Want to join Lync MVPs and speakers at an exclusive Pub Trivia Night tomorrow? Tweet a photo from a Lync session using the hashtag #LyncTEE for your.

Slides:



Advertisements
Similar presentations
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Advertisements

Agenda AD to Windows Azure AD Sync Options Federation Architecture
 This session details common scenarios for deploying Office 365 services. Office 365 provides a breadth of capability, but often there is a key scenario.
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
Name | Title | Microsoft Corporation
Copyright© 2012 Microsoft CorporationNDA Disclosure Only Discloses Lync Server 2013 and Lync Online Preview Dates and capabilities are subject to change.
Want to join Lync MVPs and speakers at an exclusive Pub Trivia Night tomorrow? Tweet a photo from a Lync session using the hashtag #LyncTEE for your chance.
Want to join Lync MVPs and speakers at an exclusive Pub Trivia Night tonight? Tweet a photo from a Lync session using the hashtag #LyncTEE for your.
Identity management integration options for Office 365
A Deep Dive into Skype for Business Mobility
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
Want to join Lync MVPs and speakers at an exclusive Pub Trivia Night tonight? Tweet a photo from a Lync session using the hashtag #LyncTEE for your.
Business Productivity Online Suite Enterprise class software delivered via subscription services hosted by Microsoft and sold with partners.
Active Directory Integration with Microsoft Office 365
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
IMAP migration Cutover migration Staged migration 2010 Hybrid2013 Hybrid Exchange 5.5 Exchange 2000 Exchange 2003 Exchange 2007 Exchange 2010 Exchange.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Configuring Hybrid Exchange the Easy Way
What features are required? FeatureLync ServerLync Online Rich presence Peer-to-Peer Audio/Video Calling Click to Communicate—Office integration.
TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
On-Premises Cloud On-PremisesHybridCloud.
Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
SIM309. Connection Analysis (IP-based edge blocks) Reputation Analysis Connection Filtering Protect businesses from receiving –borne viruses.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
5 | Microsoft Confidential 6 | Microsoft Confidential.
MIGRATING FROM MICROSOFT EXCHANGE SERVER AND OTHER MAIL SYSTEMS Appendix B.
Single Sign-On with Microsoft Azure
Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Office 365 deployment choices Cutover, Staged, Hybrid What is AD FS (Active Directory Federation Services) Attribute Stores, ADFS Configuration Database.
Lync Server Private cloud / dedicated Lync Server Single domain & directory Users split – server / online Lync Hybrid Office 365 Lync Online Hosted.
XTRABANNER Deployment Scenarios 12-MAR Scenario 1: On Premise Exchange - Before On Premise Network Internet Active Directory Exchange
DMI202 Experience Value Early New Cloud Experience Real World Benefits Broad Production Use Full Feature Value Meet your needs Deploy Enhance Pilot.
Implementing Microsoft Exchange Online with Microsoft Office 365
Vakhtang Assatrian Asia Communications TSP Lead, Microsoft Architecture options for implementing Skype for Business PRD32 7.
Microsoft ® Forefront ™ Identity Manager 2010 Infrastructure Planning and Design Published: June 2010.
With ADFS and Azure Active Directory
DNS DNS changes required to validate domains in Office 365 UPN – User Principal Name Every user must have a UPN UPN suffixes must match a validated.
Exchange Hybrid: Deployment, best practices, and what’s new
Identities and Azure AD Premium
Integrated System Enterprise voice Audio, video & web conferencing Mobile Persistent chat Reduced maintenance Single system Scalable Flexible Small.
BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Quarterly Customer Meeting Office 365 License Activation and Office 365 Cloud Services Assessment Status April 2014.
Appendix B Advanced Topics in Exchange Server 2010.
 Step 2 Deployment Overview  What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Understanding.
 What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Demo.
1. Background information about this document Purpose: Give hosters an overview of the deployment options Give hosters the list of features customers.
Deployment on your terms Hybrid Exchange deployment on your terms On-premises.
Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.
Office 365 Migration Challenges Drew St. John 2016 Redmond Summit | Identity Without Boundaries May 24, 2016 Consultant
Jhong Catane Exchange Hybrid Deployment PRD34 2.
Microsoft - Managing Office 365 Identities and Requirements
Directory Synchronization in Office 365
Microsoft Online Services Partner Deployment Training for Office 365
Leverage your on-premise investments with cloud innovation
05 | AD to Windows Azure AD IT Professionals
Migrating to Office 365 from Google mail and exchange
06 | Planning Exchange Online and Configuring DNS Records
SharePoint Online Hybrid – Configure Outbound Search
M7: New Features for Office 365 Identity Management
Office 365 Identity Management
Office 365 Identity Management
Surviving identity management in a hybrid world
M6: Advanced Identity Management topics for Office 365
Office 365 Identity Management
10 | Implementing Directory Synchronization
Presentation transcript:

