When we plan for migration of lync servers from one domain to another few factors needs to be kept in mind and considered. In this article i have mentioned few best practices that can be followed during these kind of scenarios.
Below are some tips that can be used during the migration :
The first and the foremost thing that you will need to do is to bring up the Lync Infrastructure in the new Forest.
Meanwhile when you plan for migrating AD user accounts from the source domain you can created linked lync accounts in the resource forest. Make sure EWS ,Auto discover everything is setup correctly.
AD user accounts not residing in the target would authenticate via edge . Later after the first logon password cache entry is made. End users wouldn’t be prompted for the password,since edge server allows communication with federated companies.
Then Use DBIMPEXP in Source domain where lync 2010 is running to export their contacts to the new forest.
What is DBimpExp ?
Its an inbuilt Microsoft utility for Lync server 2010 located in C:\Program Files\Common Files\Microsoft Lync Server 2010\Support on the Lync Front End Server.
By using this utility we would be able to connect to the lync SQL DB exporting the XML files which contains (users contact lists and conference directories).
Its located in the folder C:\Program Files\Common Files\Microsoft Lync Server 2010\Support
Below is the example
dbimpexp.exe /sqlserver:”lync-sql.sip.exchangequery.com\LYNC” /hrxmlfile:”C:\test.xml”
You need to navigate to the above location to access this utility and this command is for enterprise edition server.
After you export these XML config’s you cannot import directly to Lync 2013 or SFB since the import-csuserdata will not accept this direct xml format and will accept only these datas in ZIP format.
From lync 2013 this dbimpexp.exe utility has been depreciated and replaced with the importcsuser data cmdlets. So you wouldn’t be able to find this utility in Lync2013 and SFB.
We need to Use Import-Csuserdata commandlet to import the contacts.
So after exporting the config information from lync 2010 you will need to convert these values by running the below commands
First run the below commands to convert the xml type exported file to *.zip format.
Convert-CsUserData -InputFile “C:\test.xml” -OutputFile “C:\_Install\Restore\test.zip” -TargetVersion Current
Later run the below command to import the data in the target forest containing Lync 2013 or later version.
Import-CsUserData -PoolFQDN “LyncPool.Domain.com” -FileName “C:\_Install\Restore\test.zip”
During the final cut-over date you can break the linked accounts (source account) by clearing “msRTCSIP-OriginatorSID” attribute and enabling the target account.
Basically what you need to do is move the SID from the user forest into the msRTCSIPOriginatorSId for each lync enabled user in the resource forest.
Below are the things that we need to consider for federation :
To make sure there is no issues happening with your federated partners you have to tell them to change Lync Edge access IP and FQDN to the new Forest values in their end.
But practically if you have more number of federated partners then it might take some time to make these changes on their end.
As a work around for a while you can configure the below settings and keep them for a while until your partners change the federation values to the new one.
Below is an Example :
To make sure there is no issues happening with your federated partners after migration
Basically changing from oldsip.company.com to newsip.company.com would break federation.
Go back and reissue your certificate on the Lync 2013 Edge and add oldsip.company.com entry.
This will work because Federation isn’t dependent on the name you pick in topology builder. It’s just that the SRV record goes to a server with a corresponding matching name.
For example if source domain SIP oldsip.company.com points to IP 10.0.0.1 and your target SIP is newsip.company.com on the IP 10.0.0.2.
For a temporary fix you can create oldsip.company.com and point it to 10.0.0.2 . This will be working if you have a valid certificate in place for the oldsip.company.com and that certificate present on the new target domain lync edge server.
These steps will not apply for all the migrations as each and every migration varies according to every domain setup, config, DNS setup,Trust relationship, Enterprise voice plan , SIP trunk, SIP config, PBX,etc. So according to those configuration based on your environment planning needs to be done properly .There are few tips which can be helpful during these kind of migration scenarios.
MVP – Exchange Server