Since most IT professionals assume that a SIP Domain is related to the AD Domain I often come across environments where the SIP Domain doesn’t match the email suffix.
Although this in itself isn’t a problem, it certainly makes the world a happier place when these do match. Especially when you are federating…
If this is a deployment that is expanding then make this change as early as possible. That way you wont have to rework DNS and certs etc
So How do you change this?
Things to remember:-
DNS may be an issue, split brain DNS is the best option as it is easly used for Auto Discovery and failover. If you don’t have split brain DNS you will need to configure logon manually (this can be done with GPO but removes some failover options)
- Both internal and external DNS will need to be updated with the new SIP Domain details, SRV, SIP, SIPINTERNAL etc
- Certificates will need to be updated, easily done for internal certs but a bother for public certs. You may need to have a monster SAN if you want to run multiple SIP Domain simultaneously
1. The new SIP Domain can be added with the following PowerShell command:
New-CsSipDomain -Identity lynconline.co.nz
2. Changing the SIP addresses for all the Lync users can easily be done with the following Powershell command:
get-csuser -DomainController $DomainController | Enable-csuser -Registrarpool -SipAddressType EmailAddress
3. You can change the default SIP Domain to match the new SIP Domain with the following Powershell Command:
Set-CsSipDomain –Identity lynconline.co.nz –IsDefault $True
4. The old SIP Domain can be removed with:
5. One problem you may face is the AutoLogon process fails…when a user attempts to logon to Lync with the single logon process you have come to know and love from AD, Lync remembers the original SIP Sign In address and not the new address.
This sign-in data is stored in the local machines registry at:
Once this key is deleted the next sign-in to the profile will automatically create a new key with the updated login details provided that Lync and AD have synchronized.
Suggestion – Why not create a GPO that deletes this key at user log-in like this:
ECHO Closing Office Communicator
ECHO Removing default signin address
Reg delete HKCU\Software\Microsoft\Shared\Ucclient /f
ECHO Starting Communicator
Another issue you may face is that the GAL and Distribution Groups still show the old SIP Domain addresses. A simple AB Server update will remedy that.
Update-CsAddressBook -verbose (then Wait 5 minutes)
Or you could simply wait until 1:30 am when the addressbook is automatically updated.