Want to join Lync MVPs and speakers at an exclusive Pub Trivia Night tomorrow? Tweet a photo from a Lync session using the hashtag #LyncTEE for your chance to attend! Two entries are randomly selected each day. Test your Lync knowledge with questions created by MVPs. Free food and drinks! Great prizes! *See official rules online. Lync MVP Pub Trivia Night – Invitation Only TechEd Europe #LyncTEE If you don’t score an invite, you can compete on Twitter tomorrow at 7pm for your chance to win a Surface Pro 3!

Motivation: Why Multi-Forest? Partners Partners are eager to offer fully functional managed Lync services All Workloads Want both Exchange and Lync online with all the features Cloud First Customers committing to the cloud 1.Exclusively cloud 2.Hybrid

Hybrid On-Premises and Cloud ❶ Lync and Exchange in different environments Partner Hosted Private Cloud Customer Premises (user Forest) MPLS Internet

Hybrid On-Premises and Cloud ❷ Some Lync users on Premises, some Lync users online Partner Hosted Private Cloud Customer Premises (user Forest) PSTN MPLS Internet

The Multi-Forest Architecture For customers who want their online users to benefit from Enterprise Voice Partner Hosted Private Cloud Customer Premises PSTN MPLS Internet User Forest

Key Components Partner Hosted Private Cloud Customer Premises PSTN MPLS Internet User Forest Lync Services Lync edge CA Domain Controller Dirsync Services Certificate Authority Domain Controller Exchange Edge Exchange Server Directory Services Deploying Lync in a Multi-Forest Architecture (Partner Hosted Lync with Exchange Hybrid) ❶ Exchange entirely Online ❷ Exchange is hybrid

Deployment in Three Steps 1.Build Trust 2.Replicate user information 3.Enable Exchange support for UM

Step 1: Build Trust Exchange Online (Office 365) Customer Premises MPLS Internet PSTN Certificate Authority Domain Controller Exchange Edge Lync Services Lync edge CA Directory Services Exchange Server Domain Controller Forest Trust (Passthru) Federated Trust (token-based) Partner Hosted Private Cloud Two types of trust relationship are required; an AD forest trust for Lync and a federation trust for Exchange Online. In both cases, enabled user accounts reside in the Customer user forest and the Exchange Online resource forest; while disabled user accounts reside in the Lync resource forest. DirSync Services

Step 2: Replicate User Information Exchange Online (Office 365) Customer Premises MPLS Internet PSTN Certificate Authority Domain Controlle r Exchange Edge Lync Services Lync edge CA Directory Services Exchange Server Domain Controller Partner Hosted Private Cloud FIM, or an application with similar functionality is used for Active Directory synchronization between the Customer user forest and the Lync resource forest O365 DirSync is used for Active Directory synchronization between the Customer user forest and the Exchange Online resource forest FIM (Forefront Identity Manager) or 3 rd -Party solution DirSync AADsync Blog: Dirsync Services

