools are installed by default on each server running Lync Server 2010. Additionally, you can install the administrative tools on other computers, such as dedicated administrative consoles. We strongly recommend that you install the administrative tools on a computer that is in the same domain or forest as the Microsoft Lync Server 2010 deployment you are creating because by doing so you ensure that Active Directory Domain Services (AD DS) preparation steps are already complete, which enables you to use the administrative tools on that computer later to publish your topology. Ensure that you review infrastructure, operating system, software, and administrator rights requirements before you install or use the Lync Server administrative tools. For details about infrastructure requirements, see Administrative Tools Infrastructure Requirements. For details about operating system and software requirements to install the Lync Server 2010 administrative tools, see Server and Tools Operating System Support, Additional Software Requirements, and Additional Server Support and Requirements. For details about the user rights and permissions required to install and use the tools, see Administrator Rights and Permissions Required for Setup and Administration. Important: If your organization requires that you locate Internet Information Services (IIS) and all Web Services on a drive other than the system drive, you can change the installation location path for the Lync Server files in the Setup dialog box. If you install the Setup files to this path, including OCSCore.msi, the rest of the Lync Server 2010 files will be deployed to this drive as well. To install the Lync Server 2010 administrative tools 1. Log on as a local administrator (minimum requirement) to the computer where you want to install the administrative tools. If you are logged on as an a standard user on the Windows Vista or Windows 7 operating systems, and User Account Control (UAC) is

22

Microsoft Lync Server 2010 Administration Guide

enabled, you will be prompted for the local administrator or a domain equivalent user name and password. 2. Locate the installation media on your computer, and then double-click \Setup\amd64\Setup.exe. 3. If you are prompted to install the Microsoft Visual C++ 2008 distributable, click Yes. 4. On the Microsoft Lync Server 2010 Installation Location page, click OK. Change this path to another location or drive if you need to have the files installed to another location. Important: If your organization requires that you locate Internet Information Services (IIS) and all Web Services on a drive other than the system drive, you can change the installation location path for the Lync Server files in the Setup dialog box. If you install the Setup files to this path, including OCSCore.msi, the rest of the Lync Server 2010 files will be deployed to this drive too. 5. On the End User License Agreement page, review the license terms, click I accept, and then click OK. This step is required before you can continue. 6. On the Microsoft Lync Server 2010 Deployment Wizard page, click Install Topology Builder. 7. When the installation successfully completes, click Exit. See Also Lync Server Administrative Tools Open Lync Server Administrative Tools

Open Lync Server Administrative Tools


You can use the procedures in this topic to open administrative tools to deploy, configure, or troubleshoot your Microsoft Lync Server 2010 topology. Deployment Wizard Topology Builder Lync Server Control Panel Lync Server Management Shell Logging Tool

Deployment Wizard
Use the following procedure to start the Deployment Wizard locally to add or remove Lync Server component files. To start Lync Server Deployment Wizard 1. Log on to the computer where the Lync Server Deployment Wizard is installed as a member of the Domain Admins group and the RTCUniversalServerAdmins group.

23

Microsoft Lync Server 2010 Administration Guide

2. Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Deployment Wizard.

Topology Builder
Use the following procedure to open the Topology Builder to define the servers that you want to deploy in your Lync Server topology. To open Lync Server Topology Builder to design the topology 1. Log on to the computer where Topology Builder is installed as a member of the Domain Admins group and the RTCUniversalServerAdmins group. Note: You can define a topology by using an account that is a member of the local Users group, but to read, publish, or enable a topology, which is required to install a Lync Server 2010 server, you must use an account that is a member of the Domain Admins group and the RTCUniversalServerAdmins group, and that has full control permissions (that is, read, write, and modify) on the file share that you are going to use for the archiving file store so that Topology Builder can configure the required discretionary access control list (DACLs), or an account with equivalent user rights. 2. Start Topology Builder: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Topology Builder.

Lync Server Control Panel


Use one of the following procedures to open Lync Server Control Panel to manage the configuration of servers, users, clients, and devices in your environment. Note: You can use a user account that is assigned to the CsAdministrator role to perform any task in Lync Server Control Panel. You can use other roles to log on to Lync Server Control Panel to perform specific administration tasks, dependent on the task you need to perform. For example, you can use CSArchivingAdministrator to administer Archiving in Lync Server Control Panel. For details about roles, see Role-Based Access Control in the Planning documentation. For details about the roles that you can use to perform a specific task, see the documentation for the task. To open Lync Server Control Panel from any computer inside your organizations firewall 1. From a user account that is assigned to the CsAdministrator role or other role that has appropriate user rights and permissions for the task to be performed, log on to any computer in your internal deployment. Important:

24

Microsoft Lync Server 2010 Administration Guide

If you have configured an administration simple uniform resource locator (URL), you can access Lync Server Control Panel from an Internet browser that is running on any computer within your organizations firewall. For details about configuring the administration simple URL, see Planning for Simple URLs and Edit Administration Simple URL. 2. Open a browser window, and then enter the Admin URL configured for your organization. To open Lync Server Control Panel on a computer running Lync Server 2010 1. From a user account that is a member of the CsAdministrator role or other role that has appropriate user rights and permissions for the task to be performed, log on to a computer on which you have installed Lync Server 2010 or, at a minimum, the Lync Server administrative tools. 2. Start Lync Server Control Panel: Click Start, click All Programs, point to Administrative Tools, point to Microsoft Lync Server 2010, and then click Lync Server 2010 Control Panel.

Lync Server Management Shell


Use the following procedure to open Lync Server Management Shell to administer servers, users, clients, and devices in your environment by using the command-line. Notes: You can use a user account that is assigned to the CsAdministrator role to perform any task in Lync Server Management Shell. You can log on using other roles to perform specific administration tasks, depending on the task you need to perform. For example, you can use CSArchivingAdministrator to run cmdlets related to Archiving administration. For details about roles, see Role-Based Access Control in the Planning documentation. For details about the roles that you can use to run a specific cmdlet, see the documentation for the cmdlet. You can also run certain cmdlets by using a user account in the RTCUniversalServerAdmins, RTCUniversalUserAdmins, or RTCUniversalReadOnlyAdmins groups, depending on the cmdlet. To open the Lync Server Management Shell If you open a Windows PowerShell window rather than the Lync Server Management Shell, by default you cannot run the Lync Server cmdlets. To run the Lync Server cmdlets from within Windows PowerShell, type the following at the Windows PowerShell command prompt: Import-Module Lync Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.

25

Microsoft Lync Server 2010 Administration Guide

Logging Tool
Use the following procedure to open the Lync Server 2010 Logging Tool to capture log and trace files to troubleshoot your deployment while it is running. For details about the Logging Tool, see the Lync Server 2010 Logging Tool documentation on the TechNet Library at http://go.microsoft.com/fwlink/?LinkId=199265. To open the Logging Tool 1. Click Start, click Run, type cmd.exe, and then click OK. 2. At the command prompt, type the path to the folder where OCSLogger.exe is installed, and then press ENTER. By default, the Logging Tool is installed in the following location: %ProgramFiles%\Common Files\Microsoft Lync Server 2010\Tracing. 3. Type OCSLogger.exe, and then press Enter. See Also Install Lync Server Administrative Tools Lync Server Administrative Tools

Lync Server Control Panel


In Microsoft Lync Server 2010, the web-based Microsoft Lync Server 2010 Control Panel replaces the Microsoft Management Console (MMC) interface from previous versions. Lync Server 2010 Control Panel provides you with a graphical user interface (GUI) to manage the configuration of the servers running Lync Server 2010, in addition to the users, clients, and devices in your organization. Lync Server 2010 Control Panel uses Lync Server Management Shell as the underlying mechanism to perform Lync Server configuration. Lync Server 2010 Control Panel is automatically installed on every Lync Server 2010 Front End Server or Standard Edition server. In this release, you administer Edge Servers remotely. You can also install Lync Server 2010 Control Panel on another computer, such as a management console from which you want to centrally manage Lync Server. For details, see Install Lync Server Administrative Tools. Important: To configure settings using Lync Server 2010 Control Panel, you must be logged in using an account that is assigned to the CsAdministrator role. For details about the predefined administrative roles available in Lync Server 2010, see Role-Based Access Control.

In This Section
Managing Users Managing Computers in Your Topology Filtering Instant Messages and Client Versions Configuring Voice Routing Configuring Incoming Call Handling Features Managing Response Groups

26

Microsoft Lync Server 2010 Administration Guide

Managing On-Premises Meetings Configuring Support for Clients and Devices Managing External Connectivity Managing Monitoring Managing Archiving Configuring Security Configuring Your Network Change the Web Services URL Administering the Address Book Service Prevent New Connections to Lync Server 2010 for Server Maintenance Delegating Control of Microsoft Lync Server 2010 Configure a New Trusted Application Server

See Also Install Lync Server Administrative Tools Lync Server Management Shell

Managing Users
Topics in this section provide step-by-step procedures for tasks you can perform using the Users page in Lync Server Control Panel. Important: You cannot use Lync Server Control Panel to manage users who are members of the Active Directory Domain Admins group. For Domain Admins users, you can use Lync Server Control Panel only to perform read-only search operations. To perform write operations on Domain Admins users (for example, enable or disable for Lync Server, change pool or policy assignments, telephony settings, SIP address), you must use Windows PowerShell cmdlets while logged on as a Domain Admins user. For details about using Windows PowerShell cmdlets to manage users, see Lync Server Management Shell.

In This Section
Search for Lync Server 2010 Users Add a New User to Lync Server 2010 Enable or Disable Users for Lync Server 2010 Set, View, and Send a User's Dial-in Conferencing PIN Move Users to Another Pool Assign Policies to Users Enable Users for Enterprise Voice Configure Telephony for Users

27

Microsoft Lync Server 2010 Administration Guide

Search for Lync Server 2010 Users


You can use the results of a search query to configure users for Microsoft Lync Server 2010. You can search for users by display name, first name, last name, Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource Identifier (URI). You can search for users by using the Lync Server Control Panel or the Active Directory Users and Computers snap-in. The following procedure describes how to use Lync Server Control Panel. Note: In an environment with a central forest topology, search results might not be accurate when you search for a user by the users email address. Instead, you can search for users by specifying a SIP address prefix, for example, sip:name, add a search filter and select a SIP address that contains a partial email address, or use the Get-CSUser cmdlet. To search for one or more users 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users. 4. In the Search users box, type all or the first portion of the display name, first name, last name, SAM account name, SIP address, or line URI of the user account that you want to search for, and then click Find. 5. (Optional) Specify additional search criteria to narrow the results: a. Click the expand arrow button in the upper-right corner of the screen above Search results, and then click Add Filter. b. Enter the user property by typing it or clicking the arrow in the drop-down list to select a user property. c. In the Equal to list, click Equal to or Not equal to. d. In the text box, type the search criteria you want to use to filter search results, and then click Find. 6. The search results appear under Search Results. You can select any or all of the users in the list and perform configuration tasks on the users you select.

Add a New User to Lync Server 2010


You can use Lync Server Control Panel to create new Microsoft Lync Server 2010 user accounts by adding an Active Directory user to Lync Server 2010.

28

Microsoft Lync Server 2010 Administration Guide

To create a new Lync Server user 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users. 4. Click Enable users. 5. On the New Lync Server User dialog, click Add. 6. In the Search users box, type all or the first portion of the name, display name, first name, last name, Security Accounts Manager (SAM) account name, or phone number of the Active Directory user account that you want, and then click Find. 7. In the table, select the account you want to add to Lync Server 2010, and then click OK. 8. Assign the user to a pool, specify any additional details, and assign the policies to the user you want, and then click Enable.

Enable or Disable Users for Lync Server 2010


After enabling a user account in Active Directory Users and Computers, you can use the following procedures to enable a new user for Microsoft Lync Server 2010 or disable a previously enabled user account in Lync Server 2010 without losing the Lync Server 2010 settings that you configured for the user account. Because you do not lose the Lync Server 2010 user account settings, you can re-enable a previously enabled user account again without having to reconfigure the user account. To enable a user account for Lync Server 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users. 4. In the Search users box, type all or the first portion of the display name, first name, last name, Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource Identifier (URI) of the user account that you want to enable, and then click Find. 5. In the table, click the user account that you want to enable. 6. On the Edit menu, click Modify. 7. In Edit Lync Server User, select the Enabled for Lync Server check box, and then

29

Microsoft Lync Server 2010 Administration Guide

click Commit. To disable or re-enable a previously enabled user account for Lync Server 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users. 4. In the Search users box, type all or the first portion of the display name, first name, last name, Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource Identifier (URI) of the user account that you want to disable or reenable, and then click Find. 5. In the table, click the user account that you want to disable or re-enable. 6. On the Action menu, do one of the following: To temporarily disable the user account for Lync Server 2010, click Temporarily disable for Lync Server. To enable the user account for Lync Server 2010, click Re-enable for Lync Server.

Set, View, and Send a User's Dial-in Conferencing PIN


To join a dial-in conference as an authenticated user, a Microsoft Lync Server 2010 user with Active Directory Domain Services (AD DS) credentials requires a personal identification number (PIN). If a user forgets the dial-in conferencing PIN or has not set the PIN by using Microsoft Lync 2010, you can set the users PIN from Lync Server Control Panel. You can automatically generate the PIN or create one manually. Note: Specific characteristics of the PIN, such as its minimum length, can be configured as a policy. In addition to the global policy, you can configure a PIN policy for individual sites or users. For details about configuring a PIN policy, see Configure Dial-in Conferencing Personal Identification Number (PIN) Rules. To set a users PIN 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users.

30

Microsoft Lync Server 2010 Administration Guide

4. Use one of the following methods to locate a user: In the Search users box, type all or the first portion of the display name, first name, last name, Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource Identifier (URI) of the user account, and then click Find. If you have a saved query, click the Open query icon, use the Open dialog box to retrieve the query (a .usf file), and then click Find. 5. (Optional) Specify additional search criteria to narrow the results: a. Click Add Filter. b. Enter the user property by typing it or by clicking the arrow in the drop-down list to select the property. c. In the Equal to drop-down list, click the operator (for example, Equal to or Not equal to). d. Depending on the user property you selected, enter the criteria that you want to use to filter the search results by typing it or by clicking the arrow in the drop-down list. Tip: To add additional search clauses to your query, click Add Filter. e. Click Find. Note: If the PIN is locked, you must unlock the PIN before you can set it. To unlock the PIN, click the user, click Action, and then click Unlock PIN. 6. Click a user in the search results, click Action, and then click Set PIN. 7. In the Set PIN dialog box, do one of the following: To allow Lync Server 2010 to generate the users PIN, select Automatically generate a valid PIN (the default). To create your own PIN, click Manually enter a specific PIN, click the text box, and then type a PIN that meets the PIN requirements specified in your PIN policy settings. 8. Click OK. 9. In Set PIN, do one of the following: Select the Show PIN check box to see the PIN, and then copy the PIN and communicate it to the user using your organization's preferred method. Click Open my email application to send the new PIN to the user to send the PIN by email. If Microsoft Office Outlook is your email client, the PIN is automatically copied into a new email message. If you use a different email client, select the Show PIN check box to see the PIN and then copy it into your email message. 10. Click Close. See Also Configure Dial-in Conferencing Personal Identification Number (PIN) Rules

31

Microsoft Lync Server 2010 Administration Guide

Dial-in Access Number

Move Users to Another Pool


You can use Lync Server Control Panel to assign users to a specific server or pool. Tip: Moving all existing users from a source pool that is running Microsoft Office Communications Server 2007 R2 or earlier to a Microsoft Lync Server 2010 destination pool in a complex Active Directory environment might result in slower Active Directory replication. To avoid this, you can use search filters to move users from pools that are running Microsoft Office Communications Server 2007 R2 or earlier separately, or you can use Lync Server Management Shell to move users with cmdlets. Also, the filter functionality works with Lync Server 2010 users. To move selected users to a different server or pool 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users. 4. In the Search users box, type all or the first portion of the display name, first name, last name, Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource Identifier (URI) of the user account that you want, and then click Find. 5. In the table, select a specific user or users in the list. 6. On the Action menu, click Move selected users to pool. 7. In Move Users, select the pool that you want to move the users to in Destination registrar pool. 8. (Optional) If the destination server or pool is unavailable, select the Force check box. Warning: If you select Force, the user account is moved, but any associated user data is deleted (for example, conferences that the user has scheduled). If you do not select it, both the account and the associated data are moved. To move all users from one server or pool to a different server or pool 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users.

32

Microsoft Lync Server 2010 Administration Guide

4. On the Action menu, click Move all users to pool. 5. In Move Users, select the pool that contains the user accounts that you want to move in Source registrar pool. 6. In Destination registrar pool, select the pool that you want to move the users to. 7. (Optional) If the destination server or pool is unavailable, select the Force check box. Warning: If you select Force, the user account is moved, but any associated user data is deleted (for example, conferences that the user has scheduled). If you do not select it, both the account and the associated data are moved. To move users from one pool to a different pool by using a filter 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users. 4. In User Search, click Search, click Add Filter. 5. In the Search criteria, select Registrar Pool, select Equal to, select Current Pool FQDN, and then click Find. 6. On the Action menu, click Move all users to pool. Note: When a filter is applied to an existing set of users, the option Move all users to pool is in the context of the filtered subset of users, not all possible users. 7. In Move Users, select the pool that contains the user accounts that you want to move in Source registrar pool. 8. In Destination registrar pool, select the pool where you want to move the users. 9. (Optional) If the destination server or pool is unavailable, select the Force check box. Warning: If you select Force, the user account is moved, but any associated user data is deleted (for example, conferences that the user has scheduled and contacts). If you do not select it, both the account and the associated data are moved. To move users from one pool to another using the Lync Management shell 1. Depending on how you run Windows PowerShell commands (that is, locally or remotely), you need to log on as a member of the correct Lync Server administrative roles as follows: a. If you are running the commands on the local machine (for example, you log on directly to a Front End Server): Log on to the computer where Lync Server

33

Microsoft Lync Server 2010 Administration Guide

Management Shell is installed as a member of the RTCUniversalServerAdmins group or with the necessary user rights as described in Delegate Setup Permissions. b. If you are running the commands remotely on another machine (for example, you log on to your computer and run the commands remotely on a Standard Edition Front End Server): From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. To move single users, use the Move-CsUser cmdlet as follows: Move-CsUser -Identity "Pilar Ackerman" -Target "pool01.contoso.net" Where the user to move is the user Pilar Ackerman, and the user will be moved from their currently assigned home pool to the pool pool01.contoso.net 4. To move a large number of users, use filters with the Get-CsUser cmdlet and pass the resulting set of users to Move-CsUser: Get-CsUser Filter {RegistrarPool eq CurrentPoolFqdn} | MoveCsUser Target TargetPoolFQDN The combined commands of the Get-CsUser and Move-CsUser might result in this: Get-CsUser Filter {RegistrarPool eq pool02.contoso.net} | Move-CsUser Target pool01.contoso.net

Assign Policies to Users


You can assign certain policies to a user or a group of users in order to specify particular settings that deviate from the settings defined in policies assigned to other users, such as global policies. These policies are called per-user policies. In This Section Assign a Conferencing Policy to Modify a User's Default Meeting Experience Specify Client Versions Supported for Sign-in by a User Assign Specific Dial-in Conferencing PIN Security Settings to a User Apply External User Access Policies to Users Configure Archiving of a User's Communications Assign a Location Policy to a User Presence Policy Settings

34

Microsoft Lync Server 2010 Administration Guide

Assign a Conferencing Policy to Modify a User's Default Meeting Experience The conferencing policy is one of the individual settings of a user account that you can configure in Lync Server Control Panel. Deploying one or more per-user conferencing policies is optional. You can also deploy only a global-level conferencing policy or site-level conferencing policy. If you do deploy per-user policies, you must explicitly assign them to users, groups, or contact object. Conferencing user rights and permissions automatically default to those defined in the global-level conferencing policy when no specific site-level or per-user policy is assigned. After creating at least one per-user conferencing policy, use the procedures in this topic to assign the policy that specifies the user rights and permissions that you want the server to grant to the meetings organized by a particular user. For a list of all available conferencing policy settings, see Conferencing Policy Settings Reference. For details about creating per-user conferencing policies, see Create or Modify Conferencing User Experience for a Site or Group of Users. To assign a per-user conferencing policy 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users. 4. Use one of the following methods to locate a user: In the Search users box, type all or the first portion of the display name, first name, last name, Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource Identifier (URI) of the user account, and then click Find. If you have a saved query, click the Open query icon, use the Open dialog box to retrieve the query (a .usf file), and then click Find. 5. (Optional) Specify additional search criteria to narrow the results: a. Click Add Filter. b. Enter the user property by typing it or by clicking the arrow in the drop-down list to select the property. c. In the Equal to drop-down list, click the operator (for example, Equal to or Not equal to). d. Depending on the user property you selected, enter the criteria you want to use to filter the search results by typing it or by clicking the arrow in the drop-down list. Tip: To add additional search clauses to your query, click Add Filter. e. Click Find.

35

Microsoft Lync Server 2010 Administration Guide

6. Click a user in the search results, click Action, and then click Assign policies. Tip: If you want the same per-user conferencing policy to apply to multiple users, select multiple users in the search results, then click Actions, and then click Assign policies. 7. In Assign Policies, under Conferencing policy, do one of the following: Note: Because there are multiple policies that you can configure in Assign Policies, <Keep as is> is selected by default for every policy in the dialog box. Continue using the policy previously assigned to the user by making no changes to this setting. Select <Automatic> to allow Lync Server 2010 to automatically choose either the global-level policy or, if defined, the site-level policy. Click the name of a per-user conferencing policy you previously defined on the Conferencing Policy page. Tip: To help you decide the policy you want to assign, after you click a policy name, click View to view the user rights and permissions defined in the policy. 8. When you are finished, click OK.

Specify Client Versions Supported for Sign-in by a User The client version policy is one of the individual settings of a user account that you can configure in Lync Server Control Panel. Deploying one or more per-user client version policies is optional. You can also deploy only a global-level client version policy, or site-level or pool-level client version policies. If you do deploy per-user policies, you must explicitly assign them to users, groups, or contact object. When no specific site-level, pool-level, or per-user policy is assigned, the default clients that are allowed to register with Lync Server 2010 are those defined in the global-level client version policy. After creating at least one per-user client version policy, use the procedures in this topic to assign the policy that specifies the client versions that you want to allow to register with Lync Server 2010. For details about creating per-user client version policies, see Specify the Client Versions Supported in Your Organization. To assign a per-user client version policy 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server

36

Microsoft Lync Server 2010 Administration Guide

Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users. 4. Use one of the following methods to locate a user: In the Search users box, type all or the first portion of the display name, first name, last name, Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource Identifier (URI) of the user account, and then click Find. If you have a saved query, click the Open query icon, use the Open dialog box to retrieve the query (a .usf file), and then click Find. 5. (Optional) Specify additional search criteria to narrow the results: a. Click Add Filter. b. Enter the user property by typing it or by clicking the arrow in the drop-down list to select the property. c. In the Equal to drop-down list, click the operator (for example, Equal to or Not equal to). d. Depending on the user property you selected, enter the criteria you want to use to filter the search results by typing it or by clicking the arrow in the drop-down list. Tip: To add additional search clauses to your query, click Add Filter. e. Click Find. 6. Click a user in the search results, click Action, and then click Assign policies. Tip: If you want the same per-user client version policy to apply to multiple users, select multiple users in the search results, then click Actions, and then click Assign policies. 7. In Assign Policies, under Client version policy, do one of the following: Note: Because there are multiple policies that you can configure by using the Assign Policies dialog box, <Keep as is> is selected by default for every policy in the dialog box. Continue using the policy previously assigned to the user by making no changes to this setting. Allow Lync Server 2010 to automatically choose either the global-level policy or, if defined, the site-level policy or pool-level policy. Click the name of a per-user client version policy you previously defined on the Client Version Policy page. Tip: To help you decide the policy you want to assign, after you click a policy name, click View to view the user rights and permissions defined in the policy.

37

Microsoft Lync Server 2010 Administration Guide

8. When you are finished, click OK.

Assign Specific Dial-in Conferencing PIN Security Settings to a User The dial-in conferencing personal identification number (PIN) policy is one of the individual settings of a user account that can be configured in the Lync Server Control Panel. Deploying one or more per-user PIN policies is optional. You can also deploy only a global-level PIN policy or site-level PIN policy. If you do deploy per-user policies, you must explicitly assign them to users, groups, or contact object. User rights and permissions regarding the use of PINs for dial-in conferencing automatically default to those defined in the global-level PIN policy when no specific site-level or per-user policy is assigned. After creating at least one per-user PIN policy, use the procedures in this topic to assign the policy that specifies the constraints you want the server to impose on the PINs created by and used by a particular user. For details about creating per-user dial-in conferencing PIN policies, see Create or Modify Dial-in Conferencing PIN Settings for a Site or Group of Users. To assign a per-user PIN policy 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users. 4. Use one of the following methods to locate a user: In the Search users box, type all or the first portion of the display name, first name, last name, Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource Identifier (URI) of the user account, and then click Find. If you have a saved query, click the Open query icon, use the Open dialog box to retrieve the query (a .usf file), and then click Find. 5. (Optional) Specify additional search criteria to narrow the results: a. Click Add Filter. b. Enter the user property by typing it or by clicking the arrow in the drop-down list to select the property. c. In the Equal to drop-down list, click the operator (for example, Equal to or Not equal to). d. Depending on the user property you selected, enter the criteria you want to use to filter the search results by typing it or by clicking the arrow in the drop-down list. Tip: To add additional search clauses to your query, click Add Filter.

38

Microsoft Lync Server 2010 Administration Guide

e. Click Find. 6. Click a user in the search results, click Action, and then click Assign policies. Tip: If you want the same per-user PIN policy to apply to multiple users, select multiple users in the search results, then click Actions, and then click Assign policies. 7. In Assign Policies, under PIN policy, do one of the following: Note: Because there are multiple policies that you can configure by using the Assign Policies dialog box, <Keep as is> is selected by default for every policy in the dialog box. Continue using the policy previously assigned to the user by making no changes to this setting. Allow Lync Server 2010 to automatically choose either the global-level policy or, if defined, the site-level policy. Click the name of a per-user PIN policy you previously defined on the PIN Policy page. Tip: To help you decide the policy you want to assign, after you click a policy name, click View to view the user rights and permissions defined in the policy. 8. When you are finished, click OK.

Apply External User Access Policies to Users If a user has been enabled for Lync Server 2010, you can configure federation, remote user access, and public instant messaging (IM) connectivity in the Lync Server Control Panel by applying the appropriate policies to specific users or user groups. For example, if you created a policy to support remote user access, you must apply it to at least one user or user group before the user or user group can connect to Lync Server 2010 from a remote location and collaborate with internal users from the remote location. Note: To support for external user access, you must enable support for each type of external user access you want to support, and configure the appropriate policies and other options to control use. For details, see Configuring Support for External User Access in the Deployment documentation or Managing External Connectivity in the Operations documentation. Use the procedure in this topic to apply a previously created external user access policy to one or more user accounts or user groups.

39

Microsoft Lync Server 2010 Administration Guide

To apply an external user policy to a user account 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users, and then search on the user account that you want to configure. 4. In the table that lists the search results, click the user account, click Edit, and then click Show details. 5. In Edit Lync Server User under External access policy, select the user policy that you want to apply. Note: The <Automatic> settings apply the default server installation settings. These settings are applied automatically by the server.

Configure Archiving of a User's Communications The archiving policy is one of the individual settings of a user account that you can configure in the Lync Server Control Panel. Deploying one or more per-user archiving policies is optional. You can also deploy only a globallevel archiving policy or site-level archiving policy. If you do deploy per-user policies, you must explicitly assign them to users, groups, or contact object. Archiving requirements automatically default to those defined in the global-level conferencing policy when no specific site-level or peruser policy is assigned. After creating at least one per-user archiving policy, use the procedures in this topic to assign the policy that appropriately specifies whether a particular users internal communications, external communications, or both, will be archived by the server. For details about creating per-user archiving policies, see Create a User Policy for Archiving. To assign a per-user archiving policy 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users. 4. Use one of the following methods to locate a user: In the Search users box, type all or the first portion of the display name, first name, last name, Security Accounts Manager (SAM) account name, SIP address, or

40

Microsoft Lync Server 2010 Administration Guide

line Uniform Resource Identifier (URI) of the user account, and then click Find. If you have a saved query, click the Open query icon, use the Open dialog box to retrieve the query (a .usf file), and then click Find. 5. (Optional) Specify additional search criteria to narrow the results: a. Click Add Filter. b. Enter the user property by typing it or by clicking the arrow in the drop-down list to select the property. c. In the Equal to drop-down list, click the operator (for example, Equal to or Not equal to). d. Depending on the user property you selected, enter the criteria you want to use to filter the search results by typing it or by clicking the arrow in the drop-down list. Tip: To add additional search clauses to your query, click Add Filter. e. Click Find. 6. Click a user in the search results, click Action, and then click Assign policies. Tip: If you want the same per-user archiving policy to apply to multiple users, select multiple users in the search results, then click Actions, and then click Assign policies. 7. In Assign Policies, under Archiving policy, do one of the following: Note: Because there are multiple policies that you can configure by using the Assign Policies dialog box, <Keep as is> is selected by default for every policy in the dialog box. Continue using the policy previously assigned to the user by making no changes to this setting. Allow Lync Server 2010 to automatically choose either the global-level policy or, if defined, the site-level policy. Click the name of a per-user archiving policy you previously defined on the Archiving Policy page. Tip: To help you decide the policy that you want to assign, after you click a policy name, click View to view the user rights and permissions defined in the policy. 8. When you are finished, click OK.

Assign a Location Policy to a User The location policy is one of the individual settings of a user account that you can configure in the Lync Server Control Panel.

41

Microsoft Lync Server 2010 Administration Guide

Deploying one or more per-user location policies is optional. You can also deploy only a globallevel location policy or subnet-level location policy. If you do deploy per-user policies, you must explicitly assign them to users, groups, or contact object. Enhanced 9-1-1 (E9-1-1) settings automatically default to those defined in the global-level location policy when no specific subnetlevel or per-user policy is assigned. After creating at least one per-user location policy, use the procedures in this topic to assign to the policy that specifies the settings that you want the server to apply for emergency calls placed by a particular user. For a list of all available location policy settings, see Location Policy Definition. For details about creating location policies, see Create Location Policies. To assign a per-user location policy 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users. 4. Use one of the following methods to locate a user: In the Search users box, type all or the first portion of the display name, first name, last name, Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource Identifier (URI) of the user account, and then click Find. If you have a saved query, click the Open query icon, use the Open dialog box to retrieve the query (a .usf file), and then click Find. 5. (Optional) Specify additional search criteria to narrow the results: a. Click Add Filter. b. Enter the user property by typing it or by clicking the arrow in the drop-down list to select the property. c. In the Equal to drop-down list, click the operator (for example, Equal to or Not equal to). d. Depending on the user property you selected, enter the criteria you want to use to filter the search results by typing it or by clicking the arrow in the drop-down list. Tip: To add additional search clauses to your query, click Add Filter. e. Click Find. 6. Click a user in the search results, click Action, and then click Assign policies. Tip: If you want the same per-user location policy to apply to multiple users, select multiple users in the search results, then click Actions, and then click Assign policies.

42

Microsoft Lync Server 2010 Administration Guide

7. In Assign Policies, under Location policy, do one of the following: Note: Because there are multiple policies that you can configure by using the Assign Policies dialog box, <Keep as is> is selected by default for every policy in the dialog box. Continue using the policy previously assigned to the user by making no changes to this setting. Allow Lync Server 2010 to automatically choose either the global-level policy or, if defined, the subnet-level policy. Click the name of a per-user location policy you previously defined by running the New-CsLocationPolicy cmdlet. Tip: To help you decide the policy that you want to assign, after you click a policy name, click View to view the user rights and permissions defined in the policy. 8. When you are finished, click OK.

43

Microsoft Lync Server 2010 Administration Guide

Presence Policy Settings A presence policy is a set of limits and restrictions that affect presence. The following table describes the presence policy settings available in Lync Server 2010. Presence Policy Settings
XML name Display name Description Type Value

CategorySubscriptions

Maximum Number of Subscriber Category Subscriptions

Limits the number of subscriber category subscriptions. For example, when Communicator subscribes to a users presence, it obtains a category subscription for each of the contact card, calendar data, notes, services, and state categories. A setting of 0 means that the user or contact object cannot be subscribed to by others. Note: This setting can have a significant impact on performance if it is set to a high number, and the average user has a large number of users subscribing to his or her presence.

Integer

0-3000

44

Microsoft Lync Server 2010 Administration Guide XML name Display name Description Type Value

PromptedSubscribers

Maximum Number of Queued Presence Subscription Alerts

Limits the number of entries in Integer or Token the prompted subscribers table. This setting determines the maximum number of prompts that can be queued for a given user. For example, when user A subscribes to user Bs presence, user B receives a prompt that user A is now subscribed to user B, and an acknowledgement prompt is created in user Bs prompted subscribers table. After user B accepts, or acknowledges, the subscription, the acknowledgement prompt is removed from user Bs prompted subscribers table. A setting of 0 means that the user is not prompted when someone subscribes to his or her presence.

0-500

45

Microsoft Lync Server 2010 Administration Guide

By default, the Default Policy and Service: Medium presence policies are installed when you deploy Microsoft Lync Server 2010. The following table describes the specific settings of the two presence policies. Presence Policies
Policy name Description CategorySubscriptions PromptedSubscribers

Default Policy

Policy for typical users. This is the default presence policy.

1000

200

Service: Medium Policy for applications that require more users to subscribe to the objects presence.

1000

Enable Users for Enterprise Voice


After installing files for one or more Mediation Servers, configuring outbound call routing, and optionally deploying one or more advanced Enterprise Voice features, use the following procedures to enable a user to make calls using Enterprise Voice: Note: Of the following procedures, only the first can be performed using Lync Server Control Panel. For the remaining procedures, you can only use Lync Server Management Shell. Enable the user account for Enterprise Voice. (Optional) Assign the user account a user-specific voice policy. (Optional) Assign the user account a user-specific dial plan.

To enable a user account for Enterprise Voice 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users. 4. In the Search users box, type all or the first portion of the display name, first name, last name, Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource Identifier (URI) of the user account that you want to enable, and then click Find. 5. In the table, click the user account that you want to enable for Enterprise Voice.

46

Microsoft Lync Server 2010 Administration Guide

6. On the Edit menu, click Show details. 7. On the Edit Lync Server User page, under Telephony, click Enterprise Voice. 8. Click Line URI, and then type a unique, normalized phone number (for example, tel: +14255550200). 9. Click Commit. To finish enabling a user for Enterprise Voice, ensure that the user is assigned a voice policy and a dial plan, whether global (assigned by default) or user-specific. By default, all users are assigned a global voice policy and dial plan. If a voice policy or dial plan exists at the site level for the site on which the user account is homed, those site policies will automatically apply to the user. To apply a per-user voice policy or dial plan to a user, you must run the Grant-CsVoicePolicy and Grant-CsDialPlan cmdlets. For details, see the Lync Server Management Shell documentation. Voice Policy Assignment Global and site-level voice policies are automatically assigned to all user accounts that are enabled for Enterprise Voice. You can also create voice policies that apply to specific users or groups. These per-user policies must be explicitly assigned to the users or groups. If you want to use the global or site voice policy for all users that are enabled for Enterprise Voice, you can skip this section and continue to Dial Plan Assignment section later in this topic. To assign a user-specific voice policy 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. To assign an existing user voice policy to a user, run the following at the command prompt: Grant-CsVoicePolicy Identity <UserIdParameter> PolicyName <String> For example: Grant-CsVoicePolicy Identity Bob Kelly PolicyName VoicePolicyJapan In this example, the user with the display name Bob Kelly is assigned the voice policy with the name VoicePolicyJapan. For details about assigning a user-specific voice policy or about running the GrantCsVoicePolicy cmdlet, see the Lync Server Management Shell documentation. Dial Plan Assignment To complete user account configuration for either users of Enterprise Voice or users of dial-in conferencing, the user must be assigned a dial plan. User accounts will automatically use the global dial plan or, of one exists, the site-level dial plan when you do not explicitly assign an

47

Microsoft Lync Server 2010 Administration Guide

existing per-user dial plan. If you want to use the global or site dial plan for all users that are enabled for Enterprise Voice, you can skip this section. To assign a dial plan 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. To assign a user-specific dial plan, run the following at the command prompt: Grant-CsDialPlan Identity <UserIdParameter> PolicyName <String> For example: Grant-CsDialPlan Identity Bob Kelly PolicyName DialPlanJapan In this example, the user with the display name Bob Kelly is assigned the user dial plan with the name DialPlanJapan. For details about assigning a user dial plan or about running the Grant-CsDialPlan cmdlet, see the Lync Server Management Shell documentation.

Configure Telephony for Users


Telephony settings are some of the individual settings of a user account that can be configured in Lync Server Control Panel for the user (that is, if the individual user has been enabled for Microsoft Lync Server 2010 and the organization supports telephony). Lync Server 2010 user telephony options include the following: Audio/video disabled The user cannot make calls with audio and video. PC-to-PC only The user can make only PC-to-PC audio or video calls.

Enterprise Voice The user can use the Lync Server 2010 infrastructure to route all incoming and outgoing calls. The user can also make PC-to-PC calls. Remote call control The user can use Lync Server 2010 to control the desktop phone, and can also make PC-to-PC calls. For details about configuring telephony for an organization, see Configure Telephony for Users and Deploying Enterprise Voice in the Deployment documentation. To configure telephony for a specific user account 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users. 4. In the Search users box, type all or the first portion of the display name, first name,

48

Microsoft Lync Server 2010 Administration Guide

last name, Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource Identifier (URI) of the user account that you want, and then click Find. 5. In the table, click the user account that you want to modify. 6. On the Edit menu, click Modify. 7. In Telephony, do the following: To disable audio and video calls for the user, click Audio/video disabled. To enable PC-to-PC audio communications for the user, but not remote call control or Enterprise Voice, click PC-to-PC only. Specify a value for Line URI for the telephone that the user uses for PC-to-PC audio communications. To route the user's phone calls by using the Lync Server 2010 infrastructure in accordance with the class of service policy, including PC-to-PC audio communication, click Enterprise Voice. In Line URI, specify the telephone number for Enterprise Voice. In Dial plan policy and Voice policy, specify the appropriate policies for the user. To specify the normalization rules for translating phone numbers dialed by the user to the E.164 format, select the appropriate location profile in Location policy. To enable remote call control, which enables users to control their desktop phone line from Lync Server 2010 to make PC-to-PC calls and PC-to-phone calls, click Remote call control. In Line URI, specify the telephone number for remote call control. The user must have a desktop phone and private branch exchange (PBX) connection for call routing.

Managing Computers in Your Topology


Topics in this section provide step-by-step procedures for tasks you can perform using the Topology page in Lync Server Control Panel.

In This Section
View a List of Computers Running Lync Server 2010 View the Status of Services Running on a Computer View Details About a Service Start or Stop Lync Server 2010 Services Prevent Sessions for Services View Microsoft SIP Processing Language (MSPL) Server Applications Enable or Disable a Microsoft SIP Processing Language (MSPL) Server Application Mark a Microsoft SIP Processing Language (MSPL) Application as Critical or Not Critical View a List of Trusted Applications View the Simple URL Details

49

Microsoft Lync Server 2010 Administration Guide

View a List of Computers Running Lync Server 2010


You can use Lync Server 2010 Control Panel to view a list of all the computers that are running Lync Server 2010 in your topology and see the service status of each. You can sort the list by computer, pool, or site. To view a list of computers running Lync Server 1. From a user account that is assigned to any of the predefined administrative roles for Lync Server 2010, log on to any computer in your internal deployment. For details about the predefined administrative roles available in Lync Server 2010, see Role-Based Access Control. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Topology and then click Status. 4. On the Status page, do any of the following as needed: Sort the list by clicking the Computer, Pool, or Site column heading, and then clicking the up arrow or the down arrow. Click Refresh to view the most up-to-date list. Search for a specific computer by typing the computer name in the search field.

View the Status of Services Running on a Computer


You can use Lync Server Control Panel to view all the services that are running on a specific computer in your Lync Server 2010 topology and see the status of each service. To view the status of services running on a computer 1. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 2. In the left navigation bar, click Topology. 3. On the Status page, sort or search the list as needed to find the computer you are interested in and then click the computer name. 4. Do any of the following: To see the latest status of services running on the computer, click Get service status. To see a list of specific services running on the computer and the status of each service, click Properties and then click Close to return to the list.

50

Microsoft Lync Server 2010 Administration Guide

View Details About a Service


You can use Lync Server Control Panel to view details about each service that is running on a specific computer in your topology. You can view the status of each service and details such as the associated databases, ports, and dependent services. To view details for a service 1. From a user account that is assigned to any of the predefined administrative roles for Lync Server 2010, log on to any computer in your internal deployment. For details about the predefined administrative roles available in Lync Server 2010, see Role-Based Access Control. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Topology and then click Status. 4. In the Status page, sort or search through the list and then click the computer that you want to view. 5. Click Properties. 6. In the View Computer Detail window, sort the list of services, if necessary, and click the service you want to view. 7. Do any of the following as needed: To see the latest status of that specific service, click Get service status. To see the details for that specific service, click Properties and then click Close. To return to the list of all computers in your topology, click Close.

Start or Stop Lync Server 2010 Services


You can use Lync Server Control Panel to start or stop all the Lync Server 2010 services running on a specific computer or to start or stop a specific Lync Server 2010 service. To start or stop all Lync Server services on a computer 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Topology and then click Status. 4. On the Status page, sort or search through the list as needed to find the computer that is running the services you want to start or stop, and then click it.

51

Microsoft Lync Server 2010 Administration Guide

5. Click Action. 6. Click Start All services or Stop All services. To start or stop a specific service 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Topology and then click Status. 4. On the Status page, sort or search through the list as needed to find the computer that is running the service you want to start or stop, and then click it. 5. Click Properties. 6. Sort the list of services, if necessary, and click the service you want to start or stop. 7. Click Action. 8. Click Start service or Stop service. 9. Click Close.

Prevent Sessions for Services


You can use Microsoft Lync Server 2010 Control Panel to prevent new sessions for all the Lync Server 2010 services running on a specific computer or to prevent new sessions for a specific Lync Server 2010 service. To prevent new sessions for all Lync Server services on a computer 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Topology and then click Status. 4. On the Status page, sort or search through the list as needed to find the computer that is running the services for which you want to prevent new sessions, and then click it. 5. Click Action. 6. Click Prevent new sessions for all services.

52

Microsoft Lync Server 2010 Administration Guide

To prevent new sessions for a specific service 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Topology and then click Status. 4. On the Status page, sort or search through the list as needed to find the computer that is running the service you want to start or stop, and then click it. 5. Click Properties. 6. Sort the list of services, if necessary, and click the service for which you want to prevent new sessions. 7. Click Action. 8. Click Prevent new sessions for service. 9. Click Close.

View Microsoft SIP Processing Language (MSPL) Server Applications


A Microsoft SIP Processing Language (MSPL) server application is a script-only application that uses a scripting language instead of the Microsoft Lync 2010 API. MSPL provides more granular control over filtering and proxy behaviors, in addition to a facility for dispatching specific messages to transaction-based SIP applications. MSPL is used specifically for filtering and routing SIP messages. MSPL applications run in the same process as the UserServices module, while a program that is based on the Lync 2010 API runs in a separate process. You can use the Server Application page in the Topology group of Lync Server Control Panel to see a list of MSPL server applications that run on Front End Servers in your Lync Server 2010 environment. The list shows the scripts that are available for each pool, as well as whether they are enabled or critical. The scripts run in the order they are listed. These scripts include the following: ClientVersionFilter provides the administrator with a way to specify the version of clients that are supported by a pool. The client version filter checks the client version and can either prevent the client from logging on or present the user with a message that indicates he or she is using a client that is not supported. The client version filter can also be configured to display a message to the user that contains the URL of the latest downloadable version of the client. TranslationService translates a number that a user dials to an E.164 number according to the normalization rules defined by the administrator. For details, see Translation Rules. IncomingFederation enforces tenant-level federation validation for inter-tenant and incoming messages from external deployments.

