Book Image

LYNC SERVER COOKBOOK

Book Image

LYNC SERVER COOKBOOK

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
LYNC SERVER COOKBOOK
Jan, 2015 | 392 pages
No titles found
Table of Contents (19 chapters)
Lync Server Cookbook
Lync Server Cookbook
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Lync 2013 Security
Lync 2013 Security
Introduction
Controlling administrative rights with RBAC and custom cmdlets
Hardening Lync Servers
Hardening Lync databases
Enhancing conferencing security
Managing certificates for the authentication of desk-phones
Deploying a secure Lync Edge
Applying ethical walls for federation security
Using Application Request Routing to configure a reverse proxy for Lync Server 2013
2
Lync 2013 Authentication
Lync 2013 Authentication
Introduction
Configuring passive authentication for Lync
Enabling two-factor authentication
Adding the app password for mobile clients
Authenticating with online services using DirSync
Managing Windows Azure Directory for Lync Online
Configuring server-to-server authentication
Troubleshooting with client authentication logging
3
Lync Dial Plans and Voice Routing
Lync Dial Plans and Voice Routing
Introduction
Introducing dial plans and voice routing
Defining dial plans
Configuring PSTN usage – voice policy
Configuring PSTN usage – Location-Based Routing
Enabling routes
Validating trunks
Configuring load balancing, failover, and least cost routing
Controlling call forwarding
4
Lync 2013 Integration with Exchange
Lync 2013 Integration with Exchange
Introduction
Configuring the Unified Messaging integration
Configuring OAuth between Lync 2013 and Exchange 2013
Configuring Lync 2013 and Exchange 2013 as partner applications
Configuring Lync 2013 to use Exchange 2013 for archiving
Configuring Lync 2013 to use the Exchange 2013 Unified Contact Store
Integrating Lync 2013 with the Exchange 2013 Outlook Web App
5
Scripts and Tools for Lync
Scripts and Tools for Lync
Introduction
Installing Lync prerequisites and more – Set-Cs2013Features
Creating a fully functional voice configuration – Lync Dialing Rule Optimizer
Switching between multiple Lync identities with a click – Profiles for Lync (P4L)
Tracing made easier – Lync 2013 Centralized Logging Tool
Identifying recurrent issues – Lync Pilot Deployment Health Analysis
Managing phone numbers – Search-LineURI and Get-UnusedNumbers
Managing Call Pickup Groups – Lync2013CallPickupManager 1.01
6
Designing a Lync Solution – The Overlooked Aspects
Designing a Lync Solution – The Overlooked Aspects
Introduction
Meeting your users' expectations
User training
Gathering the users' requirements
Weighing up around Lync virtualization
Network readiness – introduction
Defining personas for the network
Defining sites for the network
Network readiness – reviewing and analyzing results
7
Lync 2013 in a Resource Forest
Lync 2013 in a Resource Forest
Introduction
Planning a resource forest
Using Exchange Online for a Lync resource forest
Configuring FIM in a Lync resource forest
Synchronizing forests with FIM
Deploying Azure Active Directory Synchronization services (AAD Sync) in a Lync resource forest
AAD Sync synchronization services and rules
8
Managing Lync 2013 Hybrid and Lync Online
Managing Lync 2013 Hybrid and Lync Online
Introducing Lync Online
Administering with the Lync Admin Center
Using Lync Online Remote PowerShell
Using Lync Online cmdlets
Introducing Lync in a hybrid scenario
Planning and configuring a hybrid deployment
Moving users to the cloud
Moving users back on-premises
Debugging Lync Online issues
9
Lync 2013 Monitoring and Reporting
Lync 2013 Monitoring and Reporting
Introduction
Installing Lync 2013 monitoring reports
Selecting the right kind of report
Call Diagnostic Reports
Media Quality Diagnostic Reports
Call Leg Media Quality Report
Lync 2013 with System Center 2012 R2 Operations Manager
Configuring a watcher node and synthetic transactions
10
Managing Lync 2013 Backup and Restore
Managing Lync 2013 Backup and Restore
Introduction
Topology information
Configuration information
User database
Persistent Chat database
The Location Information LIS database
The Response Group Services configuration
Certificates
Backend databases
Voice dial plans, policies, and settings
File services
Don't forget the infrastructure – the greater recovery plan
11
Controlling Your Network – A Quick Drill into QoS and CAC
Controlling Your Network – A Quick Drill into QoS and CAC
Introduction
Gathering data about your network
Creating network bandwidth policies
Adding networks to the topology
Creating region links and routes
Enabling CAC
Preparing servers and clients for DSCP tagging
Controlling/limiting the port ranges for traffic
Media bypass
12
Lync 2013 Debugging
Lync 2013 Debugging
Introduction
Using Snooper to examine log files
Investigating Call Flow with Snooper Flow Chart
Reviewing Lync information with OCSLogger
Tracing from a command line with OCSTracer
Customizing CLS scenarios using CLSController
Testing our setting with Best Practices Analyzer
Capturing network traffic with Wireshark
Troubleshooting clients with the Microsoft Lync Connectivity Analyzer
Verifying a deployment with the Microsoft Remote Connectivity Analyzer
Index
Index

