How to change the Lync SIP domain to match the Email Suffix

Since most IT professionals assume that a SIP Domain is related to the AD Domain I often come across environments where the SIP Domain doesn’t match the email suffix.
Although this in itself isn’t a problem, it certainly makes the world a happier place when these do match. Especially when you are federating…

If this is a deployment that is expanding then make this change as early as possible. That way you wont have to rework DNS and certs etc
So How do you change this?

Things to remember:-
DNS may be an issue, split brain DNS is the best option as it is easly used for Auto Discovery and failover. If you don’t have split brain DNS you will need to configure logon manually (this can be done with GPO but removes some failover options)

  • Both internal and external DNS will need to be updated with the new SIP Domain details, SRV, SIP, SIPINTERNAL etc
  • Certificates will need to be updated, easily done for internal certs but a bother for public certs. You may need to have a monster SAN if you want to run multiple SIP Domain simultaneously

1. The new SIP Domain can be added with the following PowerShell command:     
New-CsSipDomain -Identity

2. Changing the SIP addresses for all the Lync users can easily be done with the following Powershell command:

get-csuser -DomainController $DomainController | Enable-csuser -Registrarpool -SipAddressType EmailAddress

3. You can change the default SIP Domain to match the new SIP Domain with the following Powershell Command:

Set-CsSipDomain –Identity –IsDefault $True

4. The old SIP Domain can be removed with:

Remove-CsSipDomain –Identity “lynconline.local”

5. One problem you may face is the AutoLogon process fails…when a user attempts to logon to Lync with the single logon process you have come to know and love from AD, Lync remembers the original SIP Sign In address and not the new address.

This sign-in data is stored in the local machines registry at:


 Once this key is deleted the next sign-in to the profile will automatically create a new key with the updated login details provided that Lync and AD have synchronized.
Suggestion – Why not create a GPO that deletes this key at user log-in like this:

ECHO Closing Office Communicator
TSKILL communicator

ECHO Removing default signin address
Reg delete HKCU\Software\Microsoft\Shared\Ucclient /f

ECHO Starting Communicator
start communicator

Another issue you may face is that the GAL and Distribution Groups still show the old SIP Domain addresses. A simple AB Server update will remedy that.

Update-CsAddressBook -verbose  (then Wait 5 minutes)

Or you could simply wait until 1:30 am when the addressbook is automatically updated.



About Paul B

My name is Paul Bloem and I am employed at Lexel Systems in New Zealand as a Principal Consultant for Unified Communications. I have been working on enterprise voice solutions for over 20 years. My first 10 years were spent working for a Telco in South Africa (Telcom SA). This is where all the groundwork happened as I was exposed to just about every aspect of telecommunication you could imagine. I develop an interest in PBX technologies and eventually became the go-to guy. Next, I had a 10 year run at Siemens South Africa, most of my time there was as a Technical Trainer. During this time VoIP hit the world stage, I had the privilege of introducing VoIP both as H.323 and later SIP across the Siemens HiPath 4000 solution stack. In 2008 I immigrated to New Zealand with my newly attained MCSE, I was ready to go where no PBX Techie had gone before. I was employed to explore OCS 2007 and that was pretty much the beginning of the end for me. I have been working on OCS and Lync ever since. My current role focuses exclusively on Lync and associated technologies.. That includes pre-sales, consulting, architecture and design, training and support. I even get to play in the development space from time to time - focus on play ;-) I was nominated as a Microsoft VTSP for Lync early in 2013 and also awarded Microsoft's MVP award for Lync in 2014.
This entry was posted in Changing SIP Domain, email suffix, Quick Reference Guide, SIP Domain. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s