53

Microsoft Lync Server 2010 Administration Guide

UserServices is the SIP Registrar, presence, and conferencing component of a Front End Server. It provides closely integrated IM, presence, and conferencing features built on top of the SIP Proxy. InterClusterRouting is responsible for routing calls to the callees primary Registrar pool. For details, see Front End Server VoIP Components. IIMFilter (Intelligent IM Filter) blocks messages that contain clickable URLs or that attempt to initiate file transfers. IIMFilter also checks the client version on behalf of the server. IIMFilter affects file transfers that are initiated by using either Microsoft Lync 2010, Communicator, or the Live Meeting 2007 client. By default, clickable links are disabled by adding an underscore character before the first character of the link. An administrator can change this behavior so that the link is blocked, in which case messages that contain clickable URLs or that attempt to initiate a file transfer are blocked by the server from reaching their intended destinations. IIMFilter is installed on all Lync Server except Proxy Servers and Archiving Servers. UserPinService is used to verify user personal identification numbers (PINs) for dial-in conferencing. DefaultRouting is the default routing application for servers running Lync Server. It is enabled by default. The routing application is installed on all Standard Edition and Enterprise Edition servers. ExumRouting routes calls to Exchange Server Unified Messaging (UM). ExumRouting determines the appropriate Exchange UM server to route the call to when there is a new voice mail message to deposit. ExumRouting also handles some other Exchange UM integration aspects, including routing to Auto Attendant and Subscriber Access. OutboundRouting determines the gateway that routes a call to a phone number according to the dialed number and the users dialing authorization. OutboundRouting also handles rerouting of calls if a gateway cannot process a call. QoEAgent receives Quality of Experience (QoE) data reports from endpoints through SIP SERVICE requests, and sends the data to the destination queue on the Monitoring Server or to third-party consumers using HTTP POST. For details, see Planning for Monitoring. OutgoingFederation enforces tenant-level federation validation for messages going to a targeted external deployment. AcpRouting proxies INVITE requests destined for the audio conferencing provider to the audio conferencing provider gateway. Scripts that run on Edge Servers include the following: IIMFilter OptionsHandler responds to incoming OPTIONS requests with 200 OK if the request is destined for the current server. This is used for topology validation. See Also Enable or Disable a Microsoft SIP Processing Language (MSPL) Server Application Mark a Microsoft SIP Processing Language (MSPL) Application as Critical or Not Critical

54

Microsoft Lync Server 2010 Administration Guide

Enable or Disable a Microsoft SIP Processing Language (MSPL) Server Application


You can use Microsoft Lync Server 2010 Control Panel to enable or disable Microsoft SIP Processing Language (MSPL) server applications that run in your Lync Server 2010 environment. These applications are script-only applications that use a scripting language instead of the Microsoft Lync 2010 API. Not all scripts can be enabled or disabled. For instance, the DefaultRouting script is enabled and this option cannot be changed for DefaultRouting. To enable or disable an MSPL server application 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Topology and then click Server Application. 4. On the Server Application page, click a column heading to sort the applications, if needed, and then click the server application that you want to modify. 5. Click Action. 6. Click Enable application or Disable application (that is, if the script supports this option). See Also View Microsoft SIP Processing Language (MSPL) Server Applications Mark a Microsoft SIP Processing Language (MSPL) Application as Critical or Not Critical

Mark a Microsoft SIP Processing Language (MSPL) Application as Critical or Not Critical
Microsoft SIP Processing Language (MSPL) server applications are script-only applications that use the MSPL scripting language instead of the Microsoft Lync 2010 API. Some MSPL server applications are specified as critical. If a script is critical, the script must start during system startup in order for Lync Server 2010 to start. If the script fails while Lync Server 2010 is running, the server does not shut down, but it stops sending traffic to the script, and it writes errors in the event log. You can use Lync Server Control Panel to mark Microsoft SIP Processing Language (MSPL) server applications as critical or unmark them. Not all scripts support this option. For example, the DefaultRouting script is marked as critical, and this option cannot be changed for DefaultRouting.

55

Microsoft Lync Server 2010 Administration Guide

To mark or unmark an MSPL server application as critical 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Topology and then click Server Application. 4. On the Server Application page, click a column heading to sort the applications, if needed, and then click the server application that you want to modify. 5. Click Action. 6. Click Mark as critical or Unselect as critical (that is, if the script supports this option). See Also View Microsoft SIP Processing Language (MSPL) Server Applications Enable or Disable a Microsoft SIP Processing Language (MSPL) Server Application

View a List of Trusted Applications


You can use Lync Server Control Panel to view a list of the trusted applications that you have deployed in your Microsoft Lync Server 2010 environment. A trusted application is an application based on Microsoft Unified Communications Managed API (UCMA) 3.0 Core SDK that is trusted by Lync Server 2010. This trust relationship is summarized in the following list: Trusted applications are not challenged for authentication by Lync Server 2010. Trusted applications are not throttled by Lync Server 2010 for SIP transactions, connections or outgoing Voice over Internet Protocol (VoIP) calls. Trusted applications can impersonate any user and can join conferences without appearing in rosters. Trusted applications are highly available and resilient. In Lync Server Control Panel, you can see the name of the applications, the pool where they run, and the port they use. To view a list of trusted applications 1. From a user account that is assigned to the CsServerAdministrator, CsAdministrator, CsHelpDesk, or CsViewOnlyAdministrator role, log on to any computer in your internal deployment. For details about the predefined administrative roles available in Lync Server 2010, see Role-Based Access Control. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools.

56

Microsoft Lync Server 2010 Administration Guide

3. In the left navigation bar, click Topology and the click Trusted Application. 4. On the Trusted Application page, click a column heading to sort the applications, if needed.

View the Simple URL Details


You can use Lync Server Control Panel to view simple URL details for your Microsoft Lync Server 2010 environment. Simple URLs make it easier for users to join meetings, and they make it easier for administrators to get to Microsoft Lync Server 2010 administrative tools. For details, see Planning for Simple URLs. To view Simple URL details 1. From a user account that is assigned to the CsServerAdministrator, CsAdministrator, CsHelpDesk, or CsViewOnlyAdministrator role, log on to any computer in your internal deployment. For details about the predefined administrative roles available in Lync Server 2010, see Role-Based Access Control. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Topology and then click Simple URL. 4. On the Simple URL page, click a column heading to sort the list, if needed. 5. Select the name for which you want to see simple URL details, and then click Properties. 6. When you are finished viewing details, click Close.

Filtering Instant Messages and Client Versions


Topics in this section provide step-by-step procedures for tasks that you can perform using the IM and Presence group in Lync Server Control Panel.

In This Section
Configuring Filtering for Instant Messaging (IM) Specify the Client Versions Supported in Your Organization

Configuring Filtering for Instant Messaging (IM)


The Intelligent IM Filter tool helps protect your Microsoft Lync Server 2010 deployment against the spread of the most common forms of viruses with minimal degradation to the user experience. Use Intelligent IM Filter to configure filters to block unsolicited or potentially harmful instant messages from unknown endpoints outside the corporate firewall. You configure filters by

57

Microsoft Lync Server 2010 Administration Guide

specifying the criteria to be used to determine what should be blocked, such as instant messages containing hyperlinks with specific prefixes and files with specific extensions. Intelligent IM Filter provides the following: Enhanced URL filtering. Enhanced file transfer filtering. Configuring URL filtering. Configuring file transfer filtering.

Configuring Intelligent IM Filter includes the following:

How Filtering Options Are Applied to Instant Messages Before you deploy the Intelligent IM Message Filter tool, you need to understand how filtering options are applied as messages are routed from one Lync Server 2010 server to another. The way these filtering options are applied is consistent, regardless of whether the servers are located in a single organization or across organizational boundaries. This consistency applies to the way that the customized notice and warning texts are inserted into messages and sent across servers. Note: The instant message filter increases the amount of CPU resources required to process URLs in a message. This increase in CPU demand also affects the performance of Lync Server 2010. By using the URL Filter page in the IM and Presence group in Lync Server Control Panel, you can block some or all hyperlinks or configure a warning. The warning is inserted at the beginning of an instant message that contains a hyperlink when you choose the Hyperlink prefix option Send warning message. When an instant message travels from one server to another, the following general guidelines apply: If a server blocks an instant message (because you selected the Block URLs with file extension check box on the URL Filter page or because you chose the Hyperlink prefix option Block hyperlinks), an error message is returned to the client. Subsequent servers do not receive this instant message. If a server (Server1) adds a warning to an instant message that contains an active hyperlink, a subsequent server (Server2) that receives this instant message can still take a different action based on this active hyperlink present in the instant message and block the instant message or add a warning. If Server2 is configured only to add a warning for this URL, the earlier warning added by Server1 is removed, and the warning configured on Server2 is added to the beginning of the instant message. Note: If you are running Lync Server 2010 in a mixed environment, Live Communications Server 2005 with SP1 is the minimum version required to use the Intelligent IM Filter application. The Intelligent IM Filter is not supported on Live Communications Server 2005 without SP1. URL Filtering

58

Microsoft Lync Server 2010 Administration Guide

URLs are filtered according to their hyperlink prefix. The following examples are valid prefixes: www*. ftp. http:

If you do not configure the instant message filter to perform any URL filtering, all URLs contained in instant messages are passed unmodified through the server. If you configure the instant message filter to perform URL filtering, URLs in instant messages are filtered according to the options that you select in the Edit URL Filter or New URL Filter dialog box. Enable URL filter This option enables URL filtering for the global deployment or for the site that you select. Block URLs with file extension The instant message filter blocks any active intranet or Internet URL that contains a file with an extension listed under File type extensions to block in the Edit File Filter dialog box. When a URL is blocked, an error message is displayed to the sender. When selected, this option takes precedence over all other filtering options for any file extensions defined under File type extensions to block. Important: Filtering of file extensions is limited to standard file names. Filtering may not work with file extensions embedded in other names. To configure how hyperlinks are handled in instant message conversations, you select one of the following options under Hyperlink prefix: Do not filter URLs in messages are sent through the server. When you choose this option, the Allow message box appears. In the Allow message box, specify the notice that you want to insert at the beginning of each instant message containing hyperlinks. This notice can consist of no more than 65535 characters. Block hyperlinks Delivery of instant messages containing active hyperlinks is blocked by Lync Server 2010, and an error message is displayed to the sender. Send warning message Lync Server 2010 permits active hyperlinks in instant messages, but it includes a warning. When you choose this option, the Warning message box appears. In the Warning message box, you must type the warning that you want to include with instant messages containing valid hyperlinks. For example, this warning might state the potential dangers of clicking an unknown link, or it might refer to your organizations relevant policies and requirements. The warning can be no more than 65535 characters. If you select Block hyperlinks or Send warning message, the following options are available: Exclude local intranet hyperlinks The instant message filter blocks only Internet URLs. URLs for locations within your intranet are passed unmodified through the server. However, the intranet URLs that individual servers running Lync Server 2010 pass depend on which types of local websites are considered part of their intranet zone. To check a servers intranet zone settings, see the To configure your intranet settings in Internet Explorer procedure in Modify the Default URL Filter. Filter these hyperlink prefixes To choose which prefixes you want to block, click Select, and then, in Select Hyperlink Prefix, add the prefixes to the Hyperlink prefixes list.

59

Microsoft Lync Server 2010 Administration Guide

All prefixes except href must end with a period or a colon, or an asterisk followed by a period. Valid prefixes can contain any characters in the set of valid URL characters except the asterisk (*). The set of valid URL characters is: #*+/0123456789=@ABCDEFGHIJKLMNOPQRSTUVWXYZ^_` abcdefghijklmnopqrstuvwxyz| ~ File Transfer Filtering Filter transfer filtering affects both instant messages and conferences. For conferences, these settings affect the handout feature in the Office Live Meeting 2007 client and multimedia playback features. Note: Microsoft Lync 2010 also offers file transfer setting options. This server-side option is offered in addition to the client-side controls available in Lync 2010. You can filter file transfers during instant message conversations, when you are using the handout feature in the Office Live Meeting 2007 client, and for multimedia playback features for all file types. You can set the following options to control file transfers: Enable file filter This option enables file filtering for the global deployment or for the site that you select. When you enable the file filter, you can choose one of the following options in File transfer: Block specific file types You specify which file transfer requests are filtered by the server by specifying a list of file extensions to block. Entries in the list can contain all standard characters, but not the wildcard character (*). In the Office Live Meeting 2007 client the handout feature is enabled, but any file with this extension cannot be uploaded or downloaded. If you select the Block URLs with file extension check box on the settings for a URL filter listed on the URL Filter tab, the URL filter uses this same list to block active hyperlinks that contain any of these file extensions. To choose which file types you want to block, click Select, and then, in Select File Type, add the file type extensions to the Selected file type extensions list. Block All The server drops all instant messages that contain file transfer requests and returns an error message to the sender of the request. The handout feature in the Office Live Meeting 2007 client is disabled. Important: Filtering of file extensions is limited to standard file names. Filtering may not work with file extensions embedded in other names. In This Section Modify the Default File Transfer Filter Create a New File Transfer Filter for a Specific Site Modify the Default URL Filter Create a New URL Filter to Handle Hyperlinks in IM Conversations

60

Microsoft Lync Server 2010 Administration Guide

Modify the Default File Transfer Filter Microsoft Lync Server 2010 provides a global file transfer filter that blocks specific types of files during the following file-related activities within your Lync Server 2010 deployment: File transfer requests during instant messaging (IM) conversations File uploads and downloads while using the handout feature in the Office Live Meeting 2007 client Multimedia playback during conferences Depending on the types of files you want to block or allow, you can use Lync Server Control Panel to modify the global filter. For details about file transfer filtering, see Configuring Filtering for Instant Messaging (IM). To modify the default file transfer filter 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click IM and Presence and then click File Filter. 4. On the File Filter page, double-click the Global filter. 5. In Edit File Filter, select the Enable file filter check box. 6. In the File transfer drop-down list box, click Block All or Block specific file types. 7. If you clicked Block All, skip to step 9. 8. If you clicked Block specific file types, do the following: a. Click Select to modify the default list of file type extensions that you want to block. b. In Select File Type, select the file types that you want to block or allow by adding or removing their extensions from the categories under File type extensions. c. If you do not see the extension for a file type that you want to block, type the extension in the text box under Add file type extensions to the list, and then click Add. d. Click OK. 9. Click Commit. See Also Configuring Filtering for Instant Messaging (IM) Create a New File Transfer Filter for a Specific Site Create a New URL Filter to Handle Hyperlinks in IM Conversations Modify the Default URL Filter

61

Microsoft Lync Server 2010 Administration Guide

Create a New File Transfer Filter for a Specific Site In addition to modifying the global file transfer filter, you can configure custom file transfer filters for specific sites within your Microsoft Lync Server 2010 deployment. For details about file transfer filtering, see Configuring Filtering for Instant Messaging (IM). To create a file transfer filter for a specific site 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click IM and Presence and then click File Filter. 4. On the File Filter page, click New. 5. In the Select a Site dialog box, click the site for which you want to create the file transfer filter, and then click OK. 6. In New File Filter, click the Enable file filter check box. 7. In File transfer drop-down list box, click Block All or Block specific file types. 8. If you clicked Block All, skip to step 9. 9. If you clicked Block specific file types, do the following: a. Click Select to modify the default list of file type extensions that you want to block. b. In the Select File Type dialog box, select the file types that you want to block or allow by adding or removing their extensions from the categories under File type extensions. c. If you do not see the extension for a file type that you want to block, type the extension in the text box under Add file type extensions to the list, and then click Add. d. Click OK. 10. Click Commit. See Also Configuring Filtering for Instant Messaging (IM) Create a New URL Filter to Handle Hyperlinks in IM Conversations Modify the Default File Transfer Filter Modify the Default URL Filter Modify the Default URL Filter By using the instant messaging (IM) filter, Microsoft Lync Server 2010 provides a global URL filter that blocks specific URLs contained in IM conversations among users throughout your Lync Server 2010 deployment. By using Lync Server Control Panel, you can do the following: Block all or a subset of URLs in instant message conversations.

62

Microsoft Lync Server 2010 Administration Guide

Allow all URLs. As an option, you can create a notice that is inserted at the beginning of each instant message that contains a URL. Allow specific URLs and include a warning with each instant message that contains a URL. In addition, you can choose to block URLs that contain specific file types, or block only Internet URLs by allowing URLs that are within the servers local intranet zone intranet URLs to pass through the server. For details about URL filtering, see Configuring Filtering for Instant Messaging (IM). See Also Configuring Filtering for Instant Messaging (IM) Create a New File Transfer Filter for a Specific Site Create a New URL Filter to Handle Hyperlinks in IM Conversations Modify the Default File Transfer Filter Create a New URL Filter to Handle Hyperlinks in IM Conversations In addition to modifying the global URL filter, you can configure custom URL filters for individual sites within your Microsoft Lync Server 2010 deployment. For details about URL filtering, see Configuring Filtering for Instant Messaging (IM). To create a new URL filter 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click IM and Presence, and then click URL Filter. 4. On the URL Filter page, click New. 5. In Select a Site, click the site for which you want to create the URL filter, and then click OK. 6. In the New URL Filter dialog box, select the Enable URL Filter check box to enable URL filtering for the site. 7. To block any active URL that contains a file with an extension listed under File type extensions to block in Edit File Filter, select the Block URLs with file extension check box. 8. In the Hyperlink prefix drop-down list box, click the option that corresponds to how you want to handle URLs in instant message conversations. The Allow message box enables a warning message to be sent to the user when sending hyperlinks that are allowed to be sent. 9. Click Commit. See Also Configuring Filtering for Instant Messaging (IM)

63

Microsoft Lync Server 2010 Administration Guide

Create a New File Transfer Filter for a Specific Site Modify the Default URL Filter Modify the Default File Transfer Filter

Specify Client Versions Supported for Sign-in by a User


The client version policy is one of the individual settings of a user account that you can configure in Lync Server Control Panel. Deploying one or more per-user client version policies is optional. You can also deploy only a global-level client version policy, or site-level or pool-level client version policies. If you do deploy per-user policies, you must explicitly assign them to users, groups, or contact object. When no specific site-level, pool-level, or per-user policy is assigned, the default clients that are allowed to register with Lync Server 2010 are those defined in the global-level client version policy. After creating at least one per-user client version policy, use the procedures in this topic to assign the policy that specifies the client versions that you want to allow to register with Lync Server 2010. For details about creating per-user client version policies, see Specify the Client Versions Supported in Your Organization. To assign a per-user client version policy 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users. 4. Use one of the following methods to locate a user: In the Search users box, type all or the first portion of the display name, first name, last name, Security Accounts Manager (SAM) account name, SIP address, or line Uniform Resource Identifier (URI) of the user account, and then click Find. If you have a saved query, click the Open query icon, use the Open dialog box to retrieve the query (a .usf file), and then click Find. 5. (Optional) Specify additional search criteria to narrow the results: a. Click Add Filter. b. Enter the user property by typing it or by clicking the arrow in the drop-down list to select the property. c. In the Equal to drop-down list, click the operator (for example, Equal to or Not equal to). d. Depending on the user property you selected, enter the criteria you want to use to filter the search results by typing it or by clicking the arrow in the drop-down list. Tip:

64

Microsoft Lync Server 2010 Administration Guide

To add additional search clauses to your query, click Add Filter. e. Click Find. 6. Click a user in the search results, click Action, and then click Assign policies. Tip: If you want the same per-user client version policy to apply to multiple users, select multiple users in the search results, then click Actions, and then click Assign policies. 7. In Assign Policies, under Client version policy, do one of the following: Note: Because there are multiple policies that you can configure by using the Assign Policies dialog box, <Keep as is> is selected by default for every policy in the dialog box. Continue using the policy previously assigned to the user by making no changes to this setting. Allow Lync Server 2010 to automatically choose either the global-level policy or, if defined, the site-level policy or pool-level policy. Click the name of a per-user client version policy you previously defined on the Client Version Policy page. Tip: To help you decide the policy you want to assign, after you click a policy name, click View to view the user rights and permissions defined in the policy. 8. When you are finished, click OK.

Configuring Voice Routing


Topics in this section provide step-by-step procedures for tasks you can perform using the Voice Routing group in Lync Server Control Panel.

In This Section
Configuring Dial Plans and Normalization Rules Configuring Voice Policies, PSTN Usage Records, and Voice Routes Configuring Trunks and Translation Rules Exporting and Importing Voice Routing Configuration Test Voice Routing Publish Pending Changes to the Voice Routing Configuration

65

Microsoft Lync Server 2010 Administration Guide

Configuring Dial Plans and Normalization Rules


A Lync Server 2010 dial plan is a named set of normalization rules that translate phone numbers for a named location, individual user, or contact object for purposes of phone authorization and call routing. Note: For details, see Dial Plans and Normalization Rules in the Planning documentation. In This Section Create a Dial Plan Modify a Dial Plan Defining Normalization Rules

Create a Dial Plan To create a new dial plan, perform the steps in the following procedure. If you want to edit a dial plan, see Modify a Dial Plan. To create a dial plan 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing and then click Dial Plan. 4. On the Dial Plan page, click New and select a scope for the dial plan: Site dial plan applies to an entire site, except any users or groups that are assigned to a user dial plan. If you select Site for a dial plans scope, you must choose the site from the Select a Site dialog box. If a dial plan has already been created for a site, the site does not appear in the Select a Site dialog box. Pool dial plan can apply to a public switched telephone network (PSTN) gateway or a Registrar. If you select Pool for a dial plans scope, choose the PSTN gateway or Registrar from the Select a Service dialog box. If a dial plan has already been created for a service (PSTN gateway or Registrar), the service does not appear in the list. User dial plan can be applied to specified users or groups.

Note: After you select the dial plan scope, it cannot be changed. 5. If you are creating a user dial plan, enter a descriptive name in the Name field on the New Dial Plan dialog box. After this name is saved, it cannot be changed. Notes:

66

Microsoft Lync Server 2010 Administration Guide

For site dial plans, the Name field is prepopulated with the site name and cannot be changed. For pool dial plans, the Name field is prepopulated with the PSTN gateway or Registrar name and cannot be changed. 6. The Simple name field is prepopulated with the same name that appears in the Name field. You can optionally edit this field to specify a more descriptive name that reflects the site, service, or user to which the dial plan applies. Important The Simple name must be unique among all dial plans within the Lync Server deployment. It cannot exceed 256 Unicode characters, each of which can be an alphabetic or numeric character, a hyphen (-), a period (.), a plus sign (+), or an underscore (_). Spaces are not allowed in the Simple name. 7. (Optional) In the Description field, you can type additional descriptive information about the dial plan. 8. (Optional) If you want to use this dial plan as a region for dial-in access numbers, specify a Dial-in conferencing region. If you do not want to use this dial plan for dial-in access numbers, leave this field empty. Note: Dial-in conferencing regions are required to associate dial-in conferencing access numbers with one or more dial plans. 9. (Optional) In the External access prefix field, specify a value only if users need to dial one or more additional leading digits (for example, 9) to get an external line. You can type in a prefix value of up to four characters (#, *, and 0-9). Note: If you specify an external access prefix, you do not need to create a new normalization rule to accommodate the prefix. 10. Associate and configure normalization rules for the dial plan as follows: To choose one or more rules from a list of all normalization rules available in your Enterprise Voice deployment, click Select. In Select Normalization Rules, highlight the rules you want to associate with the dial plan and then click OK. To define a new normalization rule and associate it with the dial plan, click New. For details about defining a new rule, see Defining Normalization Rules. To edit a normalization rule that is already associated with the dial plan, highlight the rule name and click Show details. For details about editing the rule, see Defining Normalization Rules. To copy an existing normalization rule to use as a starting point for defining a new rule, highlight the rule name and click Copy, and then click Paste. For details about editing the copy, see Defining Normalization Rules. To remove a normalization rule from the dial plan, highlight the rule name and click Remove. Note:

67

Microsoft Lync Server 2010 Administration Guide

Each dial plan must have at least one associated normalization rule. For information about how to determine all of the normalization rules a dial plan requires, see Dial Plans and Normalization Rules in the Planning documentation. 11. Verify that the dial plans normalization rules are arranged in the correct order. To change a rules position in the list, highlight the rule name and then click the up or down arrow. Important Lync Server traverses the normalization rule list from the top down and uses the first rule that matches the dialed number. If you configure a dial plan so that a dialed number can match more than one normalization rule, make sure the more restrictive rules are sorted above the less restrictive ones. The default Prefix All normalization rule ^(\d{11})$ matches any 11-digit number. For example, if you add a normalization rule that matches 11-digit numbers that start with 1425, make sure that Prefix All is sorted below the more restrictive ^(1425\d{7})$ rule. 12. (Optional) Enter a number to test the dial plan and then click Go. The test results are displayed under Enter a number to test. Note: You can save a dial plan that does not yet pass the test and then reconfigure it later. For details, see Test Voice Routing. 13. Click OK. 14. On the Dial Plan page, click Commit, and then click Commit all. Note: Any time you create a dial plan, you must run the Commit all command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Modify a Dial Plan Defining Normalization Rules Publish Pending Changes to the Voice Routing Configuration Modify a Dial Plan To modify an existing dial plan, perform the steps in the following procedure. If you want to create a new dial plan, see Create a Dial Plan. To modify a dial plan 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server

68

Microsoft Lync Server 2010 Administration Guide

Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing and then click Dial Plan. 4. On the Dial Plan page, double-click a dial plan name. Note: The dial plan scope and name were set when the dial plan was created. They cannot be changed. 5. (Optional) In Edit Dial Plan, edit the Simple name field, which is prepopulated with the same name that appears in the Name field to specify a more descriptive name that reflects the site, service, or user to which the dial plan applies. Important The Simple name must be unique among all dial plans within the Lync Server deployment. It cannot exceed 256 Unicode characters, each of which can be an alphabetic or numeric character, a hyphen (-), a period (.), a plus sign (+), or an underscore (_). Spaces are not allowed in the Simple name field. 6. (Optional) In the Description field, type descriptive information about the dial plan. 7. (Optional) If you want to use this dial plan as a region for dial-in access numbers, specify a Dial-in conferencing region. If you do not want to use this dial plan for dial-in access numbers, leave this field empty. Note: Dial-in conferencing regions are required to associate dial-in conferencing access numbers with one or more dial plans. 8. (Optional) In the External access prefix field, specify a value only if users need to dial one or more additional leading digits to get an external line (for example, 9). You can type in a prefix value of up to four characters (that is, #, *, and 0-9). Note: If you specify an external access prefix, you do not need to create a new normalization rule to accommodate the prefix. 9. Associate and configure normalization rules for the dial plan: To choose one or more rules from a list of all normalization rules available in your Enterprise Voice deployment, click Select. In the Select Normalization Rules dialog box, highlight the rules that you want to associate with the dial plan and then click OK. To define a new normalization rule and associate it with the dial plan, click New. For details about defining a new rule, see Defining Normalization Rules. To edit a normalization rule that is already associated with the dial plan, highlight the rule name and click Show details. For details about editing the rule, see Defining Normalization Rules. To copy an existing normalization rule to use as a starting point for defining a new rule, highlight the rule name and click Copy, and then click Paste. For details

69

Microsoft Lync Server 2010 Administration Guide

about editing the copy, see Defining Normalization Rules. To remove a normalization rule from the dial plan, highlight the rule name and click Remove. Note: Each dial plan must have at least one associated normalization rule. For details about how to determine all of the normalization rules a dial plan requires, see Dial Plans and Normalization Rules in the Planning documentation. 10. Verify that the dial plans normalization rules are arranged in the correct order. To change a rules position in the list, highlight the rule name and then click the up or down arrow. Important Lync Server traverses the normalization rule list from the top down and uses the first rule that matches the dialed number. If you configure a dial plan so that a dialed number can match more than one normalization rule, make sure the more restrictive rules are sorted above the less restrictive ones. The default Prefix All normalization rule ^(\d{11})$ matches any 11-digit number. If, for example, you add a normalization rule that matches 11-digit numbers that start with 1425, make sure that Prefix All is sorted below the more restrictive ^(1425\d{7})$ rule. 11. (Optional) Enter a number to test the dial plan and then click Go. The test results are displayed under Enter a number to test. Note: You can save a dial plan that does not yet pass the test and then reconfigure it later. For details, see Test Voice Routing. 12. Click OK. 13. On the Dial Plan page, click Commit, and then click Commit all. Note: Any time you create or modify a dial plan, you must run the Commit all command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Create a Dial Plan Defining Normalization Rules Publish Pending Changes to the Voice Routing Configuration Defining Normalization Rules Lync Server 2010 normalization rules use .NET Framework regular expressions to translate dialed phone numbers to E.164 format. Each dial plan must be assigned one or more normalization rules. For details about normalization rules, see Dial Plans and Normalization Rules in the Planning documentation.

70

Microsoft Lync Server 2010 Administration Guide

For details about how to write regular expressions, see ".NET Framework Regular Expressions" at http://go.microsoft.com/fwlink/?LinkId=140927. You can use either of the following methods to define or edit a normalization rule: Use the Build a Normalization Rule tool to specify values for the starting digits, length, digits to remove and digits to add, and then let Lync Server Control Panel generate the corresponding matching pattern and translation rule for you. Write regular expressions manually to define the matching pattern and translation rule. Create or Modify a Normalization Rule by Using Build a Normalization Rule Create or Modify a Normalization Rule Manually In This Section

See Also Create a Dial Plan Modify a Dial Plan Create or Modify a Normalization Rule by Using Build a Normalization Rule Complete the following steps if you want to create or modify a normalization rule by using Build a Normalization Rule in Microsoft Lync Server 2010 Control Panel. Alternatively, if you want to create or modify a normalization rule manually, see Create or Modify a Normalization Rule Manually. To define a rule by using Build a Normalization Rule 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. (Optional) Follow the steps in Create a Dial Plan through step 11 or Modify a Dial Plan through step 10. 4. In New Normalization Rule or Edit Normalization Rule, type a name that describes the number pattern being normalized in Name (for example, 5DigitExtension). 5. (Optional) In Description, type a description of the normalization rule (for example, "Translates 5-digit extensions"). 6. In Build a Normalization Rule, enter values in the following fields: Starting digits (Optional) Specify the leading digits of dialed numbers you want the pattern to match. For example, type 425 if you want the pattern to match dialed numbers beginning with 425. Length Specify the number of digits in the matching pattern and select whether you want the pattern to match this length exactly, match dialed numbers that are at least this length, or match dialed numbers of any length. Digits to remove (Optional) Specify the number of starting digits to be removed

71

Microsoft Lync Server 2010 Administration Guide

from dialed numbers you want the pattern to match. Digits to add (Optional) Specify digits to be added to dialed numbers you want the pattern to match. The values you enter in these fields are reflected in Pattern to match and Translation rule. For example, if you leave Starting digits empty, type 7 into the Length field and select Exactly, and specify 0 in Digits to remove, the resulting regular expression in the Pattern to match is: ^(\d{7})$ 7. In Translation rule, specify a pattern for the format of translated E.164 phone numbers as follows: A value that represents the number of digits specified in the matching pattern. For example, if the matching pattern is ^(\d{7})$ then $1 in the translation rule represents 7-digit dialed numbers. (Optional) Type a value into the Digits to add field to specify digits to be prepended to the translated number, for example +1425. For example, if Pattern to match contains ^(\d{7})$ as the pattern for dialed numbers and Translation rule contains +1425$1 as the pattern for E.164 phone numbers, the rule normalizes 5550100 to +14255550100. 8. (Optional) If the normalization rule results in a phone number that is internal to your organization, select Internal extension. 9. (Optional) Enter a number to test the normalization rule and then click Go. The test results are displayed under Enter a number to test. Note: You can save a normalization rule that does not yet pass the test and then reconfigure it later. For details, see Test Voice Routing. 10. Click OK to save the normalization rule. 11. Click OK to save the dial plan. 12. On the Dial Plan page, click Commit, and then click Commit all. Note: Any time you create or change a normalization rule, you must run the Commit all command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Create or Modify a Normalization Rule Manually Create a Dial Plan Modify a Dial Plan Test Voice Routing Publish Pending Changes to the Voice Routing Configuration

72

Microsoft Lync Server 2010 Administration Guide

Create or Modify a Normalization Rule Manually Complete the following steps if you want to create or modify a normalization rule manually. If you want to create or modify a normalization rule by using Build a Normalization Rule in Microsoft Lync Server 2010 Control Panel, see Create or Modify a Normalization Rule by Using Build a Normalization Rule.

To define a normalization rule manually 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. (Optional) Follow the steps in Create a Dial Plan or Modify a Dial Plan. 4. In New Normalization Rule or Edit Normalization Rule, type a name that describes the number pattern being normalized in Name (for example, name the normalization rule 5DigitExtension). 5. (Optional) In Description field, type a description of the normalization rule (for example, "Translates 5-digit extensions"). 6. In Build a Normalization Rule, click Edit. 7. Enter the following in Type a Regular Expression: In Match this pattern, specify the pattern that you want to use to match the dialed phone number. In Translation rule, specify a pattern for the format of translated E.164 phone numbers. For example, if you enter ^(\d{7})$ in Match this pattern and +1425$1 in Translation rule, the rule normalizes 5550100 to +14255550100. 8. (Optional) If the normalization rule results in a phone number that is internal to your organization, select Internal extension. 9. (Optional) Enter a number to test the normalization rule and then click Go. The test results are displayed under Enter a number to test. Note: You can save a normalization rule that does not yet pass the test and then reconfigure it later. For details, see Test Voice Routing. 10. Click OK to save the normalization rule. 11. Click OK to save the dial plan. 12. On the Dial Plan page, click Commit, and then click Commit all. Note: Any time you create or change a normalization rule, you must run the Commit all

73

Microsoft Lync Server 2010 Administration Guide

command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Create or Modify a Normalization Rule by Using Build a Normalization Rule Create a Dial Plan Modify a Dial Plan Test Voice Routing Publish Pending Changes to the Voice Routing Configuration

Configuring Voice Policies, PSTN Usage Records, and Voice Routes


Voice policies, PSTN usage records, and voice routes are integrally related. You configure voice policies by selecting a set of calling features and then assigning the policy a set of PSTN usage records, which specify what rights are authorized for the users or groups who are assigned the voice policy. Voice routes are also assigned PSTN usage records, which serve to match routes with the users who are authorized to use them. That is, users can only place calls that use the routes for which they have a matching PSTN usage record. The recommended workflow for a new Enterprise Voice deployment is to start by configuring a voice policy that includes the appropriate PSTN usage records, and then associate the appropriate routes to each PSTN usage record. Note: You can also create voice policies with user scope and assign them to individual users or groups. For the detailed steps to perform each of these tasks, see the procedures in this section. In This Section Configuring Voice Policies and PSTN Usage Records to Authorize Calling Features and Privileges View PSTN Usage Records Configuring Voice Routes for Outbound Calls

Configuring Voice Policies and PSTN Usage Records to Authorize Calling Features and Privileges A voice policy enables a set of calling features and associates one or more PSTN usage records to define the calling features and permissions of users who are assigned the policy. Voice policy scope can be either Site (which defines the default features and permissions for a network site) or User (which defines the features and permissions to be assigned on a per-user or group basis). Users not assigned to a voice policy will automatically be assigned to the global policy, which is the default voice policy that is installed with the product. Note: For details, see Voice Policies in the Planning documentation.

74

Microsoft Lync Server 2010 Administration Guide

In This Section Create a Voice Policy and Configure PSTN Usage Records Modify a Voice Policy and Configure PSTN Usage Records

Create a Voice Policy and Configure PSTN Usage Records Follow these steps if you want to create a new voice policy. If you want to edit a voice policy, see Modify a Voice Policy and Configure PSTN Usage Records for the procedure. Note: Each voice policy must have at least one associated PSTN usage record. To see a listing of all PSTN usage records available in your Enterprise Voice deployment and view their properties, see View PSTN Usage Records. To create a voice policy 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing and then click Voice Policy. 4. On the Voice Policy page, click New and then select a scope for the new policy: Site policy applies to an entire site, except any users or groups that are assigned to a user policy. If you select Site for a policy scope, choose the site from the Select a Site dialog box. If a voice policy has already been created for a site, the site does not appear in the Select a Site dialog box. User policy can be applied to specified users or groups. 5. If the voice policy scope is User, enter a descriptive name for the policy in the Name field. Note: If the voice policy scope is Site, the Name field in New Voice Policy is prepopulated with the site name and cannot be changed. 6. (Optional) Enter additional descriptive information for the voice policy. 7. Select or clear the following check boxes to enable or disable each of the Calling features for this voice policy: Call forwarding enables users to forward calls to other phones and client devices. Enabled by default. Delegation enables users to specify other users to send and receive calls on their behalf. Enabled by default. Call transfer enables users to transfer calls to other users. Enabled by default. Call park enables users to park calls on hold and then pick up the call from a

75

Microsoft Lync Server 2010 Administration Guide

different phone or client. Disabled by default. Simultaneous ringing enables incoming calls to ring on additional phones (for example, a cell phone) or other endpoint devices. Enabled by default. Team call enables users on a defined team to answer calls for other members of the team. Enabled by default. PSTN re-route enables calls made by users who are assigned this policy to other enterprise users to be re-routed on the public switched telephone network (PSTN) if the WAN is congested or unavailable. Enabled by default. Bandwidth policy override enables administrators to override call admission control policy decisions for a particular user. Disabled by default. Note: The policy will be overridden only for incoming calls to the user and not for outgoing calls that are placed by the user. After the session is established the bandwidth consumption will be accurately accounted for. This setting should be used sparingly and should be avoided for appropriate call admission control decisions. Malicious call tracing enables users to report malicious calls (such as bomb threats) using the client UI, and that in turn flags the calls in the call detail records (CDRs). Disabled by default. 8. To associate and configure PSTN usage records for this voice policy, do any of the following: To choose one or more records from a list of all PSTN usage records available in your Enterprise Voice deployment, click Select. Highlight the records you want to associate with this voice policy and then click OK. To remove a PSTN usage record from this voice policy, highlight the record and click Remove. To define a new PSTN usage record and associate it with this voice policy, do the following: a. Click New. b. In the Name field, enter a unique descriptive name for the record. For example, you may want to create a PSTN usage record named Redmond for full-time employees located in Redmond, and another named RedmondTemps for temporary employees. Note: The PSTN usage record name must be unique within the Enterprise Voice deployment. After the record is saved, the Name field cannot be edited. c. Use any of the following methods to associate and configure routes for this PSTN usage record: To choose one or more routes from the list of all available routes in your Enterprise Voice deployment, click Select, highlight the routes you want to associate

76

Microsoft Lync Server 2010 Administration Guide

with this PSTN usage record, and then click OK. To remove a route from the PSTN usage record, highlight the route and click Remove. To define a new route and associate it with this PSTN usage record, click New. For details, see Create a Voice Route. To edit a route that is already associated with this PSTN usage record, highlight the route and click Show details. For details, see Modify a Voice Route. d. Click OK. To edit a PSTN usage record that is already associated with this voice policy, do the following: a. Highlight the PSTN usage record you want to edit and click Show details. b. Use any of the following methods to associate and configure routes for this PSTN usage record: To choose one or more routes from the list of all available routes in your Enterprise Voice deployment, click Select, highlight the routes you want to associate with this PSTN usage record, and then click OK. To remove a route from this PSTN usage record, highlight the route and click Remove. To define a new route and associate it with this PSTN usage record, click New. For details, see Create a Voice Route. To edit a route that is already associated with this PSTN usage record, highlight the route and click Show details. For details, see Modify a Voice Route. c. Click OK. 9. Arrange the PSTN usage records for optimum performance. To change a records position in the list, highlight the record name and click the up or down arrow. Important: The order in which PSTN usage records are listed in the voice policy is significant. Lync Server traverses the list from the top down. We recommend that you organize the list by frequency of use, for example: RedmondLocal, RedmondLongDist, RedmondInternational, RedmondBackup. 10. (Optional) Enter a number to test the voice policy and click Go. The test results are displayed under Translated number to test. Note: You can save a voice policy that does not yet pass the test and then reconfigure it later. For details, see Test Voice Routing. 11. Click OK. 12. On the Voice Policy page, click Commit, and then click Commit all. Note: Any time you create or modify a voice policy, you must run the Commit all

77

Microsoft Lync Server 2010 Administration Guide

command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Modify a Voice Policy and Configure PSTN Usage Records View PSTN Usage Records Create a Voice Route Modify a Voice Route Test Voice Routing Publish Pending Changes to the Voice Routing Configuration Modify a Voice Policy and Configure PSTN Usage Records Follow these steps if you want to modify a voice policy. If you want to create a new voice policy, see Create a Voice Policy and Configure PSTN Usage Records for the procedure. Note: If a user is assigned to a voice policy has no associated PSTN usage records, the user cannot place outbound calls. To see a listing of all PSTN usage records available in your Enterprise Voice deployment and view their properties, see View PSTN Usage Records. To modify a voice policy 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing and then click Voice Policy. 4. On the Voice Policy page, double-click a voice policy name. Note: The scope and name were set when the voice policy was created. They cannot be changed. 5. (Optional) In Edit Voice Policy, enter additional descriptive information for the voice policy. 6. Select or clear the following check boxes to enable or disable each of the Calling features: Call forwarding enables users to forward calls to other phones and client devices. Enabled by default. Delegation enables users to specify other users to send and receive calls on their behalf. Enabled by default. Call transfer enables users to transfer calls to other users. Enabled by default.

78

Microsoft Lync Server 2010 Administration Guide

Call park enables users to park calls on hold and then pick up the call from a different phone or client. Disabled by default. Simultaneous ringing enables incoming calls to ring on additional phones (for example, a cell phone) or other endpoint devices. Enabled by default. Team call enables users on a defined team to answer calls for other members of the team. Enabled by default. PSTN re-route enables calls made by users who are assigned this policy to other enterprise users to be re-routed on the public switched telephone network (PSTN) if the WAN is congested or unavailable. Enabled by default. Bandwidth policy override enables administrators to override call admission control (CAC) policy decisions for a particular user. Disabled by default. Note: The policy will be overridden only for incoming calls to the user and not for outgoing calls that are placed by the user. After the session is established the bandwidth consumption will be accurately accounted for. This setting should be used sparingly and should be avoided for appropriate call admission control decisions. Malicious call tracing enables users to report malicious calls (such as bomb threats) using the client UI, and that in turn flags the calls in the call detail records (CDRs). Disabled by default. 7. To associate and configure PSTN usage records for this voice policy, do any of the following: To choose one or more records from a list of all PSTN usage records available in your Enterprise Voice deployment, click Select. Highlight the records you want to associate with this voice policy and then click OK. To remove a PSTN usage record from this voice policy, highlight the record and click Remove. To define a new PSTN usage record and associate it with this voice policy, do the following: a. Click New. b. In the Name field, enter a unique descriptive name for the record. For example, you may want to create a PSTN usage record named Redmond for full-time employees located in Redmond, and another named RedmondTemps for temporary employees. Note: The PSTN usage record name must be unique within the Enterprise Voice deployment. After the record is saved, the Name field cannot be edited. c. Use any of the following methods to associate and configure routes for this PSTN usage record: To choose one or more routes from the list of all available routes in your Enterprise Voice deployment, click Select, highlight the routes you want to associate

79

Microsoft Lync Server 2010 Administration Guide

with this PSTN usage record, and then click OK. To remove a route from the PSTN usage record, highlight the route and click Remove. To define a new route and associate it with this PSTN usage record, click New. For details, see Create a Voice Route. To edit a route that is already associated with this PSTN usage record, highlight the route and click Show details. For details, see Modify a Voice Route. d. Click OK. To edit a PSTN usage record that is already associated with this voice policy, do the following: a. Highlight the PSTN usage record you want to edit and click Show details. b. Use any of the following methods to associate and configure routes for this PSTN usage record: To choose one or more routes from the list of all available routes in your Enterprise Voice deployment, click Select, highlight the routes you want to associate with this PSTN usage record, and then click OK. To remove a route from this PSTN usage record, highlight the route and click Remove. To define a new route and associate it with this PSTN usage record, click New. For details, see Create a Voice Route. To edit a route that is already associated with this PSTN usage record, highlight the route and click Show details. For details, see Modify a Voice Route. c. Click OK. 8. Arrange the PSTN usage records for optimum performance. To change a records position in the list, highlight the record name and click the up or down arrow. Note: The order in which PSTN usage records are listed in the voice policy is significant. Lync Server traverses the list from the top down. We recommend that you organize the list by frequency of use, for example: RedmondLocal, RedmondLongDist, RedmondInternational, RedmondBackup. 9. (Optional) Enter a number to test the voice policy and click Go. The test results are displayed below the Translated number to test field. Note: You can save a voice policy that does not yet pass the test and then reconfigure it later. For details, see Test Voice Routing. 10. Click OK. 11. On the Voice Policy page, click Commit, and then click Commit all. Note: Any time you create or modify a voice policy, you must run the Commit all

80

Microsoft Lync Server 2010 Administration Guide

command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Create a Voice Policy and Configure PSTN Usage Records View PSTN Usage Records Create a Voice Route Modify a Voice Route Test Voice Routing Publish Pending Changes to the Voice Routing Configuration View PSTN Usage Records A PSTN usage record specifies a class of call (such as internal, local, or long distance) that can be made by various users or groups of users in an organization. For details, see PSTN Usage Records in the Planning documentation. To view a PSTN usage record 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing and then click PSTN Usage. 4. On the PSTN Usage page, highlight the PSTN usage record you want to view, click Edit and then click Show details. Note: A read-only page of the selected PSTN usage record shows the associated routes and associated voice policies. See Also Create a Voice Policy and Configure PSTN Usage Records Modify a Voice Policy and Configure PSTN Usage Records Configuring Voice Routes for Outbound Calls A Lync Server 2010 voice route associates destination phone numbers with one or more PSTN gateways or SIP trunks and one or more PSTN usage records. Note: For details, see Voice Routes in the Planning documentation. In This Section Create a Voice Route

81

Microsoft Lync Server 2010 Administration Guide

Modify a Voice Route

Create a Voice Route The following procedure explains how to create a new voice route. To edit an existing route, see Modify a Voice Route for the procedure. To create a voice route 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator administrative role. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing. 4. Click the Route tab. 5. Click New to display the New Voice Route dialog box. 6. In the Name field, type in a descriptive name for the voice route. 7. (Optional) In the Description field, type in additional descriptive information for the voice route. 8. To specify the patterns you want this route to accommodate, you can either use the Build a pattern to match tool to generate a regular expression, or write the regular expression manually. To use the Build a pattern to match tool to generate a regular expression, enter values as follows. You can specify two types of pattern matching: Starting digits for numbers that you want to allow: Enter prefix values that this route must accommodate (including the leading + if needed). For example, type +425 and then click Add. Repeat this for each prefix value that you want to include in the route. Exceptions: If you want to specify one or more exceptions for a prefix value, highlight the prefix and click Exceptions. Type in one or more values for the matching patterns that you do not want this route to accommodate. For example, to exclude numbers starting with +425237 from the route, enter a value of +425237 in the Exceptions field and then click OK. To define the matching pattern manually, click Edit in the Build a pattern to match tool and then type in a .NET Framework regular expression to specify the matching pattern for destination phone numbers to which the route is applied. For information about how to write regular expressions, see ".NET Framework Regular Expressions" at http://go.microsoft.com/fwlink/?LinkId=140927. 9. Select Suppress caller ID if you do not want the ID of the phone making the outbound call to appear to the call recipient. If you select this option, you must specify an Alternate caller ID that will appear on the recipients caller ID display. 10. To associate one or more PSTN gateways or SIP trunks with the voice route, click

82

Microsoft Lync Server 2010 Administration Guide

Add and then select a gateway or SIP trunk from the list. Note: If your deployment includes any Microsoft Office Communications Server 2007 R2 Mediation Servers, they will also be available in the list. 11. To associate one or more PSTN usage records with the voice route, click Select and choose a record from the list of PSTN usage records that have been defined for your Enterprise Voice deployment. Notes: To view the properties of each of the available PSTN usage records, see View PSTN Usage Records. To create or edit PSTN usage records, see Create a Voice Policy and Configure PSTN Usage Records or Modify a Voice Policy and Configure PSTN Usage Records. 12. Arrange the PSTN usage records for optimum performance. To change a records position in the list, highlight the record name and click the up or down arrow. Note: Unlike in a voice policy where the order in which PSTN usage records are listed is important, the order in which PSTN usage records are listed in the voice route is insignificant. However, we recommend that you organize the list by frequency of use, for example: RedmondLocal, RedmondLongDist, RedmondInternational, RedmondBackup. (Lync Server traverses the list from the top down.) 13. (Optional) Type a value into the Enter a translated number to test field and click Go. The test results are displayed under the field. Note: You can save a voice route that does not yet pass the test and then reconfigure it later. For details, see Test Voice Routing. 14. Click OK to save the voice route. Any time you create a voice route, you must run the Commit All command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration. See Also Modify a Voice Route View PSTN Usage Records Create a Voice Policy and Configure PSTN Usage Records Modify a Voice Policy and Configure PSTN Usage Records Test Voice Routing Publish Pending Changes to the Voice Routing Configuration Modify a Voice Route This topic explains how to edit a voice route. To create a new route, see Create a Voice Route.