Controlling administrative rights with RBAC and custom cmdlets

Lync Server 2013 administration uses Role-Based Access Control (RBAC) to assign different levels of access privileges to the users, and to enable them to perform specific administrative tasks. The idea behind RBAC in Lync 2013 is that adding a user to a specific group not only defines the features and administrative tasks they are able to manage but also limits the cmdlets they are able to use in the Lync Management Shell. There are some built-in administrative roles, and we are able to add custom groups for more granular control. Another operation we are able to perform is adding authorized cmdlets to both kinds of groups, expanding the allowed tasks for a specific RBAC role.

Getting ready

In our example, we will use both of the previously mentioned customizations, creating a new customized user group, CsUserModifier, based on the default group CsViewOnlyAdministrator, and adding access to the Set-CsUser cmdlet (to modify properties for existing user accounts).

How to do it...

  1. Create the CSUserModifier user group (with the scope as universal and type as security) in Active Directory.

  2. Open the Lync Server Management Shell and launch the following cmdlet:

    New-CsAdminRole -Identity CsUserModifier -Template CsViewOnlyAdministrator

    The cmdlet will clone the permissions of the CsViewOnlyAdministrator group to the custom group.

  3. Launch the following cmdlet to verify the list of administrative tasks delegated to the new group:

    Get-CsAdminRole CSUserModifier | Select-Object –ExpandProperty cmdlets | fl

    The output will be similar to what is shown in the following screenshot:

  4. Now, we are able to use the cmdlet customization, adding the Set-CsUser cmdlet to the available tasks:

    Set-CsAdminRole -Identity CsUserModifier -Cmdlets @{add="Set-CsUser"}

  5. The same command, with an @{remove parameter, can be used to remove some administrative tasks that were previously available from a group:

    Set-CsAdminRole -Identity CsUserModifier –Cmdlets @{remove="Get-CSVoiceRoutingPolicy","Get-CSVoiceTestConfiguration"}

  6. Verification of the previously mentioned cmdlet is done using the same process we used in step 2, to verify the list of delegated tasks.

  7. The New-CSAdminRole cmdlet supports the –Cmdlets switch that we saw in step 5, so when defining a custom group role, we are able to add custom cmdlets. A command like the next one could achieve both role customization and cmdlet customization in a single step:

    New-CsAdminRole -Identity CSUserModifier -Template CsViewOnlyAdministrator -Cmdlets @{add="set-CsUser"}

There's more...

As important as it is for security, RBAC has a severe limitation because it is effective only for users that are working with Lync administrative tools from a remote workstation (http://technet.microsoft.com/en-us/library/gg425917.aspx). The controls are not enforced for users who are working locally on the Lync Server (or using a remote PowerShell session). Physical security of our servers is an important topic, and we should address it with all the available solutions (smart card access, doors, cameras, strong passwords, lights-out servers with no physical keyboard or monitor available, and so on).

Previous Section
End of Section 3
Next Section