Federated User – Presence Unknown

15th of October, 2015 / Arran Peterson / 1 Comment

Here at Kloud we have just been busy updating our Skype for Business Public Certificate before it expired. Our SAN certificate provided by GoDaddy is used on our Edge Server and Reverse Proxy for all external communication to be encrypted with TLS or HTTPS.

After updating our certificate and restarting services to make the certificate take effect, we started to get some feedback from Kloudies (Kloud Employees) of federated contacts showing up with ‘Presence Unknown’ in their contacts list.… [Keep reading] “Federated User – Presence Unknown”

Skype for Business Online to On-Premises Migration

26th of August, 2015 / Arran Peterson / 11 Comments

Okay guys – you’ve been told “lets move everyone back from the cloud! We need Enterprise Voice for our users” This will go against most Microsoft sales materials as we should be looking towards cloud.

If you are part of an organisation that has been birthed out of Skype for Business Online (SFBO) as part of your Office 365 subscription, it would make sense that you would have never had on-premises Lync or SFB servers in your Active Directory domain.… [Keep reading] “Skype for Business Online to On-Premises Migration”

Skype for Business External Authentication

7th of May, 2015 / Arran Peterson / 13 Comments

Microsoft Lync/Skype for Business has revolutionised the way people can communicate and collaborate in the workplace. With light weight and portable form factors coming into their own, devices have enabled businesses to rethink their communication strategy. Lync not only enables users to communicate using great device form factors, but also from wherever they may be located. The sense of a roaming lync identity brings freedom to how people choose to collaborate and office spaces, desks and name tags mounted above them, seem like a necessity of the past.… [Keep reading] “Skype for Business External Authentication”

EnableSkypeUI Where Art Thou?

19th of April, 2015 / Arran Peterson / 9 Comments

Are you missing the EnableSkypeUI from Lync Management Shell in Lync Server 2013?

If you have deployed a Skype for Business (S4B) client into your Lync Server 2013 environment you may see the following error upon login:

Skype warning on Start

There are plenty of articles about how to switch the client via Office365 Powershell, Lync Management Shell or the Registry, but if you’re scratching your head on how to get the new parameter “CSClientPolicy” here are some steps that may have been missed.… [Keep reading] “EnableSkypeUI Where Art Thou?”

Hybrid Exchange Connectivity with Azure Traffic Manager

31st of March, 2015 / Arran Peterson / 3 Comments

Does your exchange hybrid architecture need to have redundancy? How about an active/passive solution using Azure Traffic Manager elimating the need for a HLB device in your DMZ.

Currently there is a few topologies for configuring Hybrid Exchange with Office 365;

Single Hybrid Server
2+ Hybrid Server behind a load balancer
2+ Hybrid Server with DNS round robin

A simple solution to make a redundant Hybrid Exchange design without using a HLB is to leverage Azure Traffic Manager to monitor and service the DNS namespace configured in on-premises Exchange and Office 365 configuration.… [Keep reading] “Hybrid Exchange Connectivity with Azure Traffic Manager”

AADSync – AD Service Account Delegated Permissions

18th of December, 2014 / Arran Peterson / 26 Comments

Note: This applies to Azure AD Connect, previously referred to as AAD Sync or DirSync.

***UPDATED (04/07/2016): Includes Exchange Hybrid Object ‘msDS-ExternalDirectoryObjectID’ for Exchange 2016 environments. Thanks Dave Young.

***UPDATED (29/10/2015): Included two lines for Password Write-back as per Chris Lehr Comment

When you configure Azure AD Sync (AADSync), you need to provide credentials of an account that is used by AADSync’s AD DS Management Agent to connect to your on-premises Active Directory. In previous versions of DirSync this was achieved via running the configuration wizard as a ‘Enterprise Admin’ and thus allowing the installer to create a service account and apply permissions to the Directory on your behalf.… [Keep reading] “AADSync – AD Service Account Delegated Permissions”

Get Azure Virtual Networks with PowerShell

11th of November, 2014 / Arran Peterson / 6 Comments

I needed to make my life easier the other day as a colleague and I worked through setting up a Azure IaaS network topology to connect to an enterprise production network. One of our clients requirements meant that whilst we created the network sites, subnets and segments we needed to report on what we had created to verify it was correct. This simple task of viewing network names and associated subnets is currently missing from the Azure cmdlets, so we have pieced together this quick bit of re-usable code.… [Keep reading] “Get Azure Virtual Networks with PowerShell”

Lync 2013 Basic Client – the forgotten client

28th of October, 2014 / Arran Peterson / No Comments

I’ve had conversations with customers lately whom are looking to use Lync Server 2013 and currently don’t want to move their desktop SOE to Office 2013 suite with Lync 2013 Client. This can be a project in itself and one that IT Admins aren’t always prepared to look at. Whether this is because of the analysis needed to roll out the suite or they still are in an agreement that only allows them to Office 2010.… [Keep reading] “Lync 2013 Basic Client – the forgotten client”

ADSync Cmdlets

23rd of October, 2014 / Arran Peterson / 1 Comment

I really enjoyed the later versions of DirSync which included a native PowerShell Module to execute sync engine tasks and show some global configuration settings. Now that we are looking at moving over to the new tool AADSync there is a new module installed but with very little reference to it available on the web at time of writing this blog. I’ve outlined the name of the cmdlets below but the ‘Get-Help’ doesn’t offer any description or examples as yet so I’ve included some in this post.… [Keep reading] “ADSync Cmdlets”

Failure Upgrading DirSync with a Remote SQL Instance

10th of July, 2014 / Arran Peterson / No Comments

I’ve just recently come across an issue when performing the upgrade procedure for the Microsoft Azure Directory Sync tool with a remote SQL database. The procedure seems simple enough at first glance and is documented here.

To break down the process it is only a few simple steps:

Install the new dirsync –

Dirsync.exe /fullsql

Click next on the upgrade wizard until complete

Run Powershell –

Import-Module DirSync

Run the following PowerShell cmdlet to update the backend database –

Install-OnlineCoexistenceTool -UseSQLServer –SqlServer <ServerName> -Upgrade -Verbose -ServiceCredential (Get-Credential)

The Issue

This particular issue will occur during the upgrade procedure on the PowerShell step Install-OnlineCoexistenceTool with the following error –

VERBOSE: Running InstallOnlineCoexistenceTool in Upgrade mode.… [Keep reading] “Failure Upgrading DirSync with a Remote SQL Instance”