83

Microsoft Lync Server 2010 Administration Guide

To modify a voice route

84

Microsoft Lync Server 2010 Administration Guide

1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing and then click Route. 4. On the Route page, use either of the following methods to modify a voice route: Click a voice route name, click Edit, and then click Show details. Click a voice route name, click Edit, click Copy, and then click Paste. Click the new copy of the voice route that you just created, click Edit, and then click Show details. 5. In the Name field on the Edit Voice Route page, type a descriptive name for the voice route. 6. (Optional) In the Description field, type in additional descriptive information for the voice route. 7. To specify the patterns you want this route to accommodate, you can either use the Build a pattern to match tool to generate a regular expression, or write the regular expression manually. To use the Build a pattern to match tool to generate a regular expression, enter values as follows. You can specify two types of pattern matching: Starting digits for numbers that you want to allow: Enter prefix values that this route must accommodate (including the leading + if needed). For example, type +425 and then click Add. Repeat this for each prefix value that you want to include in the route. Exceptions: If you want to specify one or more exceptions for a prefix value, highlight the prefix and click Exceptions. Type in one or more values for the matching patterns that you do not want this route to accommodate. For example, to exclude numbers starting with +425237 from the route, enter a value of +425237 in the Exceptions field and then click OK. To define the matching pattern manually, click Edit in the Build a pattern to match tool and then type in a .NET Framework regular expression to specify the matching pattern for destination phone numbers to which the route is applied. For information about how to write regular expressions, see ".NET Framework Regular Expressions" at http://go.microsoft.com/fwlink/?LinkId=140927. 8. Select Suppress caller ID if you do not want the ID of the phone making the outbound call to appear to the call recipient. If you select this option, you must specify an Alternate caller ID that will appear on the recipients caller ID display. 9. To associate one or more PSTN gateways or SIP trunks with the voice route, click Add and then select a gateway or SIP trunk from the list. Note:

85

Microsoft Lync Server 2010 Administration Guide

If your deployment includes any Microsoft Office Communications Server 2007 R2 Mediation Servers, they will also be available in the list. 10. To associate one or more PSTN usage records with the voice route, click Select and choose a record from the list of PSTN usage records that have been defined for your Enterprise Voice deployment. Notes: To view the properties of each of the available PSTN usage records, see View PSTN Usage Records. To create or edit PSTN usage records, see Create a Voice Policy and Configure PSTN Usage Records or Modify a Voice Policy and Configure PSTN Usage Records. 11. Arrange the PSTN usage records for optimum performance. To change a records position in the list, highlight the record name and click the up or down arrow. Note: Unlike in a voice policy where the order in which PSTN usage records are listed is important, the order in a voice route is insignificant. However, we recommend that you organize the list by frequency of use, for example: RedmondLocal, RedmondLongDist, RedmondInternational, RedmondBackup. (Lync Server traverses the list from the top down.) 12. (Optional) Type a value into the Enter a translated number to test field and click Go. The test results are displayed under the field. Note: You can save a voice route that does not yet pass the test and then reconfigure it later. For details, see Test Voice Routing. 13. Click OK. 14. On the Route page, click Commit, and then click Commit all. Note: Any time you create or modify a voice route, you must run the Commit all command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Create a Voice Route View PSTN Usage Records Create a Voice Policy and Configure PSTN Usage Records Modify a Voice Policy and Configure PSTN Usage Records Test Voice Routing Publish Pending Changes to the Voice Routing Configuration

86

Microsoft Lync Server 2010 Administration Guide

Configuring Trunks and Translation Rules


As part of Enterprise Voice deployment, configure a trunk between a Mediation Server and one or more of the following to provide PSTN connectivity for Enterprise Voice clients and devices in your organization: SIP trunk connection to an Internet telephony service provider (ITSP) PSTN gateway Private branch exchange (PBX)

For details, see PSTN Connectivity in the Planning documentation. Important: Before you begin trunk configuration, verify that the topology has been created and that the Mediation Server and its peer have been configured and associated with one another as described in Define a Peer of the Mediation Server for a Site in the Deployment documentation. Note: As a part of trunk configuration, you can enable the Lync Server 2010 media bypass feature, which allows media to bypass the Mediation Server. Trunks can be configured either with or without media bypass enabled, but we strongly recommend that you enable it. For details, see Media Bypass in the Planning documentation. In This Section Configure Media Bypass on a Trunk Configure a Trunk Without Media Bypass Defining Translation Rules

Configure Media Bypass on a Trunk Follow these steps if you want to configure a trunk with media bypass enabled. If you want to configure a trunk with media bypass disabled, see Configure a Trunk Without Media Bypass. Although we strongly recommend that you enable media bypass, before you enable media bypass on a SIP trunk, confirm that your qualified SIP trunk provider supports media bypass and is able to accommodate the requirements for successfully enabling the scenario. Namely, the provider must have the IP addresses of servers in your organizations internal network. If the provider cannot support this scenario, media bypass will not succeed. For details, see Media Bypass in the Planning documentation. Note: Media bypass will not interoperate with every PSTN gateway, IP-PBX, and SBC. Microsoft has tested a set of PSTN gateways with certified partners and has done some testing with Cisco IP-PBXs. Certification for SBCs is underway. Media bypass is supported only with products and versions listed on Unified Communications Open Interoperability Program Lync Server at http://go.microsoft.com/fwlink/?LinkId=214406.

87

Microsoft Lync Server 2010 Administration Guide

To configure media bypass on a trunk 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing and then click Trunk Configuration. 4. On the Trunk Configuration page, use one of the following methods to configure a trunk: Double-click an existing trunk (for example, the Global trunk) to display the Edit Trunk Configuration dialog box. Click New, and then select a scope for the new trunk: Site trunk: Choose the site for this trunk configuration from the Select a Site dialog box, and then click OK. Note that if a trunk has already been created for a site, the site does not appear in the Select a Site dialog box. Pool trunk: Choose the service for this trunk configuration (for example, a PSTN gateway at a specified site) from the Select a Service dialog box, and then click OK. Note that if a trunk has already been created for a service, the service does not appear in the Select a Service dialog box. Notes: After you select the trunks scope, it cannot be changed. The Name field is prepopulated with the name of the trunks associated site or service and cannot be changed. 5. Specify a value in the Maximum early dialogs supported box. This is the maximum number of forked responses a PSTN gateway, IP-PBX, or ITSP Session Border Controller can receive to an INVITE that it sent to the Mediation Server. The default value is 20. Note: Before you change this value, consult your service provider or equipment manufacturer for details about the capabilities of your system. 6. Select one of the following Encryption support level options: Required: Secure real-time transport protocol (SRTP) encryption must be used to help protect traffic between the Mediation Server and the gateway or PBX. Optional: SRTP encryption will be used if the service provider or equipment manufacturer supports it. Not Supported: SRTP encryption is not supported by the service provider or equipment manufacturer and therefore will not be used. 7. Select the Enable media bypass check box if you want media to bypass the Mediation Server for processing by the trunk peer.

88

Microsoft Lync Server 2010 Administration Guide

Important: For media bypass to work successfully, the PSTN gateway, IP-PBX, or ITSP Session Border Controller must support certain capabilities. For details, see Media Bypass in the Planning documentation. 8. Select the Centralized media processing check box if there is a well-known media termination point (for example, a PSTN gateway where the media termination has the same IP as the signaling termination). Clear this check box if the trunk does not have a well-known media termination point. Note: Media bypass is only supported if this option is selected. 9. If the trunk peer supports receiving SIP REFER requests from the Mediation Server, select the Enable refer support check box. Clear the check box if the trunk peer does not support receiving SIP REFER requests from the Mediation Server. Note: If you disable this option while the Enable media bypass option is selected, additional settings are required. If the trunk peer does not support receiving SIP REFER requests from the Mediation Server and media bypass is enabled, you must also run the Set-CsTrunkConfiguration cmdlet to disable RTCP for active and held calls in order to support proper conditions for media bypass. For details, see the Lync Server Management Shell documentation. 10. (Optional) Associate and configure translation rules for the trunk: To choose one or more rules from a list of all translation rules available in your Enterprise Voice deployment, click Select. In Select Translation Rules, click the rules that you want to associate with the trunk and then click OK. To define a new translation rule and associate it with the trunk, click New. See Defining Translation Rules in the Deployment documentation for information about defining a new rule. To edit a translation rule that is already associated with the trunk, click the rule name and then click Show details. For details, see Defining Translation Rules in the Deployment documentation. To copy an existing translation rule to use as a starting point for defining a new rule, click the rule name and click Copy, and then click Paste. For details, see Defining Translation Rules. To remove a translation rule from the trunk, highlight the rule name and click Remove. Warning: Do not associate translation rules with a trunk if you have configured translation rules on the associated trunk peer because the two rules might conflict. 11. Ensure the trunks translation rules are arranged in the correct order. To change a rules position in the list, highlight the rule name and then click the up or down arrow. Important: 89

Microsoft Lync Server 2010 Administration Guide

See Also Configure a Trunk Without Media Bypass Defining Translation Rules Configure Media Bypass Global Media Bypass Options Configure a Trunk Without Media Bypass Follow these steps if you want to configure a trunk with media bypass disabled. If you want to configure a trunk with media bypass enabled, see Configure Media Bypass on a Trunk.

To configure a trunk without media bypass 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing and then click Trunk Configuration. 4. On the Trunk Configuration page, use one of the following methods to configure a trunk: Double-click an existing trunk (for example, the Global trunk) to display the Edit Trunk Configuration dialog box. Click New, and then select a scope for the new trunk: Site trunk: Choose the site for this trunk configuration from the Select a Site dialog box, and then click OK. Note that if a trunk has already been created for a site, the site does not appear in the Select a Site dialog box. Pool trunk: Choose the service for this trunk configuration (for example, a PSTN gateway at a specified site) from the Select a Service dialog box, and then click OK. Note that if a trunk has already been created for a service, the service does not appear in the Select a Service dialog box. Notes: After you select the trunks scope, it cannot be changed. The Name field is prepopulated with the name of the trunks associated site or service and cannot be changed. 5. Select one of the following Encryption support level options: Required: Secure real-time transport protocol (SRTP) encryption must be used to help protect traffic between the Mediation Server and the gateway or PBX. Optional: SRTP encryption will be used if the service provider or equipment manufacturer supports it.

90

Microsoft Lync Server 2010 Administration Guide

Not Supported: SRTP encryption is not supported by the service provider or equipment manufacturer and therefore will not be used. 6. Ensure the Enable media bypass check box is cleared. 7. Select the Centralized media processing check box if there is a well-known media termination point (for example, a PSTN gateway where the media termination has the same IP as the signaling termination). Clear this check box if the trunk does not have a well-known media termination point. 8. If the trunk peer supports receiving SIP REFER requests from the Mediation Server, select the Enable refer support check box. Clear the check box if the trunk peer does not support receiving SIP REFER requests from the Mediation Server. 9. (Optional) Associate and configure translation rules for the trunk: To choose one or more rules from a list of all translation rules available in your Enterprise Voice deployment, click Select. In Select Translation Rules, click the rules you want to associate with the trunk and then click OK. To define a new translation rule and associate it with the trunk, click New. For details, see Defining Translation Rules in the Deployment documentation. To edit a translation rule that is already associated with the trunk, click the rule name and click Show details. For details, see Defining Translation Rules in the Deployment documentation. To copy an existing translation rule to use as a starting point for defining a new rule, click the rule name and click Copy, and then click Paste. For details, see Defining Translation Rules in the Deployment documentation. To remove a translation rule from the trunk, click the rule name and click Remove. Warning: Do not associate translation rules with a trunk if you have configured translation rules on the associated trunk peer because the two rules might conflict. 10. Ensure the trunks translation rules are arranged in the correct order. To change a rules position in the list, highlight the rule name and then click the up or down arrow. Important: Lync Server traverses the translation rule list from the top down and uses the first rule that matches the dialed number. If you configure a trunk so that a dialed number can match more than one translation rule, ensure the more restrictive rules are sorted above the less restrictive rules. For example, if you have included a translation rule that matches any 11-digit number and a translation rule that matches only 11-digit numbers that start with +1425, ensure the rule that matches any 11-digit number is sorted below the more restrictive rule. 11. When you are finished configuring the trunk, click OK. 12. On the Trunk Configuration page, click Commit, and then click Commit all. Note:

91

Microsoft Lync Server 2010 Administration Guide

Any time you create or modify a trunk configuration, you must run the Commit all command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Configure Media Bypass on a Trunk Defining Translation Rules Defining Translation Rules Microsoft Lync Server 2010 Enterprise Voice requires that all dial strings be normalized to E.164 format for the purpose of performing reverse number lookup (RNL). The trunk peer (that is, the associated gateway, PBX, or SIP trunk) might require that numbers be in a local dialing format. To translate numbers from E.164 format to a local dialing format, you can optionally define one or more translation rules to manipulate the Request URI before routing it to the trunk peer. For example, you could write a translation rule to remove +44 from the beginning of a dial string and replace it with 0144. Important: The ability to associate one or more translation rules with an Enterprise Voice trunk configuration is intended to be used as an alternative to configuring translation rules on the trunk peer. Do not associate translation rules with an Enterprise Voice trunk configuration if you have configured translation rules on the trunk peer because the two rules might conflict. You can use either of the following methods to create or modify a translation rule: Use the Build a Translation Rule tool to specify values for the starting digits, length, digits to remove and digits to add, and then let Lync Server Control Panel generate the corresponding matching pattern and translation rule for you. Write regular expressions manually to define the matching pattern and translation rule.

Note: For information about how to write regular expressions, see ".NET Framework Regular Expressions" at http://go.microsoft.com/fwlink/?LinkId=140927. In This Section Create or Modify a Translation Rule by Using the Build a Translation Rule Tool Create or Modify a Translation Rule Manually

See Also Configure Media Bypass on a Trunk Configure a Trunk Without Media Bypass Create or Modify a Translation Rule by Using the Build a Translation Rule Tool Follow the steps if you want to define a translation rule by entering a set of values in the Build a Translation Rule tool and allowing Lync Server Control Panel to generate the corresponding matching pattern and translation rule for you. Alternatively, you can a write regular expression

92

Microsoft Lync Server 2010 Administration Guide

manually to define the matching pattern and translation rule. For details, see Create or Modify a Translation Rule Manually. To define a rule by using the Build a Translation Rule tool 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. To begin defining a translation rule, follow the steps in Configure Media Bypass on a Trunk through step 10 or Configure a Trunk Without Media Bypass through step 9. 4. In the Name field on the New Translation Rule or Edit Translation Rule page, type a name that describes the number pattern being translated. 5. (Optional) In Description field, type a description of the translation rule, for example US International long-distance dialing. 6. In the Build a Translation Rule section of the dialog box, enter values in the following fields: Starting digits: (Optional) Specify the leading digits of numbers you want the pattern to match. For example, enter + in this field to match numbers in E.164 format (which begin with +). Length: Specify the number of digits in the matching pattern and select whether you want the pattern to match numbers that are this length exactly, at least this length, or any length. For example, enter 11 and select At least in the drop-down list to match numbers that are at least 11 digits in length. Digits to remove: (Optional) Specify the number of starting digits to be removed. For example, enter 1 to strip out the + from the beginning of the number. Digits to add: (Optional) Specify digits to be prepended to the translated numbers. For example, enter 011 if you want 011 to be prepended to the translated numbers when the rule is applied. The values you enter in these fields are reflected in the Pattern to match and Translation rule fields. For example, if you specify the preceding example values, the resulting regular expression in the Pattern to match field is: ^\+(\d{9}\d+)$ The Translation rule field specifies a pattern for the format of translated numbers. This pattern has two parts: A value (for example, $1) that represents the number of digits in the matching pattern (Optional) A value that you can prepend by entering it in the Digits to add field Using the preceding example values, 011$1 appears in the Translation rule field. When this translation rule is applied, +441235551010 becomes 011441235551010.

93

Microsoft Lync Server 2010 Administration Guide

7. Click OK to save the translation rule. 8. Click OK to save the trunk configuration. 9. On the Trunk Configuration page, click Commit, and then click Commit all. Note: Any time you create or modify a translation rule, you must run the Commit all command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Create or Modify a Translation Rule Manually Configure Media Bypass on a Trunk Configure a Trunk Without Media Bypass Publish Pending Changes to the Voice Routing Configuration Global Media Bypass Options Create or Modify a Translation Rule Manually Follow these steps if you want to define a translation rule by writing a regular expression for the matching pattern and translation rule. Alternatively, you can enter a set of values in the Build a Translation Rule tool and allow Lync Server Control Panel to generate the corresponding matching pattern and translation rule for you. For details, see Create or Modify a Translation Rule by Using the Build a Translation Rule Tool. To define a translation rule manually 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. To begin defining a translation rule, follow the steps in Configure Media Bypass on a Trunk through step 10 or Configure a Trunk Without Media Bypass through step 9. 4. In the Name field on the New Translation Rule or Edit Translation Rule page, type a name that describes the number pattern being translated. 5. (Optional) In Description field, type a description of the translation rule, for example US International long-distance dialing. 6. Click Edit at the bottom of the Build a Translation Rule section. 7. Enter the following in the Type a Regular Expression dialog box: In the Match this pattern field, specify the pattern that will be used to match the numbers to be translated. In the Translation rule field, specify a pattern for the format of translated numbers.

94

Microsoft Lync Server 2010 Administration Guide

For example, if you enter ^\+(\d{9}\d+)$ in the Match this pattern field and 011$1 in the Translation rule field, the rule will translate +441235551010 to 011441235551010. 8. Click OK to save the translation rule. 9. Click OK to save the trunk configuration. 10. On the Trunk Configuration page, click Commit, and then click Commit all. Note: Any time you create or modify a translation rule, you must run the Commit all command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Create or Modify a Translation Rule by Using the Build a Translation Rule Tool Configure Media Bypass on a Trunk Configure a Trunk Without Media Bypass Publish Pending Changes to the Voice Routing Configuration Global Media Bypass Options

Exporting and Importing Voice Routing Configuration


If you want to save your voice routing configuration without publishing it, follow the steps in this topic to use the Lync Server Control Panel configuration export and import commands to save and retrieve a snapshot of your voice routing configuration. When you import a voice routing configuration file (.vcfg), but changes have been made to the voice routing configuration on the server in the meantime, the pages in the Voice Routing group in Lync Server Control Panel will indicate that there are uncommitted changes to voice routing. Those uncommitted changes are the differences between the two configurations that require reconciliation. Important: If you have made any uncommitted changes to the settings on any page within the Voice Routing group, the changes are saved in the exported voice configuration file (.vcfg). This allows you to make voice routing configuration changes during multiple Lync Server Control Panel sessions before you publish the changes. In This Section Export a Voice Route Configuration File Import a Voice Route Configuration File

Related Sections

Export a Voice Route Configuration File

95

Microsoft Lync Server 2010 Administration Guide

To export a voice routing configuration 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing. 4. On the Actions menu, click Export configuration. 5. Specify a location and file name, and then click Save. See Also Import a Voice Route Configuration File Import a Voice Route Configuration File

To import a voice routing configuration 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing. 4. On the Actions menu, click Import configuration. 5. Find the configuration file you want to import and then click Open. 6. Click Commit, and then click Commit all. Note: Any time you import a voice configuration file, you must run the Commit all command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Export a Voice Route Configuration File Publish Pending Changes to the Voice Routing Configuration

Test Voice Routing


You can use the Lync Server Control Panel Test Voice Routing tab to configure test case scenarios. To define a test case, you specify the dial plan, voice policy, PSTN usage, and voice route against which to test a specified phone number.

96

Microsoft Lync Server 2010 Administration Guide

Before you actually deploy your voice routing configuration, we recommend that you test it on various phone numbers to ensure that the results are what you're expecting. Tip: You can use the Export test cases and Import test cases commands to save voice routing test cases and import them for use on another computer. Warning: If you delete any part of your voice routing configuration, such as a dial plan, voice policy, voice route, or phone usage, you should review and update your voice routing test cases. The Lync Server Control Panel will not alert you to test cases that are no longer valid due to changed configurations. In This Section Create a Voice Routing Test Case Export Voice Routing Test Cases Import Voice Routing Test Cases Running Voice Routing Tests

Create a Voice Routing Test Case

To create a test case 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing and then click Test Voice Routing. 4. On the Test Voice Routing page, click New to create a new test case. 5. In the Name field, type in a unique name for the test case. The name must be unique among all voice routing test cases in your Enterprise Voice deployment. It can be up to 32 characters in length and may contain any alphanumeric characters plus the backslash (\), period (.) or underscore (_). 6. In the Dialed number to test field, type in the dialed number you want to use to test the routing configuration that you specify for this test case. Based on the dial plan, route, and voice policy, this number will be normalized and displayed as output. 7. In the Dial Plan list, select the dial plan to use when running the test. Default is the Global dial plan. 8. In the Voice Policy list, select the voice policy to use when running the test. Default is the Global voice policy. 9. In the Expected translation field, type in the phone number in the format you expect

97

Microsoft Lync Server 2010 Administration Guide

to see it after translation. This is the value of the phone number you are testing after it has been translated by the first normalization rule that matches in the selected dial plan. When you run the test case, if the number you are testing does not result in the value in the Expected translation field, the test fails. 10. (Optional) In the Expected PSTN usage list, you can select the PSTN usage record that you expect to be used when you run the test case, based on the specified dial plan and voice policy. If a different PSTN usage record is used, the test fails. 11. (Optional) In the Expected route list, you can select the voice route that you expect to be used when you run the test case, based on the specified dial plan and voice policy. If a different voice route is used, the test fails. 12. (Optional) Click Run to run the test case. The results are shown in the right panel of the page. 13. Click OK. 14. Click Commit, and then click Commit all. Note: Any time you create a voice routing test case, you must run the Commit all command to publish the configuration change. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Configuring Dial Plans and Normalization Rules Configuring Voice Policies, PSTN Usage Records, and Voice Routes Export Voice Routing Test Cases Import Voice Routing Test Cases Export Voice Routing Test Cases

To export a voice routing test case 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing. 4. On the Actions menu, click Export test cases. 5. Specify a location and file name (.vtest), and then click Save. See Also Import Voice Routing Test Cases

98

Microsoft Lync Server 2010 Administration Guide

Import Voice Routing Test Cases

To import a voice routing test case 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing. 4. On the Actions menu, click Import test cases. 5. Find the test case file (.vtest) that you want to import and then click Open. 6. Click Commit, and then click Commit all. Note: Any time you import a .vtest file, you must run the Commit all command to publish the test case. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Export Voice Routing Test Cases Running Voice Routing Tests This section provides procedures for the various methods you can use to test your voice routing configurations. In This Section Run Informal Voice Routing Tests Run Voice Routing Test Cases

Run Informal Voice Routing Tests You can use the Create voice routing test case information dialog box to run informal tests before creating an actual test case. When you are satisfied with the outcome of a test, you have the option of saving it as a formal test case. To run an informal voice routing test 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing and then click Test Voice Routing.

99

Microsoft Lync Server 2010 Administration Guide

4. On the Test Voice Routing page, click Create voice routing test case information. 5. In the Dialed number field, type in the phone number you want to use for this test. This number will be normalized and displayed in the Normalized number field of the Results pane. 6. In the Dial plan list, select the dial plan to use for testing the dialed number. Default is the Global dial plan. When you run the test, the first normalization rule in this dial plan that matches the dialed number will be displayed in the Normalization rule field of the Results pane. 7. In the Voice Policy list, select the voice policy to use for testing the dialed number. Default is the Global voice policy. When you run the test, the first matching PSTN usage record in this voice policy will be displayed in the First PSTN usage field of the Results pane. Also, the first matching voice route that is associated with this PSTN usage record will be displayed in the First route field. 8. (Optional) Select the Populate from user check box if you want to test the dialed number against the voice policy assigned to a particular user. a. Click Browse to display the Select Enterprise Voice Users dialog box. b. Click Find to display the list of users who are enabled for Enterprise Voice. c. Double-click the user name whose assigned voice policy you want to use for this test. The Policy field is now populated with the voice policy assigned to the selected user. When you run the test, the first matching PSTN usage record in this voice policy will be displayed in the First PSTN usage field of the Results pane. Also, the first matching voice route that is associated with this PSTN usage record will be displayed in the First route field. 9. Click Run to run the test case. The results are shown in the right panel of the dialog box. 10. (Optional) Click Save as if you want to save this test configuration as a formal test case. a. In the Name field of the Save Voice Routing Test Case Information dialog box, type a unique name for the test case. The name must be unique among all voice routing test cases in your Enterprise Voice deployment. It can be up to 32 characters in length and may contain any alphanumeric characters plus the backslash (\), period (.) or underscore (_). b. Note that the remaining fields on the Save Voice Routing Test Case Information dialog box are read-only, and are prepopulated from the informal test configuration and results. Verify that this is the configuration you want to save for the test case. Notes: Values from the test results are used to prepopulate fields on the Save Voice Routing Test Case Information dialog box as follows:

100

Microsoft Lync Server 2010 Administration Guide

Expected translation is prepopulated with the value in the Normalized number field. Expected route is prepopulated with the value in the First route field. Expected PSTN usage record is prepopulated with the value in the First PSTN usage field. If matches for any of these values were not found during the test run, the corresponding field is empty on the Save Voice Routing Test Case Information dialog box. c. Click Ok to save the test case, or click Cancel to return to return to the View voice routing test case information dialog box to further develop the test before saving it. 11. Click Commit, and then click Commit all. Note: Any time you create a voice routing test case, you must run the Commit all command to publish the test case. For details, see Publish Pending Changes to the Voice Routing Configuration in the Operations documentation. See Also Create a Voice Routing Test Case Run Voice Routing Test Cases Configuring Dial Plans and Normalization Rules Configuring Voice Policies, PSTN Usage Records, and Voice Routes Export Voice Routing Test Cases Import Voice Routing Test Cases Run Voice Routing Test Cases You can run all of the test cases in your in your voice routing test case suite, or you can run one or more selected test cases. To run all voice routing test cases 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing and then click Test Voice Routing. 4. On the Test Voice Routing page, click Action and then click Run all. The pass or fail status of each test case is shown in the Pass/fail column. If a test case has not yet been run, N/A is shown in the Pass/fail column. 5. (Optional) To see detailed results for each test case, double-click the test case name. Results are shown in the shaded area on the right side of the Edit Test Case page: a. Test result: Overall pass or fail status of the test case run. b. Normalization rule: The first normalization rule in the dial plan selected for this

101

Microsoft Lync Server 2010 Administration Guide

test case that matches the dialed number (the value in the Number to test field). c. Normalized number: The value of the dialed number after the normalization rule has translated it. d. First PSTN usage: The first PSTN usage record in the voice policy selected for this test case that matches the dialed number. e. First route: The first voice route in the first PSTN usage record that matches the dialed number. Note: The Expected PSTN usage record and Expected route fields are optional in voice routing test case configuration. If the test case does not specify these values, the corresponding field in the test results will be empty. To run one or more selected voice routing test cases 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing and then click Test Voice Routing. 4. On the Test Voice Routing page, click the names of the test cases that you want to run. 5. On the Action menu, click Run selected. The pass or fail status of each test case is shown in the Pass/fail column. If a test case has not yet been run, N/A is shown in the Pass/fail column. 6. (Optional) To see detailed results for each test case, double-click the test case name. Results are shown in the shaded area on the right side of the Edit Test Case page: a. Test result: Overall pass or fail status of the test case run. b. Normalization rule: The first normalization rule in the dial plan selected for this test case that matches the dialed number (the value in the Number to test field). c. Normalized number: The value of the dialed number after the normalization rule has translated it. d. First PSTN usage: The first PSTN usage record in the voice policy selected for this test case that matches the dialed number. e. First route: The first voice route in the first PSTN usage record that matches the dialed number. Note: The Expected PSTN usage record and Expected route fields are optional in voice routing test case configuration. If the test case does not specify these values, the corresponding field in the test results will be empty.

102

Microsoft Lync Server 2010 Administration Guide

See Also Create a Voice Routing Test Case Run Informal Voice Routing Tests Configuring Dial Plans and Normalization Rules Configuring Voice Policies, PSTN Usage Records, and Voice Routes

Publish Pending Changes to the Voice Routing Configuration


After you make changes to any of the configuration settings in pages in the Voice Routing group, perform this procedure to review, publish, or cancel the pending changes. Important Ensure that only one user at a time modifies the Voice Routing configuration settings. All pending changes must be published at the same time by running the Commit all command. You cannot selectively publish pending changes. Before you publish pending changes, run the Review uncommitted changes command and cancel any configuration changes that you do not want to publish. If you navigate away from the pages in the Voice Routing group before committing pending changes, all pending changes will be lost. However, you can export the current configuration (including any pending changes) to a voice configuration file, and then import and publish the updated configuration. For details, see Export a Voice Route Configuration File. To review, publish, or cancel voice routing configuration changes 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Voice Routing. 4. Make the configuration changes you want to the settings on each page of the Voice Routing group. 5. To review pending changes without publishing them, select Review uncommitted changes from the Commit menu. 6. If you want to cancel any of the pending changes, do one of the following: Select Cancel all uncommitted changes from the Commit menu. Navigate to the tab of the Voice Routing page that has pending changes you want to cancel, select the item with the pending changes, click Commit, and then click Cancel selected changes. 7. After you have reviewed all pending changes and canceled any that you do not want to publish, click Commit, and then click Commit all. 8. In the Uncommitted Voice Configuration Settings dialog box, which displays a list

103

Microsoft Lync Server 2010 Administration Guide

of all of the pending changes, click OK. When Lync Server Control Panel has committed the changes, the Successfully published voice routing configuration message appears.

Configuring Incoming Call Handling Features


Topics in this section provide step-by-step procedures for tasks you can perform using the Voice Features group in Lync Server Control Panel.

In This Section
Configure Phone Number Extensions for Parking Calls Configure Routing of Unassigned Phone Numbers

Managing Response Groups


Topics in this section describe how to use Lync Server Control Panel and Response Group Configuration Tool to manage response groups. Response groups are a call management feature that allows you to queue calls made to a specific area, such as a Help Desk, and then route the calls to a designated group of people, called agents. To manage response groups, you configure agent groups, queues, and workflows, which define what happens to a call from the time it is placed until an agent answers it. Note: If you have more than 300 workflows in a single pool in your Response Group deployment, it is better to use Lync Server Management Shell cmdlets to create the workflows. If you use the Response Group Configuration Tool to create workflows for a pool that has more than 300 workflows, the webpage takes a long time to load.

In This Section
Managing Agent Groups Managing Response Group Queues Managing Response Group Workflows

Managing Agent Groups


An agent group is a group of people who are designated to answer Response Group calls. When you create an agent group, you select the agents who are assigned to the group and specify additional group settings, such as the routing method and whether an agent can sign in to and out of the group.

104

Microsoft Lync Server 2010 Administration Guide

Note: Users must be enabled for Enterprise Voice before you can add them to agent groups. For details about how to enable a user for Enterprise Voice, see Enable Users for Enterprise Voice. An agent who must sign in and out of the group, which is different from signing in or out of Lync Server, is called a formal agent. Formal agents must be signed in to the group before they can receive calls routed to the group. This can be useful for agents who answer calls from the group on a part-time basis. Formal agents sign in and out of their groups by clicking a menu item in Lync 2010 to open the Windows Internet Explorer Internet browser and display a webpage console. An agent who does not sign in or out of the group is called an informal agent. Informal agents are automatically signed in to the group when they sign in to Lync Server, and they cannot sign out of the group. Important: When you assign users as response group agents, inform them that, if they have Privacy mode enabled, they need to search for "RGS Presence Watcher" contacts and add them to their Contacts list. Agents who have Privacy mode enabled but who do not have "RGS Presence Watcher" in their Contacts list cannot receive calls to the response group. Agents who do not have Privacy mode enabled are not affected. In This Section Create an Agent Group Change Agent Group Settings or Members Delete an Agent Group

Create an Agent Group Follow these steps to create an agent group by using Lync Server Control Panel. Important: When you assign users as response group agents, inform them that, if they have Privacy mode enabled, they need to search for "RGS Presence Watcher" contacts and add them to their Contacts list. Agents who have Privacy mode enabled but who do not have "RGS Presence Watcher" in their Contacts list cannot receive calls to the response group. Agents who do not have Privacy mode enabled are not affected. To create an agent group 1. Log on as a member of the RTCUniversalServerAdmins group, or as a member of one of the predefined administrative roles that support Response Group. If you are not logged on as a member of one of these roles, you are prompted for alternate credentials. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Response Groups, and then click Group.

105

Microsoft Lync Server 2010 Administration Guide

4. On the Group page, click New. 5. In the Select a Service search field, type all or part of the name of the ApplicationServer service for which you want to add the group, click the service that you want in the list, and then click OK. 6. On the New Group page, in the Name field, type a descriptive name for the group. 7. In Description, type a description for the group. 8. In the Participation policy, select one of the following to set up the sign-in behavior for the group: Select Informal to specify that agents in the group do not need to sign in and out of the group. Agents are automatically signed in to the group when they sign in to Lync Server 2010. Select Formal to specify that agents in the group must sign in and out of the group. When you select this option, agents click a menu item in Lync 2010 to open Internet Explorer and display a webpage console for signing in and out of the group. 9. In Alert time (seconds), specify the number of seconds to ring an agent before offering the call to the next available agent (the default is 20 seconds). Important: The Agent alert time setting cannot exceed 180 seconds. If it exceeds 180 seconds, the client application will reject the call due to the SIP transaction timer reaching its maximum wait time. To avoid this, set the Alert Time value to less than 180 seconds. 10. In Routing method, select the method for routing calls to agents in the group as follows: To offer a new call first to the agent who has been idle the longest (has had a presence of Available or Inactive in Lync Server the longest), click Longest idle. To offer a new call to all available agents at the same time, click Parallel. The call is sent to the first agent who accepts it. To offer a new call to each agent in turn, click Round robin. To always offer a new call to the agents in the order in which they are listed in the Agent list, click Serial. To offer a new call to all agents who are signed into Lync Server 2010 and the Response Group application at the same time, regardless of their current presence, click Attendant. Lync 2010 Attendant users who are configured as agents can see all the calls that are waiting and answer waiting calls in any order. The call is sent to the first agent who accepts it, and the other Lync 2010 Attendant users no longer see the call. 11. In Agents, specify how you want to create your agents list: To use a Microsoft Exchange Server distribution list, click Use an existing email distribution list, and then in Distribution list address, type the email address of the distribution list (for example, NetworkSupport@contoso.com).

106

Microsoft Lync Server 2010 Administration Guide

If you use an email distribution list, you are subject to the following constraints: You cannot select multiple distribution lists for the agent group. Each group supports only a single distribution list. If the distribution list contains one or more distribution lists, members of the nested distribution lists are not added to the agent list. If serial and round robin routing are selected, the server offers an incoming call to the appropriate agent according to the routing method and according to the order in which agents are listed in the distribution list. Important: If you use an email distribution list, hidden memberships or hidden lists might become visible to the Response Group administrator or users. Hidden memberships or hidden lists can become visible as follows: If a distribution list was configured so that the membership is hidden and the Response Group administrator assigns the distribution list to the agent list, users can call the group to find out who the members are. If a distribution list was configured so that it is hidden in the Exchange Global Address List, the Response Group administrator might be able to see the distribution list and assign it to the agent list if the Response Group process has the appropriate user rights and permissions, even if the administrator does not have the appropriate user rights and permissions. To use a custom list of agents, click Define a custom group of agents. Click Select, and then in the Select Agents search field, type all or part of the name of the user you want to assign as an agent to this group, and then click Find. In the list of agents, select the user, and then click OK. Note: If the group is using either round robin or serial routing, arrange the agents in the order that you want them to be offered calls. To change the order of the agents in the Agent list, click an agent, and then click the up arrow or down arrow. 12. Click Commit. See Also Create Response Group Queues Create a Response Group Workflow Change Agent Group Settings or Members Follow these steps to change an agent group by using Lync Server Control Panel. You can change settings, such as routing method or how long a call rings for an agent before being routed to another agent, or you can add or remove agents in the group.

107

Microsoft Lync Server 2010 Administration Guide

Important: When you assign users as response group agents, inform them that, if they have Privacy mode enabled, they need to search for "RGS Presence Watcher" contacts and add them to their Contacts list. Agents who have Privacy mode enabled but who do not have "RGS Presence Watcher" in their Contacts list cannot receive calls to the response group. Agents who do not have Privacy mode enabled are not affected. To change agent group settings or membership 1. Log on as a member of the RTCUniversalServerAdmins group, or as a member of one of the predefined administrative roles that support Response Group. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Response Groups, and then click Group. 4. On the Group page, type all or part of the name of the agent group that you want to change in the search field. 5. In the search results list, click the group that you want, click Edit, and then click Show details. 6. In Edit Group, in Name, type a descriptive name for the group. 7. In Description, type a description for the group. 8. In the Participation policy, select one of the following to set up the sign-in behavior for the group: Select Informal to specify that agents in the group do not need to sign in and out of the group. Agents are automatically signed in to the group when they sign in to Lync Server 2010. Select Formal to specify that agents in the group must sign in and out of the group. When you select this option, agents click a menu item in Lync 2010 to open Internet Explorer and display a webpage console for signing in and out of the group. 9. In Alert time (seconds), specify the number of seconds to ring an agent before offering the call to the next available agent (the default is 20 seconds). Important: The Agent alert time setting cannot exceed 180 seconds. If it exceeds 180 seconds, the client application will reject the call due to the SIP transaction timer reaching its maximum wait time. To avoid this, set the Alert Time value to less than 180 seconds. 10. In Routing method, select the method for routing calls to agents in the group as follows: To offer a new call first to the agent who has been idle the longest (has had a presence of Available or Inactive in Lync Server the longest), click Longest idle. To offer a new call to all available agents at the same time, click Parallel. The call is sent to the first agent who accepts it.

108

Microsoft Lync Server 2010 Administration Guide

To offer a new call to each agent in turn, click Round robin.

To always offer a new call to the agents in the order in which they are listed in the Agent list, click Serial. To offer a new call to all agents who are signed into Lync Server 2010 and the Response Group application at the same time, regardless of their current presence, click Attendant. Lync 2010 Attendant users who are configured as agents can see all the calls that are waiting and answer waiting calls in any order. The call is sent to the first agent who accepts it, and the other Lync 2010 Attendant users no longer see the call. 11. To change the agents in a custom list of agents, in Agents, click Define a custom group of agents, and do one of the following: To add a user to the agent group, click Select, and then in the Select Agents search field, type all or part of the name of the user you want to add to this group, and then click Find. In the resulting list of agents, click the user you want to add, and then click OK. To remove a user from the agent group, in the Edit Group list of agents, click the user you want to remove, and then click Remove. To change the order in which agents are offered calls in groups using either round robin or serial routing, in the Edit Group list of agents, click a user, and then click the up arrow or down arrow. 12. To use a Microsoft Exchange Server distribution list as your agent group, in Agents, click Use an existing email distribution list, and then in Distribution list address, type the email address of the distribution list (for example, NetworkSupport@contoso.com). If you use an email distribution list, you are subject to the following constraints: You cannot select multiple distribution lists for the agent group. Each group supports only a single distribution list. If the distribution list contains one or more distribution lists, members of the nested distribution lists are not added to the agent list. If serial and round robin routing are selected, the server offers an incoming call to the appropriate agent according to the routing method and according to the order in which agents are listed in the distribution list. Important: If you use an email distribution list, hidden memberships or hidden lists might become visible to the Response Group administrator or users. Hidden memberships or hidden lists can become visible as follows: If a distribution list was configured so that the membership is hidden and the Response Group administrator assigns the distribution list to the agent list, users can call the group to find out who the members are. If a distribution list was configured so that it is hidden in the Exchange Global Address List, the Response Group administrator might be able to see the distribution list and assign it to the agent list if the Response Group process has the appropriate

109

Microsoft Lync Server 2010 Administration Guide

user rights and permissions, even if the administrator does not have the appropriate user rights and permissions. 13. Click Commit. See Also Create an Agent Group Delete an Agent Group Delete an Agent Group Follow these steps to delete an agent group by using Lync Server Control Panel. To delete an agent group 1. Log on as a member of the RTCUniversalServerAdmins group, or as a member of one of the predefined administrative roles that support Response Group. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Response Groups, and then click Group. 4. On the Response Groups page, type all or part of the name of the agent group that you want to delete in the search field. 5. In the search results list, click the group that you want to delete, click Edit, and then click Delete. 6. Click OK.

Managing Response Group Queues


Queues hold calls to a response group until an agent answers the call. When you manage a queue, you assign one or more agent groups to the queue and specify queue settings, such as the number of calls that the queue can hold before performing an overflow action and the length of time that a call waits for an agent before performing a time-out action. When the Response Group application searches for an available agent, it searches agent groups in the order that you list them. In This Section Create a Response Group Queue Change a Response Group Queue Delete a Response Group Queue

Create a Response Group Queue Follow these steps to create a queue by using Lync Server Control Panel.

110

Microsoft Lync Server 2010 Administration Guide

To create a queue 1. Log on as a member of the RTCUniversalServerAdmins group, or as a member of one of the predefined administrative roles that support Response Group. If you are not logged on as a member of one of these roles, you are prompted for alternate credentials. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Response Groups, and then click Queue. 4. On the Queue page, click New. 5. In Select a Service, type part or all of the name of the ApplicationServer service for which you want to add the queue in the search field. 6. In the list of services, click the service that you want, and then click OK. 7. In New Queue, in Name, type a descriptive name for the queue. 8. In Description, type a description for the queue. 9. In Groups, click Select. 10. In the Select Groups search field, type part or all of the name of the agent group that you want to assign to the queue. Note: When the server searches for an available agent in the queue, it uses group order. That is, the first group in the list is searched first, followed by the second group in the list, and so on. To change the order of the groups in the Groups list, click a group, and then click the up arrow or down arrow. 11. In the search results list, click the agent group that you want, and then click OK. 12. To specify a maximum period of time for a caller to wait on hold before an agent answers the call, select the Enable queue time-out check box, and then do the following: a. In Time-out period (seconds), specify the maximum number of seconds a caller waits for an agent to answer the call. b. In Call Action, select the action that occurs when a call times out as follows: To disconnect the call after the timeout, click Disconnect. To forward the call to voice mail, click Forward to voice mail, and then in the SIP address field, type a voice mail address in the format sip:<username>@<domainname> (for example, sip:bob@contoso.com). To forward the call to another telephone number, click Forward to telephone number, and then in the SIP address field, type the telephone number in the format sip:<number>@<domainname> (for example, sip:+14255550121@contoso.com). To forward the call to another user, click Forward to SIP address, and then in the SIP address field, type the URI for the user in the format sip:<username>@<domainname>. To forward the call to another queue, click Forward to another queue, and then

111

Microsoft Lync Server 2010 Administration Guide

browse to the queue that you want to use. 13. To specify a maximum number of calls that the queue can hold, select the Enable queue overflow check box, and then do the following: a. In Maximum number of calls, select the maximum number of calls that you want the queue to hold. b. In Forward the call, select which call is to be forwarded when the queue is full: Newest Call or Oldest Call. c. Select the action that occurs when the overflow threshold is met as follows: To disconnect the call after the timeout, click Disconnect.