Step 3: Provision Mailbox Accounts for Exchange Online Set-CsAccessEdgeConfiguration -UseDnsSrvRouting - AllowFederatedUsers 1 -EnablePartnerDiscovery 0 New-CsHostingProvider -Identity UMOnline -Enabled $True -EnabledSharedAddressSpace $True -HostsOCSUsers $False -ProxyFQDN “xxxxx.um.outlook.com" -IsLocal $False - VerificationLevel UseSourceVerification Set-CsHostedVoic Policy -Destination xxxxx.um.outlook.com -Organization “xxxxx.com" 1.User Forest: Create enabled user accounts in the Exchange Online resource forest 2.Lync Resource Forest: Configure the Exchange enabled user accounts 3.Create an Exchange Mailbox 4.Synchronize Exchange Online resource forest enabled user account with the corresponding enabled user account in the Customer user forest 5.Enable Lync EUM routing 6.Confirm Attribute Mapping (Customer user forest to Exchange Online resource forest) 7.Confirm Attribute Mapping required for Exchange Rich Coexistence (Customer user forest) The provisioning process for a new user must trigger a series of tasks that create corresponding disabled user accounts in the Lync resource forest and enabled user accounts in the Exchange Online resource forest, enables them for some or all of the Lync features, creates Exchange mailboxes, pushes UM settings to the Lync disabled user account and sets the appropriate UM server values based on the UM dial plan they have Enable for UM support

Extract from Published Guidance Two three-forest architectures described Lync Server Dedicated with Exchange Online (Multi-tenant)Lync Server Dedicated with Exchange Hybrid (on- prem and Exchange Online Multi-tenant)

Implementation Details Step 1: Changes to Global DNS 1.Create/Modify internal DNS Records 2.Create/Modify External DNS Records Step 2: Configure customer User Forest 1.Update Root CA (Certificate Authority) 2.Configure the Customer user forest for SSO (single sign on) with Exchange Online 3.Establish Directory Synchronization with the Lync Resource Forest Active Directory 4.Automate Lync Identity Management Process 5.Establish Directory Synchronization with the Exchange Online Resource forest Active Directory 6.Automate Exchange Identity Management Process 7.Order Certificates for Lync and Exchange 8.Configure DNS to locate services in the Lync and Exchange Online resource forests Step 3: Configure Lync Resource Forest 1.Establish Trust 2.Update Root CA 3.Configure DNS to locate Services in the customer user forest and exchange online resource forest 4.Prepare the lync resource forest Active Directory for Lync 5.Install and Configure Lync Server Using Microsoft Best Practices 6.Install and Configure PSTN Connectivity 7.Configure the Lync Resource Forest for Exchange Online UM Step 4: Configure Exchange Online Resource Forest 1.Choose your domain and set up user accounts 2.Set up 3.Set up your team site and documents 4.Set up mobile access 5.Set up online communication tools 6.Get everybody ready 7.Meet compliance requirements Step 1: Create New AD Accounts 1.Create New AD user accounts from an authoritative source 2.Add attributes manually 3.Add Exchange Online URL to IE Trusted Sites list 4.Wait for AD replication to complete before moving to the next step Step 2: Provision Accounts for Lync 1.Create disabled user accounts in the Lync resource forest from the customer user forest 2.Enable the Lync disabled user accounts from the Lync resource forest 3.Configure disabled user accounts for Exchange Online UM 4.Enable the disabled user accounts to receive UM messages 5.Synchronize Lync resource forest disabled user account with Customer user forest account 6.Optional: Enable OWA for IM integration 7.Confirm Attribute Mapping (Customer user forest to Lync resource forest) Step 3: Provision Mailbox Accounts for Exchange Online 1.User Forest: Create enabled user accounts in the Exchange Online resource forest 2.Lync Resource Forest: Configure the Exchange enabled user accounts 3.Create an Exchange Mailbox 4.Synchronize Exchange Online resource forest enabled user account with the corresponding enabled user account in the Customer user forest 5.Enable Lync EUM routing 6.Confirm Attribute Mapping (Customer user forest to Exchange Online resource forest) 7.Confirm Attribute Mapping required for Exchange Rich Coexistence (Customer user forest) Ongoing ID Mgt.