To forward the call to voice mail, click Forward to voice mail, and then in the SIP address field, type a voice mail address in the format sip:<username>@<domainname> (for example, sip:bob@contoso.com). To forward the call to another telephone number, click Forward to telephone number, and then in the SIP address field, type the telephone number in the format sip:<number>@<domainname> (for example, sip:+14255550121@contoso.com). To forward the call to another user, click Forward to SIP address, and then in the SIP address field, type the URI for the user in the format sip:<username>@<domainname>. To forward the call to another queue, click Forward to another queue, and then browse to the queue that you want to use. 14. Click Commit. See Also Create Response Group Agent Groups Create a Response Group Workflow Change a Response Group Queue Follow these steps to change a queue by using Lync Server Control Panel. You can change settings that specify the behavior of the queue, such as how long a call rings before taking a timeout action or how many calls to accept before taking a queue overflow action. You can also change the agent groups assigned to the queue. To change a queue 1. Log on as a member of the RTCUniversalServerAdmins group, or as a member of one of the predefined administrative roles that support Response Group. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Response Groups, and then click Queue. 4. In the search field, type part or all of the name of the queue you want to change. 5. In the list of queues, click the queue that you want, click Edit, and then click Show

112

Microsoft Lync Server 2010 Administration Guide

details. 6. In Name, type a descriptive name for the queue. 7. In Description, type a description for the queue. 8. To assign another agent group to the queue, under Groups, click Select, and then in the Select Groups search field, type part or all of the name of the agent group that you want to assign to the queue. In the resulting list of agent groups, select the group you want, and then click OK. 9. To remove an assigned agent group from the queue, click the group you want in the Groups list, and then click Remove. 10. When the server searches for an available agent in the queue, it uses group order. That is, the first group in the list is searched first, followed by the second group in the list, and so on. To change the order of the groups in the Groups list, click a group, and then click the up arrow or down arrow. 11. To specify a maximum period of time for a caller to wait on hold before an agent answers the call, select the Enable queue time-out check box, and then do the following: a. In Time-out period (seconds), specify the maximum number of seconds a caller waits for an agent to answer the call. b. In Call Action, select the action that occurs when a call times out as follows: To disconnect the call after the timeout, click Disconnect. To forward the call to voice mail, click Forward to voice mail, and then in the SIP address field, type a voice mail address in the format sip:<username>@<domainname> (for example, sip:bob@contoso.com). To forward the call to another telephone number, click Forward to telephone number, and then in the SIP address field, type the telephone number in the format sip:<number>@<domainname> (for example, sip:+14255550121@contoso.com). To forward the call to another user, click Forward to SIP address, and then in the SIP address field, type the URI for the user in the format sip:<username>@<domainname>. To forward the call to another queue, click Forward to another queue, and then browse to the queue that you want to use. 12. To specify a maximum number of calls that the queue can hold, select the Enable queue overflow check box, and then do the following: a. In Maximum number of calls, select the maximum number of calls that you want the queue to hold. b. In Forward the call, select which call is to be forwarded when the queue is full: Newest Call or Oldest Call. c. Select the action that occurs when the overflow threshold is met as follows: To disconnect the call after the timeout, click Disconnect.

To forward the call to voice mail, click Forward to voice mail, and then in the SIP address field, type a voice mail address in the format

113

Microsoft Lync Server 2010 Administration Guide

sip:<username>@<domainname> (for example, sip:bob@contoso.com). To forward the call to another telephone number, click Forward to telephone number, and then in the SIP address field, type the telephone number in the format sip:<number>@<domainname> (for example, sip:+14255550121@contoso.com). To forward the call to another user, click Forward to SIP address, and then in the SIP address field, type the URI for the user in the format sip:<username>@<domainname>. To forward the call to another queue, click Forward to another queue, and then browse to the queue that you want to use. 13. Click Commit.

Delete a Response Group Queue Follow these steps to delete a queue by using Lync Server Control Panel. To delete a queue 1. Log on as a member of the RTCUniversalServerAdmins group, or as a member of one of the predefined administrative roles that support Response Group. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Response Groups, and then click Queue. 4. In the search field, type part or all of the name of the queue you want to delete. 5. In the list of queues, click the queue that you want, click Edit, and then click Delete. 6. Click OK.

Managing Response Group Workflows


A Response Group workflow defines the behavior of a call from the time the phone rings to the time an agent answers the call. The workflow includes queue and routing information, and includes either hunt group or interactive voice response (IVR) information. Topics in this section describe the requirements for workflow audio files and the Response Group Configuration Tool, identify best practices for designing IVR workflows, and explain how to create, change, and delete workgroups. In This Section Response Group Configuration Tool Requirements Response Group Audio File Requirements Design Call Flows by Using Interactive Voice Response (Optional) Define Response Group Business Hours and Holidays

114

Microsoft Lync Server 2010 Administration Guide

Create a Response Group Workflow Change a Response Group Workflow Delete a Response Group Workflow

Response Group Configuration Tool Requirements The Response Group Configuration Tool supports the combinations of operating systems and web browsers described in the following table. Note: 32-bit or 64-bit versions of the operating systems are supported. Only 32-bit versions of Internet Explorer are supported. Supported Operating Systems and Web Browsers
Operating system Web browser

Windows Vista with Service Pack (SP) 2

Internet Explorer 7 Internet Explorer 8 (native mode)

Windows 7 Windows Server 2008 with SP2

Internet Explorer 8 (native mode) Internet Explorer 7 Internet Explorer 8 (native mode)

Windows Server 2008 R2

Internet Explorer 8 (native mode)

Response Group Audio File Requirements You can use Windows Media audio (.wma) file format or wave (.wav) file format for unassigned number Announcements or for Response Group messages, on-hold music, or interactive voice response (IVR) questions. The Windows Media audio file format requires that the Windows Media Format Runtime is installed. For details, see Hardware and Software Requirements for Call Management. Supported Wave File Formats All wave files must meet the following requirements: 8-bit or 16-bit file Linear pulse code modulation (LPCM), A-Law, or mu-Law format Mono or stereo 4MB or less

For the best performance of wave files, a 16 kHz, mono, 16-bit Wave file is recommended. Supported Windows Media Audio File Formats If you use a Windows Media audio file, consider using low bitrates, and verify the performance of your system under load. You can use the Microsoft Expression Encoder 4 to convert a file to the Windows Media Audio format. To download Expression Encoder 4, see http://go.microsoft.com/fwlink/?LinkId=202843.

115

Microsoft Lync Server 2010 Administration Guide

Design Call Flows by Using Interactive Voice Response You use interactive voice response (IVR) to obtain information from callers and navigate them to the appropriate queue. You can specify question-and-answer pairs that you use for call navigation. Depending on the callers response, the caller either hears a follow-up question, or is routed to the appropriate queue. The IVR questions and the callers responses are provided to the responding agent when he or she accepts the call. This system provides valuable information to the responding agent. Overview of the IVR Features The Response Group application offers speech recognition and text-to-speech capabilities in 26 languages. You can enter IVR questions using text-to-speech or a wave (.wav) or Windows Media audio (.wma) file. Callers can respond by using voice or dual-tone multifrequency (DTMF). Interactive workflows support up to two levels of questions, with each question having up to four possible answers. The IVR asks the caller a question that has up to four possible answers, and depending on the callers response, routes the caller to a queue or asks a second question. The second question can also have four possible answers. Depending on the answer to the secondlevel question, the caller is routed to the appropriate queue. Note: When you design call flows by using Lync Server Management Shell, you can define any number levels of IVR questions and any number of answers. However, for caller usability we recommend that you not use more than three levels of questions, with not more than five answers each. In addition, if you design a call flow that has more than two levels of questions with more than four answers each, you cannot edit the call flow by using Microsoft Lync Server 2010 Control Panel. The IVR questions and the callers responses are provided to the responding agent when he or she accepts the call. Working with Speech Technologies Speech technologies, such as speech recognition and text-to-speech, can enhance customer experience and let people access information more naturally and effectively. However, there can be cases where the specified text or the user voice response is not recognized correctly by the speech engine. For example, the # symbol is translated by the text-to-speech engine as the word number. This issue can be mitigated by the following: The speech engine gives the caller five attempts to answer the question. If the caller answers the question incorrectly (that is, the answer is not one of the specified responses) or does not provide an answer at all, he or she gets another chance to answer the question. The caller has five attempts to answer the question before being disconnected. You can configure the IVR to play a customized message after each caller error. The question is repeated each time. To minimize the potential for ambient noise to be interpreted by the speech engine as a response, use longer responses. For example, responses should have more than one syllable and should sound significantly different from each other.

116

Microsoft Lync Server 2010 Administration Guide

If your questions have both speech and DTMF responses, configure the speech responses with words that represent the concept rather than the DTMF response. For example, instead of using "Press or say one" use "Press 1 or say billing." After you design your IVR, call the workflow, listen to the prompts, respond to each of the prompts using voice, and verify that the IVR sounds and behaves as expected. You can then modify the IVR to fix any interpretation issues. Following the previous example, if you need to refer to the # key, you can rewrite your IVR prompt to use the key name, rather than the # symbol. For example, "To talk to sales, press the pound key." IVR Design Examples The following sections contain examples of different IVR scenarios and question-and-answer pairs. IVR with One Level of Questions The following example shows an IVR that uses one level of questions. It uses speech recognition to detect the callers response. Question: "Thank you for calling Human Resources. If you would like to speak to payroll, say payroll. Otherwise, say HR." Option 1 is selected: The caller is routed to the payroll team. Option 2 is selected: The caller is routed to the human resources team.

The following figure shows the call flow. One-level interactive call flow

IVR with Two Levels of Questions The following example shows an IVR that uses two levels of questions. It allows callers to respond using either speech or DTMF keypad input. Question: "Thank you for calling the IT Help Desk. If you have a network access problem, press or say 1. If you have a software problem, press or say 2. If you have a hardware problem, press or say 3." Option 1 is selected: The caller is routed to the network support team. Option 2 is selected: The caller is asked a follow-up question:

Question: "If this is an operating system problem, press or say 1. If this is a problem with an internal application, press or say 2. Otherwise, press or say 3."

117

Microsoft Lync Server 2010 Administration Guide

Option 1 is selected: The caller is routed to the operating systems support team. Option 2 is selected: The caller is routed to the internal applications support team. Option 3 is selected: The caller is routed to the software support team.

Option 3 is selected: The caller is asked a follow-up question: Option 1 is selected: The caller is routed to the printer support team. Option 2 is selected: The caller is routed to the hardware support team.

Question: "If this is a printer problem press 1. Otherwise, press 2."

The following figure shows the call flow. Two-level interactive call flow

Best Practices The following list describes some best practices for designing your IVR: Let the caller get to the task quickly. Avoid providing too much information or lengthy marketing messages in your IVR. If you want to include a lengthy message, consider appending it to the first question instead of to the welcome message. Callers can bypass the message if it is part of the first question by answering the question, but they cannot bypass the welcome message. Speak in the callers language. Avoid stilted language. Speak naturally. Write efficient and effective prompts. Remove any unnecessary options. Structure the information so that the callers expected response is at the end of the sentence. For example, To speak to the sales team, press 1." Make voice responses user friendly. For example, if you specify both DTMF and voice responses, use something like: "To speak to the sales team, press 1 or say sales." Test the IVR on a group of users before you deploy it across your organization. See Also Create an Interactive Workflow (Optional) Define Response Group Business Hours and Holidays Workflows identify when the response group is available to take calls and how to handle calls that are made when the response group is not available. Before you configure your workflows, you

118

Microsoft Lync Server 2010 Administration Guide

can define your business hours and holidays. Then when you configure a workflow, you just apply the business hours and holidays that you defined in advance to the workflow. Note: To apply holidays to a workflow, you must predefine at least one set of holidays. To apply business hours to a workflow, you can either predefine the business hours, or you can create custom business hours. Custom business hours, however, apply only to a specific workflow and cannot be reused for other workflows. You create custom business hours at the time you configure the workflow. Note: You do not need to predefine business hours if your response group is always open or if you use only custom business hours. Defining Business Hours Business hours define the days of the week and the hours of a day that the response group is normally available to take calls. A business hours collection consists of the ranges of times for each day of the week that a response group is available. For example, a response group might be available from 8:00 A.M. to 4:00 P.M. on weekdays and from 9:00 A.M. to 12:00 P.M. and again from 1:00 P.M. to 5:00 P.M. on weekends. To define business hour collections, you must use the New-CsRgsTimeRange and NewCsRgsHoursOfBusiness cmdlets. The New-CsRgsTimeRange cmdlet defines opening and closing hours, and the New-CsRgsHoursOfBusiness cmdlet identifies which opening and closing hours apply to each day of the week (the business hours collection). For details about using these cmdlets, see the Lync Server Management Shell documentation or Lync Server Management Shell command-line Help. Important: Express time for parameters in these cmdlets as 24-hour time notation (for example, 20:00=8:00 P.M.). To create a business hours collection 1. Log on as a member of the RTCUniversalServerAdmins group, or as a member of one of the predefined administrative roles that support Response Group. If you are not logged on as a member of one of these roles, you are prompted for alternate credentials. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. For each unique range of hours you want to define, run: $x = New-CsRgsTimeRange [Name <name of time range>] ` OpenTime <time when business hours begin> ` -CloseTime <time when business hours end> To create the business hours collection that uses the ranges you defined, run: New-CsRgsHoursOfBusiness Parent <service where the workflow is hosted> `

119

Microsoft Lync Server 2010 Administration Guide

-Name <unique name for collection> ` [-MondayHours1 <first set of opening and closing times for Monday>] ` [-MondayHours2 <second set of opening and closing times for Monday>] ` [-TuesdayHours1 <first set of opening and closing times for Tuesday>] ` [-TuesdayHours2 <second set of opening and closing times for Tuesday>] ` [-WednesdayHours1 <first set of opening and closing times for Wednesday>] ` [-WednesdayHours2 <second set of opening and closing times for Wednesday>] ` [-ThursdayHours1 <first set of opening and closing times for Thursday>] ` [-ThursdayHours2 <second set of opening and closing times for Thursday>] ` [-FridayHours1 <first set of opening and closing times for Friday>] ` [-FridayHours2 <second set of opening and closing times for Friday>] ` [-SaturdayHours1 <first set of opening and closing times for Saturday>] ` [-SaturdayHours2 <second set of opening and closing times for Saturday>] ` [-SundayHours1 <first set of opening and closing times for Sunday>] ` [-SundayHours2 <second set of opening and closing times for Sunday>] The following example specifies business hours of 9:00 A.M. to 5:00 P.M. for weekdays, 8:00 A.M. to 10:00 A.M. and again from 2:00 P.M. to 6:00 P.M. for Saturdays, and no business hours for Sundays: $a = NewRgsTimeRange Name "Weekday Hours" ` -OpenTime "9:00" CloseTime "17:00" $b = NewRgsTimeRange Name "Saturday Morning Hours" ` -OpenTime "8:00" CloseTime "10:00" $c = NewRgsTimeRange Name "Saturday Afternoon Hours" ` -OpenTime "14:00" CloseTime "18:00" New-CsRgsHoursOfBusiness Parent "ApplicationServer:Redmond.contoso.com" ` -Name "Help Desk Business Hours" ` -MondayHours1 $a `

120

Microsoft Lync Server 2010 Administration Guide

-TuesdayHours1 $a ` -WednesdayHours1 $a ` -ThursdayHours1 $a ` -FridayHours1 $a ` -SaturdayHours1 $b ` -SaturdayHours2 $c Defining Holidays Holidays define the days that agents will not be working and, therefore, are not available to take calls. Holiday sets are collections of holidays. For example, the national/regional holidays for year 2011 might be a holiday set. Multiple holiday sets can apply to a workflow. For example, you might define a set of national/regional holidays for the calendar year, another set of holidays for company days off, and another set of holidays for team events. Any combination of the holiday sets can apply to a workflow. To define holidays and holiday sets, you must use the New-CsRgsHoliday and NewCsRgsHolidaySet cmdlets. The New-CsRgsHoliday cmdlet defines individual holidays, and the New-CsRgsHolidaySet cmdlet identifies which holidays are in a holiday set. For details about these cmdlets, see the Lync Server Management Shell documentation. To create a holiday set 1. Log on as a member of the RTCUniversalServerAdmins group, or as a member of one of the predefined administrative roles that support Response Group. If you are not logged on as a member of one of these roles, you are prompted for alternate credentials. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. For each holiday you want to define, run: $x = New-CsRgsHoliday [-Name <holiday name>] ` -StartDate <starting date of holiday> -EndDate <ending date of holiday> To create the holiday set that contains the holidays you defined, run: New-CsRgsHolidaySet Parent <service where the workflow is hosted> ` -Name <unique name for holiday set> ` -HolidayList <one or more holidays to be included in the holiday set> The following example shows a holiday set that includes two holidays: $a = New-CsRgsHoliday Name "New Year's Day" StartDate "1/1/2011" EndDate "1/2/2011" $b = New-CsRgsHoliday Name "Independence Day" StartDate "7/4/2011" EndDate "7/4/2011" New-CsRgsHolidaySet Parent "ApplicationServer:Redmond.contoso.com `

121

Microsoft Lync Server 2010 Administration Guide

-Name "2011 Holidays" HolidayList ($a $b)

Create a Response Group Workflow Microsoft Lync Server 2010 supports two types of workflow: hunt group and interactive voice response (IVR). When you create a workflow, you use the Response Group Configuration Tool to specify the queue to use and other settings, such as a welcome message, music on hold, business hours, and questions that the Response Group application asks the caller. Note: You must create agent groups and queues before you create a workflow that uses them. If you want to create preset business hours and holidays that you can use for multiple workflows, you must also define these hours and holidays before you create a workflow that uses them. In This Section Create a Hunt Group Workflow Create an Interactive Workflow Create an Agent Group Create a Response Group Queue (Optional) Define Response Group Business Hours and Holidays

Related Sections

Create a Hunt Group Workflow A hunt group workflow routes callers to a specified queue without asking the caller any questions. You specify the queue to which callers are routed. You can also choose a welcome message for the workflow, the music to play when users are on hold, and the days and hours that the workflow is available. Note: Office Communications Server 2007 R2 supported two types of hunt groups: basic and enhanced. In Microsoft Lync Server 2010, the hunt group workflow covers both of these types. You can use Windows Media audio (.wma) or wave (.wav) files for messages and music that is played while users are on hold. For details about supported audio file formats, see Response Group Audio File Requirements. After you upload an audio file, you can listen to it to verify that you selected the correct file. To listen to the audio file, click the name of the file. To create a hunt group workflow 1. Log on as a member of the RTCUniversalServerAdmins group, or as a member of one of the predefined administrative roles that support Response Group. If you are not logged on as a member of one of these roles, you are prompted for alternate credentials. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server

122

Microsoft Lync Server 2010 Administration Guide

Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Response Groups, and then click Workflow. 4. On the Workflow page, click Create or edit a workflow. 5. In the Select a Service search field, type part or all of the name of the ApplicationServer service for which you want to add the workflow. 6. In the list of services, select the service that you want, and then click OK. Note: The Response Group Configuration Tool webpage opens. You can also open the Response Group Configuration Tool webpage directly from a web browser by connecting to https://<webPoolFqdn>/RgsConfig. 7. Under Create a New Workflow, next to Hunt Group, click Create. 8. If you are not ready for users to start calling the workflow, clear the Activate the workflow check box. 9. To allow federated users to call the group, select the Enable for federation check box. 10. To hide the identity of agents during calls, select the Enable agent anonymity check box. Note: Anonymous calls cannot start with instant messaging (IM) or video, although the agent or the caller can add IM and video after the call is established. An anonymous agent can also put calls on hold, transfer calls (both blind and consultative transfers), and park and retrieve calls. Anonymous calls do not support conferencing, application sharing and desktop sharing, file transfer, whiteboarding and data collaboration, and call recording. Warning: A consultative transfer is where the agent who received the call first (that is, the "transfer initiator") talks to the agent or user that they want to transfer call to (that is, the "transfer receiver") before they actually transfer the call. Consultative transfers are supported when the transfer receiver is not anonymous. If the transfer initiator consultative transfers a call to a PSTN or a Lync user and uses the anonymous option, the call will appear to transfer properly to the receiver. However, the transfer will fail and the transferred caller is disconnected. The transfer initiator can be either anonymous or known, but the effect is the same if the transfer receiver is anonymous. 11. Under Enter the address of the group that will receive the calls, type the SIP address of the group that you want to answer calls to the workflow. 12. In Display name, type the name that you want clients to display for the workflow (for example, Lync 2010). Note: Do not include the "<" or ">" characters in the display name. Do not use the

123

Microsoft Lync Server 2010 Administration Guide

following display names because they are reserved: RGS Presence Watcher or Announcement Service. 13. Under Telephone number, type the line URI for the response group (for example, +14255550165). 14. In Display number, type the number as you want it to appear for the response group (for example, +1 (425) 555-0165). 15. (Optional) In Description, type a description for the workflow as you want it to appear on the contact card in Lync 2010. 16. Under Step 2 Select a Language, click the language that you want to use for speech recognition and text-to-speech. 17. If you want to configure a welcome message, under Step 3 Configure a Welcome Message, select the Play a welcome message check box, and then do one of the following: To enter the welcome message as text that is converted to speech for callers, click Use text-to-speech, and then type the welcome message in the text box. Note: Do not include HTML tags in the text you enter. If you include HTML tags, you will receive an error message. To use a wave (.wav) or Windows Media audio (.wma) file recording for the welcome message, click Select a recording. If you want to upload a new audio file, click the a recording link. In the new browser window, click Browse, select the audio file that you want to use, and then click Open. Click Upload to load the audio file. Note: All user-provided audio files must meet certain requirements. For details about supported file formats, see Response Group Audio File Requirements. 18. Under Step 4 Specify Your Business Hours, in Your time zone, click the time zone for the workflow. Note: The time zone is the time zone where the callers and agents of the workflow reside. It is used to calculate the open and close hours. For example, if the workflow is configured to use the North American Eastern Time zone and the workflow is scheduled to open at 7:00 A.M. and close at 11:00 P.M., the open and close times are assumed to be 7:00 Eastern Time and 23:00 Eastern Time respectively. (You must enter the times in 24-hour time notation.) 19. Select the type of business hours schedule you want to use by doing one of the following: To use a predefined schedule of business hours, click Use a preset schedule, and then select the schedule you want to use from the drop-down list. Note: You must have defined at least one preset schedule previously to be able to

124

Microsoft Lync Server 2010 Administration Guide

select this option. You define preset schedules by using the NewCSRgsHoursOfBusiness cmdlet. For details, see (Optional) Define Response Group Business Hours and Holidays. Note: When you select a preset schedule, Day, Open, and Close are automatically filled with the days and hours that the response group is available. To use a custom schedule that applies only to this workflow, click Use a custom schedule. 20. If you are creating a custom schedule for this workflow, click the check boxes for the days of the week that the response group is available. 21. If you are creating a custom schedule, type the Open and Close hours for each day of the week that the response group available. Note: The Open and Close hours must be in 24-hour time notation. For example, if your office works a 9-to-5 work day and closes at noon for lunch, the business hours are specified as Open 9:00, Close 12:00, Open 13:00, and Close 17:00. 22. If you want to play a message when the office is not open, select the Play a message when the response group is outside of business hours check box, and then specify the message to play by doing one of the following: To enter the message as text that is converted to speech for the caller, click Use text-to-speech, and then type the message in the text box. Note: Do not include HTML tags in the text you enter. If you include HTML tags, you will receive an error message. To use an audio file recording for the message, click Select a recording. If you want to upload a new audio file, click the a recording link. In the new browser window, click Browse, select the file that you want to use, and then click Open. Click Upload to load the audio file. Note: All user-provided audio files must meet certain requirements. For details about supported audio file formats, see Response Group Audio File Requirements. 23. Specify how to handle calls after the message is played (if a message is configured): To disconnect the call, click Disconnect Call. To forward the call to voice mail, click Forward to voice mail, and then type the voice mail address. The format for the voice mail address is <username>@<domainname> (for example, bob@contoso.com). To forward the call to another user, click Forward to SIP URI, and then type a user address. The format for the user address is <username>@<domainname>. To forward the call to another telephone number, click Forward to telephone

125

Microsoft Lync Server 2010 Administration Guide

number, and then type the telephone number. The format for the telephone number is <number>@<domainname> (for example, +14255550121@contoso.com). The domain name is used to route the caller to the correct destination. 24. Under Step 5 Specify Your Holidays, click the check boxes for one or more sets of holidays that define the days when the response group is closed for business. Note: You need to define holidays and holiday sets before you configure the workflow. Use the New-CsRgsHoliday and New-CsRgsHolidaySet cmdlets to define holidays and holiday sets. For details, see (Optional) Define Response Group Business Hours and Holidays. 25. If you want to play a message on holidays, select the Play a message during holidays check box, and then specify the message to play by doing one of the following: To enter the message as text that is converted to speech for the caller, click Use text-to-speech, and then type the message in the text box. Note: Do not include HTML tags in the text you enter. If you include HTML tags, you will receive an error message. To use an audio file recording for the message, click Select a recording. If you want to upload a new audio file, click the a recording link. In the new browser window, click Browse, select the file that you want to use, and then click Open. Click Upload to load the audio file. Note: All user-provided audio files must meet certain requirements. For details about supported audio file formats, see Response Group Audio File Requirements. 26. Specify how to handle calls after the message is played (if a message is configured): To disconnect the call, click Disconnect Call. To forward the call to voice mail, click Forward to voice mail, and then type the voice mail address. The format for the voice mail address is <username>@<domainname> (for example, bob@contoso.com). To forward the call to another user, click Forward to SIP URI, and then type a user address. The format for the user address is <username>@<domainname>. To forward the call to another telephone number, click Forward to telephone number, and then type the telephone number. The format for the telephone number is <number>@<domainname> (for example, +14255550121@contoso.com). The domain name is used to route the caller to the correct destination. 27. Under Step 6 Configure a Queue, in Select the queue that will receive the calls, select the queue that you want to hold callers until an agent becomes available. 28. Under Step 7 Configure Music on Hold, choose the music you want callers to listen to while waiting for an agent by doing one of the following:

126

Microsoft Lync Server 2010 Administration Guide

To use the default music-on-hold recording, click Use default.

To use an audio file recording for the music on hold, click Select a music file. If you want to upload a new audio file, click the a music file link. In the new browser window, click Browse, select the file that you want to use, and then click Open. Click Upload to load the audio file. Note: All user provided audio files must meet certain requirements. For details about supported audio file formats, see Response Group Audio File Requirements. 29. Click Deploy.

Create an Interactive Workflow When you create an interactive workflow you can choose a welcome message for the workflow, the music to play when users are on hold, and the days and hours that the workflow is available. Interactive workflows support up to two levels of questions, with each question having up to four possible answers. The interactive voice response (IVR) asks the caller a question that has up to four possible answers, and depending on the callers response, routes the caller to a queue or asks a second question. The second question can also have four possible answers. Depending on the answer to the second-level question, the caller is routed to the appropriate queue. For details about IVR design, see Design Call Flows by Using Interactive Voice Response. You can use wave (.wav) or Windows Media audio (.wma) files for settings such as messages or the music that is played when users are on hold. For details about supported audio file formats, see Response Group Audio File Requirements. To create an Interactive workflow 1. Log on as a member of the RTCUniversalServerAdmins group, or as a member of one of the predefined administrative roles that support Response Group. If you are not logged on as a member of one of these roles, you are prompted for alternate credentials. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Response Groups, and then click Workflow. 4. On the Workflow page, click Create or edit a workflow. 5. In the Select a Service search field, type part or all of the name of the ApplicationServer service that you want to add. 6. In the list of services, select the service you want, and then click OK. Note: The Response Group Configuration Tool webpage opens. You can also open the Response Group Configuration Tool webpage directly from a Web browser by connecting to https://<webPoolFqdn>/RgsConfig.

127

Microsoft Lync Server 2010 Administration Guide

7. Under Create a New Workflow, next to Interactive, click Create. 8. If you are not ready for users to start calling the workflow, clear the Activate the workflow check box. 9. To allow federated users to call the group, select the Enable for federation check box. 10. To hide the identity of agents during calls, select the Enable agent anonymity check box. Note: Anonymous calls cannot start with instant messaging (IM) or video, although the agent or the caller can add IM and video after the call is established. An anonymous agent can also put calls on hold, transfer calls (both blind and consultative transfers), and park and retrieve calls. Anonymous calls do not support conferencing, application sharing and desktop sharing, file transfer, whiteboarding and data collaboration, and call recording. Warning: A consultative transfer is where the agent who received the call first (that is, the "transfer initiator") talks to the agent or user that they want to transfer call to (that is, the "transfer receiver") before they actually transfer the call. Consultative transfers are supported when the transfer receiver is not anonymous. If the transfer initiator consultative transfers a call to a PSTN or a Lync user and uses the anonymous option, the call will appear to transfer properly to the receiver. However, the transfer will fail and the transferred caller is disconnected. The transfer initiator can be either anonymous or known, but the effect is the same if the transfer receiver is anonymous. 11. In Enter the address of the group that will receive the calls, type the address of the group that you want to answer calls to the workflow. 12. In Display name, type the name that clients, such as Lync 2010, are to display. Note: Do not include the "<" or ">" characters in the display name. Do not use the following display names because they are reserved: RGS Presence Watcher or Announcement Service. 13. In Telephone number, type the line URI for the response group (for example, +14255550165). 14. In Display number, type the number as you want it to appear for the response group (for example, +1 (425) 555-0165). 15. (Optional) In Description, type a description for the workflow that you want to appear on the contact card in Lync 2010. 16. Under Step 2 Select a Language, click the language to use for speech recognition and text-to-speech. 17. If you want to configure a welcome message, under Step 3 Configure a Welcome Message, select the Play a welcome message check box, and then do one of the

128

Microsoft Lync Server 2010 Administration Guide

following: To enter the welcome message as text that is converted to speech for callers, click Use text-to-speech, and then type the welcome message in the text box. Note: Do not include HTML tags in the text you enter. If you include HTML tags, you will receive an error message. To use a Wave or Windows Media Audio file recording for the welcome message, click Select a recording. If you want to upload a new audio file, click the a recording link. In the new browser window, click Browse, select the audio file that you want to use, and then click Open. Click Upload to load the audio file. Note: All user-provided audio files must meet certain requirements. For details about supported file formats, see Response Group Audio File Requirements. 18. Under Step 4 Specify Your Business Hours, in the Your time zone box, click the time zone of the workflow. Note: The time zone is the time zone where the callers and agents of the workflow reside. It is used to calculate the open and close hours. For example, if the workflow is configured to use the North American Eastern Time zone and the workflow is scheduled to open at 7:00 A.M. and close at 11:00 P.M., the open and close times are assumed to be 7:00 Eastern Time and 11:00 Eastern Time respectively. (You must enter the times in 24-hour time notation.) 19. Select the type of business hours schedule you want to use by doing one of the following: To use a predefined schedule of business hours, click Use a preset schedule, and then select the schedule you want to use from the drop-down list. Note: You must have defined at least one preset schedule previously to be able to select this option. You define preset schedules by using the NewCSRgsHoursOfBusiness cmdlet. For details, see (Optional) Define Response Group Business Hours and Holidays Note: When you select a preset schedule, Day, Open, and Close are automatically filled with the days and hours that the response group is available. To use a custom schedule that applies only to this workflow, click Use a custom schedule. 20. If you are creating a custom schedule for this workflow, click the check boxes for the days of the week that the response group is available. 21. If you are creating a custom schedule, type the Open and Close hours when the

129

Microsoft Lync Server 2010 Administration Guide

response group available. Note: The Open and Close hours must be in 24-hour time notation. For example, if your office works a 9-to-5 work day and closes at noon for lunch, the business hours are specified as Open 9:00, Close 12:00, Open 13:00, and Close 17:00. 22. If you want to play a message when the office is not open, select the Play a message when the response group is outside of business hours check box, and then specify the message to play by doing one of the following: To enter the message as text that is converted to speech for the caller, click Use text-to-speech, and then type the message in the text box. Note: Do not include HTML tags in the text you enter. If you include HTML tags, you will receive an error message. To use an audio file recording for the message, click Select a recording. If you want to upload a new audio file, click the a recording link. In the new browser window, click Browse, select the file that you want to use, and then click Open. Click Upload to load the audio file. Note: All user-provided audio files must meet certain requirements. For details about supported file formats, see Response Group Audio File Requirements. 23. Specify how to handle calls after the message is played (if a message is configured): To disconnect the call, click Disconnect Call. To forward the call to voice mail, click Forward to voice mail, and then type the voice mail address. The format for the voice mail address is <username>@<domainname> (for example, bob@contoso.com). To forward the call to another user, click Forward to SIP URI, and then type a user address. The format for the user address is <username>@<domainname>. To forward the call to another telephone number, click Forward to telephone number, and then type the telephone number. The format for the telephone number is <number>@<domainname> (for example, +14255550121@contoso.com). The domain name is used to route the caller to the correct destination. 24. Under Step 5 Specify Your Holidays, click the check boxes for one or more sets of holidays that define the days when the response group is closed for business. Note: You need to define holidays and holiday sets before you configure the workflow. Use the New-CsRgsHoliday and New-CsRgsHolidaySet cmdlets to define holidays and holiday sets. For details, see (Optional) Define Response Group Business Hours and Holidays. 25. If you want to play a message on holidays, select the Play a message during holidays check box, and then specify the message to play by doing one of the following:

130

Microsoft Lync Server 2010 Administration Guide

To enter the message as text that is converted to speech for the caller, click Use text-to-speech, and then type the message in the text box. Note: Do not include HTML tags in the text you enter. If you include HTML tags, you will receive an error message. To use an audio file recording for the message, click Select a recording. If you want to upload a new audio file, click the a recording link. In the new browser window, click Browse, select the file that you want to use, and then click Open. Click Upload to load the audio file. Note: All user-provided audio files must meet certain requirements. For details about supported audio file formats, see Response Group Audio File Requirements. 26. Specify how to handle calls after the message is played (if a message is configured): To disconnect the call, click Disconnect Call. To forward the call to voice mail, click Forward to voice mail, and then type the voice mail address. The format for the voice mail address is <username>@<domainname> (for example, bob@contoso.com). To forward the call to another user, click Forward to SIP URI, and then type a user address. The format for the user address is <username>@<domainname>. To forward the call to another telephone number, click Forward to telephone number, and then type the telephone number. The format for the telephone number is <number>@<domainname> (for example, +14255550121@contoso.com). The domain name is used to route the caller to the correct destination. 27. Under Step 6 Configure Music on Hold, choose what you want callers to listen to while waiting for an agent by doing one of the following: To use the default music on-hold recording, click Use default. To use an audio file recording for the on-hold music, click Select a music file. If you want to upload a new audio file, click the a music file link. In the new browser window, click Browse, select the file that you want to use, and then click Open. Click Upload to load the audio file. Note: All user-provided audio files must meet certain requirements. For details about supported file formats, see Response Group Audio File Requirements. 28. Under Step 7 Configure Interactive Voice Response, under the The user will hear the following text or recorded message heading, specify the question to ask callers as follows: To enter the question in text format, click Use text-to-speech, and type the question in the text box. Note:

131

Microsoft Lync Server 2010 Administration Guide

Do not include HTML tags in the text you enter. If you include HTML tags, you will receive an error message. Note: The "#" symbol is translated by the text-to-speech engine as the word "number". If you need to refer to the # key, you should use the key name, rather than the symbol, in your prompt. For example, "To talk to sales, press the pound key." To use a prerecorded audio file that contains the question, click Select a recording, and then click the a recording link to upload the file. In the new browser window, click Browse, select the audio file, and then click Open. Click Upload to load the file, and then optionally you can type the question in the text box (this enables the question, and the callers response, to be forwarded to the responding agent). Note: All user-provided audio files must meet certain requirements. For details about supported file formats, see Response Group Audio File Requirements. 29. Under Response 1, specify the first possible answer to the question by doing the following: Important: Do not use quotation marks (") in any voice responses. Quotation marks cause the IVR to fail. Note: You can choose to allow callers to answer using speech, alphanumeric keypad input, or both. If you want to allow the caller to respond using speech, enter the answer in Enter a voice response. If you want to allow the caller to respond by pressing a key on the keypad, in Digit, click the keypad digit. 30. Specify whether to route the caller to a queue, or to ask another question as follows: To route the caller to a queue, click Send to a queue, and in Select a queue, click the queue that you want to use. To ask another question, click Ask another question, and then click Use textto-speech and type the question, or click Select a recording. Use the response groupings in this section to specify up to four possible responses to the additional question and the queue to use for each response. To specify a third or fourth possible response, click the Response 3 check box or the Response 4 check box. 31. Specify up to three more possible answers to the original question by repeating steps 28 and 29 to specify the possible responses and the action to take for each response. To specify a third or fourth possible answer, click the Response 3 check box or the Response 4 check box.

132

Microsoft Lync Server 2010 Administration Guide

32. Click Deploy.

Change a Response Group Workflow The topics in this section describe how to change existing workflows by using Microsoft Lync Server 2010 Control Panel and the Response Group Configuration Tool. In This Section Change a Hunt Group Workflow Change an Interactive Workflow

Change a Hunt Group Workflow Follow these steps to change the settings for a Response Group hunt group workflow by using Lync Server Control Panel and the Response Group Configuration Tool. To change settings for a hunt group workflow 1. Log on as a member of the RTCUniversalServerAdmins group, or as a member of one of the predefined administrative roles that support Response Group. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Response Groups, and then click Workflow. 4. On the Workflow page, click Create or edit a workflow. 5. In the Select a Service search field, type part or all of the name of the ApplicationServer service that hosts the workflow that you want to change. 6. In the list of services, click the service that you want, and then click OK. Note: The Response Group Configuration Tool webpage opens. You can also open the Response Group Configuration Tool webpage directly from a web browser by connecting to https://<webPoolFqdn>/RgsConfig. 7. Under Manage an Existing Workflow, locate the workflow you want to change, and then under Action, click Edit. 8. If you are ready for users to start calling the workflow, select the Activate the workflow check box. 9. To allow federated users to call the group, select the Enable for federation check box. 10. To hide the identity of agents during calls, select the Enable agent anonymity check box. Note: Anonymous calls cannot start with instant messaging (IM) or video, although the agent or the caller can add IM and video after the call is established. An

133

Microsoft Lync Server 2010 Administration Guide

anonymous agent can also put calls on hold, transfer calls (both blind and consultative transfers), and park and retrieve calls. Anonymous calls do not support conferencing, application sharing and desktop sharing, file transfer, whiteboarding and data collaboration, and call recording. Warning: A consultative transfer is where the agent who received the call first (that is, the "transfer initiator") talks to the agent or user that they want to transfer call to (that is, the "transfer receiver") before they actually transfer the call. Consultative transfers are supported when the transfer receiver is not anonymous. If the transfer initiator consultative transfers a call to a PSTN or a Lync user and uses the anonymous option, the call will appear to transfer properly to the receiver. However, the transfer will fail and the transferred caller is disconnected. The transfer initiator can be either anonymous or known, but the effect is the same if the transfer receiver is anonymous. 11. Under Enter the address of the group that will receive the calls, type the SIP address of the group that you want to answer calls to the workflow. 12. In Display name, type the name that you want clients to display for the workflow (for example, Lync 2010). Note: Do not include the "<" or ">" characters in the display name. Do not use the following display names because they are reserved: RGS Presence Watcher or Announcement Service. 13. Under Telephone number, type the line URI for the response group (for example, +14255550165). 14. In Display number, type the number as you want it to appear for the response group (for example, +1 (425) 555-0165). 15. (Optional) In Description, type a description for the workflow as you want it to appear on the contact card in Lync 2010. 16. Under Step 2 Select a Language, click the language that you want to use for speech recognition and text-to-speech. 17. If you want to configure a welcome message, under Step 3 Configure a Welcome Message, select the Play a welcome message check box, and then do one of the following: To enter the welcome message as text that is converted to speech for callers, click Use text-to-speech, and then type the welcome message in the text box. Note: Do not include HTML tags in the text you enter. If you include HTML tags, you will receive an error message. To use a wave (.wav) or Windows Media audio (.wma) file recording for the welcome message, click Select a recording. If you want to upload a new audio file, click the a recording link. In the new browser window, click Browse, select the audio

134

Microsoft Lync Server 2010 Administration Guide

file that you want to use, and then click Open. Click Upload to load the audio file. Note: All user-provided audio files must meet certain requirements. For details about supported file formats, see Response Group Audio File Requirements. 18. Under Step 4 Specify Your Business Hours, in Your time zone, click the time zone for the workflow. Note: The time zone is the time zone where the callers and agents of the workflow reside. It is used to calculate the open and close hours. For example, if the workflow is configured to use the North American Eastern Time zone and the workflow is scheduled to open at 7:00 A.M. and close at 11:00 P.M., the open and close times are assumed to be 7:00 Eastern Time and 23:00 Eastern Time respectively. (You must enter the times in 24-hour time notation.) 19. Select the type of business hours schedule you want to use by doing one of the following: To use a predefined schedule of business hours, click Use a preset schedule, and then select the schedule you want to use from the drop-down list. Note: You must have defined at least one preset schedule previously to be able to select this option. You define preset schedules by using the NewCSRgsHoursOfBusiness cmdlet. For details, see (Optional) Define Response Group Business Hours and Holidays. Note: When you select a preset schedule, Day, Open, and Close are automatically filled with the days and hours that the response group is available. To use a custom schedule that applies only to this workflow, click Use a custom schedule. 20. If you are creating a custom schedule for this workflow, click the check boxes for the days of the week that the response group is available. 21. If you are creating a custom schedule, type the Open and Close hours for each day of the week that the response group available. Note: The Open and Close hours must be in 24-hour time notation. For example, if your office works a 9-to-5 work day and closes at noon for lunch, the business hours are specified as Open 9:00, Close 12:00, Open 13:00, and Close 17:00. 22. If you want to play a message when the office is not open, select the Play a message when the response group is outside of business hours check box, and then specify the message to play by doing one of the following: To enter the message as text that is converted to speech for the caller, click Use

135

Microsoft Lync Server 2010 Administration Guide

text-to-speech, and then type the message in the text box. Note: Do not include HTML tags in the text you enter. If you include HTML tags, you will receive an error message. To use an audio file recording for the message, click Select a recording. If you want to upload a new audio file, click the a recording link. In the new browser window, click Browse, select the file that you want to use, and then click Open. Click Upload to load the audio file. Note: All user-provided audio files must meet certain requirements. For details about supported audio file formats, see Response Group Audio File Requirements. 23. Specify how to handle calls after the message is played (if a message is configured): To disconnect the call, click Disconnect Call. To forward the call to voice mail, click Forward to voice mail, and then type the voice mail address. The format for the voice mail address is <username>@<domainname> (for example, bob@contoso.com). To forward the call to another user, click Forward to SIP URI, and then type a user address. The format for the user address is <username>@<domainname>. To forward the call to another telephone number, click Forward to telephone number, and then type the telephone number. The format for the telephone number is <number>@<domainname> (for example, +14255550121@contoso.com). The domain name is used to route the caller to the correct destination. 24. Under Step 5 Specify Your Holidays, click the check boxes for one or more sets of holidays that define the days when the response group is closed for business. Note: You need to define holidays and holiday sets before you configure the workflow. Use the New-CsRgsHoliday and New-CsRgsHolidaySet cmdlets to define holidays and holiday sets. For details, see (Optional) Define Response Group Business Hours and Holidays. 25. If you want to play a message on holidays, select the Play a message during holidays check box, and then specify the message to play by doing one of the following: To enter the message as text that is converted to speech for the caller, click Use text-to-speech, and then type the message in the text box. Note: Do not include HTML tags in the text you enter. If you include HTML tags, you will receive an error message. To use an audio file recording for the message, click Select a recording. If you want to upload a new audio file, click the a recording link. In the new browser window, click Browse, select the file that you want to use, and then click Open. Click

136

Microsoft Lync Server 2010 Administration Guide

Upload to load the audio file. Note: All user-provided audio files must meet certain requirements. For details about supported audio file formats, see Response Group Audio File Requirements. 26. Specify how to handle calls after the message is played (if a message is configured): To disconnect the call, click Disconnect Call. To forward the call to voice mail, click Forward to voice mail, and then type the voice mail address. The format for the voice mail address is <username>@<domainname> (for example, bob@contoso.com). To forward the call to another user, click Forward to SIP URI, and then type a user address. The format for the user address is <username>@<domainname>. To forward the call to another telephone number, click Forward to telephone number, and then type the telephone number. The format for the telephone number is <number>@<domainname> (for example, +14255550121@contoso.com). The domain name is used to route the caller to the correct destination. 27. Under Step 6 Configure a Queue, in Select the queue that will receive the calls, select the queue that you want to hold callers until an agent becomes available. 28. Under Step 7 Configure Music on Hold, choose the music you want callers to listen to while waiting for an agent by doing one of the following: To use the default music-on-hold recording, click Use default. To use an audio file recording for the music on hold, click Select a music file. If you want to upload a new audio file, click the a music file link. In the new browser window, click Browse, select the file that you want to use, and then click Open. Click Upload to load the audio file. Note: All user provided audio files must meet certain requirements. For details about supported audio file formats, see Response Group Audio File Requirements. 29. Click Save.

Change an Interactive Workflow Follow these steps to change the settings for a Response Group interactive voice response (IVR) workflow by using Lync Server Control Panel and the Response Group Configuration Tool. To change an interactive workflow 1. Log on as a member of the RTCUniversalServerAdmins group, or as a member of one of the predefined administrative roles that support Response Group. 2. Open a browser window, and then enter the Admin URL to open the Lync Server

137

Microsoft Lync Server 2010 Administration Guide

Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Response Groups, and then click Workflow. 4. On the Workflow page, click Create or edit a workflow. 5. In the Select a Service search field, type part or all of the name of the ApplicationServer service that hosts the workflow that you want to change. 6. In the list of services, click the service that you want, and then click OK. Note: The Response Group Configuration Tool webpage opens. You can also open the Response Group Configuration Tool webpage directly from a web browser by connecting to https://<webPoolFqdn>/RgsConfig. 7. Under Manage an Existing Workflow, locate the workflow that you want to change, and then under Action, click Edit. 8. If you are ready for users to start calling the workflow, select the Activate the workflow check box. 9. To allow federated users to call the group, select the Enable for federation check box. 10. To hide the identity of agents during calls, select the Enable agent anonymity check box. Note: Anonymous calls cannot start with instant messaging (IM) or video, although the agent or the caller can add IM and video after the call is established. An anonymous agent can also put calls on hold, transfer calls (both blind and consultative transfers), and park and retrieve calls. Anonymous calls do not support conferencing, application sharing and desktop sharing, file transfer, whiteboarding and data collaboration, and call recording. Warning: A consultative transfer is where the agent who received the call first (that is, the "transfer initiator") talks to the agent or user that they want to transfer call to (that is, the "transfer receiver") before they actually transfer the call. Consultative transfers are supported when the transfer receiver is not anonymous. If the transfer initiator consultative transfers a call to a PSTN or a Lync user and uses the anonymous option, the call will appear to transfer properly to the receiver. However, the transfer will fail and the transferred caller is disconnected. The transfer initiator can be either anonymous or known, but the effect is the same if the transfer receiver is anonymous. 11. In Enter the address of the group that will receive the calls, type the address of the group that you want to answer calls to the workflow. 12. In Display name, type the name that clients, such as Lync 2010, are to display. Note:

138

Microsoft Lync Server 2010 Administration Guide

Do not include the "<" or ">" characters in the display name. Do not use the following display names because they are reserved: RGS Presence Watcher or Announcement Service. 13. In Telephone number, type the line URI for the response group (for example, +14255550165). 14. In Display number, type the number as you want it to appear for the response group (for example, +1 (425) 555-0165). 15. (Optional) In Description, type a description for the workflow that you want to appear on the contact card in Lync 2010. 16. Under Step 2 Select a Language, click the language to use for speech recognition and text-to-speech. 17. If you want to configure a welcome message, under Step 3 Configure a Welcome Message, select the Play a welcome message check box, and then do one of the following: To enter the welcome message as text that is converted to speech for callers, click Use text-to-speech, and then type the welcome message in the text box. Note: Do not include HTML tags in the text you enter. If you include HTML tags, you will receive an error message. To use a Wave or Windows Media Audio file recording for the welcome message, click Select a recording. If you want to upload a new audio file, click the a recording link. In the new browser window, click Browse, select the audio file that you want to use, and then click Open. Click Upload to load the audio file. Note: All user-provided audio files must meet certain requirements. For details about supported file formats, see Response Group Audio File Requirements. 18. Under Step 4 Specify Your Business Hours, in the Your time zone box, click the time zone of the workflow. Note: The time zone is the time zone where the callers and agents of the workflow reside. It is used to calculate the open and close hours. For example, if the workflow is configured to use the North American Eastern Time zone and the workflow is scheduled to open at 7:00 A.M. and close at 11:00 P.M., the open and close times are assumed to be 7:00 Eastern Time and 23:00 Eastern Time respectively. (You must enter the times in 24-hour time notation.) 19. Select the type of business hours schedule you want to use by doing one of the following: To use a predefined schedule of business hours, click Use a preset schedule, and then select the schedule you want to use from the drop-down list. Note:

139

Microsoft Lync Server 2010 Administration Guide

You must have defined at least one preset schedule previously to be able to select this option. You define preset schedules by using the NewCSRgsHoursOfBusiness cmdlet. For details, see (Optional) Define Response Group Business Hours and Holidays Note: When you select a preset schedule, Day, Open, and Close are automatically filled with the days and hours that the response group is available. To use a custom schedule that applies only to this workflow, click Use a custom schedule. 20. If you are creating a custom schedule for this workflow, click the check boxes for the days of the week that the response group is available. 21. If you are creating a custom schedule, type the Open and Close hours when the response group available. Note: The Open and Close hours must be in 24-hour time notation. For example, if your office works a 9-to-5 work day and closes at noon for lunch, the business hours are specified as Open 9:00, Close 12:00, Open 13:00, and Close 17:00. 22. If you want to play a message when the office is not open, select the Play a message when the response group is outside of business hours check box, and then specify the message to play by doing one of the following: To enter the message as text that is converted to speech for the caller, click Use text-to-speech, and then type the message in the text box. Note: Do not include HTML tags in the text you enter. If you include HTML tags, you will receive an error message. To use an audio file recording for the message, click Select a recording. If you want to upload a new audio file, click the a recording link. In the new browser window, click Browse, select the file that you want to use, and then click Open. Click Upload to load the audio file. Note: All user-provided audio files must meet certain requirements. For details about supported file formats, see Response Group Audio File Requirements. 23. Specify how to handle calls after the message is played (if a message is configured): To disconnect the call, click Disconnect Call. To forward the call to voice mail, click Forward to voice mail, and then type the voice mail address. The format for the voice mail address is <username>@<domainname> (for example, bob@contoso.com). To forward the call to another user, click Forward to SIP URI, and then type a user address. The format for the user address is <username>@<domainname>. To forward the call to another telephone number, click Forward to telephone

140

Microsoft Lync Server 2010 Administration Guide

number, and then type the telephone number. The format for the telephone number is <number>@<domainname> (for example, +14255550121@contoso.com). The domain name is used to route the caller to the correct destination. 24. Under Step 5 Specify Your Holidays, click the check boxes for one or more sets of holidays that define the days when the response group is closed for business. Note: You need to define holidays and holiday sets before you configure the workflow. Use the New-CsRgsHoliday and New-CsRgsHolidaySet cmdlets to define holidays and holiday sets. For details, see (Optional) Define Response Group Business Hours and Holidays. 25. If you want to play a message on holidays, select the Play a message during holidays check box, and then specify the message to play by doing one of the following: To enter the message as text that is converted to speech for the caller, click Use text-to-speech, and then type the message in the text box. Note: Do not include HTML tags in the text you enter. If you include HTML tags, you will receive an error message. To use an audio file recording for the message, click Select a recording. If you want to upload a new audio file, click the a recording link. In the new browser window, click Browse, select the file that you want to use, and then click Open. Click Upload to load the audio file. Note: All user-provided audio files must meet certain requirements. For details about supported audio file formats, see Response Group Audio File Requirements. 26. Specify how to handle calls after the message is played (if a message is configured): To disconnect the call, click Disconnect Call. To forward the call to voice mail, click Forward to voice mail, and then type the voice mail address. The format for the voice mail address is <username>@<domainname> (for example, bob@contoso.com). To forward the call to another user, click Forward to SIP URI, and then type a user address. The format for the user address is <username>@<domainname>. To forward the call to another telephone number, click Forward to telephone number, and then type the telephone number. The format for the telephone number is <number>@<domainname> (for example, +14255550121@contoso.com). The domain name is used to route the caller to the correct destination. 27. Under Step 6 Configure Music on Hold, choose what you want callers to listen to while waiting for an agent by doing one of the following: To use the default music on-hold recording, click Use default. To use an audio file recording for the on-hold music, click Select a music file. If

141

Microsoft Lync Server 2010 Administration Guide

you want to upload a new audio file, click the a music file link. In the new browser window, click Browse, select the file that you want to use, and then click Open. Click Upload to load the audio file. Note: All user-provided audio files must meet certain requirements. For details about supported file formats, see Response Group Audio File Requirements. 28. Under Step 7 Configure Interactive Voice Response, under the The user will hear the following text or recorded message heading, specify the question to ask callers as follows: To enter the question in text format, click Use text-to-speech, and type the question in the text box. Note: Do not include HTML tags in the text you enter. If you include HTML tags, you will receive an error message. Note: The "#" symbol is translated by the text-to-speech engine as the word "number". If you need to refer to the # key, you should use the key name, rather than the symbol, in your prompt. For example, "To talk to sales, press the pound key." To use a prerecorded audio file that contains the question, click Select a recording, and then click the a recording link to upload the file. In the new browser window, click Browse, select the audio file, and then click Open. Click Upload to load the file, and then optionally you can type the question in the text box (this enables the question, and the callers response, to be forwarded to the responding agent). Note: All user-provided audio files must meet certain requirements. For details about supported file formats, see Response Group Audio File Requirements. 29. Under Response 1, specify the first possible answer to the question by doing the following: Important: Do not use quotation marks (") in any voice responses. Quotation marks cause the IVR to fail. Note: You can choose to allow callers to answer using speech, alphanumeric keypad input, or both. If you want to allow the caller to respond using speech, enter the answer in Enter a voice response. If you want to allow the caller to respond by pressing a key on the keypad, in

142

Microsoft Lync Server 2010 Administration Guide

Digit, click the keypad digit. 30. Specify whether to route the caller to a queue, or to ask another question as follows: To route the caller to a queue, click Send to a queue, and in Select a queue, click the queue that you want to use. To ask another question, click Ask another question, and then click Use textto-speech and type the question, or click Select a recording. Use the response groupings in this section to specify up to four possible responses to the additional question and the queue to use for each response. To specify a third or fourth possible response, click the Response 3 check box or the Response 4 check box. 31. Specify up to three more possible answers to the original question by repeating steps 28 and 29 to specify the possible responses and the action to take for each response. To specify a third or fourth possible answer, select the Response 3 check box or the Response 4 check box. 32. Click Save.

Delete a Response Group Workflow Follow these steps to delete a workflow by using Lync Server Control Panel and the Response Group Configuration Tool. To delete a workflow 1. Log on as a member of the RTCUniversalServerAdmins group, or as a member of one of the predefined administrative roles that support Response Group. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Response Groups, and then click Workflow. 4. On the Workflow page, click Create or edit a workflow. 5. In the Select a Service search field, type part or all of the name of the ApplicationServer service that hosts the workflow that you want to delete. 6. In the list of services, click the service that you want, and then click OK. Note: The Response Group Configuration Tool webpage opens. You can also open the Response Group Configuration Tool webpage directly from a web browser by connecting to https://<webPoolFqdn>/RgsConfig. 7. Under Manage an Existing Workflow, locate the workflow you want to delete, and then under Action, click Delete. 8. Click Yes.

143

Microsoft Lync Server 2010 Administration Guide

Managing On-Premises Meetings


Topics in this section provide step-by-step procedures for tasks you can perform using the pages in the Conferencing group in Lync Server Control Panel.

In This Section
Configuring Conferencing Settings Configuring the Meeting Join Experience Configure Settings for a Dial-in Conferencing Access Number Configure Dial-in Conferencing Personal Identification Number (PIN) Rules

Configuring Conferencing Settings


Conferencing policy defines the features and capabilities that users have available during a conference (also known as a meeting). Conferencing policy settings encompass a wide variety of scheduling and participation options, ranging from whether a meeting can include IP audio and video to the maximum number of people who can attend. Administrators can use conferencing policy to manage security, bandwidth, and legal aspects of meetings. You can define conferencing policy on three levels: global scope, site scope, and user scope. Settings apply to a specific user from the narrowest scope to the widest scope. If you assign a user policy to a user, those settings take precedence. If you do not assign a user policy, site settings apply. If no user or site policies apply, global policy provides the default settings. A global policy exists by default, so you cannot create a new global policy. You also cannot delete the existing global policy, but you can change the existing global policy to customize your default settings. In This Section Modify the Default Conferencing User Experience Create or Modify Conferencing User Experience for a Site or Group of Users Conferencing Policy Settings Reference Delete a Conferencing Policy for a Site or Group of Users

Modify the Default Conferencing User Experience The global conferencing policy defines default meeting settings at the forest level for your organization. Use Lync Server Control Panel to make changes to this global policy. For details about how to configure the conferencing policy with a site scope or a user scope, see Create or Modify Conferencing User Experience for a Site or Group of Users. For a list of all available conferencing policy settings, see Conferencing Policy Settings Reference. To modify the global conferencing policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator

144

Microsoft Lync Server 2010 Administration Guide

role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing. 4. On the Conferencing Policy page, in the list of conferencing policies, click Global, click Edit, and then click Show details. 5. Under Organizer policy, in Maximum meeting size, type the maximum number of users that you want to allow at a meeting. By default, the maximum meeting size is 250. 6. To prevent users from inviting anonymous users to meetings, clear the Allow participants to invite anonymous users check box. Anonymous users are users who do not have credentials in your organizations Active Directory Domain Services (AD DS) and who, therefore, are not authenticated. By default, users can invite anonymous users to meetings. 7. In Recording, do one of the following: To prevent participants from recording meetings, click None. This is the default setting. To allow participants to record meetings, click Enable recording. 8. To allow external participants to record meetings, select the Allow federated and anonymous participants to record check box. The default is to prevent external participants from recording meetings. 9. In Audio/video, do one of the following: To prevent the use of audio and video, click None. To allow the use of audio but not video, click Enable IP audio.

To allow the use of audio and video, click Enable IP audio/video. This is the default setting. 10. If you chose to allow the use of audio in Audio/video, do the following: To prevent users from joining the meeting by dialing in, clear the Enable PSTN dial-in conferencing check box. By default, users can dial in to meetings by using the public switched telephone network (PSTN). If you allow users to dial in to meetings and you want to allow unauthenticated (anonymous) users to join a meeting by using dial out phoning, select the Allow anonymous participants to dial out check box. With dial-out phoning, the conference server calls the user, and the user answers the phone to join the meeting. By default, anonymous users cannot join a meeting by using dial-out phoning. 11. If you chose to allow the use of video in Audio/video, in Maximum video resolution allowed for conferencing, click the setting that you want to use. By default, the maximum video resolution is 640*480(VGA). 12. In Data collaboration, do one of the following: To prevent data collaboration, click None.

145

Microsoft Lync Server 2010 Administration Guide

To allow data collaboration, click Enable data collaboration. This is the default setting. 13. If you chose to allow data collaboration in Data collaboration, do the following: To prevent external downloads, clear the Allow federated and anonymous participants to download content check box. By default, external users can download content. To prevent file transfers, clear the Allow participants to transfer files check box. By default, users can transfer files. To prevent the use of annotations, clear the Enable annotations check box. By default, annotations are allowed. To prevent the use of polls, clear the Enable polls check box. By default, polls are allowed. 14. In Application sharing, do one of the following: To prevent the use of application sharing, click Disable application sharing. To allow the use of application sharing, click Enable application sharing. This is the default setting. 15. If you chose to allow application sharing in Application sharing, do the following: To prevent meeting participants from taking control of application sharing, clear the Allow participants to take control check box. By default, participants can take control of application sharing. If you chose to allow meeting participants to take control of application sharing, select the Allow federated and anonymous participants to take control check box to allow external users to take control of application sharing. By default, external users cannot take control of application sharing. 16. Under Participant policy, do one of the following: To prevent both application sharing and desktop sharing, click Disable application and desktop sharing. To allow application sharing but not desktop sharing, click Enable application sharing. To allow both application sharing and desktop sharing, click Enable application and desktop sharing. This is the default setting. 17. To prevent peer-to-peer file transfers, clear the Enable peer-to-peer file transfer check box. By default, peer-to-peer file transfers are allowed. 18. To allow peer-to-peer recording, select the Enable peer-to-peer recording check box. By default, peer-to-peer recording is not allowed. 19. Click Commit

146

Microsoft Lync Server 2010 Administration Guide

Create or Modify Conferencing User Experience for a Site or Group of Users Follow these steps to create a user-level or a site-level conferencing policy. For details about how to assign a user-level policy to a user, see Assign a Conferencing Policy to Modify a User's Default Meeting Experience. For details about how to change the global meeting policy at the forest level for your organization, see Modify the Default Conferencing User Experience. For a list of all available conferencing policy settings, see Conferencing Policy Settings Reference. To create a new user or site conferencing policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing. 4. On the Conferencing Policy tab, click New, and then do one of the following: To create a user-level policy, click User policy. In New Conferencing Policy, in Name, type a descriptive name for the policy. To create a site-level policy, click Site policy. In the Select a Site search field, type all or part of the name of the site for which you want to create a policy. In the list of sites, click the site that you want, and then click OK. Note: The site name becomes the conferencing policy name, and it cannot be changed. 5. In Description, type a description for the policy. 6. Under Organizer policy, in Maximum meeting size, type the maximum number of users that you want to allow at a meeting. By default, the maximum meeting size is 250. 7. To prevent users from inviting anonymous users to meetings, clear the Allow participants to invite anonymous users check box. Anonymous users are users who do not have credentials in your organizations Active Directory Domain Services (AD DS) and who, therefore, are not authenticated. By default, users can invite anonymous users to meetings. 8. In Recording, do one of the following: To prevent participants from recording meetings, click None. This is the default setting. To allow participants to record meetings, click Enable recording. 9. To allow external participants to record meetings, select the Allow federated and anonymous participants to record check box. The default is to prevent external

147

Microsoft Lync Server 2010 Administration Guide

participants from recording meetings. 10. In Audio/video, do one of the following: To prevent the use of audio and video, click None. To allow the use of audio but not video, click Enable IP audio.

To allow the use of audio and video, click Enable IP audio/video. This is the default setting. 11. If you chose to allow the use of audio in Audio/video, do the following: To prevent users from joining the meeting by dialing in, clear the Enable PSTN dial-in conferencing check box. By default, users can dial in to meetings by using the public switched telephone network (PSTN). If you allow users to dial in to meetings and you want to allow unauthenticated (anonymous) users to join a meeting by using dial out phoning, select the Allow anonymous participants to dial out check box. With dial-out phoning, the conference server calls the user, and the user answers the phone to join the meeting. By default, anonymous users cannot join a meeting by using dial-out phoning. 12. If you chose to allow the use of video in Audio/video, in Maximum video resolution allowed for conferencing, click the setting that you want to use. By default, the maximum video resolution is 640*480(VGA). 13. In Data collaboration, do one of the following: To prevent data collaboration, click None. To allow data collaboration, click Enable data collaboration. This is the default setting. 14. If you chose to allow data collaboration in Data collaboration, do the following: To prevent external downloads, clear the Allow federated and anonymous participants to download content check box. By default, external users can download content. To prevent file transfers, clear the Allow participants to transfer files check box. By default, users can transfer files. To prevent the use of annotations, clear the Enable annotations check box. By default, annotations are allowed. To prevent the use of polls, clear the Enable polls check box. By default, polls are allowed. 15. In Application sharing, do one of the following: To prevent the use of application sharing, click Disable application sharing. To allow the use of application sharing, click Enable application sharing. This is the default setting. 16. If you chose to allow application sharing in Application sharing, do the following: To prevent meeting participants from taking control of application sharing, clear the Allow participants to take control check box. By default, participants can take control of application sharing.

148

Microsoft Lync Server 2010 Administration Guide

If you chose to allow meeting participants to take control of application sharing, select the Allow federated and anonymous participants to take control check box to allow external users to take control of application sharing. By default, external users cannot take control of application sharing. 17. Under Participant policy, do one of the following: To prevent both application sharing and desktop sharing, click Disable application and desktop sharing. To allow application sharing but not desktop sharing, click Enable application sharing. To allow both application sharing and desktop sharing, click Enable application and desktop sharing. This is the default setting. 18. To prevent peer-to-peer file transfers, clear the Enable peer-to-peer file transfer check box. By default, peer-to-peer file transfers are allowed. 19. To allow peer-to-peer recording, select the Enable peer-to-peer recording check box. By default, peer-to-peer recording is not allowed. 20. Click Commit. To modify an existing user or site policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. On the left navigation bar, click Conferencing. 4. On the Conferencing Policy page, in the list of conferencing policies, click the policy that you want to change, click Edit, and then click Show details. 5. In Edit Conferencing Policy, modify any of the policy settings, except for the policy name, which cannot be modified. 6. Click Commit.

Conferencing Policy Settings Reference The tables in this topic list all the conferencing policy settings that you can specify by using Microsoft Lync Server 2010 Control Panel. Organizer Policy Settings The following table lists all the conferencing policy settings that you can apply to conference organizers.

149

Microsoft Lync Server 2010 Administration Guide

Organizer Policy Settings


Setting Description

Maximum meeting size Allow participants to invite anonymous users Enable recording Allow federated and anonymous participants to record Enable IP audio Enable IP audio/video Enable PSTN dial-in conferencing

Sets the maximum number of participants allowed in a meeting. Allows meeting organizers to invite unauthenticated users to meetings. Allows presenters or attendees to record the meeting. Allows external and unauthenticated participants to record the meeting. Allows the use of audio in a meeting. Allows the use of audio and video in a meeting. Allows the user to attend a meeting by dialing in from the public switched telephone network (PSTN). Allows unauthenticated users to join a meeting by using dial-out phoning. With dial-out phoning, the conference server calls the user, and the user answers the phone to join the meeting. Sets the maximum resolution for video conferencing. Valid values are 640*480(VGA) and 352*288(CIF). Enables data collaboration conferencing or web conferencing. Allows external and unauthenticated participants to download content from the meeting. Allows meeting participants to transfer files during a meeting. Allows meeting participants to create annotations in content. Allows meeting participants hold a poll during a meeting. Allows users to schedule meetings that support application sharing. Allows participants to take control of another

Allow anonymous participants to dial out

Maximum video resolution allowed for conferencing Enable data collaboration Allow federated and anonymous participants to download content Allow participants to transfer files Enable annotations Enable polls Enable application sharing Allow participants to take control

150

Microsoft Lync Server 2010 Administration Guide Setting Description

users shared application. Allow federated and anonymous participants to take control Allows external and anonymous participants to take control of another users shared application. Note: If this setting is set to True and Allow participants to take control is set to False, this setting is overridden. Participant Policy Settings The following table lists all the conferencing policy settings that you can apply to conference participants. Participant Policy Settings
Setting Description

Enable application sharing Enable application and desktop sharing Enable peer-to-peer file transfer

Allows users to schedule meetings that support application sharing. Allows users to schedule meetings that support application sharing and desktop sharing. Allows participants to perform peer-to-peer file transfers during a meeting. A peer-to-peer file transfer does not involve all the meeting participants. Allows participants to record peer-to-peer conferencing sessions.

Enable peer-to-peer recording

Delete a Conferencing Policy for a Site or Group of Users Follow these steps to delete a user-level or a site-level conferencing policy. Note: You cannot delete the global conferencing policy. To delete a user or site conferencing policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server

151

Microsoft Lync Server 2010 Administration Guide

Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing. 4. On the Conferencing Policy page, in the search field, type all or part of the name of the policy you want to delete. 5. In the list of policies, click the policy that you want, click Edit, and then click Delete. 6. Click OK.

Configuring the Meeting Join Experience


In Microsoft Lync Server 2010, conferencing policy defines the user scheduling and participation experience, and meeting join settings define the following: Whether users dialing in from the public switched telephone network (PSTN) go to the lobby Who can be a presenter Whether conference type is assigned by default Whether anonymous (unauthenticated) users are admitted by default

The topics in this section describe how to configure meeting join settings. In This Section Modify the Default Meeting Join Experience Create or Modify Meeting Join Settings for a Site or Pool Delete Meeting Join Settings for a Site or Pool

Modify the Default Meeting Join Experience The global meeting join settings define the default meeting join experience at the forest level for your organization. You can use Lync Server Control Panel to make changes to these global settings. For details about how to configure the meeting join experience at a site or pool level, see Create or Modify Meeting Join Settings for a Site or Pool. To modify the default meeting join settings 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing and then click Meeting Configuration. 4. On the Meeting Configuration page, in the list of configuration settings, click

152

Microsoft Lync Server 2010 Administration Guide

Global, click Edit, and then click Show details. 5. To route participants who dial in from the public switched telephone network (PSTN) through the lobby, clear the PSTN callers bypass lobby check box. By default, participants dialing in from the PSTN go directly to the meeting. 6. To configure who can be a presenter in the meeting, in Designate as presenter, do one of the following: To not allow anyone other than the organizer to be a presenter, click None. To allow only participants who are members of your organization to be a presenter, click Company. This is the default setting. To allow any participants to be a presenter, click Everyone. 7. To have the organizer select a conference type when scheduling a meeting, clear the Assigned conference type by default check box. By default, the conference type is automatically assigned. 8. To prevent anonymous (unauthenticated) users from being automatically admitted, clear the Admit anonymous users by default check box. By default, anonymous users are automatically admitted to meetings. 9. Click Commit.

Create or Modify Meeting Join Settings for a Site or Pool Meeting join settings define various characteristics of the meeting join experience. By default, the global settings define the join experience. You can also create site-level and pool-level meeting join settings. If you create pool-level settings, those settings apply to all meetings hosted by that pool. If you do not create pool-level settings, site-level settings apply, if they exist. If you do not define site-level settings, the global settings apply to all meetings. This topic describes how to create pool-level or site-level meeting join settings. For details about how to change the global meeting join settings, see Modify the Default Meeting Join Experience. To create new meeting join settings 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing and then click Meeting Configuration. 4. On the Meeting Configuration page, click New, and then do one of the following: To create a site-level policy, click Site configuration. In the Select a Site search field, type all or part of the name of the site for which you want to define meeting join settings. In the resulting list of sites, click the site you want, and then click OK.

153

Microsoft Lync Server 2010 Administration Guide

To create a pool-level policy, click Pool configuration. In the Select a Service search field, type all or part of the name of the pool service for which you want to define meeting join settings. In the resulting list of services, click the pool you want, and then click OK. 5. To route participants who dial in from the public switched telephone network (PSTN) through the lobby, clear the PSTN callers bypass lobby check box. By default, participants dialing in from the PSTN go directly to the meeting. 6. To configure who can be a presenter in the meeting, in Designate as presenter, do one of the following: To not allow anyone other than the organizer to be a presenter, click None. To allow only participants who are members of your organization to be a presenter, click Company. This is the default setting. To allow any participants to be a presenter, click Everyone. 7. To have the organizer select a conference type when scheduling a meeting, clear the Assigned conference type by default check box. By default, the conference type is automatically assigned. 8. To prevent anonymous (unauthenticated) users from being automatically admitted, clear the Admit anonymous users by default check box. By default, anonymous users are automatically admitted to meetings. 9. Click Commit. To modify an existing site or pool meeting join configuration 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing. 4. On the Meeting Configuration page, in the list of configurations, click the configuration that you want to change, click Edit, and then click Show details. 5. In Edit Meeting Configuration, modify any of the meeting join settings, except for the name, which cannot be modified. 6. Click Commit.

Delete Meeting Join Settings for a Site or Pool Follow these steps to delete meeting join settings for a site or pool.

154

Microsoft Lync Server 2010 Administration Guide

Note: You cannot delete the global meeting join configuration. To delete meeting join settings for a site or pool 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing and then click Meeting Configuration. 4. On the Meeting Configuration page, in the search field, type all or part of the name of the site or pool configuration that you want to delete. 5. In the list, click the configuration that you want, click Edit, and then click Delete. 6. Click OK.

Configure Settings for a Dial-in Conferencing Access Number


To enable users to join the audio portion of on-premises conferences by dialing in from the public switched telephone network (PSTN), you must configure dial-in conferencing access numbers. Dial-in conferencing access numbers are the numbers that users call to join a conference. Dial-in access numbers are displayed in meeting invitations and on the Dial-in Conferencing Settings webpage. Note: You cannot use a new dial-in access number until Active Directory replication of that access number is complete. Replication can take several hours. In This Section Create or Modify a Dial-in Conferencing Access Number Delete a Dial-in Conferencing Access Number

Create or Modify a Dial-in Conferencing Access Number Follow these steps if you want to create or modify a dial-in conferencing access number. Important: Before you create a new dial-in access number, you must set a dial-in conferencing region in the dial plan that is associated with the new dial-in access number. Multiple dial plans can use the same region.

155

Microsoft Lync Server 2010 Administration Guide

To create or modify a dial-in access number 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing and then click Dial-in Access Number. 4. On the Dial-in Access Number page, do one of the following: Click New to open New Dial-in Access Number. Click one of the dial-in access numbers in the list, click Edit, and then click Show details. Note: Using the search field to search for the contents of a column in the list of dialin access numbers may not yield the results you expect. Instead, sort the list by the column of interest to identify the dial-in access number you want to view or change. 5. In Display number, type the phone number that public switched telephone network (PSTN) phone users dial to join a conference. Note: This number is displayed in meeting invitations and on the Dial-in Conferencing Settings webpage. 6. In Display name, type a description for the dial-in access number. This is the name that is associated with the dial-in access number in Lync 2010 search results. Note: This name is displayed in the client when a user calls the access number. 7. In Line URI, type the E.164 number of the dial-in access number in TEL URI format, including the + symbol before the number and excluding spaces. For example, tel: +14255550200. Note: The same Line URI cannot be reused by another dial-in conferencing access number. 8. In SIP URI, do the following: In the text box, type a unique SIP URI for this dial-in conferencing access number. This SIP URI is displayed in various locations including, but not limited to, call notification messages and previous versions of Communicator clients. Note: The same SIP URI cannot be reused by another dial-in conferencing access

156

Microsoft Lync Server 2010 Administration Guide

number. The SIP URI cannot be modified after the access number is created. The only way to change the SIP URI is to delete and recreate the access number. In the drop-down list box, click the domain of the Conferencing Attendant application that supports this dial-in access number. 9. In Pool, click the pool that is running the instance of Conferencing Attendant that supports this dial-in access number. Note: If you need to change the pool after you create the access number, you must use the Move-CsApplicationEndpoint cmdlet or delete and recreate the access number. 10. In Primary language, click the language in which prompts are played for this dial-in access number. Note: The primary language is the language that the Conferencing Attendant uses to answer the call. Supported languages are displayed alongside each access phone number on the Dial-in Conferencing Settings webpage. 11. (Optional) In Secondary languages (maximum of four), click Add, select one or more additional languages that you want to support for callers to this dial-in access number, and then click OK. Note: You can choose up to four secondary languages for each dial-in access number. Users can select a secondary language before entering the conference ID when they dial in to a conference. 12. To add a region for the dial-in access number, under Associated regions, click Add, click one or more regions that are associated with the dial plans for this dial-in access number, and then click OK. 13. To delete a region from the dial-in access number, under Associated regions, click the region you want to delete, and then click Remove. 14. Click Commit.

Delete a Dial-in Conferencing Access Number Follow these steps to delete a dial-in conferencing access number. To delete a dial-in conferencing access number 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010.

157

Microsoft Lync Server 2010 Administration Guide

2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing and then click Dial-in Access Number. 4. On the page, click the dial-in number you want to delete in the list, click Edit, and then click Delete. 5. Click OK.

Configure Dial-in Conferencing Personal Identification Number (PIN) Rules


Microsoft Lync Server 2010 users who have Active Directory Domain Services (AD DS) credentials in your organization can join dial-in conferences as authenticated users by using a personal identification number (PIN). PIN policy defines the rules for how dial-in conferencing PINs work. You can create a new PIN policy if you want a specific policy to apply to a site or to a certain group of users. If you want to use the same PIN policy for your entire organization, you can use the global PIN policy and modify it as needed. PIN policies apply to users from the narrowest scope to the widest scope. If you assign a user-level PIN policy to a user, those settings take precedence. If you do not assign a user policy, the site-level PIN policy applies, if it exists. If no user or site policies apply, global PIN policy provides the default settings. In This Section Modify the Default Dial-in Conferencing PIN Settings Create or Modify Dial-in Conferencing PIN Settings for a Site or Group of Users Delete Dial-in Conferencing PIN Settings for a Site or Group of Users

Modify the Default Dial-in Conferencing PIN Settings The global PIN policy defines the rules for dial-in conferencing PINs at the forest level. Follow these steps to modify the global dial-in conferencing PIN policy. For details about creating or modifying a dial-in conferencing PIN policy at the site or user level, see Create or Modify Dial-in Conferencing PIN Settings for a Site or Group of Users. To modify the global PIN policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing and then click PIN Policy. 4. On the PIN Policy page, click the Global policy, click Edit, and then click Show

158

Microsoft Lync Server 2010 Administration Guide

details. 5. In Edit PIN Policy, in Minimum PIN length, type or select the minimum PIN length that you want to allow. The default minimum length is five digits. 6. To be able to specify the maximum number of logon attempts before a user is locked out, select the Specify maximum logon attempts check box. If you do not select this option, the maximum number of allowed attempts is automatically determined based on the PIN length. By default, the maximum number of attempts is automatically determined. 7. If you selected the Specify maximum logon attempts check box, in Maximum logon attempts, type or select the maximum number of logon attempts that you want to allow. 8. To have PINs expire, select the Enable PIN expiration check box. If you do not select this option, PINs will never expire. By default, PINs never expire. 9. If you selected the Enable PIN expiration check box, in PIN expires after (days), type or select the number of days after which PINs expire. 10. In PIN history count, type the number of PINs that a user must create before the user can reuse a PIN. By default, users can reuse their PINs. 11. To allow common patterns of digits in PINs, such as sequential numbers and repetitive sets of numbers, select the Allow common patterns check box. If you do not select this option, only complex patterns of digits are allowed. By default, only complex patterns of digits are allowed. Important: We recommend that you do not allow common patterns. 12. Click Commit.

Create or Modify Dial-in Conferencing PIN Settings for a Site or Group of Users Follow these steps to create or modify a user-level or a site-level dial-in conferencing personal identification number (PIN) policy. For details about how to change the global PIN policy, see Modify the Default Dial-in Conferencing PIN Settings. To create a user or site PIN policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing and then click PIN Policy. 4. On the PIN Policy page, click New, and then do one of the following: To create a user-level policy, click User policy. In New PIN Policy, in Name,

159

Microsoft Lync Server 2010 Administration Guide

type a name that describes the policy. To create a site-level policy, click Site policy. In the Select a Site search field, type all or part of the name of the site for which you want to create a policy. In the list of sites, click the site you want, and then click OK. 5. In the Description field, type a description of the PIN policy. 6. In the Minimum PIN length field, type or select the minimum PIN length that you want to allow. The default minimum length is five digits. 7. To be able to specify the maximum number of logon attempts before a user is locked out, select the Specify maximum logon attempts check box. If you do not select this option, the maximum number of allowed attempts is automatically determined based on the PIN length. By default, the maximum number of attempts is automatically determined. 8. If you selected the Specify maximum logon attempts check box, in Maximum logon attempts, type or select the maximum number of logon attempts that you want to allow. 9. To have PINs expire, select the Enable PIN expiration check box. If you do not select this option, PINs will never expire. By default, PINs never expire. 10. If you selected the Enable PIN expiration check box, in PIN expires after (days), type or select the number of days after which PINs expire. 11. In PIN history count, type the number of PINs that a user must create before the user can reuse a PIN. By default, users can reuse their PINs. 12. To allow common patterns of digits in PINs, such as sequential numbers and repetitive sets of numbers, select the Allow common patterns check box. If you do not select this option, only complex patterns of digits are allowed. By default, only complex patterns of digits are allowed. Important: We recommend that you do not allow common patterns. 13. Click Commit. To change a user or site PIN policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing and then click PIN Policy. 4. On the PIN Policy page, click the PIN policy that you want to change, click Edit, and then click Show details. 5. In Edit PIN Policy, modify any of the policy settings (except for the policy name,

160

Microsoft Lync Server 2010 Administration Guide

which cannot be modified). 6. Click Commit.

Delete Dial-in Conferencing PIN Settings for a Site or Group of Users Follow these steps to delete a user-level or a site-level PIN policy. Note: You cannot delete the global PIN policy. To delete a user or site PIN policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing and then click PIN Policy. 4. On the PIN Policy page, in the search field, type all or part of the name of the policy you want to delete. 5. In the list of policies, click the policy that you want, click Edit, and then click Delete. 6. Click OK.

Configuring Support for Clients and Devices


The topics in this section provide step-by-step procedures for tasks that you can perform by using the Clients group in Microsoft Lync Server 2010 Control Panel.

In This Section
Specify the Client Versions Supported in Your Organization View Software Updates for Devices in Your Organization Modify the Default Action for Clients Not Explicitly Supported or Restricted View Software Updates for Devices in Your Organization Add a Device to Test Update Functionality Modify Settings for Log Files of Device Update Activity Configure Voice Quality of Service for Lync 2010 Phone Edition Configure Security Settings for Lync 2010 Phone Edition Configure Phone Lock for Lync 2010 Phone Edition

161

Microsoft Lync Server 2010 Administration Guide

Specify the Client Versions Supported in Your Organization


Microsoft Lync Server 2010 enables you to specify the version of clients that are supported in your environment. When two clients that are running different versions interact, the features that are available to either client can be limited by the capabilities of the other client. To make the greatest use of features included in Lync Server 2010 and to improve the overall user experience, you can use the client version filter to restrict the client versions that are used in your Lync Server environment. By using the client version filter, you can also help reduce costs associated with supporting multiple client versions. In addition to creating a global policy, you can create client version policies for a particular service or site, or user-scoped policies that can be assigned to individual users. The user-scoped client version policy can be assigned to individual users from the Users group in Lync Server Control Panel. Note: Because anonymous users are not associated with a user, site, or service, anonymous users are affected by global-level policies only. Important: Filters are listed in order of precedence. For example, if you have a filter that allows clients running version 1.5 or later to connect, followed by a filter that blocks clients running a version earlier than 2.0, the first filter takes precedence, and clients running version 1.5 are allowed to connect. To edit the default client version policy 1. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 2. In the left navigation bar, click Clients. Note: The Client Version Policy tab is selected by default. 3. On the Client Version Policy page, double-click the Global policy in the list. 4. In Edit Client Version Policy, do one of the following: Click New to create a new client version rule. Click one of the defined client types in the list, and then click Show details.

Note: You can use wildcards to indicate the client type. 5. In Application, select a client type. 6. Under Version number, do the following: In Major version, type the number that corresponds to the major release of the client. In Minor version, type the number that corresponds to the minor release of the

162

Microsoft Lync Server 2010 Administration Guide

client. In Build, type the number that corresponds to the major and minor release of the client. In Update, type the number that corresponds to the updated release of the client.

Note: You can use wildcards to indicate the client version number. 7. To specify the matching operation for the client version you specified in the preceding steps, in Comparison operation, click one of the following: Same as Is not Newer than Newer than or same as Older than Older than or same as

8. To specify the action to perform when the criteria in the preceding steps are met, click one of the following in Action: To allow the client to log on, click Allow. To allow the client to log on and receive updates from Windows Server Update Service or Microsoft Update, click Allow and Upgrade. This action is available only when Microsoft Lync 2010 is selected. Note: Selecting this action causes a notification to appear the next time users sign into Lync 2010. The notification states that an update is available, even if updates have not yet been released to Windows Server Update Service or Microsoft Update. To avoid confusion, you should choose this action only after updates become available. To allow the client to log on and display a message about where to download another client version, click Allow with URL. You specify the URL later in this procedure. To prevent the client from logging on, click Block. To prevent the client from logging on and allow the client to receive updates from Windows Server Update Service or Microsoft Update, click Block and Upgrade. This action is available only when the Lync 2010 application is selected. To prevent the client from logging on and display a message about where to download another client version, click Block with URL. You specify the URL later in this procedure. 9. (Optional) If you clicked Allow with URL or Block with URL in the previous step, type the client download URL to include in the message in URL. 10. Click OK, and then click Commit.

163

Microsoft Lync Server 2010 Administration Guide

View the Status of Services Running on a Computer


You can use Lync Server Control Panel to view all the services that are running on a specific computer in your Lync Server 2010 topology and see the status of each service. To view the status of services running on a computer 1. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 2. In the left navigation bar, click Topology. 3. On the Status page, sort or search the list as needed to find the computer you are interested in and then click the computer name. 4. Do any of the following: To see the latest status of services running on the computer, click Get service status. To see a list of specific services running on the computer and the status of each service, click Properties and then click Close to return to the list.

Modify the Default Action for Clients Not Explicitly Supported or Restricted
In addition to specifying the version of clients that you want to support in your Microsoft Lync Server 2010 environment, you can also specify a default action for clients that do not already have a version policy defined. This enables you to restrict which client versions are used in your Lync Server 2010 environment, which can help you control the costs associated with supporting multiple client versions. To modify the default action for clients not explicitly supported or restricted 1. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 2. In the left navigation bar, click Clients, and then click Client Version Configuration. 3. On the Client Version Configuration page, double-click the Global configuration in the list. 4. In the Edit Client Version Configuration dialog box, verify that the Enable version control check box is selected and then, under Default action, select one of the following: Allow Allows the client to log on if the client version does not match any filter in the Client version policies list. Block Prevents the client from logging on if the client version does not match

164

Microsoft Lync Server 2010 Administration Guide

any filter in the Client version policies list. Block with URL Prevents the client from logging on if the client version does not match any filter in the Client version policies list, and include an error message containing a URL where a newer client can be downloaded. Allow with URL Allows the client to log on if the client version does not match any filter in the Client version policies list, and include an error message containing a URL where a newer client can be downloaded. 5. If you selected Block with URL, type the client download URL to include in the error message in the URL box. 6. Click Commit. To disable client version control To disable version control to allow all clients to log on regardless of the client version, clear the Enable version control check box, and then click Commit.

View Software Updates for Devices in Your Organization


With Microsoft Lync Server 2010, you use Device Update Web service to view and manage software updates for your organizations devices. These updates are available in .cab (cabinet) files from the Microsoft Support website at http://go.microsoft.com/fwlink/?LinkId=204091. After you download the .cab file, run the Import-CSdeviceUpdate cmdlet to import the device update rules from the .cab file. For details about the Import-CSdeviceUpdate cmdlet, see ImportCsDeviceUpdate in the Lync Server Management Shell documentation. Tip: Before deploying a new update to your organization, verify that it functions correctly on a test device. To view software updates for UC devices 1. From the Microsoft Support website at http://go.microsoft.com/fwlink/?LinkId=204091, download the .cab file to a location on a Lync Server 2010 computer (for example, C:\Updates\UCUpdates.cab). 2. Import the device update rules from the C:\Updates\UCUpdates.cab file by running one of the following cmdlets: If the .cab file is located on the same computer as the one running the service to be updated (service:Redmond-websvc-2), run the following cmdlet: Import-CsDeviceUpdate Identity service:Redmond-websvc-2 FileName C:\Updates\UCUpdates.cab If the .cab file is located on a different computer than the one running the service to be updated (service:Redmond-websvc-3), run the following cmdlet: Import-CsDeviceUpdate Identity service:Redmond-websvc-3

165

Microsoft Lync Server 2010 Administration Guide

ByteInput C:\Updates\UCUpdates.cab 3. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 4. In the left navigation bar, click Clients, and then click Device Update. 5. On the Device Update page, click an update in the list, and then do one of the following: Cancel a pending update. To prevent the selected update from being deployed to your organizations devices, click the Action menu, and then click Cancel pending updates. Approve an update. To allow the selected update to be deployed to your organizations devices, click the Action menu, and then click Approve. Restore an update. To allow a previously approved update to be deployed to your organizations devices, click the Action menu, and then click Restore.

Add a Device to Test Update Functionality


You can add a test device to the Test Device page and then use this device to verify the functionality of new updates before deploying the updates to production devices. You can test a device globally (throughout your entire Microsoft Lync Server 2010 environment) or within a single site. You identify a test device by its Media Access Control (MAC) address or serial number. When you add a device, it appears in the list on the Test Device page of the Lync Server Control Panel. To add a test device 1. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 2. In the left navigation bar, click Clients, and then click Test Device. 3. Click New, and then click either Global test device or Site test device. 4. Do one of the following: If you clicked Global test device, skip to the next step. If you clicked Site test device, select a site from the list of available sites, and then click OK. 5. In New Test Device, type a name for the device in Device name. 6. Under Identifier type, click either MAC address or Serial number. 7. In the Unique identifier box, type the MAC address or serial number of the device. 8. Click Commit.

166

Microsoft Lync Server 2010 Administration Guide

Modify Settings for Log Files of Device Update Activity


Device Update Web service automatically creates log files that record device update activity. As part of your organizations data management strategy, you may want to periodically purge the log files to free up disk space. You can also configure a time of day when you want Device Update Web service to automatically delete log files that are older than the number of days you configured the service to keep log files (by default, that is log files that are more than 10 days old). Note: Some settings, including the time of day that Device Update Web service automatically deletes expired log files, cannot be modified using Lync Server Control Panel. Instead, you must use Lync Server Management Shell. To specify the time of day to delete expired log files, use the New-CsDeviceUpdateConfiguration cmdlet with the LogCleanUpTimeOfDay parameter. For details, see New-CsDeviceUpdateConfiguration in the Lync Server Management Shell documentation. You can change these settings according to your organizations requirements. If you do not want Device Update Web service to purge log files automatically, you can purge them manually, as needed. Log settings can be changed globally or per site. Caution: Purging files permanently removes them from the file system. After you purge a file, it cannot be recovered. To change logging settings 1. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 2. In the left navigation bar, click Clients, and then click Device Log Configuration. 3. On the Device Log Configuration page, double-click the configuration that you want to change. 4. In the Edit Log Setting dialog box, change any of the following settings as necessary: Maximum file size (bytes) Specifies the maximum size a log file can become before it is purged. The default is 1,024,000 bytes (1 MB). Maximum cache size (bytes) Specifies the maximum amount of information (in bytes) that can be held in the log file cache before that cache must be cleared and the data is written to a log file. The default is 512,000 bytes (0.5 MB). Number of minutes to flush cache (1-60) Indicates how often information stored in the log file cache is written to the actual log file. After the data is logged, the cache is cleared. The default is five minutes. Number of days to keep log files (1-365) Specifies the number of days the log files are kept before they are purged. The default is 10 days. 5. Click Commit.

167

Microsoft Lync Server 2010 Administration Guide

Configure Security Settings for Lync 2010 Phone Edition


You can configure transport and authentication requirements for Microsoft Lync 2010 Phone Edition devices in a pool by setting the SIP security level for IP phones connecting to Microsoft Lync Server 2010. To configure security settings for Lync 2010 Phone Edition 1. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 2. In the left navigation bar, click Clients, and then click Device Configuration. 3. On the Device Configuration page, in the list of device configurations, double-click the configuration for which you want to change security settings. 4. In Edit Device Configuration, under SIP security, specify the SIP security level. The default level is High.

Configure Voice Quality of Service for Lync 2010 Phone Edition


You can configure voice Quality of Service (QoS) requirements for Microsoft Lync 2010 Phone Edition devices in a pool by setting the QoS level for IP phones connecting to Microsoft Lync Server 2010. To configure voice Quality of Service for Lync 2010 Phone Edition 1. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 2. In the left navigation bar, click Clients, and then click Device Configuration. 3. On the Device Configuration page, in the list of device configurations, double-click the configuration for which you want to change QoS settings. 4. In Edit Device Configuration, under Voice quality of service, specify the QoS level. The default level is 40.