Resources Design Guide Deploying Lync in a Multi-Forest Architecture (Partner Hosted Lync with Exchange Hybrid) Rick Varvel, Mohamad Saleem and Dave Howe AADsync Blog: Azure Active Directory Synchronization Services or AAD Sync is the new synchronization service that will allow customers to do the following: Synchronize multi-forest Active Directory environments without needing the full blow features of Forefront Identity Manager 2010 R2. Advanced provisioning, mapping and filtering rules for objects and attributes, including support for syncing a very minimal set of user attributes (only 7!) Configuring multiple on-premises Exchange organizations to map to a single AAD tenant Building upon MIIS, ILM, and FIM, the Azure Active Directory Sync Services provides the next platform for connecting to data sources, synchronizing data between data sources, as well as the provisioning and deprovisioning of identities.

Lync Server with Exchange Online (Multi- tenant) Lync Server with Exchange Hybrid (Online Multitenant with on-premises)

Partner Hosted Private Cloud Customer Premises PSTN MPLS Internet User Forest Teched-Contoso.com Fabrikam.com Contoso.com

Record TypeNamePoints To … Aautodiscover.contoso.com IP of Reverse Proxy Server or CAS Array VIP in the Exchange resource forest Perimeter Network Aowa.contoso.com IP of Reverse Proxy Server or CAS Array VIP in the Exchange resource forest Perimeter Network Amail.contoso.com IP of Reverse Proxy Server or CAS Array VIP in the Exchange resource forest Perimeter Network MXmail.contoso.com IP of Exchange Edge server (SMTP transport) in the Exchange resource forest Perimeter Network SRV_autodiscover._tcp.contoso.com mail.contoso.com A record which in turn, points to the IP of Reverse Proxy Server or CAS Array VIP in the Exchange resource forest Perimeter Network

Record TypeNamePoints To … Asip.contoso.com IP of Access Edge Server / VIP in Lync resource forest Perimeter Network Ameet.contoso.com IP of Reverse Proxy Server / VIP in Lync resource forest Perimeter Network Aautodiscover.contoso.com IP of Reverse Proxy Server / VIP in Lync resource forest Perimeter Network Alyncdiscover.contoso.com IP of Reverse Proxy Server / VIP in Lync resource forest Perimeter Network SRV_sip._tls.contoso.com (5061) sip.contoso.com A record, which in turn, points to the IP of Access Edge Server / VIP in Lync resource forest Perimeter Network SRV_sipfederationtls._tcp.contoso.com sip.contoso.com A record, which in turn, points to the IP of Access Edge Server / VIP in Lync resource forest Perimeter Network

CnlyncUser1 ObjectSIDSIDlyncUser1Not used msRTCSIP-OriginatorSIDNot usedSIDlyncUser1 telephoneNumber displayNamelyncUser1 givenNamelyncUser1 l (city)Redmond st (state)WA CountryU.S.A

Mail This value originates from the disabled user account in the Exchange Online resource forest and must be populated manually or through DirSync For example: proxyAddresses context=TESTDP01.contoso.com eum:51212;phone-context=TESTDP01.contoso.com SIP proxy address For example: context=TESTDP01.contoso.com eum:51212;phone-context=TESTDP01.contoso.com msExchUCVoic Settings ExchangeHostedVoic =1 This value is only set for Lync users that have Online mailboxes LyncHostedVoic =1 (Enabled by Lync) LyncHostedVoic =0 (Disabled by Lync) ExchangeHostedVoic =1 (Enabled by Exchange) ExchangeHostedVoic =0 (Disabled by Exchange)

User Forest Contoso.com Domain Controller Exchange 2013 Server ADFS Server DirSync Server Domain Controller Lync Reverse Proxy Lync Edge ServerLync SE Pool Server User Forest Con-DC.Contoso.com Con-Ex.Contoso.com Con-Dirsync-ADFS.Contoso.com Con-FIM.Contoso.com TMG.Contoso.com Lync Hosted Forest Fab-DC.Fabrikam.com Fab-Lync.Fabrikam.com Fab-Edge.Fabrikam.com O365 TechEDContoso.onmicrosoft.com TechED-Contoso.com (Vanity Domain)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.