Configure Phone Lock for Lync 2010 Phone Edition


Microsoft Lync 2010 Phone Edition devices can be locked for security purposes. If you choose to enforce the phone lock, you can specify whether the phone lock is enforced globally or only within the site for which it is configured. When you configure the phone lock, you specify the following settings:

168

Microsoft Lync Server 2010 Administration Guide

Minimum PIN length The minimum length for the personal identification number (PIN) that is used to unlock the phone. The range for the PIN length is four to 15 digits. The default length is six digits. Phone lock time-out The minimum length of time before the phone locks itself. The range for the time-out is 0 to 60 minutes; the default value is 10 minutes. Enter the value in the format HH:MM:SS. To configure the phone lock 1. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 2. Click Clients, and then click Device Configuration. 3. On the Device Configuration tab, in the list of device configurations, double-click the configuration for which you want to change the phone lock settings. 4. In the Edit Device Configuration dialog box, verify that the Enforce device locking check box is selected. 5. In Minimum PIN length, accept the default value or specify a new value. 6. In Phone lock time-out, accept the default value or specify a new value. 7. Click Commit.

Managing External Connectivity


After installing and configuring you internal deployment of Microsoft Lync Server 2010, internal users in your organization can collaborate with other internal users who have SIP accounts in your Active Directory Domain Services (AD DS). Collaboration can include exchanging instant messages and presence information and, if configured, participating in conferences (also known as "meetings"). By default, only users who are logged on to your internal network can log on to Lync Server 2010. You enable and configure external user access to control whether supported external users can collaborate with internal Lync Server users. External users can include remote users, federated users (including supported users of public instant messaging (IM) service providers), and anonymous participants in conferences, depending on how you configure external user access. Deploying an Edge Server or Edge pool is the first step to supporting external users. For details about deploying Edge Servers, see Deploying Edge Servers in the Deployment documentation. After completing the setup of an Edge Server or Edge pool, you must enable the types of external user access that you want to support and configure support for the external users that your organization wants to support. In Lync Server 2010, you enable and configure external user access using the Lync Server Control Panel and the Lync Server Management Shell. For details about these management tools, see Lync Server Control Panel in the Operations documentation, Lync Server Management Shell in the Operations documentation, Lync Server Control Panel in the Operations documentation, and Install Lync Server Administrative Tools in the Operations documentation.

169

Microsoft Lync Server 2010 Administration Guide

To support external user access, you must do both of the following: Enable support for your organization. To enable support for external user access in your deployment, you enable each type external user access that you want to support. You enable and disable support for external user access Lync Server 2010 Control Panel by editing the global settings on the Access Edge Configuration page in the External User Access group. Enabling support for external user access specifies that your servers running the Lync Server Access Edge service support communications with external users, but external users cannot communicate with internal users until you also configure at least one policy to manage the use of external user access. External users cannot communicate with users of your organization when external user access is disabled or if no policies are configured to support it. Configure and assign one or more policies to support external user access, which can include the following. External user access policies, which you can create and configure to control use of one or more types of external user access, including access for your remote users, access by users of federated domains, and access for users of supported public IM service providers. You configure external user policies in Lync Server 2010 Control Panel using the global policy and, optionally, one or more site and user policies, on the External Access Policy page in the External User Access group. The global policy is created when you first deploy an Edge Server or Edge pool and cannot be deleted. You create and configure any site and user policies that you want to use to limit external user access to specific sites or users. Global and site policies are automatically assigned. If you create and configure a user policy, you must then assign it to the specific users or users groups to whom you want it to apply. Each external user access policy can support one or more of the following: remote user access, federated user access, and public IM connectivity. Conferencing policies, which you can create and configure to control conferencing in your organization, including which users in your organization can invite anonymous users to conferences that they host. After creating a conferencing policy and enabling support for anonymous users in the policy, you must then assign the policy to the specific users or user groups that need to be able to invite anonymous users to their conferences. You can configure external user access settings, including any policies that you want to use to control external user access, even if you have not enabled external user access for your organization. However, the policies and other settings that you configure are in effect only when you have external user access enabled for your organization. External users cannot communicate with users of your organization when external user access is disabled or if no external user access policies are configured to support it. Your edge deployment authenticates the types of external users and controls access based on how you configure your edge support. In order to control communications across the firewall, you can configure one or more policies and configure other settings that define how users inside and outside your firewall communicate with each other. This includes the default global policy for external user access, in addition to site and user policies that you can create and configure to enable one or more types of external user access for specific sites or users.

170

Microsoft Lync Server 2010 Administration Guide

In This Section
Enable or Disable External User Access for Your Organization Manage Communications with External Users

Enable or Disable External User Access for Your Organization


After deploying one or more Edge Servers, you must enable the specific types of external user access to be supported for your organization. This includes the following types of external user access: Remote user access Enable this if you want users in your organization who are outside your firewall, such as telecommuters and users who are traveling, to be able to connect to Lync Server 2010. Federation Enable this if you want to support access by users of federated partner domains, users of public IM service providers, or both. Anonymous user access Enable this if you want internal users to be able to invite anonymous users to their conferences. Note: In addition to enabling external user access support, you must also configure policies to control the use of external user access in your organization before any type of external user access is available to users. For details about creating, configuring, and applying policies for external user access, see Manage Communications with External Users in the Deployment documentation or Operations documentation. In This Section Enable or Disable Remote User Access for Your Organization Enable or Disable Federation for Your Organization Enable or Disable Anonymous User Access for Your Organization

Enable or Disable Remote User Access for Your Organization Remote users are users in your organization who have a persistent Active Directory identity within the organization. Remote users often sign in to Lync Server your network from outside the firewall by using a virtual private network (VPN) when they are not connected internally to your organizations network. Remote users include employees working at home or on the road and other remote workers, such as trusted vendors, who have been granted enterprise credentials. If you enable remote user access for remote users, supported remote users do not have to connect using a VPN in order to collaborate with internal users using Lync Server 2010. To support remote user access, you must enable it. When you enable it, you enable it for your entire organization. If you later want to temporarily or permanently prevent remote user access, you can disable it for your organization. Use the procedure in this section to enable or disable remote user access for your organization. Note: Enabling remote user access only specifies that your servers running the Access Edge service support communications with remote users, but remote users cannot participate

171

Microsoft Lync Server 2010 Administration Guide

in instant messaging (IM) or conferences in your organization until you also configure at least one policy to manage the use of remote user access. For details about configuring policies for the use of remote user access, see Manage Remote User Access in the Deployment documentation or the Operations documentation. To enable or disable remote user access for your organization 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click External User Access, and then click Access Edge Configuration. 4. On the Access Edge Configuration page, click Global, click Edit, and then click Show details. 5. In Edit Access Edge Configuration, do one of the following: To enable remote user access for your organization, select the Enable remote user access check box. To disable remote user access for your organization, clear the Enable remote user access check box. 6. Click Commit. To enable remote users to sign in to your servers running Lync Server 2010, you must also configure at least one external access policy to support remote user access. For details, see Manage Remote User Access in the Deployment documentation or the Operations documentation.

Enable or Disable Federation for Your Organization Support for federation is required to enable users who have an account with a trusted customer or partner organization, including partner domains and users of public instant messaging (IM) provider users that you support, to collaborate with users in your organization. Federation is also required to use a hosted Exchange service provider to provide voice mail to Enterprise Voice users whose mailboxes are located on a hosted Exchange service such as Microsoft Exchange Online. When you have established a trust relationship with such external domains, you can authorize users in those domains to access your deployment and participate in Lync Server communications. This trust relationship is called federation and it is not related to or dependent upon an Active Directory trust relationship. To support access by users of federated domains, you must enable federation. If you enable federation for your organization, you must also specify whether to implement the following options:

172

Microsoft Lync Server 2010 Administration Guide

Enable partner domain discovery. If you enable this option, Lync Server 2010 uses Domain Name System (DNS) records to try to discover domains not listed in the allowed domains list, automatically evaluating incoming traffic from discovered federated partners and limiting or blocking that traffic based on trust level, amount of traffic, and administrator settings. If you do not select this option, federated user access is enabled only for users in the domains that you include on the allowed domains list. Whether or not you select this option, you can specify that individual domains to be blocked or allowed, including restricting access to specific servers running the Access Edge service in the federated domain. For details about controlling access by federated domains, see Control Access by Individual Federated Domains. Send an archiving disclaimer to federated partners to advise them that communications are recorded. If you support archiving of external communications with federated partner domains, you should enable the archiving disclaimer notification to warn partners that their messages are being archived. If you later want to temporarily or permanently prevent access by users of federated domains, you can disable federation for your organization. Use the procedure in this section to enable or disable federated user access for your organization, including specifying the appropriate federation options to be supported for your organization. Note: Enabling federation for your organization only specifies that your servers running the Access Edge service support routing to federated domains. Users in federated domains cannot participate in IM or conferences in your organization until you also configure at least one policy to support federated user access. Users of public IM service providers cannot participate in IM or conferences in your organization until you also configure at least one policy to support public IM connectivity. Lync Server cannot use a hosted Exchange service to provide call answering, Outlook Voice Access (including voice mail), or auto-attendant services for users whose mailboxes are located on a hosted Exchange service until you configure a hosted voice mail policy that provides routing information. For details about configuring policies for communication with users of federated domains in other organizations, see Manage Federated Partner User Access in the Deployment documentation or the Operations documentation. Additionally, if you want to support communication with users of IM service providers, you must configure policies to support it and also configure support for the individual service providers that you want to support. For details, see Manage IM Provider Support in the Deployment documentation or the Operations documentation. For details about creating a hosted voice mail policy, see Manage Hosted Voice Mail Policies in the Deployment documentation. To enable or disable federated user access for your organization 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server

173

Microsoft Lync Server 2010 Administration Guide

Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click External User Access, and then click Access Edge Configuration. 4. On the Access Edge Configuration page, click Global, click Edit, and then click Show details. 5. In Edit Access Edge Configuration, do one of the following: To enable federated user access for your organization, select the Enable communications with federated users check box. To disable federated user access for your organization, clear the Enable communications with federated users check box. 6. If you selected the Enable communications with federated users check box, do the following: a. If you want to support automatic discovery of partner domains, select the Enable partner domain discovery check box. b. If your organization supports archiving of external communications, select the Send archiving disclaimer to federated partners check box. 7. Click Commit. To enable federated users to collaborate with users in your Lync Server 2010 deployment, you must also configure at least one external access policy to support federated user access. For details, see Manage Federated Partner User Access in the Deployment documentation or the Operations documentation. To control access for specific federated domains, see Control Access by Individual Federated Domains in the Deployment documentation or Operations documentation.

Enable or Disable Anonymous User Access for Your Organization Anonymous users are users who do not have a user account in your organization's Active Directory Domain Services (AD DS) or in a supported federated domain, can be invited to participate remotely in an on-premises conference. By allowing anonymous participation in meetings you enable anonymous users (that is, users whose identity is verified through the meeting or conference key only) to join meetings. Allowing anonymous participation requires enabling it for your organization. If you later want to temporarily or permanently prevent access by anonymous users, you can disable it for your organization. Use the procedure in this section to enable or disable anonymous user access for your organization. Note: Enabling anonymous user access for your organization only specifies that your servers running the Access Edge service support access by anonymous users. Anonymous users cannot participate in any meetings in your organization until you also configure at least one conferencing policy and apply it to one or more users or user groups. The only users that can invite anonymous users to meetings are those users that are assigned a

174

Microsoft Lync Server 2010 Administration Guide

conferencing policy that is configured to support anonymous users. For details about configuring conferencing policies to support anonymous users, see Configure Conferencing Policies to Support Anonymous Users in the Deployment documentation or the Operations documentation. To enable or disable anonymous user access for your organization 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click External User Access, and then click Access Edge Configuration. 4. On the Access Edge Configuration page, click Global, click Edit, and then click Show details. 5. In Edit Access Edge Configuration, do one of the following: To enable anonymous user access for your organization, select the Enable communications with anonymous users check box. To disable anonymous user access for your organization, clear the Enable communications with anonymous users check box. 6. Click Commit. To enable anonymous users to participate in conferences hosted by users in your Lync Server 2010 deployment, you must also configure and assign at least one conferencing policy to support anonymous users. For details, see Configure Conferencing Policies to Support Anonymous Users in the Deployment documentation or the Operations documentation.

Manage Communications with External Users


By default, no policies are configured to support external user access, including remote user access, federated user access, even if you have already enabled external user access support for your organization. To control the use of external user access, you must configure one or more policies, specifying the type of external user access supported for each policy. This includes the following external access policies: Global policy The global policy is created when you deploy your Edge Servers. By default, no external user access options are enabled in the global policy. To support external user access at the global level, you configure the global policy to support one or more types of external user access options. The global policy applies to all users in your organization, but site policies and user policies override the global policy. If you delete the global policy, you do not remove it. Instead, you reset it to the default setting. Site policy You can create and configure one or more site policies to limit support for external user access to specific sites. The configuration in the site policy overrides the global

175

Microsoft Lync Server 2010 Administration Guide

policy, but only for the specific site covered by the site policy. For example, if you enable remote user access in the global policy, you might specify a site policy that disables remote user access for a specific site. By default, a site policy is applied to all users of that site, but you can assign a user policy to a user to override the site policy setting. User policy You can create and configure one or more user policies to limit support for remote user access to specific users. The configuration in the user policy overrides the global and site policy, but only for the specific users to whom the user policy is assigned. For example, if you enable remote user access in the global policy and site policy, you might specify a user policy that disables remote user access and then assign that user policy to specific users. If you create a user policy, you must apply it to one or more users before it takes effect. To support participation by anonymous users in conferences, you must configure a conferencing policy and assign the policy to users. Assigning a conferencing policy in which anonymous participation is enabled to users or user groups enables those users to invite anonymous users to conferences that they host. In addition to external user access policies and conferencing policies, some external user access options, including access by federated users and access by public users, require configuration of other options. This includes the following: Specifying allowed and blocked domains for federated partners, in addition to any specific servers running the Access Edge service that you want to allow or block. Specifying which specific service providers your organization supports, including the name of the server running the Access Edge service and the verification level supported for the provider. In This Section Manage Remote User Access Manage Federated Partner User Access Manage IM Provider Support Configure Conferencing Policies to Support Anonymous Users Apply Policies for External User Access to Users Reset or Delete External User Access Policies

Manage Remote User Access You configure one or more external user access policies to control whether remote users can collaborate with internal Lync Server users. To control remote user access, you can configure policies at the global, site, and user level. Site policies override the global policy, and user policies override site and global policies. For details about the types of policies that you can configure, see Manage Communications with External Users in the Deployment documentation or the Planning documentation. Note: You can configure policies to control remote user access, even if you have not enabled remote user access for your organization. However, the policies that you configure are in

176

Microsoft Lync Server 2010 Administration Guide

effect only when you have remote user access enabled for your organization. For details about enabling remote user access, see Enable or Disable Remote User Access for Your Organization in the Deployment documentation or the Operations documentation. Additionally, if you specify a user policy to control remote user access, the policy applies only to users that are enabled for Lync Server 2010 and configured to use the policy. For details about specifying users that can sign in to Lync Server 2010 from remote locations, see Apply External User Access Policies to Users in the Deployment documentation or the Operations documentation. Use the following procedure to configure each external access policy that you want to use to control remote user access. Note: This procedure describes how to configure a policy only to enable communications with remote users, but each policy that you configure to support remote user access can also support federated user access and public user access. For details about configuring policies to support federated users, see Configure Policies to Control Federated User Access. For details about configuring policies to support public users, see Configure Policies to Control Access by Users of IM Service Providers. To configure an external access policy to support remote user access 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click External User Access, and then click External Access Policy. 4. On the External Access Policy page, do one of the following: To configure the global policy to support remote user access, click the global policy, click Edit, and then click Show details. To create a new site policy, click New, and then click Site policy. In Select a Site, click the appropriate site from the list and then click OK. To create a new user policy, click New, and then click User policy. In New External Access Policy, create a unique name in the Name field that indicates what the user policy covers (for example, EnableRemoteUsers for a user policy that enables communications for remote users). To change an existing policy, click the appropriate policy listed in the table, click Edit, and then click Show details. 5. (Optional) If you want to add or edit a description, specify the information for the policy in Description. 6. Do one of the following: To enable remote user access for the policy, select the Enable communications

177

Microsoft Lync Server 2010 Administration Guide

with remote users check box. To disable remote user access for the policy, clear the Enable communications with remote users check box. 7. Click Commit. To enable remote user access, you must also enable support for remote user access in your organization. For details, see Enable or Disable Remote User Access for Your Organization in the Deployment documentation or the Operations documentation. If this is a user policy, you must also apply the policy to users that you want to be able to connect remotely. For details, see Apply External User Access Policies to Users in the Deployment documentation or the Operations documentation.

Manage Federated Partner Access To manage support for users of federated domains, you need to do the following: Configure one or more external user access policies to support users of federated domains. Specify whether to allow discovery of federated partners. Specify any specific federated domains that you want to allow or block.

To perform these tasks, use the procedures in this this section. In This Section Configure Policies to Control Federated User Access Enable or Disable Discovery of Federation Partners Control Access by Individual Federated Domains Enable or Disable Sending an Archiving Disclaimer to Federated Partners

Configure Policies to Control Federated User Access When you configure policies to support for federated partners, the policies apply to users of federated domains, but not for users of instant messaging (IM) service providers (for example, Windows Live), unless you also enable support for service provider users in the policy. You can configure one or more external user access policies to control whether users of federated domains can collaborate with internal Lync Server users. To control federated user access, you can configure policies at the global, site, and user level. Site policies override the global policy, and user policies override site and global policies. For details about the types of policies that you can configure, see Manage Communications with External Users in the Deployment documentation or the Planning documentation. Note: You can configure policies to control federated user access, even if you have not enabled federation for your organization. However, the policies that you configure are in effect only when you have federation enabled for your organization. For details about enabling federation, see Enable or Disable Federation for Your Organization in the Deployment documentation or the Operations documentation. Additionally, if you specify a user policy

178

Microsoft Lync Server 2010 Administration Guide

to control federated user access, the policy applies only to users that are enabled for Lync Server 2010 and configured to use the policy. For details about specifying federated users that can sign in to Lync Server 2010, see Apply External User Access Policies to Users in the Deployment documentation or the Operations documentation. To configure a policy to support access by users of federated domains 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click External User Access, and then click External Access Policy. 4. On the External Access Policy page, do one of the following: To configure the global policy to support federated user access, click the global policy, click Edit, and then click Show details. To create a new site policy, click New, and then click Site policy. In Select a Site, click the appropriate site from the list and then click OK. To create a new user policy, click New, and then click User policy. In New External Access Policy, create a unique name in the Name field that indicates what the user policy covers (for example, EnableFederatedUsers for a user policy that enables communications for federated domain users). To change an existing policy, click the appropriate policy listed in the table, click Edit, and then click Show details. 5. (Optional) If you want to add or edit a description, specify the information for the policy in Description. 6. Do one of the following: To enable federated user access for the policy, select the Enable communications with federated users check box. To disable federated user access for the policy, clear the Enable communications with federated users check box. 7. Click Commit. To enable federated user access, you must also enable support for federation in your organization. For details, see Enable or Disable Federation for Your Organization in the Deployment documentation or the Operations documentation. If this is a user policy, you must also apply the policy to users that you want to be able to collaborate with federated users. For details, see Apply External User Access Policies to Users in the Deployment documentation or the Operations documentation.

179

Microsoft Lync Server 2010 Administration Guide

Enable or Disable Discovery of Federation Partners At the time you deployed your Edge Servers and enabled federation for your organization, you should have specified whether to support automatic discovery of federated partner domains. Use the procedure in this topic to change that configuration. Note: The following procedure assumes that you have already enabled federation for your organization. For details about enabling federation, see Enable or Disable Federation for Your Organization in the Deployment documentation or the Operations documentation. To enable or disable automatic discovery of federated domains for your organization 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click External User Access, click Access Edge Configuration. 4. On the Access Edge Configuration page, click Global, click Edit, and then click Show details. 5. In Edit Access Edge Configuration, under Enable communications with federated users, select or clear the Enable partner domain discovery check box to enable or disable automatic discovery of partner domains. 6. Click Commit. To enable federated users to collaborate with users in your Lync Server 2010 deployment, you must have also configured at least one external access policy to support federated user access. For details, see Manage Federated Partner User Access in the Deployment documentation or the Operations documentation. For details about controlling access for specific federated domains, see Control Access by Individual Federated Domains in the Deployment documentation or Operations documentation.

Control Access by Individual Federated Domains If you have configured support for federated partners, you can manage which specific domains can federate with your organization by doing either or both of the following: Configure one or more specific external domains as allowed federated domains. To do this, add each domain to the list of allowed domains. Even if partner discovery is enabled for your organization, do this if the domain is a federated partner that might need to communicate with more than 1,000 of your users or might need to send more than 20 messages per second. If partner discovery is not enabled for your organization, only users of external domains that you add to the allowed domains list can participate in IM and conferencing with users in your organization. If you want to restrict access for a federated

180

Microsoft Lync Server 2010 Administration Guide

domain to a specific server running the Access Edge service of the federated partner, you can specify the domain name of the server running the Access Edge service for each domain in the list of allowed domains. Block one or more external domains from connecting to your organization. To do this, add the domain to the list of blocked domains. Note: This procedure describes how to configure support for specific domains, but implementing support for federated users also requires that you enable support for federated users for your organization, and configure and apply policies to control which users can collaborate with federated users. For details about enabling support for federated users, see Enable or Disable Federation for Your Organization in the Deployment documentation or the Operations documentation. For details about configuring policies to control federation, see Configure Policies to Control Federated User Access in the Deployment documentation or the Operations documentation. To add an external domain to the list of allowed domains 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click External User Access, and then click Federated Domains. 4. On the Federated Domains page, click New, and then click Allowed domain. 5. In New Federated Domains, do the following: In Domain name (or FQDN), type the name of the federated partner domain. Notes: This name must be unique and cannot already exist as an allowed domain for this server running the Access Edge service. The name cannot exceed 256 characters in length. The search on the federated partner domain name performs a suffix match. For example, if you type contoso.com, the search will also return the domain it.contoso.com. A federated partner domain cannot simultaneously be blocked and allowed. Lync Server 2010 prevents this from happening so that you do not have to synch up your lists. If you want to restrict access for this federated domain to users of a specific server running the Access Edge service, in Access Edge service (FQDN), type the FQDN of the federated domains server running the Access Edge service. If you want to provide additional information, in Comment, type information that you want to share with other system administrators about this configuration. 6. Click Commit.

181

Microsoft Lync Server 2010 Administration Guide

7. Repeat steps 4 through 6 for each federated partner domain that you want to allow. To enable federated user access, you must also enable support for federated user access in your organization. For details, see Enable or Disable Federation for Your Organization in the Deployment documentation or the Operations documentation. Additionally, you must configure and apply the policy to users that you want to be able to collaborate with federated users. For details, see Configure Policies to Control Federated User Access in the Deployment documentation or the Operations documentation. To add an external domain to the list of blocked domains 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click External User Access. 4. Click Federated Domains, click New, and then click Blocked domain. 5. In New Federated Domains, do the following: In Domain name (or FQDN), type the name of the federated partner domain that you want to block. Notes: The name cannot exceed 256 characters in length. The search on the federated partner domain name performs a suffix match. For example, if you type contoso.com, the search will also return the domain it.contoso.com. A federated partner domain cannot simultaneously be blocked and allowed. Lync Server 2010 prevents this from happening so that you do not have to synch up your lists. (Optional) In Comment, type information that you want to share with other system administrators about this configuration. 6. Click Commit. 7. Repeat steps 4 through 6 for each federated partner that you want to block.

Enable or Disable Sending an Archiving Disclaimer to Federated Partners At the time you deployed your Edge Servers and enabled federation for your organization, you should have specified whether to automatically send the archiving disclaimer to federated partners. If you archive external communications, you should enable the sending of an archiving disclaimer. Use the procedure in this topic to change that configuration.

182

Microsoft Lync Server 2010 Administration Guide

Note: The following procedure assumes that you have already enabled federation for your organization. For details about enabling federation, see Enable or Disable Federation for Your Organization in the Deployment documentation or the Operations documentation. To enable or disable sending an archiving disclaimer to federated partners 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click External User Access, click Access Edge Configuration. 4. On the Access Edge Configuration tab, click Global, click Edit, and then click Show details. 5. In Edit Access Edge Configuration, under Enable communications with federated users, select or clear the Send archiving disclaimer to federated partners check box to enable or disable automatically sending the archiving disclaimer. 6. Click Commit. To enable federated users to collaborate with users in your Lync Server 2010 deployment, you must have also configured at least one external access policy to support federated user access. For details, see Manage Federated Partner User Access in the Deployment documentation or the Operations documentation. For details about controlling access for specific federated domains, see Control Access by Individual Federated Domains in the Deployment documentation or Operations documentation.

Manage IM Provider Support To configure support for users of public instant messaging (IM) providers, you need to do both of the following: Configure one or more external user access policies to support the use of public IM services. Specify which public IM providers you want to support. To perform these tasks, use the procedures in this this section. In This Section Configure Policies to Control Access by Users of IM Service Providers Specify Supported IM Service Providers

Configure Policies to Control Access by Users of IM Service Providers Public instant messaging (IM) connectivity enables users in your organization to use IM to communicate with users of IM services provided by public IM service providers, including the

183

Microsoft Lync Server 2010 Administration Guide

Windows Live network of Internet services, Yahoo!, and AOL. You configure one or more external user access policies to control whether public users can collaborate with internal Lync Server users. To control public user access, you can configure policies at the global, site, and user level. Site policies override the global policy, and user policies override site and global policies. For details about the types of policies that you can configure, see Manage Communications with External Users in the Deployment documentation or the Planning documentation. In the case of IM invitations, the response depends on the client software. The request is accepted unless external senders are explicitly blocked by a user-configured rule (that is, the settings in the users client Allow and Block lists). Additionally, IM invitations can be blocked if a user elects to block all IM from users who are not on his or her Allow list. Note: You can configure policies to control public user access, even if you have not enabled federation for your organization. However, the policies that you configure are in effect only when you have federation enabled for your organization. For details about enabling federation, see Enable or Disable Federation for Your Organization in the Deployment documentation or the Operations documentation. Additionally, if you specify a user policy to control public user access, the policy applies only to users that are enabled for Lync Server 2010 and configured to use the policy. For details about specifying public users that can sign in to Lync Server 2010, see Apply External User Access Policies to Users in the Deployment documentation or the Operations documentation. Use the following procedure to configure a policy to support access by users of one or more public IM providers. To configure an external access policy to support public user access 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click External User Access, and then click External Access Policy. 4. On the External Access Policy page, do one of the following: To configure the global policy to support public user access, click the global policy, click Edit, and then click Show details. To create a new site policy, click New, and then click Site policy. In Select a Site, click the appropriate site from the list and then click OK. To create a new user policy, click New, and then click User policy. In New External Access Policy, create a unique name in the Name field that indicates what the user policy covers (for example, EnablePublicUsers for a user policy that enables communications for public users). To change an existing policy, click the appropriate policy listed in the table, click

184

Microsoft Lync Server 2010 Administration Guide

Edit, and then click Show details. 5. (Optional) If you want to add or edit a description, specify the information for the policy in Description. 6. Do one of the following: To enable public user access for the policy, select the Enable communications with public users check box. To disable public user access for the policy, clear the Enable communications with public users check box. 7. Click Commit. To enable public user access, you must also enable support for federation in your organization. For details, see Enable or Disable Federation for Your Organization in the Deployment documentation or the Operations documentation. If this is a user policy, you must also apply the policy to public users that you want to be able to collaborate with public users. For details, see Apply External User Access Policies to Users in the Deployment documentation or the Operations documentation.

Specify Supported IM Service Providers Users of public instant messaging (IM) services, including any or all of the following: Windows Live, AOL, and Yahoo!, and Extensible Messaging and Presence Protocol (XMPP) providers and servers (for example, Google Talk or Jabber) by using an XMPP gateway. A public IM service provider is a specific type of federated partner. Support for public IM users has specific requirements that are different from the requirements for users of other federated partners. Customers that do not have a volume license for Lync Server 2010 require a separate license if they choose to configure public IM connectivity with Windows Live, AOL, and Yahoo! For details, see "Changes in Office Communications Server Public IM Federation" at http://go.microsoft.com/fwlink/?linkid=197275 and "Microsoft Lync: Pricing and Licensing" at http://go.microsoft.com/fwlink/?LinkId=202848. Note: To use XMPP, you must install the XMPP Gateway. You can download the XMPP Gateway from the Microsoft Download Center at http://go.microsoft.com/fwlink/? LinkId=204552. After you install the XMPP Gateway, you need to install the hotfix, which is available for download from http://go.microsoft.com/fwlink/?LinkId=204561. You can add or remove an IM service provider, and change other settings for any IM service provider (including temporarily blocking the IM service provider). The settings that you can specify for each IM service provider include the following: Whether the IM service provider is hosted or public. Hosted IM service providers are internal to your organization, running as hosted services. Some organizations allow external users to establish federation with internal servers as a hosting provider, similar to establishing federation with a public provider, such as MSN. Whether to permit the IM service provider to federate with your organization.

185

Microsoft Lync Server 2010 Administration Guide

The network address of the IM service providers Access Edge, which you specify by using the fully qualified domain name (FQDN) of the server running the Access Edge service. The filtering options for incoming communications are as follows: Allow communications only with users verified by this provider This setting is the default. It means that you trust the IM service provider's verification level and handle incoming messages accordingly. Requests marked as unverified are handled as described for the Allow communications only with users on recipients' contact lists option. Requests marked as verified are handled as described for the Allow all communications with this provider option. Allow communications only with users on recipients' contact lists This setting means you do not trust verification levels asserted by the IM service provider. If you choose this option, the server running the Access Edge service marks all incoming presence subscription requests as unverified. If the sender is already on the recipients Allow list, the internal server responds to that request. Otherwise, the request is rejected. Similarly, requests for an IM session that are marked unverified are rejected by the client. Allow all communications with this provider This setting means that you accept all messages regardless of whether they are verified or not. If you choose this option, the server running the Access Edge service marks all messages as verified. The recipient's home pool or server notifies the client, and all messages are handled according to settings on the client. In the case of presence subscription requests, the client settings determine how the message is handled. By default, the Windows Live, AOL, and Yahoo! are available in the list, but are not enabled. For a public IM service provider, public IM connectivity may require the purchase of additional service licenses and provisioning the connections. For details, see the Lync Server 2010 licensing information at http://go.microsoft.com/fwlink/?LinkId=202848. Pricing and licensing information for public IM connectivity are available through Microsoft Volume Licensing programs. For details, see the Microsoft Volume Licensing page at http://go.microsoft.com/fwlink/?LinkId=144874. For details about specific requirements for public IM service providers, see the "Office Communications Server Public IM Connectivity Provisioning Guide" at http://go.microsoft.com/fwlink/?LinkId=155970. Note: You can configure support for public IM providers, even if you have not enabled federation for your organization. However, the provider support that you configure is in effect only when you have federation enabled for your organization. For details about enabling federation, see Enable or Disable Federation for Your Organization in the Deployment documentation or the Operations documentation. Additionally, support for IM service providers requires configuration of policies to support user access. For details about configuring policies to support access by users of IM service providers, see Configure Policies to Control Access by Users of IM Service Providers. Use the following procedure to configure IM provider support for one or more hosted or public IM service providers.

186

Microsoft Lync Server 2010 Administration Guide

To configure support for an IM service provider 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click External User Access, click Providers, and then do one of the following: To create a new provider, click New, and then click Public or Hosted. Note: Select Hosted if your IM service provider is internal to your organization, running as hosted services. Some organizations allow external users to establish federation with internal servers as a hosting provider, similar to establishing federation with a public provider like MSN. In Provider name, create a unique name. In Access Edge (or FQDN), type the name of each individual server running the Access Edge service. 4. Do one of the following: To enable this provider, select the Enable communications with this provider check box, and then do one of the following: Click Allow communications only with users verified by this provider. Select the Allow communications only with users on recipients' contact lists check box. Select the Allow all communications with this provider check box. To prevent communications with this provider, clear the Enable communications with this provider check box. 5. To modify an existing provider, click the appropriate provider listed in the table, click Edit, and then click Show details. Then, do one of the following: To enable this provider, select the Enable communications with this provider check box, and then do one of the following: Click Allow communications only with users verified by this provider. Select the Allow communications only with users on recipients' contact lists check box. Select the Allow all communications with this provider check box. To prevent communications with this provider, clear the Enable communications with this provider check box. 6. Click Commit. To enable public user access, you must also enable support for federation in your organization. For details, see Enable or Disable Federation for Your Organization in the

187

Microsoft Lync Server 2010 Administration Guide

Deployment documentation or the Operations documentation. Support for IM service providers also requires configuration of policies to support user access. For details about configuring policies to support access by users of IM service providers, see Configure Policies to Control Access by Users of IM Service Providers.

Configure Conferencing Policies to Support Anonymous Users By allowing anonymous participation in meetings you enable anonymous users (that is, users whose identity is verified through the meeting or conference key only) to join your meetings. By default, all users are prevented from inviting anonymous users to participate in a meeting. You control who can invite anonymous users by configuring a conferencing policy to support anonymous users, and applying that conferencing policy to specific users. Use the procedure in this section to configure a global policy to support participation of anonymous users in conferences. For details about creating and applying a conferencing policy to support participation of anonymous users in conferences, see Create or Modify Conferencing User Experience for a Site or Group of Users and Apply Conferencing Policies to Support Anonymous Users in the Deployment documentation or the Operations documentation. At the global level, you can specify whether or not you want to enable anonymous user access to conferences. At the user account level, you can control a users ability to invite anonymous users by specifying which conferencing policy to apply to individual users. To configure policies to allow anonymous participation in meetings 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click External User Access. 4. In the Access Edge Configuration page, click the global policy, click Edit, and then click Show details. 5. In Edit Access Edge Configuration, select the Enable anonymous user access to conferences check box. 6. Click Commit. 7. In the left navigation bar, click Conferencing, and then do one of the following: a. To create a new site policy, click New, and then click Site policy. In Select a Site, click the appropriate site from the list and then click OK. b. To configure an existing policy, click the appropriate policy listed in the table, click Edit, then Show details. 8. In Conferencing Policies, select the Allow participants to invite anonymous

188

Microsoft Lync Server 2010 Administration Guide

users check box. 9. Click Commit. To enable users to invite anonymous users to conferences, you must also enable support for anonymous users in your organization. For details, see Enable or Disable Anonymous User Access for Your Organization in the Deployment documentation or the Operations documentation. Additionally, you must apply the policy to users that you want to be able to invite anonymous users. For details, see Apply External User Access Policies to Users in the Deployment documentation or the Operations documentation.

Apply Policies for External User Access to Users If you configure user policies for external user access or conferencing policies to support anonymous users, you must assign the policies to users or user groups before support is available to the users. In This Section Apply External User Access Policies to Users Apply Conferencing Policies to Support Anonymous Users

Apply External User Access Policies to Users If a user has been enabled for Lync Server 2010, you can configure federation, remote user access, and public instant messaging (IM) connectivity in the Lync Server Control Panel by applying the appropriate policies to specific users or user groups. For example, if you created a policy to support remote user access, you must apply it to at least one user or user group before the user or user group can connect to Lync Server 2010 from a remote location and collaborate with internal users from the remote location. Note: To support for external user access, you must enable support for each type of external user access you want to support, and configure the appropriate policies and other options to control use. For details, see Configuring Support for External User Access in the Deployment documentation or Managing External Connectivity in the Operations documentation. Use the procedure in this topic to apply a previously created external user access policy to one or more user accounts or user groups. To apply an external user policy to a user account 1. From a user account that is assigned to the CsUserAdministrator role or the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users, and then search on the user account that you

189

Microsoft Lync Server 2010 Administration Guide

want to configure. 4. In the table that lists the search results, click the user account, click Edit, and then click Show details. 5. In Edit Lync Server User under External access policy, select the user policy that you want to apply. Note: The <Automatic> settings apply the default server installation settings. These settings are applied automatically by the server.

Apply Conferencing Policies to Support Anonymous Users By default, all users are prevented from inviting anonymous users to participate in a meeting. You control who can invite anonymous users by configuring a conferencing policy to support anonymous users, and applying that conferencing policy to specific users. For details about how to configure a conferencing policies to support anonymous users, see Configure Conferencing Policies to Support Anonymous Users in the Deployment documentation or Managing External Connectivity the Operations documentation. Use the procedure in this section to apply a conferencing policy that you have already created to one or more users or user groups. Note: In addition to configuring and applying a policy to enable users to invite anonymous users, you must also enable support for anonymous users for your organization. For details, see Enable or Disable Anonymous User Access for Your Organization. To configure a user policy for anonymous participation in meetings 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Conferencing, and then do one of the following: a. To create a new user policy, click New, and then click User policy. Create a unique name in the Name field that indicates what the user policy covers (for example, EnableAnonymous for a user policy that enables communications with anonymous users). b. To configure an existing user policy, click the appropriate policy listed in the table, click Edit, and then click Show details. 4. In the Conferencing Policies dialog box, select the Allow participants to invite anonymous users check box. 5. Click Commit.

190

Microsoft Lync Server 2010 Administration Guide

6. In the left navigation bar, click Users, search on the user account that you want to configure. 7. In the table that lists the search results, click the user account, click Edit, and then click Show details. 8. In Edit Lync Server User under Conferencing policy, select the user policy with the anonymous user access configuration that you want to apply to this user. Note: The <Automatic> settings apply the default server installation settings and are applied automatically by the server. To enable users to invite anonymous users to conferences, you must also enable support for anonymous users in your organization. For details, see Enable or Disable Anonymous User Access for Your Organization in the Deployment documentation or the Operations documentation.

Reset or Delete External User Access Policies If you have created or configured external user access policies that you no longer want to use, you can do the following: Delete any site or user policy that you created. Reset the global policy to the default settings. The default global policy settings deny any external user access. The global policy cannot be deleted. In This Section Delete a Site or User Policy for External User Access Reset the Global Policy for External User Access

Delete a Site or User Policy for External User Access You can delete any site or user policy that is listed in Microsoft Lync Server 2010 Control Panel on the External Access Policy page. Deleting the global policy does not actually delete it, but only resets it to the default settings, which do not include support for any external user access options. For details about resetting the global policy, see Reset the Global Policy for External User Access. To delete a site or user policy for external user access 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. Click External User Access, click External Access Policy. 4. On the External Access Policy tab, click the site or user policy you want to delete,

191

Microsoft Lync Server 2010 Administration Guide

click Edit, and then click Delete. 5. When prompted to confirm the deletion, click OK.

Reset the Global Policy for External User Access You cannot completely delete a global policy. Using the Delete option on the global policy only resets the global policy to the default settings, which do not include support for any external user access options. To reset the global policy to the default settings 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click External User Access, click External Access Policy. 4. On the External Access Policy tab, click the global policy, click Edit, and then click Delete. 5. When prompted to confirm the deletion, click OK. A message appears at the top of the page informing you that the global policy has been reset.

Managing Monitoring
Topics in this section provide step-by-step procedures for tasks you can perform using the Monitoring and Archiving group in Lync Server Control Panel to configure monitoring.

In This Section
Create a Site Policy for Call Detail Recording Create a Site Policy for Quality of Experience Enable Call Detail Recording Enable Quality of Experience Configure Call Detail Recording Configure Quality of Experience Delete a Site Policy for Call Detail Recording Delete a Site Policy for Quality of Experience

Create a Site Policy for Call Detail Recording


Follow these steps to create a new call detail recording (CDR) policy for a site.

192

Microsoft Lync Server 2010 Administration Guide

To create a CDR policy for a site 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Call Detail Recording. 4. On the Call Detail Recording page, click New. 5. In Select a Site, click the site to which the policy is to be applied and click OK. 6. In New Call Detail Recording Setting, do the following: In Name, specify a name for the new site policy. Select the Enable monitoring of call detail recordings (CDR) check box to turn on monitoring. Select the Enable purging of call detail recordings (CDR) check box to turn on purging. In Keep call detail recordings for maximum duration (days), select the maximum number of days that call detail recordings should be retained. In Keep error report data for maximum duration (days), select the maximum number of days that error reports should be retained. 7. Click Commit.

Create a Site Policy for Quality of Experience


Follow these steps to create a Quality of Experience (QoE) policy for a site. To create a QoE policy for a site 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Quality of Experience Data. 4. On the Quality of Experience Data page, click New. 5. In Select a Site, click the site to which the policy is to be applied and click OK. 6. In New Quality of Experience Setting, do the following:

193

Microsoft Lync Server 2010 Administration Guide

Select Enable monitoring of Quality of Experience (CDR) data to turn on monitoring. Select Enable purging of Quality of Experience (CDR) data to turn on purging. In Keep call detail recordings for maximum duration (days), select the maximum number of days that call detail recordings should be retained. 7. Click Commit.

Enable Call Detail Recording


Call detail recording (CDR) records usage and diagnostic information about peer-to-peer activities including instance messaging, Voice over Internet Protocol (VoIP) calls, application sharing, file transfer, and meetings. The usage data can be used to calculate return on investment (ROI) and the diagnostic data can be used to troubleshoot peer-to-peer activities and meetings. For details, see Planning for Monitoring in the Planning documentation. Use the following procedure to enable CDR for your whole organization or each site in your organization. Note: In order to enable CDR you must first install the Monitoring Server and connect it to a Monitoring back-end database. For details, see Deploying Monitoring. To enable CDR 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Call Detail Recording. 4. On the Call Detail Recording page, click the appropriate site from the table, click Action, and then click Enable CDR. Note: CDR is enabled by default.

Enable Quality of Experience


Quality of Experience (QoE) records numeric data that indicates the media quality and information about participants, device names, drivers, IP addresses, and endpoint types involved in calls and sessions. For details, see Planning for Monitoring in the Planning documentation.

194

Microsoft Lync Server 2010 Administration Guide

Use the following procedure to enable QoE for your whole organization or each site in your organization. Note: In order to enable QoE you must first install the Monitoring Server and connect it to a Monitoring back-end database. For details, see Deploying Monitoring. To enable QoE 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Topology, and then click Server Application. 4. On the Server Application page, click the service with QoEAgent in the Name column, click Action, and then click Enable Application. Note: The QoEAgent is enabled by default.

Configure Call Detail Recording


By default, call detail recording (CDR) data is purged after 60 days. You can use the settings on the Call Detail Recording page to retain the data for a longer or shorter period of time. If you disable CDR, data that was captured before CDR was enabled will also be subject to purging. Note: You should configure CDR and Quality of Experience (QoE) to retain data for the same number of days. Each call in the call detail reports (CDRs), available from the Monitoring Server Reports webpage, includes CDR and QoE information. If the purging duration for CDR and QoE is different, some calls might only include CDR data, while other may only include QoE data. The following procedure describes how to configure purge settings CDR data. To specify retention of CDR data 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools.

195

Microsoft Lync Server 2010 Administration Guide

3. In the left navigation bar, click Monitoring and Archiving, and then click Call Detail Recording. 4. On the Call Detail Recording page, click the appropriate site in the table, click Edit, and then click Show Details. 5. To turn on purging, select Enable Purging for Monitoring Servers. 6. In Keep call detail recordings for maximum duration (days): select the maximum number of days that call detail recordings should be retained. 7. In Keep error report data for maximum duration (days): select the maximum number of days that error reports should be retained. 8. Click Commit.

Configure Quality of Experience


By default, Quality of Experience (QoE) data is purged after 60 days. You can use the settings on the Quality of Experience Data page to retain the data for a longer or shorter period of time. If you disable QoE, data that was captured before QoE was enabled will also be subject to purging. Note: You should configure call detail recording (CDR) and QoE to retain data for the same number of days. Each call in the call detail reports (CDRs), available from the Monitoring Server reports homepage, includes CDR and QoE information. If the purging duration for CDR and QoE is different, some calls may only include CDR data, while other may only include QoE data. The following procedure describes how to configure purge settings for QoE data. To specify retention of QoE data 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Quality of Experience Data. 4. On the Quality of Experience Data page, click the appropriate site from the table, click Edit, and then click Show Details. 5. To turn on purging, select Enable Purging for Monitoring Servers. 6. In Keep call detail recordings for maximum duration (days): select the maximum number of days that QoE data should be retained. 7. Click Commit.

196

Microsoft Lync Server 2010 Administration Guide

Delete a Site Policy for Call Detail Recording


Follow these steps to delete a site policy for call detail recording (CDR). To delete a CDR policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Call Detail Recording. 4. In the search field, type all or part of the name of the policy you want to delete. 5. In the list of policies, click the policy that you want, click Edit, and then click Delete. 6. Click OK.

Delete a Site Policy for Quality of Experience


Follow these steps to delete a site policy for Quality of Experience (QoE). To delete a QoE policy 1. Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator role. For details, see Delegate Setup Permissions. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Quality of Experience Data. 4. On the Quality of Experience Data page, in the search field, type all or part of the name of the policy you want to delete. 5. In the list of policies, click the policy that you want, click Edit, and then click Delete. 6. Click OK.

Managing Archiving
Topics in this section provide step-by-step procedures for tasks you can perform using the Monitoring and Archiving page in Lync Server Control Panel to configure archiving.

197

Microsoft Lync Server 2010 Administration Guide

Note: In order to configure and use archiving, you must first install the Archiving Server and the archiving database. For details, see Deploying Archiving in the Deployment documentation.

In This Section
Configuring Support for Archiving of Internal and External Communications Enable or Disable Archiving Specify the Types of Communications To Be Archived Enable or Disable Purging for Archiving Block or Allow IM and Web Conferencing Sessions If Archiving Fails Enable or Disable Sending an Archiving Disclaimer to Federated Partners

Configuring Support for Archiving of Internal and External Communications


In Lync Server 2010 Control Panel, you can use the Archiving Policy page of the Archiving and Monitoring group to manage policies at a global, site, or user level, including configuring the default global policy and creating one or more additional user and site policies for your deployment. The global policy is created automatically when you deploy Archiving Server and can be configured, but not deleted. You can create and configure multiple site and user policies that, together with the global policy, control which communications are archived. In each policy, you can enable or disable archiving of internal communications, external communications, or both. By default, archiving is not enabled for internal or external communications. Site archiving policies override the global archiving policy, but only for users of that site. User policies override both global and site policies for the users to whom the user policy is assigned. Notes: In order to configure and use archiving, you must first install the Archiving Server and the archiving database. For details, see Deploying Archiving in the Deployment documentation. To configure archiving support, you must enable support for each type of archiving you want to support, as well as configure and, if appropriate, assign policies and configure other options to control how archiving is implemented. For details, see Managing External Connectivity in the Operations documentation. In This Section Change the Global Policy for Archiving of Internal and External Communications Create a Site Policy for Archiving Enable or Disable Archiving for a Site Create a User Policy for Archiving Enable or Disable Archiving for Users Delete an Archiving Policy Apply an Archiving Policy to a User or User Group

198

Microsoft Lync Server 2010 Administration Guide

Change the Global Policy for Archiving of Internal and External Communications The global policy is created by default when you install your first Archiving Server. You can change the settings to control whether archiving is enabled for internal users and external users. The global policy cannot be deleted. You can also enable or disable archiving for specific sites and users by creating site policies and user policies. For details, see Create a Site Policy for Archiving and Create a User Policy for Archiving, both of which are available in the Deployment documentation and the Operations documentation. Notes: In order to configure and use archiving, you must first install the Archiving Server and the archiving database. For details, see Deploying Archiving in the Deployment documentation. To configure archiving support, you must enable support for each type of archiving you want to support, as well as configure and, if appropriate, assign policies and configure other options to control how archiving is implemented. For details, see Managing External Connectivity in the Operations documentation. Use the procedure in this topic to configure the global policy. To change the global policy for archiving 1. From a user account that is assigned to the CsArchivingAdministrator or CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Archiving Policy. 4. Click Global in the list of policies, click Edit, and then click Show details. 5. In Edit Archiving Policy - Global, do the following: To enable or disable internal archiving for the deployment, select or clear the Archive internal communications check box. To enable or disable external archiving for the deployment, select or clear the Archive external communications check box. 6. Click Commit.

Create a Site Policy for Archiving For each site you have deployed, you can create an archiving policy to control whether archiving for that site is enabled or disabled for the following: Internal communications External communications

The configuration in the site policy overrides the global policy, but only for the specific site covered by the site policy. For example, if you enable archiving of internal and external

199

Microsoft Lync Server 2010 Administration Guide

communications in the global policy, you might specify a site policy that disables archiving for internal communications, external communications, or both for that one site. Notes: In order to configure and use archiving, you must first install the Archiving Server and the archiving database. For details, see Deploying Archiving in the Deployment documentation. To configure archiving support, you must enable support for each type of archiving you want to support, as well as configure and, if appropriate, assign policies and configure other options to control how archiving is implemented. For details, see Configuring Support for External User Access and Configure Archiving Options for a Site in the Deployment documentation or Managing External Connectivity in the Operations documentation. To create an archiving policy for a site 1. From a user account that is assigned to the CsArchivingAdministrator or CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Archiving Policy. 4. Click New, and the click Site policy. 5. In Select a Site, click the site to which the policy is to be applied. 6. In New Archiving Policy, do the following: In Name, specify a name for the new site policy (for example, externalContoso). In Description, provide details about what the site policy is (for example, External user archiving policy for Contoso). To control archiving of internal communications for the site, select or clear the Archive internal communications check box. To control archiving of communications with external users for the site, select or clear the Archive external communications check box. 7. Click Commit.

Enable or Disable Archiving for a Site You can change the settings of a site policy to control whether archiving is enabled for internal instant messaging (IM) communications and external IM communications of a specific site. You can also enable or disable archiving globally and for specific users by configuring the global policy and by creating user policies. For details, see Configure the Global Policy for Archiving and Create a User Policy for Archiving, both of which are available in the Deployment documentation and the Operations documentation.

200

Microsoft Lync Server 2010 Administration Guide

Notes: In order to configure and use archiving, you must first install the Archiving Server and the archiving database. For details, see Deploying Archiving in the Deployment documentation. To configure archiving support, you must enable support for each type of archiving you want to support, as well as configure and, if appropriate, assign policies and configure other options to control how archiving is implemented. For details, see Managing External Connectivity in the Operations documentation. Use the procedure in this topic to configure a site policy. To change a site policy 1. From a user account that is assigned to the CsArchivingAdministrator or CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Archiving Policy. 4. Select the appropriate site policy from the list of policies, click Edit, click Show details, and then do the following: To enable or disable internal archiving for the policy, select or clear the Archive internal communications check box. To enable or disable external archiving for the policy, select or clear the Archive external communications check box. 5. Click Commit.

Create a User Policy for Archiving You can create an archiving policy to control whether archiving for specific users is enabled or disabled for the following: Internal communications External communications

In Microsoft Lync Server 2010 Control Panel, you define user policies that can be assigned to users in Users. The user policy overrides the global policy and site policies, but only for the specific users assigned the user policy. For example, if you enable archiving of internal and external communications in the global policy, you might specify a site policy that disables it for internal communications, external communications, or both for that one site, and then specify a user policy that enables archiving for a specific group of users at that site. Notes: In order to configure and use archiving, you must first install the Archiving Server and the archiving database. For details, see Deploying Archiving in the Deployment documentation.

201

Microsoft Lync Server 2010 Administration Guide

To configure archiving support, you must enable support for each type of archiving you want to support, as well as configure and, if appropriate, assign policies and configure other options to control how archiving is implemented. For details, see Configuring Support for External User Access and Configure Archiving Options for a Site in the Deployment documentation or Managing External Connectivity in the Operations documentation. To create a user policy for archiving 1. From a user account that is assigned to the CsArchivingAdministrator or CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Archiving Policy. 4. Click New, and then click User policy. 5. In New Archiving Policy, do the following: In Name, specify a name for the new user policy. In Description, provide details about what the user policy is (for example, External user archiving policy for Contoso) To control archiving of internal communications for the specified users, select or clear the Archive internal communications check box. To control external archiving for the specifying users, select or clear the Archive external communications check box. 6. Click Commit.

Enable or Disable Archiving for Users You can change the settings of a user policy to control whether archiving is enabled for internal instant messaging (IM) communications and external IM communications of specific users. A user policy can be assigned to users defined in Users. For details, see Apply an Archiving Policy to a User or User Group in the Deployment documentation and Operations documentation. You can also enable or disable archiving globally and for specific sites by configuring the global policy and by creating site policies. For details, see Configure the Global Policy for Archiving and Create a Site Policy for Archiving, both of which are available in the Deployment documentation and the Operations documentation. Notes: In order to configure and use archiving, you must first install the Archiving Server and the archiving database. For details, see Deploying Archiving in the Deployment documentation. To configure archiving support, you must enable support for each type of archiving you want to support, configure and, if appropriate, assign policies and configure other options to control how

202

Microsoft Lync Server 2010 Administration Guide

archiving is implemented. For details, see Managing External Connectivity in the Operations documentation. Use the procedure in this topic to configure a user policy. To change a user policy for archiving 1. From a user account that is assigned to the CsArchivingAdministrator or CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Archiving Policy. 4. Select the appropriate user policy from the list, click Edit, click Show details, and then do the following: To enable or disable internal archiving for the users, select or clear the Archive internal communications check box. To enable or disable external archiving for the users, select or clear the Archive external communications check box. 5. Click Commit.

Delete an Archiving Policy You can delete a user policy or site policy. The global policy cannot be removed. If you delete the global policy, it is automatically reset to the default values. Note: In order to configure and use archiving, you must first install the Archiving Server and the archiving database. For details, see Deploying Archiving in the Deployment documentation. To delete a user or site policy for archiving 1. From a user account that is assigned to the CsArchivingAdministrator or CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Archiving Policy. 4. In the list of policies, click the user or site policy you want to delete, click Edit, and then click Delete. 5. Click Commit.

203

Microsoft Lync Server 2010 Administration Guide

Apply an Archiving Policy to a User or User Group If a user has been enabled for Lync Server 2010, you can configure archiving support by applying the appropriate policies to specific users or user groups. For example, if you create a policy to support archiving of internal communications, you can apply it to at least one user or user group to support archiving of the users Lync Server 2010 communications. Notes: In order to configure and use archiving, you must first install the Archiving Server and the archiving database. For details, see Deploying Archiving in the Deployment documentation. To configure archiving support, you must enable support for each type of archiving you want to support, as well as configure and, if appropriate, assign policies and configure other options to control how archiving is implemented. For details, see Configuring Support for External User Access and Configure Archiving Options for a Site in the Deployment documentation or Managing External Connectivity in the Operations documentation. Use the procedure in this topic to apply a previously created archiving user policy to one or more user accounts or user groups. To apply an archiving user policy to a user account 1. From a user account that is assigned to the CsArchivingAdministrator or CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Users, and then search on the user account that you want to configure. 4. In the table that lists the search results, click the user account, click Edit, and then click Show details. 5. In Edit Lync Server User under Archiving policy, select the archiving user policy that you want to apply. Note: The <Automatic> settings apply the default server installation settings. These settings are applied automatically by the server. 6. Click Commit.

Enable or Disable Archiving


You can use the Archiving Configuration page to enable archiving globally or for a specific site.

204

Microsoft Lync Server 2010 Administration Guide

Notes: In order to configure and use archiving, you must first install the Archiving Server and the archiving database. For details, see Deploying Archiving in the Deployment documentation. To configure archiving support, you must enable support for each type of archiving you want to support, as well as configure and, if appropriate, assign policies and configure other options to control how archiving is implemented. For details, see Managing External Connectivity in the Operations documentation. To enable or disable archiving for a policy 1. From a user account that is assigned to the CsArchivingAdministrator or CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Archiving Configuration. 4. Click Global or one of the sites in the list, click Edit, and then click Show details. 5. In Archiving setting drop-down list box, do one of the following: To enable archiving only for instant messaging (IM) sessions, click Archive IM sessions. To enable archiving for both IM sessions and conferences, click Archive IM and web conferencing sessions. To disable archiving for the policy, click Disable archiving. 6. Click Commit.

Specify the Types of Communications To Be Archived


You can use the Archiving Configuration page to specify the communications, such as instant messaging (IM) or IM and web conferencing, that are to be archived globally or for a site. Notes: In order to configure and use archiving, you must first install the Archiving Server and the archiving database. For details, see Deploying Archiving in the Deployment documentation. To configure archiving support, you must enable support for each type of archiving you want to support, configure and, if appropriate, assign policies and configure other options to control how archiving is implemented. For details, see Managing External Connectivity in the Operations documentation. To specify the communications to be archived 1. From a user account that is assigned to the CsArchivingAdministrator or CsAdministrator role, log on to any computer in your internal deployment.

205

Microsoft Lync Server 2010 Administration Guide

2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Archiving Configuration. 4. Click Global or one of the sites in the list, click Edit, and then click Show details. 5. In Archiving setting drop-down list, do one of the following: To enable archiving only for IM sessions, click Archive IM sessions. To enable archiving for both IM sessions and conferences, click Archive IM and web conferencing sessions. 6. Click Commit.

Enable or Disable Purging for Archiving


You can use the Archiving Configuration page to define the purging settings for archived content globally or for a specific site. Notes: In order to configure and use archiving, you must first install the Archiving Server and the archiving database. For details, see Deploying Archiving in the Deployment documentation. To configure archiving support, you must enable support for each type of archiving you want to support and configure, and, if appropriate, assign policies and configure other options to control how archiving is implemented. For details, see Managing External Connectivity in the Operations documentation. To enable or disable purging for archiving 1. From a user account that is assigned to the CsArchivingAdministrator or CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Archiving Configuration. 4. Click Global or one of the sites in the list, click Edit, click Show details, and then do the following: To enable purging, select the Enable purging of archiving data check box and then do one of the following: To purge all records, click the Purge exported archiving data and stored archiving data after maximum duration (days), and then specify the number of days. To purge only the data that has been exported, click Purge exported archiving

206

Microsoft Lync Server 2010 Administration Guide

data only. To disable purging, clear the Enable purging of archiving data check box. 5. Click Commit.

Block or Allow IM and Web Conferencing Sessions If Archiving Fails


You can use the Archiving Configuration page to specify whether to block instant messaging (IM) and web conferencing if archiving fails. Notes: In order to configure and use archiving, you must first install the Archiving Server and the archiving database. For details, see Deploying Archiving in the Deployment documentation. To configure archiving support, you must enable support for each type of archiving you want to support, configure and, if appropriate, assign policies and configure other options to control how archiving is implemented. For details, see Managing External Connectivity in the Operations documentation. To enable or disable blocking of IM and web conferencing sessions if archiving fails 1. From a user account that is assigned to the CsArchivingAdministrator or CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Monitoring and Archiving, and then click Archiving Configuration. 4. Click Global or one of the sites in the list, click Edit, and then click Show details. 5. To set how archiving behaves when a failure occurs, select or clear the Block instant messaging (IM) or web conferencing sessions if archiving fails check box. 6. Click Commit.

Enable or Disable Sending an Archiving Disclaimer to Federated Partners


At the time you deployed your Edge Servers and enabled federation for your organization, you should have specified whether to automatically send the archiving disclaimer to federated partners. If you archive external communications, you should enable the sending of an archiving disclaimer. Use the procedure in this topic to change that configuration. Note: The following procedure assumes that you have already enabled federation for your organization. For details about enabling federation, see Enable or Disable Federation for Your Organization in the Deployment documentation or the Operations documentation.

207

Microsoft Lync Server 2010 Administration Guide

To enable or disable sending an archiving disclaimer to federated partners 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click External User Access, click Access Edge Configuration. 4. On the Access Edge Configuration tab, click Global, click Edit, and then click Show details. 5. In Edit Access Edge Configuration, under Enable communications with federated users, select or clear the Send archiving disclaimer to federated partners check box to enable or disable automatically sending the archiving disclaimer. 6. Click Commit. To enable federated users to collaborate with users in your Lync Server 2010 deployment, you must have also configured at least one external access policy to support federated user access. For details, see Manage Federated Partner User Access in the Deployment documentation or the Operations documentation. For details about controlling access for specific federated domains, see Control Access by Individual Federated Domains in the Deployment documentation or Operations documentation.

Configuring Security
Topics in this section provide step-by-step procedures for tasks you can perform using the Security group in Lync Server Control Panel.

In This Section
Create a New Registrar Modify an Existing Registrar Delete a Registrar Create a New Web Service Modify an Existing Web Service Delete a Web Service Create a New PIN Policy Modify an Existing PIN Policy Delete a PIN Policy

See Also Managing On-Premises Meetings

208

Microsoft Lync Server 2010 Administration Guide

Create a New Registrar


You can use the Registrar to configure proxy server authentication methods. The authentication protocol you specify determines which type of challenges the servers in the pool issue to clients. The available protocols are: Kerberos This is the strongest password-based authentication scheme available to clients, but it is normally available only to enterprise clients because it requires client connection to a Key Distribution Center (Kerberos domain controller). This setting is appropriate if the server authenticates only enterprise clients. NTLM This is the password-based authentication available to clients that use a challenge-response hashing scheme on the password. This is the only form of authentication available to clients without connectivity to a Key Distribution Center (Kerberos domain controller), such as remote users. If a server authenticates only remote users, you should choose NTLM. Certificate authentication This is the new authentication method when the server needs to obtain certificates from Microsoft Lync 2010 Phone Edition clients, common area phones and Microsoft Lync 2010. On Lync Phone Edition clients, after a user signs in and is successfully authenticated by providing a personal identification number (PIN), Microsoft Lync Server 2010 then provisions the SIP URI to the phone and provisions a Lync Server signed certificate or a user certificate that identifies Joe (Ex: SN=joe@contoso.com ) to the phone. This certificate is used for authenticating with the Registrar and Web Services. Note: We recommend that you enable both Kerberos and NTLM when a server supports authentication for both remote and enterprise clients. The Edge Server and internal servers communicate to ensure that only NTLM authentication is offered to remote clients. If only Kerberos is enabled on these servers, they cannot authenticate remote users. If enterprise users also authenticate against the server, Kerberos is used. Follow these steps to create a new Registrar. To create a Registrar 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Security and then click Registrar. 4. On the Registrar page, click New 5. In Select a Service, click the service to which the Registrar is to be applied and then click OK. 6. In New Registrar Setting, select one or more of the following depending on the capabilities of the clients and support in your environment:

209

Microsoft Lync Server 2010 Administration Guide

Enable Kerberos authentication to have the servers in the pool issue challenges using Kerberos authentication. Enable NTLM authentication to have the servers in the pool issue challenges using NTLM. Enable certificate authentication to have the servers in the pool issue certificates to clients. 7. Click Commit.

Modify an Existing Registrar


You can use the Registrar to configure proxy server authentication protocols. For information about the available protocols, see Create a New Registrar. Note: We recommend that you enable both Kerberos and NTLM when a server supports authentication for both remote and enterprise clients. The Edge Server and internal servers communicate to ensure that only NTLM authentication is offered to remote clients. If only Kerberos is enabled on these servers, they cannot authenticate remote users. If enterprise users also authenticate against the server, Kerberos is used. Follow these steps to modify an existing Registrar. To modify an existing Registrar 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Security and then click Registrar. 4. On the Registrar page, click a service, click Edit, and then click Show details. 5. In Edit Registrar Setting, select one or more of the following depending on the capabilities of the clients and support in your environment: Enable Kerberos authentication to have the servers in the pool issue challenges using Kerberos authentication. Enable NTLM authentication to have the servers in the pool issue challenges using NTLM. Enable certificate authentication to have the servers in the pool issue certificates to clients. 6. Click Commit.

210

Microsoft Lync Server 2010 Administration Guide

Delete a Registrar
Follow these steps to delete a Registrar. To delete a Registrar 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Security and then click Registrar. 4. On the Registrar page, and in the search field, type all or part of the name of the Registrar you want to delete. 5. In the list, click the Registrar that you want, click Edit, and then click Delete. 6. Click OK.

Create a New Web Service


You can use the Web Service page to configure the authentication methods for accessing Microsoft Lync Server 2010 related web servers and Web Services. Follow these steps to create a new Web Service policy. To create a Web Service policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Security and then click Web Service. 4. On the Web Service page, click New, and then do one of the following: To configure the Web Service for a site, click Site configuration. In Select a Site, click the site to which the Web Service policy will be applied a site and click OK. To configure the Web Service for a pool, click Pool configuration. In Select a Service, click the service to which the Web Service policy will be applied and click OK. 5. In New Web Service Setting, in Windows authentication, select Negotiate, NTLM, or None.

211

Microsoft Lync Server 2010 Administration Guide

6. Select one or more of the following depending on the capabilities of the clients and support in your environment: Enable PIN Authentication to enable clients to be authenticated using PIN numbers. Enable certificate authentication to have the servers in the pool issue certificates to clients. Enable certificate chain download to have servers presented with an authentication certificate download the certificate chain for that certificate. Show Lync Attendee download link to give the users the option to download Lync 2010 Attendee. Show the link for user to join meeting using legacy client to give users the option to join meetings using a previous version of Communicator. 7. Click Commit.

Modify an Existing Web Service


You can use the Web Service page to configure the authentication methods for accessing Microsoft Lync Server 2010 related web servers and Web Services. Follow these steps to modify an existing Web Service policy. To modify an existing Web Service 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Security and then click Web Service. 4. On the Web Service page, click a configuration, click Edit, and then click Show details. 5. In Edit Web Service Setting, in Windows authentication, select Negotiate, NTLM, or None. 6. Select one or more of the following depending on the capabilities of the clients and support in your environment: Enable PIN Authentication to enable clients to be authenticated using PIN numbers. Enable certificate authentication to have the servers in the pool issue certificates to clients. Enable certificate chain download to have servers presented with an

212

Microsoft Lync Server 2010 Administration Guide

authentication certificate download the certificate chain for that certificate. Show Lync Attendee download link to give the users the option to download Lync 2010 Attendee. Show the link for user to join meeting using legacy client to give users the option to join meetings using a previous version of Communicator. 7. Click Commit.

Delete a Web Service


Follow these steps to delete a Web Service policy. To delete a Web Service policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Security and then click Web Service. 4. On the Web Service page, and in the search field, type all or part of the name of the policy you want to delete. 5. In the list of policies, click the policy that you want, click Edit, and then click Delete. 6. Click OK.

Create a New PIN Policy


You can use the PIN Policy page to provide personal identification number (PIN) authentication to users who are connecting to Microsoft Lync 2010 with IP Phones. To use PIN authentication, make sure that Enable PIN Authentication is selected in Web Service settings. For details, see Modify an Existing Web Service. Follow these steps to create a user-level or a site-level PIN policy. To create a user or site PIN policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server

213

Microsoft Lync Server 2010 Administration Guide

Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Security and then click PIN Policy. 4. On the PIN Policy page, click New, and then do one of the following: To create a user-level policy, click User policy. In New PIN Policy, in Name, type a name that describes the policy. To create a site-level policy, click Site policy. In the Select a Site search field, type all or part of the name of the site for which you want to create a policy. In the resulting list of sites, click the site you want, and then click OK. 5. In the Description field, type a description of the PIN policy. 6. In the Minimum PIN length field, type or select the minimum PIN length that you want to allow. The default minimum length is five digits. 7. To be able to specify the maximum number of logon attempts before a user is locked out, select the Specify maximum logon attempts check box. If you do not select this option, the maximum number of allowed attempts is automatically determined based on the PIN length. By default, the maximum number of attempts is automatically determined. 8. If you selected the Specify maximum logon attempts check box, in Maximum logon attempts, type or select the maximum number of logon attempts that you want to allow. 9. To have PINs expire, select the Enable PIN expiration check box. If you do not select this option, PINs will never expire. By default, PINs never expire. 10. If you selected the Enable PIN expiration check box, in PIN expires after (days), type or select the number of days after which PINs expire. 11. In PIN history count, type the number of PINs that a user must create before the user can reuse a PIN. By default, users can reuse their PINs. 12. To allow common patterns of digits in PINs, such as sequential numbers and repetitive sets of numbers, select the Allow common patterns check box. If you do not select this option, only complex patterns of digits are allowed. By default, only complex patterns of digits are allowed. Important: We recommend that you do not allow common patterns. 13. Click Commit.

Modify an Existing PIN Policy


You can use the PIN Policy tab to provide personal identification number (PIN) authentication to users who are connecting to Microsoft Lync 2010 with IP Phones. To use PIN authentication, make sure that Enable PIN Authentication is selected in Web Service settings. For details, see Modify an Existing Web Service. Follow these steps to modify a user-level or a site-level PIN policy.

214

Microsoft Lync Server 2010 Administration Guide

To modify an existing PIN policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Security and then click PIN Policy. 4. On the PIN Policy page, click a policy, click Edit, and then click Show details. 5. In Edit PIN Policy, in Minimum PIN length, type or select the minimum PIN length that you want to allow. The default minimum length is five digits. 6. To be able to specify the maximum number of logon attempts before a user is locked out, select the Specify maximum logon attempts check box. If you do not select this option, the maximum number of allowed attempts is automatically determined based on the PIN length. By default, the maximum number of attempts is automatically determined. 7. If you selected the Specify maximum logon attempts check box, in Maximum logon attempts, type or select the maximum number of logon attempts that you want to allow. 8. To have PINs expire, select the Enable PIN expiration check box. If you do not select this option, PINs will never expire. By default, PINs never expire. 9. If you selected the Enable PIN expiration check box, in PIN expires after (days), type or select the number of days after which PINs expire. 10. In PIN history count, type the number of PINs that a user must create before the user can reuse a PIN. By default, users can reuse their PINs. 11. To allow common patterns of digits in PINs, such as sequential numbers and repetitive sets of numbers, select the Allow common patterns check box. If you do not select this option, only complex patterns of digits are allowed. By default, only complex patterns of digits are allowed. Important: We recommend that you do not allow common patterns. 12. Click Commit.

Delete a PIN Policy


Follow these steps to delete a personal identification number (PIN) policy. Note: You cannot delete the global PIN policy.

215

Microsoft Lync Server 2010 Administration Guide

To delete a PIN policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or assigned to the CsServerAdministrator or CsAdministrator role, log on to any computer that is in the network in which you deployed Lync Server 2010. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Security and then click PIN Policy. 4. On the PIN Policy page, and in the search field, type all or part of the name of the policy you want to delete. 5. In the list of policies, click the policy that you want, click Edit, and then click Delete. 6. Click OK.

Configuring Your Network


Microsoft Lync Server 2010 includes support for call admission control (CAC) and media bypass. To implement these features you must configure a network of regions, sites, subnets, and so on that will allow you to manage bandwidth in situations where audio and video transmissions need to be restricted. You can use the Lync Server Control Panel to set up and manage CAC and media bypass. The following topics provide steps for how to do this.

In This Section
Enabling Call Admission Control Enabling Media Bypass Configuring Location Policy Configuring Bandwidth Policy Profile Configuring Network Regions Configuring Network Sites Configuring Network Subnets Configuring Network Region Links Configuring Network Region Routes Configuring Network Site Links

Enabling Call Admission Control


Call admission control (CAC) is a network of regions, sites, and subnets that enable you to place restrictions on audio and video transmissions based on available bandwidth. After you configure

216

Microsoft Lync Server 2010 Administration Guide

the CAC network, you must enable CAC to enforce the bandwidth limitations. You can use Lync Server Control Panel to do this. To enable CAC from Lync Server Control Panel 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Global. 4. On the Global page, click the Global configuration. Note: Only one network can be configured for any Microsoft Lync Server 2010 deployment, so there will never be more than one network configuration in the list. You cannot rename the Global configuration. 5. On the Edit menu, click Show details. 6. On the Edit Global Setting page, select the Enable call admission control check box, and then click Commit. When you click Commit, you run a test of the configuration. The Edit Global Settings dialog box closes, returning you to the Global page. You will receive a warning if any errors or inconsistencies are discovered in your network configuration that will prevent it from working correctly (for example, if every region is not connected to every other region through an interregion route). If you make changes to your network configuration, you can run the validation check again by opening the Global configuration and clicking Commit. You do not need to disable CAC first: leave the check box checked and click Commit. You can do this at any time without making any configuration changes. See Also Call Admission Control Overview of Call Admission Control Configure Call Admission Control Get-CsNetworkConfiguration Set-CsNetworkConfiguration Remove-CsNetworkConfiguration

Enabling Media Bypass


Media bypass settings apply globally across a Microsoft Lync Server 2010 deployment. Media bypass allows calls to bypass the Mediation Server. For details about when to use Media bypass, see Media Bypass in the Planning section.

217

Microsoft Lync Server 2010 Administration Guide

You can enable and configure media bypass from the Lync Server Control Panel. To enable and configure media bypass 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Global. 4. On the Global page, click the Global configuration. There is always only one configuration, and it is always named Global. 5. On the Edit menu, click View details. 6. On the Edit Global Setting page, click the Enable media bypass check box. 7. Select one of the following options: Always bypass Select this option to attempt media bypass on all calls. This option will be unavailable if call admission control (CAC) is enabled. If CAC is not enabled, select this option in the following situations: There is no need for bandwidth control. There is no need for fine-grained configuration to determine when bypass should happen. There is full connectivity between gateways and clients. Use sites and region configuration If CAC is enabled, this option is selected by default and cannot be changed. When this option is selected, network configuration sites and regions will be used to determine when media bypass is possible. If you select this option, you can choose to enable bypass for sites that are not mapped. Click the Enable bypass for non-mapped sites check box only if you have one or more large sites associated with the same region that do not have bandwidth constraints (for example, a large central site) and you also have some branch sites associated with the same region that do have bandwidth constraints. When you enable bypass for non-mapped sites, configuration is streamlined because you specify only the subnets associated with the branch sites rather than needing to specify all subnets associated with all sites. We recommend that you do not select the Enable bypass for non-mapped sites check box if CAC is enabled. 8. Click Commit to save your changes. See Also Global Media Bypass Options Media Bypass

218

Microsoft Lync Server 2010 Administration Guide

Configuring Location Policy


The location policy is used to apply settings that relate to Enhanced 9-1-1 (E9-1-1) functionality and to location settings for users or contacts. The location policy determines whether a user is enabled for E9-1-1, and if so what the behavior is of an emergency call. For example, you can use the location policy to define what number constitutes an emergency call (911 in the United States), whether corporate security should be automatically notified, and how the call should be routed. You can configure location policies from the Network Configuration group in Lync Server Control Panel. From the Lync Server Control Panel you can view, create, modify, or delete location policies. To view location policies 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Location Policy. A single policy, called Global, exists by default and cannot be deleted or renamed. However, you can modify the Global policy. This policy will apply to all users and contacts, unless you create site policies or per-user policies. Per-user policies must be applied to specific users.

219

Microsoft Lync Server 2010 Administration Guide

To create a new location policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Location Policy. 4. On the Location Policy page, click New and then select the type of policy you want to create: To create a site policy, click Site policy. In Select a Site, choose the site to which you want the policy applied and click OK. On the New Location Policy page, the Scope field contains the value Site, and the Name field contains the name of the site you chose. You cannot modify either of these fields. A site policy is automatically applied to all users on the specified site and overrides the global policy for those users. To create a User policy, click User policy. In the New Location Policy, the Scope field contains the value User. You cannot modify this value. In the Name field, type the name you want to give this policy. A user policy does not automatically apply to any users. After creating the user policy, you must manually grant the policy to the users or network sites to which you want to policy to apply. 5. Fill in the remaining fields as follows: Enable enhanced emergency services Select this check box to enable the users associated with this policy for E9-1-1. When emergency services are enabled, Microsoft Lync Server 2010 clients will retrieve location information on registration and include that information when an emergency call is made. Location Specify one of the following values: Required The user will be prompted to input location information when the client registers at a new location. The user can dismiss the prompt without entering any information. If information is entered, an emergency call will first be answered by the emergency services provider to verify the location before being routed to the Public Safety Answering Point (PSAP) operator (that is, the 911 operator). Not Required The user will not be prompted for a location. When a call is made with no location information, the emergency services provider will answer the call and ask for a location. Disclaimer This option is the same as Required except that the user cannot dismiss the prompt without entering location information. The user can still complete an emergency call, but no other calls can be completed without entering the information. In addition, disclaimer text will be displayed to the user that can alert them to the consequences of declining to enter location information. To set the disclaimer text, you must run the Set-CsEnhancedEmergencyServiceDisclaimer

220

Microsoft Lync Server 2010 Administration Guide

cmdlet at command line by using the Lync Server Management Shell. For details, see Set-CsEnhancedEmergencyServiceDisclaimer in the Lync Server Management Shell documentation. Use location for emergency services only Location information can be used by the Microsoft Lync 2010 client for various reasons (for example, to notify teammates of your current location). Select this check box to ensure location information is available only for use with an emergency call. PSTN usage The public switched telephone network (PSTN) usage that will be used to determine which voice route will be used to route emergency calls from clients using this profile. The route associated with this usage should point to a SIP trunk dedicated to emergency calls. Emergency dial number The number that is dialed to reach emergency services. In the United States this value is 911. The string must be made of the digits 0 through 9 and can be from 1 to 10 digits in length. Emergency dial mask A number that you want to translate into the value of the emergency dial number value when it is dialed. For example, if you enter a value of 212 in this field and the emergency dial number field has a value of 911, if a user dials 212 the call will be made to 911. This allows for alternate emergency numbers to be dialed and still have the call reach emergency services (for example, if someone from a country or region with a different emergency number attempts to dial that country or regions number rather than the number for the country or region they are currently in). You can define multiple emergency dial masks by separating the values with semicolons. For example, 212;414. Maximum length of the string is 100 characters. Each character must be a digit 0 through 9. Important: Ensure that the specified dial mask value is not the same as a number in a call park orbit range. Call park routing will take precedence over emergency dial string conversion. To see the existing call park orbit ranges, click Voice Features in the left navigation bar and then click Call Park. For details, see Configure Phone Number Extensions for Parking Calls. Notification URI One or more SIP Uniform Resource Identifiers (URIs) to be notified when an emergency call is made. For example, the company security office could be notified through an instant message whenever an emergency call is made. If the callers location is available that location will be included in the notification. Multiple SIP URIs can be included as a comma-separated list. For example, "sip:security@litwareinc.com","sip:kmyer@litwareinc.com". Keep in mind that distribution lists and group URIs are not supported. The string must be from 1 to 256 characters in length and must begin with the prefix "sip:". Before you click in the Notification URI field an example is displayed. Conference URI The SIP URI, in this case the telephone number, of a third party that will be conferenced in to any emergency calls that are made. For example, the company security office could receive a call when an emergency call is made and listen in or participate in that call (depending on the value supplied in the Conference

221

Microsoft Lync Server 2010 Administration Guide

mode field). The string must be from 1 to 256 characters in length and must begin with the prefix sip:. An example is displayed until you click inside this field. Conference mode If you specify a value in the Conference URI field, the Conference mode determines whether a third party can participate in the call or can only listen in. Specify one of the following options: One-way A third party can only listen to the conversation between the caller and the PSAP operator. Two-way A third party can listen in and participate in the call between the caller and the PSAP operator. 6. Click Commit. Important When you create a user policy, initially that policy does not apply to any users or network sites. To apply the policy to a user, click Users in the left navigation bar. Find the user to which you want to apply the policy. On the Edit menu, click Show details. On the Edit Lync Server User page, select the new location policy from the Location policy drop-down list and then click Commit. To apply the policy to a network site, click Network Configuration in the left navigation bar and then click Site. Find the network site to which you want to apply the policy. On the Edit menu, click Show details. In Edit Site, select the new location policy from the Location policy drop-down list and then click Commit. To modify a location policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Location Policy. 4. On the Location Policy page, select the location policy that you want to modify. 5. On the Edit menu, click Show details. 6. On the Edit Location Policy page, modify the fields as necessary (for details, see Step 5 in the "To create a new location policy" procedures earlier in this topic). 7. Click Commit. To delete a location policy 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment.

222

Microsoft Lync Server 2010 Administration Guide

2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Location Policy. 4. On the Location Policy page, select the location policy that you want to delete. Note: You can delete more than one location policy at a time. To do this, press CTRL and select multiple policies while holding down the CTRL key. Or, to select all policies, click Select all on the Edit menu. 5. On the Edit menu, click Delete. 6. Click OK. Important: You cannot delete the Global location policy. If you attempt to delete the Global policy you will receive a warning message and that policy will be reset to its default values. See Also Create Location Policies Create or Modify a Network Site New-CsLocationPolicy Set-CsLocationPolicy Remove-CsLocationPolicy Get-CsLocationPolicy

Configuring Bandwidth Policy Profile


As part of call admission control (CAC), a bandwidth policy is used to define bandwidth limitations for certain modalities. In Microsoft Lync Server 2010, only audio and video modalities can be assigned bandwidth limitations. You can set overall bandwidth limitations and session limitations. You can use the Lync Server Control Panel to create or modify a container profile for these policies. Each bandwidth policy profile can be associated with one or more network sites. To create a new bandwidth policy profile 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Policy Profile.

223

Microsoft Lync Server 2010 Administration Guide

4. On the Policy Profile page, click New. 5. In New Bandwidth Policy Profile, type a name in the Name field. This name must be unique among all bandwidth policy profiles. 6. In the Audio limit field, type a numeric value. This value is the maximum amount of bandwidth to allocate for all audio connections, expressed in kbps. 7. Enter a numeric value in the Audio session limit field. This value is the maximum amount of bandwidth to allocate for an individual audio connection, expressed in kbps. This value must be 40 or higher. 8. Enter a numeric value in the Video limit field. This value is the maximum amount of bandwidth to allocate for all video connections, expressed in kbps. 9. Enter a numeric value in the Video session limit field. This value is the maximum amount of bandwidth to allocate for an individual video connection, expressed in kbps. This value must be 100 or higher. 10. (Optional) Type a value in the Description field to provide more information about this bandwidth policy profile that cannot be expressed by the name alone. 11. Click Commit. Note: Creating a new bandwidth policy profile does not automatically enforce bandwidth restrictions. You must first associate the policy profile with a site. For details about how to associate a policy profile with a site, see Configuring Network Sites. To modify a bandwidth policy profile 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Policy Profile. 4. On the Policy Profile page, click the bandwidth policy profile that you want to modify. 5. On the Edit menu, click Show details. 6. On the Edit Bandwidth Policy Profile page, modify the fields as necessary (for details, see the "To create a bandwidth policy profile" section earlier in this topic). 7. Click Commit. Note: When you modify the bandwidth policy profile, it will immediately update the bandwidth limitations of all network sites associated with this bandwidth policy profile.

224

Microsoft Lync Server 2010 Administration Guide

To delete a bandwidth policy profile 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Policy Profile. 4. On the Policy Profile page, click the bandwidth policy profile that you want to delete. Note: You can delete more than one profile at a time. To do this, press CTRL and select multiple profiles while holding down the CTRL key. Or, to select all profiles, click Select all on the Edit menu. 5. On the Edit menu, click Delete. Warning: You cannot delete a bandwidth policy profile that is associated with a network site. You must first remove the association with the network site before you can delete the profile. For details about how to modify the network site, see Configuring Network Sites. See Also Configure Call Admission Control New-CsNetworkBandwidthPolicyProfile Set-CsNetworkBandwidthPolicyProfile Remove-CsNetworkBandwidthPolicyProfile Get-CsNetworkBandwidthPolicyProfile

Configuring Network Regions


A network region interconnects various parts of a network across multiple geographic areas. Every network region must be associated with a central site. The central site is the data center site on which the call admission control (CAC) bandwidth policy service is running. You can use Lync Server Control Panel to configure network regions. Network regions include settings that determine whether alternate paths through the Internet are allowed for audio and video connections. From the Lync Server Control Panel, you can create, modify, or delete a network region. To create a network region 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server

225

Microsoft Lync Server 2010 Administration Guide

Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Region. 4. On the Region page, click New. 5. In the New Region page, type a value in the Name field. This value must be unique within your Microsoft Lync Server 2010 deployment. 6. From the Central site drop-down list, select the central site for this network region. 7. The Enable audio alternate path check box is checked by default. This field determines whether audio calls will be routed through an alternate path if adequate bandwidth does not exist in the primary path. Clear this check box only if you need to turn off the offload to the Internet. If any of your calls will be Internet calls, this check box must be checked, regardless of bandwidth settings. 8. The Enable video alternate path check box is checked by default. This field determines whether video calls will be routed through an alternate path if adequate bandwidth does not exist in the primary path. Clear this check box only if you need to turn off the offload to the Internet. If any of your calls will be Internet calls, this check box must be checked, regardless of bandwidth settings. 9. (Optional) Type a value in the Description field to provide more information about this region that cannot be expressed by the name alone. 10. Click Commit. The Associated sites table is not used for creating a network region. You associate a site with a region when you create or modify the site. For details, see Configuring Network Sites. To modify a network region 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Region. 4. On the Region page, click the region that you want to modify. 5. On the Edit menu, click Show details. 6. On the Edit Region page, you can modify the settings for enabling and disabling audio and video alternate paths, and change the description (for details, see the "To create a network region" section earlier in this topic. 7. Click Commit. You cannot modify the Associated sites on this page. The list of associated sites is provided for reference so you are aware of which sites will be affected when you modify the region settings.

226

Microsoft Lync Server 2010 Administration Guide

To delete a network region 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Region. 4. On the Region page, click the region that you want to delete. Note: You can delete more than one region at a time. To do this, press CTRL and select multiple regions while holding down the CTRL key. Or, to select all regions, click Select all on the Edit menu. 5. On the Edit menu, click Delete. 6. Click OK. Warning: A network region cannot be removed if it is associated with a network site. If you attempt to remove a region associated with a site you will receive an error message. To see if a region is associated with any sites, select the region and then click Show details on the Edit menu. See Also Configure Network Regions for CAC New-CsNetworkRegion Set-CsNetworkRegion Remove-CsNetworkRegion Get-CsNetworkRegion

Configuring Network Sites


Network sites are the offices or locations configured within each region of a call admission control (CAC) or Enhanced 9-1-1 deployment. You can use the Lync Server Control Panel to configure sites and associate them with regions. For example, a network region for North America might be associated with networks sites such as Chicago, Redmond, and Vancouver. A CAC network site must be created for every site within an organization, even if that site has no bandwidth limitations. From the Lync Server Control Panel you can create, modify, and delete network sites. To create a network site 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment.

227

Microsoft Lync Server 2010 Administration Guide

2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Site. 4. On the Site page, click New. 5. In New Site, type a name for this site in the Name field. Note: Site names must be unique within the Microsoft Lync Server 2010 deployment. 6. In the Region drop-down list, select a network region to associate with this site. 7. (Optional) If you want to place bandwidth limitations on audio or video calls to this site, select the bandwidth policy profile with the appropriate settings from the Bandwidth policy drop-down list. Note: You can view the details of the available bandwidth policy profiles, or create a new bandwidth policy profile, on the Policy Profile page of the Network Configuration group. For details, see Configuring Bandwidth Policy Profile. 8. (Optional) If you want to provide location settings for this site, select a location policy from the Location policy drop-down list. Note: The location policy assigns specific Enhanced 9-1-1 (E9-1-1) and client location settings to the site. You can view the details of the available location policies, or create a new location policy, from the Location Policy page of the Network Configuration group. For details, see Configuring Location Policy. 9. (Optional) Type a value in the Description field to provide more information about this site that cannot be expressed by the name alone. 10. Click Commit. Note: You do not use the Associated Subnets table when you create a new network site. You associate a subnet with a site when you create or modify the subnet. For details, see Configuring Network Subnets. To modify a network site 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Site.

228

Microsoft Lync Server 2010 Administration Guide

4. On the Site page, click the site that you want to modify. 5. On the Edit menu, click Show details. 6. On the Edit Site page, you can modify the description, region, bandwidth policy profile, and location policy associated with the site. For details, see "To create a network site" section earlier in this topic. 7. Click Commit. You cannot modify the Associated Subnets table on this page. The list of associated subnets is provided for reference so that you are aware of what subnets will be affected when you modify the site settings. To delete a network site 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Site. 4. On the Site page, click the site that you want to delete. Note: You can delete more than one site at a time. To do this, press CTRL and select multiple sites while holding down the CTRL key. Or, to select all sites, click Select all on the Edit menu. 5. On the Edit menu, click Delete. 6. Click OK. Warning: You cannot remove a network site if it is associated with a network subnet. If you attempt to remove a site associated with a subnet you will receive an error message. To see if a site is associated with any subnets, click the site and then click Show details on the Edit menu. See Also Configure a Network Site New-CsNetworkSite Set-CsNetworkSite Remove-CsNetworkSite Get-CsNetworkSite

229

Microsoft Lync Server 2010 Administration Guide

Configuring Network Subnets


A network subnet must be associated with a network site for the purposes of determining the geographic location of the host belonging to this subnet. You can use Lync Server Control Panel to configure subnets. From the Lync Server Control Panel, you can create, modify, or delete a network subnet. In most deployments of Microsoft Lync Server 2010 where call admission control (CAC) is implemented, there will typically be a large number of subnets. Because of this, it is often best to configure subnets from the Lync Server Management Shell. From there you can call NewCsNetworkSubnet in conjunction with the Windows PowerShell cmdlet Import-CSV. By using these cmdlets together, you can read in subnet settings from a comma-separated values (.csv) file and create multiple subnets at the same time. For examples of how to create subnets from a .csv file, see New-CsNetworkSubnet. To create a network subnet 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Subnet. 4. On the Subnet page, click New. 5. In New Subnet, enter a value in the Subnet ID field. This must be an IP address (for example, 174.11.12.0), and it must be the first address in the IP address range defined by the subnet. 6. In the Mask field, enter a numeric value from 1 through 32. Note: This value is the bitmask that is to be applied to the subnet being created. 7. In Network site ID, select the site to which this subnet belongs. 8. (Optional) Type a value in the Description field to provide more information about this subnet that cannot be expressed by the name alone. 9. Click Commit. To modify a network subnet 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Subnet.

230

Microsoft Lync Server 2010 Administration Guide

4. On the Subnet page, click the subnet that you want to modify. 5. On the Edit menu, click Show details. 6. On the Edit Subnet page, you can modify the bitmask, associated network site, or description. If you modify the bitmask, keep in mind that the Subnet ID must still be the first address in the IP address range defined by the subnet. 7. Click Commit. To delete a network subnet 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Subnet. 4. On the Subnet page, click the subnet that you want to delete. Note: You can delete more than one subnet at a time. To do this, press CTRL and select multiple subnets while holding down the CTRL key. Or, to select all subnets, click Select all on the Edit menu. 5. On the Edit menu, click Delete. 6. Click OK. See Also About Network Regions, Sites, and Subnets New-CsNetworkSubnet Set-CsNetworkSubnet Remove-CsNetworkSubnet Get-CsNetworkSubnet

Configuring Network Region Links


You can configure links between two network regions as part of call admission control (CAC). Regions within a network are linked through physical wide area network (WAN) connectivity. You can use the Lync Server Control Panel to define a link between two network regions and set the bandwidth limitations on audio and video connections between these regions. To create a network region link 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment.

231

Microsoft Lync Server 2010 Administration Guide

2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Region Link. 4. On the Region Link page, click New. 5. In New Region Link, type a value in the Name field. Note: This value must be unique within your Microsoft Lync Server 2010 deployment. 6. From the Network region #1 drop-down list, select one of the two regions to be linked. 7. From the Network region #2 drop-down list, select the other region to be linked. This region must be different from the region selected for Network region #1. 8. (Optional) If you want to place bandwidth limitations on audio or video calls between these regions, select a bandwidth policy profile from the Bandwidth policy drop-down list. 9. Click Commit. To modify a network region link 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Region Link. 4. On the Region Link page, click the region link that you want to modify. 5. On the Edit menu, click Show details. 6. In Edit Region Link, you can modify the regions that are linked or the bandwidth policy profile for this link. 7. Click Commit. To delete a network region link 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Region Link.

232

Microsoft Lync Server 2010 Administration Guide

4. On the Region Link page, click the region link that you want to delete. Note: You can delete more than one region link at a time. To do this, press CTRL and select multiple region links while holding down the CTRL key. Or, to select all region links, click Select all on the Edit menu. 5. From the Edit menu, select Delete. 6. Click OK. See Also Configure a Network Region Link New-CsNetworkRegionLink Set-CsNetworkRegionLink Remove-CsNetworkRegionLink Get-CsNetworkRegionLink

Configuring Network Region Routes


Every region within a call admission control (CAC) configuration must have some way to access every other region. While region links set bandwidth limitations on the connections between regions and also represent the physical links, a route determines which linked path the connection will traverse from one region to another. You can use Lync Server Control Panel to configure network region routes. From Lync Server Control Panel, you can create, modify, or delete a network region route. To create a network region route 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Region Route. 4. On the Region Route page, click New. 5. In New Region Route, type a value in the Name field. Note: This value must be unique within your Microsoft Lync Server 2010 deployment. 6. From the Network region #1 drop-down list, select one of the two regions to be connected by this route. 7. From the Network region #2 drop-down list, select the other region for this route. This region must be different from the region selected for Network region #1. 8. Use the Network region links list box to add region links to the route. Click the Add

233

Microsoft Lync Server 2010 Administration Guide

button to display the Region Link page. Click a region link to add to this route, and then click OK. Note: Continue to click the Add button to add more links, or select a link and click Remove to remove a link. 9. Click Commit. To modify a network region route 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Region Route. 4. On the Region Route page, click the region route that you want to modify. 5. On the Edit menu, click Show details. 6. In Edit Region Route, you can modify the regions joined by this route and the region links associated with the route. 7. Click Commit. To delete a network region route 1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment. 2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools. 3. In the left navigation bar, click Network Configuration and then click Region Route. 4. On the Region Route page, click the region route that you want to delete. Note: You can delete more than one region route at a time. To do this, press CTRL and select multiple region routes while holding down the CTRL key. Or, to select all region routes, click Select all on the Edit menu. 5. On the Edit menu, click Delete. 6. Click OK. See Also Configure a Network Region Route New-CsNetworkInterRegionRoute

234

Microsoft Lync Server 2010 Administration Guide

Set-CsNetworkInterRegionRoute Remove-CsNetworkInterRegionRoute Get-CsNetworkInterRegionRoute

Configuring Network Site Links


Within a call admission control (CAC) configuration, you can create network inter-site policies that define bandwidth limitations between sites that are directly linked. When network sites share a direct link, bandwidth limitations for audio and video connections can be defined between those two sites. You cannot use the Lync Server Control Panel to configure network site policies, this can be done only by using cmdlets from the Lync Server Management Shell. You can create, modify, and remove a network site link (also known as a network inter-site policy) from the Lync Server Management Shell. To create a network site link 1. Log on to the computer where Lync Server Management Shell is installed as a member of the RTCUniversalServerAdmins group or with the necessary user rights as described in Delegate Setup Permissions. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. From the command prompt, type the following command, substituting values that are valid for your configuration: New-CsNetworkInterSitePolicy -Identity Reno_Portland -NetworkSiteID1 Reno -NetworkSiteID2 Portland -BWPolicyProfileID LowBWLimits This example creates a new network site link named Reno_Portland that sets bandwidth limitations between the Reno and Portland network sites. The network sites and the bandwidth policy profile must already exist before running this command. For detailed parameter descriptions, see New-CsNetworkInterSitePolicy in the Lync Server Management Shell documentation. To retrieve a list of bandwidth policy profiles that can be applied to the network site link, call the Get-CsNetworkBandwidthPolicyProfile cmdlet. For details, see Get-CsNetworkBandwidthPolicyProfile in the Lync Server Management Shell documentation. To modify a network site link 1. Log on to the computer where Lync Server Management Shell is installed as a member of the RTCUniversalServerAdmins group or with the necessary user rights as described in Delegate Setup Permissions. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. Use the Set-CsNetworkInterSitePolicy cmdlet to modify the properties of a given network site link. You can modify either (or both) or the connected sites, and you can

235

Microsoft Lync Server 2010 Administration Guide

modify the bandwidth policy profile associated with the link. Here is an example of modifying the bandwidth policy profile of a site link named Reno_Portland: Set-CsNetworkInterSitePolicy -Identity Reno_Portland -BWPolicyProfileID HighBWLimits For detailed parameter descriptions, see Set-CsNetworkInterSitePolicy in the Lync Server Management Shell documentation. To delete a network site link 1. Log on to the computer where Lync Server Management Shell is installed as a member of the RTCUniversalServerAdmins group or with the necessary user rights as described in Delegate Setup Permissions. 2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 3. Use the Remove-CsNetworkInterSitePolicy cmdlet to remove a network site link. The following example deletes the Reno_Portland network site link: Remove-CsNetworkInterSitePolicy -Identity Reno_Portland For detailed parameter descriptions, see Remove-CsNetworkInterSitePolicy in the Lync Server Management Shell documentation. See Also Call Admission Control Cmdlets New-CsNetworkInterSitePolicy Set-CsNetworkInterSitePolicy Remove-CsNetworkInterSitePolicy Get-CsNetworkInterSitePolicy Get-CsNetworkBandwidthPolicyProfile

Change the Web Services URL


When you set up your Front End pools and Standard Edition servers, you have the option to configure an external Web farm fully qualified domain name (FQDN) and associated ports. If you did not configure this URL when you ran the Lync Server Deployment Wizard, you need to manually configure these settings. An administrator typically does not need to modify these settings, as these are the recommended and default ports.

236

Microsoft Lync Server 2010 Administration Guide

Configure Web Services 1. Log on to the computer where Topology Builder is installed as a member of the Domain Admins group and the RTCUniversalServerAdmins group. 2. Start Topology Builder: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Topology Builder. 3. In Topology Builder, in the console tree under Standard Edition Front End Servers, Enterprise Edition Front End pools, and Directory pools, select the pool name. Rightclick the name, click Edit Properties, and then click Web Services. 4. Add or edit the External Web Services FQDN, and then click OK. 5. Verify the listening and published ports are configured correctly for your environment. 6. Repeat these steps for all Standard Edition servers, Front End Pools, and Director pools in your environment. 7. In the console tree, click Lync Server 2010, and then, in the Actions pane, click Publish Topology. There are a few requirements you should be aware of when configuring the Listening and Publishing ports: The listening ports shown are the ports that are configured for Internet Information Server (IIS) on each Front End Server. The internal and external listening ports must be different for IIS. For the external

237

Microsoft Lync Server 2010 Administration Guide

listening ports, these are typically the same because one represents the hardware load balancer for internal web traffic and one represents the reverse proxy server for external web traffic. The published ports must be configured on the reverse proxy or hardware load balancer as listening ports. For an Front End pool (not shown in the example), the internal SIP pool FQDN must be different from the internal web services FQDN, because web traffic comes through the hardware load balancer and the internal SIP pool traffic travels comes through the DNS load balancer. This requirement must be met. A Lync Server Standard Edition deployment does not need or allow an internal web services FQDN to be overridden because this server cannot be load balanced. If you have a hardware load balancer in your environment that you use for both internal SIP and web traffic, the Topology Builder cannot make the distinction. The external web services works in conjunction with a reverse proxy in the perimeter network. It provides clients external access to Microsoft Lync Server 2010 by using these web services. The FQDNs configured here are sent to clients when they log on, and are used to make an HTTPS connection back to the reverse proxy when connecting remotely. The reverse-proxy server forwards the external web service FQDN to an internal hardware load balancer, or directly to the pool. The reverse proxy must be able to resolve the external web services FQDN to the IP address of the internal Web server. The external web services FDQN must be resolvable in the public Internet. If your internal server is a Standard Edition server, the internal FQDN is the Standard Edition server FQDN. If your internal server is a Front End pool, the FQDN is a hardware load balancer virtual IP (VIP) that load balances the internal web farm servers. A hardware load balancer is required in a Front End pool with more than one Enterprise Edition server. A load balancer is not required for a Standard Edition server or a single Enterprise Edition Front End Server.

Administering the Address Book Service


As a part of the deployment of Microsoft Lync Server 2010 Enterprise Edition server or Standard Edition server, the Address Book Service is installed by default. The databases used by the Address Book Service RTCab and RTCab1 are created on the SQL Server (for Enterprise Edition server, this is the back end SQL Server, for Standard Edition server, the collocated SQL Server).

Address Book Server Phone Number Normalization


Lync Server 2010 requires standardized RFC 3966/E.164 phone numbers. To use phone numbers that are unstructured or inconsistently formatted, Lync Server relies on the Address Book Server to preprocess phone numbers before they are handed off to the normalization rules. When a phone number is used from the address book and the normalization rule is applied,

238

Microsoft Lync Server 2010 Administration Guide

clients, such as Microsoft Lync 2010, Microsoft Lync 2010 Phone Edition and Microsoft Lync 2010 Mobile, can use these normalized numbers. As discussed in the New Address Book Features, the normalization rules that were used in previous versions may not work properly without some adjustments. Because the white space and non-mandatory characters are removed prior to the normalization rules, if your regex expression is specifically looking for a dash or other character that was removed, your normalization rule might fail. You should review your normalization rules to ensure that either they are not looking for these non-mandatory characters, or that the rule can fail gracefully and continue in the event that the character is not present where the rule anticipates it will be.

User Replicator and Address Book Server


The Address Book Server uses data provided by User Replicator to update the information that it initially obtains from the global address list (GAL). User Replicator writes the Active Directory Domain Services (AD DS) attributes for each user, contact, and group into the AbUserEntry table in the database and the Address Book Server syncs the user data from the database into files in the Address Book Server file store and into the Address Book database RTCab or RTCab1. The schema for the AbUserEntry table uses two columns, UserGuid and UserData. UserGuid is the index column and contains the 16-byte GUID of the Active Directory object. UserData is an image column which contains all of the previously mentioned Active Directory Domain Services (AD DS) attributes for that contact. User Replicator determines which Active Directory attributes to write by reading a configuration table located in the same SQL Server-based instance as the AbUserEntry table. The AbAttribute table contains three columns, ID, Name and Flags. The table is created during database setup. If the AbAttribute table is empty, User Replicator skips its AbUserEntry table processing logic. Address Book Server attributes are dynamic and are retrieved from the AbAttribute table, which is initially written by the Address Book Server when the Address Book Server is activated. Address Book Server activation populates the AbAttribute table with the values needed to support Lync Server. The following table shows those current values.
ID Name Flags

1 2 3 4 5 6 7 8 9

givenName Sn displayName Title mailNickname Company physicalDeliveryOfficeName msRTCSIP-PrimaryUserAddress telephoneNumber

0x01400000 0x02400000 0x03420000 0x04000000 0x05400000 0x06000000 0x07000000 0x08520C00 0x09022800

239

Microsoft Lync Server 2010 Administration Guide ID Name Flags

10 11 12 13 14 15 16 17 18 19 20 99

homePhone Mobile otherTelephone ipPhone Mail groupType Department Description Manager proxyAddress msExchHideFromAddressLists entryID

0x0A302800 0x0B622800 0x0C302000 0x0D302000 0x0E500000 0x0F010800 0x10000000 0x11000100 0x12040001 0x00500105 0xFF000003 0x99000000

The numbers in the ID column must be unique and should never be reused. Also, keeping the ID values under 256 saves space in the output files written by the Address Book Server. However, the maximum ID value is 65535. The Name column corresponds to the Active Directory attribute name that User Replicator should put in the AbUserEntry table for each contact. The value in the Flags column is used to define the type of attribute. The following types of Address Book Server attributes are recognized by User Replicator, indicated by the low byte of the value in the Flags column.

Attribute

Description

0x0

A string attribute. User Replicator converts this type to UTF-8 before storing it in the AbUserEntry table. A binary attribute. User Replicator stores this in the blob without any conversion. A string attribute, but is included only if the attribute value begins with "tel:". This is primarily for multi-valued string attributes, specifically proxyAddresses. In this case, Address Book Server is interested only in proxyAddresses entries that begin with "tel:". Therefore, in the interest of saving space, User Replicator stores only the entries that begin with "tel:".

0x1 0x2

240

Microsoft Lync Server 2010 Administration Guide Attribute Description

0x3

A Boolean string attribute, which if TRUE causes User Replicator to not include this contact in the AbUserEntry table. If FALSE, it causes User Replicator to include the attributes for this contact in the AbUserEntry table, but not the particular attribute with this flag. This is another special case type that is primarily for the msExchHideFromAddressLists attribute. A string attribute, but is included only if the attribute value begins with "smtp:" and includes the "@" symbol. A string attribute, but is included only if the attribute value begins with either "tel:" or "smtp:" and includes the "@" symbol. If set, this is a multi-valued attribute that can appear more than once for each contact. If set, this identifies the email user account name attribute for a contact. Address Book Server uses this flag to identify which attribute value to show in the phone normalization event log entry. If set, this identifies a required attribute for a contact. Address Book Server includes a user in the AbUserEntry table only if there is a value for this attribute in Active Directory. If there is more than one required attribute, only one of them is required to have a value to include the user in the AbUserEntry table. If set, Address Book Server always normalizes the value of this attribute. If set, Address Book Server uses the normalized number from proxyAddresses, if the UseNormalizationRules CMS setting is FALSE; otherwise it behaves the same as when the flag bit is 0x1000. If set, Address Book Server does not include objects in the AbUserEntry table that have this value for the specified attribute. For example, if the msRTCSIP-PrimaryUserAddress attribute has this flag bit set, then contacts that have this

0x4

0x5

0x100 0x400

0x800

0x1000 0x2000

0x4000

241

Microsoft Lync Server 2010 Administration Guide Attribute Description

attribute are not written to the database. 0x8000 If set, Address Book Server does not include objects in the AbUserEntry table that do not have this value for the specified attribute. If both the 0x4000 and 0x8000 flag bits are set on an object, the attribute with the flag bit value set to 0x4000 takes precedence, and the object is excluded from the AbUserEntry table. If set, this represents a group object. User Replicator uses this flag bit to include contacts with the groupType attribute whose presence indicates a group (for example, a distribution list or security group). If set, User Replicator uses this flag bit to include this attribute in device-specific Address Book Server files (that is, files with a .dabs extension).

0x10000

0x20000

Filtering the Address Book


The users populated in the Address Book Server files can be controlled based on certain Active Directory Domain Services (AD DS) attributes listed in the AbAttribute table. One such attribute used for filtering is the msExchangeHideFromAddressBook attribute. This is a user attribute added by the Exchange schema. If the value of this attribute is TRUE, Exchange Server uses this attribute to hide the contact from the Outlook Global Address List (GAL). Similarly, if the value of this attribute is TRUE, User Replicator does include that user in the AbUserEntry table and this user will not be in the Address Book Server files. You can use some flag bits to define a filter to use on Address Book Server attributes. For example, the presence of certain flag bits can identify an attribute as an include attribute or an exclude attribute. User Replicator filters out contacts that contain an exclude attribute and filters out contains that do not contain an include attribute. Currently, there are three different filters. The following table lists these filters.
Attribute Description

0x800

If set, this identifies a required attribute for a contact. User Replicator uses this flag bit to filter out contacts that do not contain at least one required attribute. The OuPathId is a required attribute, which is always set. So at

242

Microsoft Lync Server 2010 Administration Guide Attribute Description

least one of other required attributes should be set. Otherwise, contact (that is, with value of required attribute OuPathId) will still not be written to database. For example, if telephoneNumber and homePhone are defined as required attributes, only the contacts that have at least one of these attributes are written to the database. 0x4000 If set, this identifies an exclude attribute. User Replicator uses this flag bit to filter out contacts that contain this attribute. For example, if msRTCSIP-PrimaryUserAddress is defined as an exclude attribute, contacts that have this attribute are not written to the database. If set, this identifies an include attribute. User Replicator uses this flag bit to filter out contacts that do not contain this attribute. For example, if msRTCSIP-PrimaryUserAddress is defined as an include attribute, only the contacts that have this attribute are written to the database.

0x8000

Note: If both the 0x4000 (exclude attribute) and 0x8000 (include attribute) flag bits are set, the 0x4000 bit overrides the 0x8000 bit and the contact is excluded. Although you can filter the Address Book to include only certain users, limiting entries does not limit other users' ability to contact the filtered users or to see their presence status. Users can always find, manually send instant messages, or manually initiate calls to users not in the Address Book by entering a user's complete sign-in name. Also, contact information for a user could also be found in Outlook or the Windows Address Book. While having full contact records in the Address Book files enables you to use Lync 2010 to initiate email, telephone, or Enterprise Voice calls (that is, if Enterprise Voice is enabled on the server) with users that are not configured for Session Initiation Protocol (SIP), some organizations prefer to include only SIP-enabled users in their Address Book Server entries. You can filter the Address Book to include only SIP-enabled users by clearing the 0x800 bit in the Flags column of the following required attributes: mailNickname, telephoneNumber, homePhone, and mobile. You can also filter the Address Book to include only SIP-enabled users by setting the 0x8000 (include attribute) in the Flags column of the msRTCSIP-PrimaryUserAddress attribute. This also helps to exclude service accounts from the Address Book files. After you modify the AbAttribute table, you can refresh the data in the AbUserEntry table by running the cmdlet Update-CsUserDatabase command. After UR replication completes, you can

243

Microsoft Lync Server 2010 Administration Guide

update the file in the Address Book Server file store by manually running the cmdlet UpdateCsAddressBook command. Note: The Front End that the Address Book Server is placed is not administratively configurable. One is chosen during deployment typically the first Front End deployed. In the event of failure, the Address Book Service will move to another Front End, and requires no administrative attention. Also, there are two databases for the Address Book Service RTCab and RTCab1. The databases are updated daily, but alternate which database is updated. If the RTCab database is being updated, queries are preformed against the RTCab1 database while the update is in progress. The next day, RTCab1 is updated and queries are preformed against RTCab while the update is in progress. This ensures that at least one of the databases will be available for query and Address Book file creation. Important: If you have consolidated or otherwise modified your infrastructure from a multi-forest deployment or a parent/child deployment (such as consolidating your infrastructure before moving to Lync Server 2010), you may find that the Address Book service download and the Address Book Web Query fails for some users. When in a deployment that had multiple domains or forests, the attribute MsRTCSIP-OriginatorSid is populated on the user objects that are exhibiting the problem. The MsRTCSIP-OriginatorSid attribute must be set to NULL on these objects to resolve the problem.

Windows PowerShell Cmdlets for Address Book Services


Microsoft Lync Server 2010 introduces a number of Windows PowerShell command-line interface cmdlets to manage and configure the Address Book service. Some of these cmdlets are replacements for the ABServer.exe commands used in previous versions of Office Communications Server. In the following topics are the cmdlets that are used to set, create, and retrieve information about the Address Book service, its configuration and information about the Web services that the Address Book service uses when clients retrieve Address Book service files and settings. All of these cmdlets are issued through the Lync Server Management Shell found in the Lync Server 2010 tools on a server or workstation where the administration tools have been installed. In This Section New-CsAddressBookConfiguration for Address Book Management Set-CsAddressBookConfiguration for Address Book Management Get-CsAddressBookConfiguration for Address Book Management Remove-CsAddressBookConfiguration for Address Book Management Test-CsAddressBookService for Address Book Management Test-CsAddressBookWebQuery for Address Book Management Update-CsAddressBook for Address Book Management New-CsClientPolicy for Address Book Management

244

Microsoft Lync Server 2010 Administration Guide

Set-CsClientPolicy for Address Book Management Get-CsService for Address Book Management New-CsWebServiceConfiguration for Address Book Management Get-CsWebServiceConfiguration for Address Book Management Set-CsWebServiceConfiguration for Address Book Management Remove-CsWebServiceConfiguration for Address Book Management

Related Sections See Also http://go.microsoft.com/fwlink/?LinkId=205826 New-CsAddressBookConfiguration for Address Book Management Who can run this cmdlet: By default, members of the following groups are authorized to run the New-CsAddressBookConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole | Where-Object {$_.Cmdlets match "NewCsAddressBookConfiguration"} The New-CsAddressBookConfiguration cmdlet creates a new configuration to manage the behavior of the Address book. Specific to this cmdlet is the ability to define if the Address Book Service creates the client download files, how and if normalization rules are used, how long to retain delta and compact delta files, delta file size before incorporating a new full file creation, what time of day the full file Address Book is created, and what the internal should be for synchronization of information in the User database. For example: New-CsAddressBookConfiguration -Identity site:Redmond -KeepDuration 15 -SynchronizePollingInterval 00:10:00 For a detailed description of the full command, refer to the following in the main Lync Server Windows PowerShell RTCCmdlets reference. See Also New-CsAddressBookConfiguration Set-CsAddressBookConfiguration for Address Book Management Who can run this cmdlet: By default, members of the following groups are authorized to run the Set-CsAddressBookConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole | Where-Object {$_.Cmdlets match "SetCsAddressBookConfiguration"}

245

Microsoft Lync Server 2010 Administration Guide

Set-CsAddressBookConfiguration is similar to the New-CsAddressBookConfiguration cmdlet, except it is used to modify an existing configuration. For example: Set-CsAddressBookConfiguration -identity site:Redmond -RunTimeOfDay 23:00 For a detailed description of the full command, refer to the following in the main Lync Server Windows PowerShell RTCCmdlets reference. See Also Set-CsAddressBookConfiguration Get-CsAddressBookConfiguration for Address Book Management Who can run this cmdlet: By default, members of the following groups are authorized to run the Get-CsAddressBookConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole | Where-Object {$_.Cmdlets match "GetCsAddressBookConfiguration"} The cmdlet Get-CsAddressBookConfiguration returns information about a configuration that already exists. For example: Get-CsAddressBookConfiguration -Identity site:Redmond Combining the functionality of Get-CsAddressBookConfiguration and SetCsAddressBookConfiguration allows the administrator to define which configurations to modify and then apply the modifications. For example, this combined: Get-CsAddressBookConfiguration -Filter site:* | SetCsAddressBookConfiguration -RunTimeOfDay 23:00 Returns all configurations in all sites and applies the RunTimeOfDay of 23:00 hours to the configurations. For a detailed description of the full command, refer to the following in the main Lync Server Windows PowerShell RTCCmdlets reference. See Also Get-CsAddressBookConfiguration Remove-CsAddressBookConfiguration for Address Book Management Who can run this cmdlet: By default, members of the following groups are authorized to run the Remove-CsAddressBookConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including

246

Microsoft Lync Server 2010 Administration Guide

any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole | Where-Object {$_.Cmdlets match "RemoveCsAddressBookConfiguration"} As the name implies, Remove-CsAddressBookConfiguration will remove the configuration based on the defined Site Identity. For example: Remove-CsAddressBookConfiguration -Identity site:Redmond For a detailed description of the full command, refer to the following in the main Lync Server Windows PowerShell RTCCmdlets reference. See Also Remove-CsAddressBookConfiguration Test-CsAddressBookService for Address Book Management Who can run this cmdlet: By default, members of the following groups are authorized to run the Test-CsAddressBookService cmdlet: RTCUniversalServerAdmins. To return a list of all the rolebased access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole | Where-Object {$_.Cmdlets match "TestCsAddressBookService"} Lync Server 2010 contains a number of cmdlets that initiate synthetic commands to confirm that a specific function or feature is working properly. Test-CsAddressBookService confirms that a defined user can connect and request the local files from the Address Book Web service. For example: Test-CsAddressBookService -TargetFqdn atl-cs-001.contoso.com -UserCredential contoso\bob -UserSipAddress "sip:bob@contoso.com" For a detailed description of the full command, refer to the following in the main Lync Server Windows PowerShell RTCCmdlets reference. See Also Test-CsAddressBookService Test-CsAddressBookWebQuery for Address Book Management Who can run this cmdlet: By default, members of the following groups are authorized to run the Test-CsAddressBookWebQuery cmdlet: RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt:

247

Microsoft Lync Server 2010 Administration Guide

Get-CsAdminRole | Where-Object {$_.Cmdlets match "TestCsAddressBookService"} Similar to the Test-CsAddressBookService synthetic transaction, Test-CsAddressBookWebQuery performs a query against the Address Book Web Query to ensure that it is operating properly. The cmdlet will connect to the Web Ticket authentication and present the credentials specified in UserCredential. If authenticated, the cmdlet then present the TargetSipAddress information. The cmdlet should report success if it was able to retrieve the information about the contact. For example: Test-CsAddressBookWebQuery -TargetFqdn atl-cs-001.contoso.com -UserCredential contoso\bob -UserSipAddress "sip:bob@contoso.com" -TargetSipAddress "sip:bob@contoso.com" For a detailed description of the full command, refer to the following in the main Lync Server Windows PowerShell RTCCmdlets reference. See Also Test-CsAddressBookWebQuery Update-CsAddressBook for Address Book Management Who can run this cmdlet: By default, members of the following groups are authorized to run the Update-CsAddressBook cmdlet locally: RTCUniversalUserAdmins, RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole | Where-Object {$_.Cmdlets match "UpdateCsAddressBook"} The Update-CsAddressBook cmdlet replaces the abserver.exe syncNow command from Office Communications Server. The cmdlets purpose is to initiate a synchronization immediately rather than waiting for the scheduled time. The first example command updates all Address Books in the organization. The second updates only the Address Book associated with the defined server. For example: Update-CsAddressBook Update-CsAddressBook -Fqdn atl-abs-001.contoso.com For a detailed description of the full command, refer to the following in the main Lync Server Windows PowerShell RTCCmdlets reference. See Also Update-CsAddressBook

248

Microsoft Lync Server 2010 Administration Guide

New-CsClientPolicy for Address Book Management Who can run this cmdlet: By default, members of the following groups are authorized to run the New-CsClientPolicy cmdlet: RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole | Where-Object {$_.Cmdlets match "New-CsClientPolicy"} The cmdlet New-CsClientPolicy defines a large number of settings for provisioning clients for features that are available in Lync Server 2010. For the Address Book Service, the parameter AddressBookAvailability is of interest. This parameter, which directly impacts the options available to clients, has three possible options: WebSearchAndFileDownload WebSearchOnly FileDownloadOnly

When defined, it determines how the Address Book is accessed by clients. If you define this parameter, you must define one of the options. If you do not modify this setting, the default WebSearchAndFileDownload remains in effect. For example: New-CsClientPolicy -Identity RedmondClientPolicy -DisableCalendarPresence $True -DisablePhonePresence $True -DisplayPhoto "PhotosFromADOnly" AddressBookAvailability WebSearchOnly For a detailed description of the full command, refer to the following in the main Lync Server Windows PowerShell RTCCmdlets reference. See Also New-CsClientPolicy Set-CsClientPolicy for Address Book Management Who can run this cmdlet: By default, members of the following groups are authorized to run the Set-CsClientPolicy cmdlet locally: RTCUniversalServerAdmins. To return a list of all the rolebased access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole | Where-Object {$_.Cmdlets match "Set-CsClientPolicy"} Similar to New-CsClientPolicy, the Set-CsClientPolicy cmdlet allows you to modify client settings that are already in place. For example:

249

Microsoft Lync Server 2010 Administration Guide

Set-CsClientPolicy -Identity RedmondClientPolicy -WebServicePollInterval "00:15:00" AddressBookAvailability WebSearchAndFileDownload For a detailed description of the full command, refer to the following in the main Lync Server Windows PowerShell RTCCmdlets reference. See Also Set-CsClientPolicy Get-CsService for Address Book Management Who can run this cmdlet: By default, members of the following groups are authorized to run the Get-CsService cmdlet locally: RTCUniversalUserAdmins, RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole | Where-Object {$_.Cmdlets match "Get-CsService"} Get-CsService is valuable to retrieve and display the current configuration of your infrastructures defined Web Services. By defining the pools fully qualified domain name (FQDN) and the parameter WebServer, the cmdlet returns the web-based services offered by your server, including the Address Book handler and distribution list expansion URIs. For example: Get-CsService -PoolFqdn "fe01.contoso.net" WebServer This cmdlet returns the following: Identity FileStore UserServer PrimaryHttpPort PrimaryHttpsPort ExternalHttpPort ExternalHttpsPort PublishedPrimaryHttpPort PublishedPrimaryHttpsPort PublishedExternalHttpPort PublishedExternalHttpsPort ReachPrimaryPsomServerPort ReachExternalPsomServerPort AppSharingPortStart AppSharingPortCount : WebServer:pool01.contoso.net : FileStore:dc01.contoso.net : UserServer:pool01.contoso.net : 80 : 443 : 8080 : 4443 : 80 : 443 : 80 : 443 : 8060 : 8061

: 49152 : 16383

250

Microsoft Lync Server 2010 Administration Guide

LIServiceInternalUri ABHandlerInternalUri ABHandlerExternalUri DLExpansionInternalUri DLExpansionExternalUri

: https://internalweb.contoso.net/locationinformation/liservice.svc : https://internalweb.contoso.net/abs/handler : https://csweb.contoso.com/abs/handler : https://internalweb.contoso.net/groupexpansion/service.svc : https://csweb.contoso.com/groupexpansion/service.svc

CAHandlerInternalUri : https://internalweb.contoso.net/CertProv/CertProvisioningService.svc CAHandlerInternalAnonUri : http://internalweb.contoso.net/CertProv/CertProvisioningService.svc CollabContentInternalUri CollabContentExternalUri CAHandlerExternalUri : https://internalweb.contoso.net/CollabContent : https://csweb.contoso.com/CollabContent : https://csweb.contoso.com/CertProv/CertProvisioningService.svc

DeviceUpdateDownloadInternalUri : https://internalweb.contoso.net/RequestHandler/ucdevice.upx DeviceUpdateDownloadExternalUri : https://csweb.contoso.com/RequestHandlerExt/ucdevice.upx DeviceUpdateStoreInternalUri DeviceUpdateStoreExternalUri RgsAgentServiceInternalUri RgsAgentServiceExternalUri MeetExternalUri DialinExternalUri CscpInternalUri ReachExternalUri ReachInternalUri WebTicketExternalUri WebTicketInternalUri ExternalFqdn InternalFqdn : http://internalweb.contoso.net/RequestHandler/Files : https://csweb.contoso.com/RequestHandlerExt/Files : https://internalweb.contoso.net/RgsClients/AgentService.svc : https://csweb.contoso.com/RgsClients/AgentService.svc

: https://csweb.contoso.com/Meet : https://csweb.contoso.com/Dialin : https://internalweb.contoso.net/Cscp : https://csweb.contoso.com/Reach : https://internalweb.contoso.net/Reach : https://csweb.contoso.com/WebTicket/WebTicketService.svc : https://internalweb.contoso.net/WebTicket/WebTicketService.svc : csweb.contoso.com : internalweb.contoso.net

DependentServiceList : {Registrar:pool01.contoso.net, ConferencingServer:pool01.contoso.net} ServiceId SiteId PoolFqdn Version Role : 1-WebServices-1 : Site:Redmond : pool01.contoso.net :5 : WebServer

251

Microsoft Lync Server 2010 Administration Guide

For a detailed description of the full command, refer to the following in the main Lync Server Windows PowerShell RTCCmdlets reference. See Also Get-CsService New-CsWebServiceConfiguration for Address Book Management Who can run this cmdlet: By default, members of the following groups are authorized to run the New-CsWebServiceConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole | Where-Object {$_.Cmdlets match "NewCsWebServiceConfiguration"} The cmdlet New-CsWebServiceConfiguration defines a new configuration for Web Services in your organization. The scope for the Web Services configuration can only be at the site or service level. It cannot create a new Web Services configuration at the global level. Specifically of interest to the Address Book is the EnableGroupExansion attribute. If set to True, the Web Services can respond to requests for group expansion. For example: New-CsWebServiceConfiguration -Identity site:Redmond -EnableGroupExpansion $False -UseCertificateAuth $True For a detailed description of the full command, refer to the following in the main Lync Server Windows PowerShell RTCCmdlets reference. See Also New-CsWebServiceConfiguration Get-CsWebServiceConfiguration for Address Book Management Who can run this cmdlet: By default, members of the following groups are authorized to run the Get-CsWebServiceConfiguration cmdlet locally: RTCUniversalUserAdmins, RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole | Where-Object {$_.Cmdlets match "GetCsWebServiceConfiguration"} Get-CsWebServiceConfiguration returns information of the Web Services configuration currently in use in your organization. Of interest to the Address Book Services is the status of Distribution List Expansion function. If the attribute EnableGroupExpansion is True, your organization currently allows group expansion.

252

Microsoft Lync Server 2010 Administration Guide

For example: Get-CsWebServiceConfiguration -Identity site:Redmond For a detailed description of the full command, refer to the following in the main Lync Server Windows PowerShell RTCCmdlets reference. See Also Get-CsWebServiceConfiguration Set-CsWebServiceConfiguration for Address Book Management Who can run this cmdlet: By default, members of the following groups are authorized to run the Set-CsWebServiceConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole | Where-Object {$_.Cmdlets match "SetCsWebServiceConfiguration"} The Set-CsWebServiceConfiguration cmdlet allows the administrator to redefine an existing attribute in the configuration of the Web Services. For example: Set-CsWebServiceConfiguration -Identity site:Redmond -EnableGroupExpansion $True For a detailed description of the full command, refer to the following in the main Lync Server Windows PowerShell RTCCmdlets reference. See Also Set-CsWebServiceConfiguration Remove-CsWebServiceConfiguration for Address Book Management Who can run this cmdlet: By default, members of the following groups are authorized to run the Remove-CsWebServiceConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt: Get-CsAdminRole | Where-Object {$_.Cmdlets match "RemoveCsWebServiceConfiguration"} The Remove-CsWebServiceConfiguration cmdlet allows an administrator to remove a previously created Web Services configuration. The cmdlet cannot remove the global Web Services configuration. For example: Remove-CsWebServiceConfiguration -Identity site:Redmond

253

Microsoft Lync Server 2010 Administration Guide

For a detailed description of the full command, refer to the following in the main Lync Server Windows PowerShell RTCCmdlets reference. See Also Remove-CsWebServiceConfiguration

Prevent New Connections to Lync Server 2010 for Server Maintenance


One of the ways you can prepare your Microsoft Lync Server 2010 environment for maintenance tasks is by preventing new connections to either servers in a pool or individual Lync Server 2010 services that are running. For example, if you anticipate server restarts as part of the maintenance process and want to minimize the disruption of service to users, you can prevent new connections to the server that you plan to take offline prior to beginning maintenance. By setting the state of the Lync Server 2010 Windows service from "Started" to "Paused", active connections remain connected, while no new connections are accepted. When all existing sessions have ended, the server is ready to be taken offline.

To prevent new connections to Lync Server 2010: 1. Log on to the local computer as a member of the Administrators group. 2. Open the Services snap-in console: Click Start, point to All Programs,point to Administrative Tools, and then click Services. 3. In the list, double-click the Lync Server Windows service to which you want to prevent new connections. 4. In the Properties dialog box, under Service status: Started, click Pause. 5. Optionally, but recommended, next to Startup type, click Manual. Important: When you set a server to prevent new connections, and then restart the server, by default the server will immediately begin accepting new connections after it starts. To prevent this, set the server to only pause and resume manually, before you restart the server. 6. When you are finished, click OK. See Also Preventing New Connections to Lync Server 2010

Delegating Control of Microsoft Lync Server 2010


In Microsoft Lync Server 2010, administrative tasks are delegated to users by using the new rolebased access control (RBAC) feature. When you install Lync Server 2010, a number of RBAC roles are created for you. These roles correspond to universal security groups in Active Directory; for example, the RBAC role CsHelpDesk corresponds to the CsHelpDesk group found in the Users container in Active Directory. In addition, each RBAC role is associated with a set of Lync

254

Microsoft Lync Server 2010 Administration Guide

Server Windows PowerShell cmdlets; these cmdlets represent the tasks that can be carried out by users who have been assigned the given RBAC role. For example, the CsHelpDesk role has been assigned the Lock-CsClientPin and UnlockCsClientPin cmdlets; that means users who have been assigned the CsHelpDesk role can lock and unlock user PIN numbers. However, the CsHelpDesk role has not been assigned the New-CsVoicePolicy cmdlet. That means that users who have been assigned the CsHelpDesk role cannot create new voice policies.

Viewing Information About RBAC Roles


You can retrieve basic information about your RBAC roles by running the following command from within the Lync Server Management Shell: Get-CsAdminRole Keep in mind that the Identity of the RBAC role (for example, CsVoiceAdministrator) has a direct mapping to security group found in the Users container in Active Directory. To view a list of the cmdlets that have been assigned to a role, use a command similar to this: Get-CsAdminRole Identity "CsHelpDesk" | Select-Object ExpandProperty Cmdlets

Assigning an RBAC Role to a User


In order to assign an RBAC role to a user, you must add that user to the appropriate Active Directory security group. For example, to assign the CsLocationAdministrator role to a user, you must add that user to the CsLocationAdministrator group. That can be done by carrying out the following procedure: Assigning a User to a Security Group 1. Using an account that has permission to modify the membership of an Active Directory group, log on to a computer where Active Directory Users and Computers has been installed. 2. Click Start, click All Programs, click Administrative Tools, and then click Active Directory Users and Computers. 3. In Active Directory Users and Computers, expand the name of your domain and click the Users container. 4. Right-click the security group CsLocationAdministrator and then click Properties. 5. In the Properties dialog box, on the Members tab, click Add. 6. In the Select Users, Computers, Contacts, or Groups dialog box, type the user name or display name of the user to be added to the group (for example, Ken Myer) in the Enter the object names to select box and then click OK. 7. In the Properties dialog box, click OK. To verify that the RBAC role has been assigned, use the Get-CsAdminRoleAssignment cmdlet, passing the cmdlet the SamAccountName (Active Directory logon name) of the user. For example, run this command from within the Lync Server Management Shell: Get-CsAdminRoleAssignment -Identity "kenmyer"

255

Microsoft Lync Server 2010 Administration Guide

Configure a New Trusted Application Server


A trusted application is an application based on Microsoft Unified Communications Managed API (UCMA) 3.0 Core SDK that is trusted by Lync Server 2010. For details about UCMA applications, see Unified Communications Managed API 3.0 Core SDK Documentation at http://go.microsoft.com/fwlink/?LinkId=210320. For information about configuring Microsoft Outlook Web Access (OWA) and Lync Server, see Configure Outlook Web App and Lync Server 2010 Integration at http://go.microsoft.com/fwlink/? LinkId=210321. To successfully publish, enable, or disable a topology when adding or removing a server role, you should be logged on as a user who is a member of the RTCUniversalServerAdmins and Domain Admins groups. It is also possible to delegate the proper administrator permissions and rights for adding server roles. For details, see Delegate Setup Permissions in the Deployment documentation. For other configuration changes, only membership in the RTCUniversalServerAdmins group is required. To configure a trusted application server 1. Log on to the computer where Topology Builder is installed as a member of the Domain Admins group and the RTCUniversalServerAdmins group. 2. Start Topology Builder: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Topology Builder. 3. Select Download topology from existing deployment, and then click OK. 4. In the Save Topology As dialog box, click the Topology Builder file you want to use, and then click Save. 5. In the right pane, right-click Trusted application servers, and then click New Trusted Application Pool. 6. Enter the Pool FQDN of the trusted application pool, select whether it will be a single-server or multiple-server, and then click Next. 7. On the Select the next hop page, from the list, select the Lync Server 2010 Front End pool. 8. Click Finish. 9. Select the top node Lync Server 2010, and then, from the Actions pane, click Publish. The Trusted Application Pool should have been created successfully and associated with the correct Front End pool.

Configuring Federation Support for a Lync Online 2010 Customer


You can provide communications services to users in your organization in any of the following ways:

256

Microsoft Lync Server 2010 Administration Guide

Deploying Microsoft Lync Server 2010 in your organization (known as an on-premises services) and setting up Microsoft Lync 2010 user accounts in your organization. Setting up a Microsoft Lync Online 2010 customer account with a Hosting Provider and setting up user accounts with the Hosting Provider (known as online services). If you deploy Lync Server 2010 in your organization, you can federate with the domains of one or more Microsoft Lync Online 2010 customers. To enable federation between users of your onpremises Lync Server 2010 deployment and users of a Lync Online 2010 customer, you must configure support for the domain and users of the Lync Online customer. Note: This documentation describes only the procedures for configuring your organization to support federation with an Lync Online 2010 customer. This documentation does not describe the procedures for configuring the Lync Online 2010 customer to support federation. For details about Lync Online services, see Lync Online at http://go.microsoft.com/fwlink/?LinkId=218941.

In This Section
Prerequisites for Federating with a Lync Online Customer Configure Federation Support for a Lync Online Domain Configure User Access for Federation with a Lync Online Customer Verify Communications with a Lync Online Customer

Prerequisites for Federating with a Lync Online Customer


To federate with a Lync Online 2010 customer, you should have already completed initial deployment and configuration of Lync Server 2010 in your organization. This includes the following: Deploying at least one Standard Edition Server or one Enterprise Front End pool in your organization. For details about deploying internal servers, see Deploying Lync Server 2010 in the Deployment documentation. Enabling internal user accounts for Lync Server 2010. For details, see Enable or Disable Users for Lync Server 2010 in the Deployment documentation or the Operations documentation. Deploying at least one Edge Server and the other components required to support external user access. For details, see Managing External Connectivity in the Deployment documentation. Enabling federation support within your organization and configuring the appropriate method for controlling access by federated domains. For details, see Enable or Disable Federation for Your Organization and Manage Federated Partner Access in the Deployment documentation or Operations documentation. Enabling external user access for users in your organization. For details, see Apply External User Access Policies to Users and in the Deployment documentation or Operations documentation.

257

Microsoft Lync Server 2010 Administration Guide

Configure Federation Support for a Lync Online Domain


Federating with a Microsoft Lync Online 2010 customer requires you to complete the following steps: Configure support for the domain of the Lync Online 2010 customer (for example, contoso.onmicrosoft.com). As specified in the Prerequisites for Federating with a Lync Online Customer section of this documentation, you should have already enabled federation for your organization. Enabling federation requires specifying the method to be used to control access by federated domains. If you configured your organization to use discovery, adding the domain to your organizations allowed list is optional. If you did not enable domain discovery, then you must add the domain name of the Lync Online customer to your allowed domains list. You can add a domain name either by using Lync Server 2010 Control Panel or by running the New-CSAllowedDomain cmdlet. For details about using Lync Server 2010 Control Panel, including enabling discovery of domains, see Manage Federated Partner Access in the Operations documentation. For details about using the NewCSAllowedDomain cmdlet to add a domain, see New-CsAllowedDomain in the Operations documentation. Note: A Lync Online customer can have multiple domains. If you want to federate with more than one of the domains, you must configure support for each individual domain with which you want to support federation, and the administrator of the Lync Online customer must enable federation for each of the domains to be federated. Configure support for the hosting provider of the Lync Online 2010 customer domain with which you want to federate. Use the procedure in this section to configure support for hosting provider. Note: This step is only required for federation with a domain of a Lync Online customer, not for federation with any domain that is deployed on-premises at a federated partners location. To configure support for a hosting provider 1. From a Front End Server, Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell. 2. Run the New-CsHostingProvider cmdlet to create and configure the hosting provider. For example, run: New-CsHostingProvider -Identity LyncOnline ProxyFqdn sipfed.online.lync.com VerificationLevel UseSourceVerification -Enabled $True -EnabledSharedAddressSpace $False -HostsOCSUsers $False -IsLocal $False The preceding example sets the following parameters: Identity specifies a unique string value identifier for the hosting provider you are

258

Microsoft Lync Server 2010 Administration Guide

creating. Note that the command will fail if an existing provider has already been configured with that Identity. ProxyFQDN specifies the fully qualified domain name (FQDN) for the proxy server used by the hosting provider. This value cannot be modified. If the hosting provider changes its proxy server you will need to delete and then recreate the entry for that provider. VerificationLevel specifies how (or if) messages sent from a hosting provider are verified to ensure that they were sent from that provider. Enabled indicates whether the network connection between your domain and the hosting provider is enabled. Messages cannot be exchanged between the two organizations until this value is set to True. EnabledSharedAddressSpace indicates whether the hosting provider is being used in a shared SIP address space (split domain) scenario. HostsOCSUsers indicates whether the hosting provider is used to host Lync Server accounts. If False, the provider hosts other account types, such as Microsoft Exchange accounts. IsLocal indicates whether the proxy server used by the hosting provider is contained within your Lync Server topology. For details about use of this cmdlet, see New-CsHostingProvider in the Operations documentation.

Configure User Access for Federation with a Lync Online Customer


You must configure the user accounts of all the users in your organization to be allowed to communicate with federated partners. This configuration is applied for all federated partners, including any Microsoft Lync Online 2010 customer domains with which you support federation. For details about configuring federation support for user accounts, see Configure Policies to Control Federated User Access and Apply External User Access Policies to Users in the Operations documentation.

Verify Communications with a Lync Online Customer


To enable Microsoft Lync 2010 users in your organization to communicate with users of a Microsoft Lync Online 2010 customer, you must have completed the following steps: Met all prerequisites. This includes deploying your internal and edge servers, enabling federation support for your organization, and setting up user accounts. For details, see Prerequisites for Federating with a Lync Online Customer. Configured domain access support in your internal deployment. This includes creating a host provider entry and configuring your deployment to allow access from the Lync Online customers domain. For details, see Configure Federation Support for a Lync Online Domain.

259

Microsoft Lync Server 2010 Administration Guide

Configured your user accounts to support federation. For details, see Configure User Access for Federation with a Lync Online Customer. After you complete all of these steps and the and for the administrator of the Lync Online 2010 customer completes all configuration of their online services to support federation with your organization, verify communications by testing communications between an internal user in your organization and a user of the Lync Online customer. If communication is not successful, use Lync Server 2010 Logging Tool from your Edge Server to capture log and trace files to troubleshoot the problem. For details about using the Logging Tool, see Open Lync Server Administrative Tools in the Operations documentation. For details about the Logging Tool, see the Lync Server 2010 Logging Tool documentation on the TechNet Library at http://go.microsoft.com/fwlink/?LinkId=199265.

260

Вам также может понравиться