SOLUTION: Migrated Jabber User Can Still Sign in to Lync

Applies to:

Lync Server 2010 Enterprise, Cisco Unified CM 10.5, Cisco Lync Migration Utilities 10.5.1.12900-2 DeleteAccount.exe 1.0.5093.30789

Problem:

You configured Partitioned Intra Domain Federation with CUCM IM&P (aka CUPS) between Lync 2010 based on the following document.

Partitioned Intradomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 10.5(1)

You used Cisco migration utility DisableAccount.exe and then DeleteAccount.exe for removing user from Lync Server. Then defined the user on Jabber (CUPS) side.

But you discovered that migrated user can still sign in to Lync with limited usage! Can not send IM message. Also other Jabber users cannot send IM to migrated user either.  Really annoying!

Cause:

Cisco DeleteAccount.exe utility cannot remove user from Lync Server Back-End SQL database properly although there is no any error in DeleteAccount.exe log. I think it does not make deletions on all necessary tables on SQL. I saw it makes deletions on some tables successfully.

Resolution:

1- Use lync Console to remove the user from Lync Server properly.
(Which removes Lync Attributes of the user including msRTCSIP-PrimaryUserAddress and deletes the user from Lync Server Back End database properly)

2-Configure the Jabber settings of the user on CUCM

3-Add msRTCSIP-PrimaryUserAddress attribute to the user object on Active Directory (by using ADSIEDIT or a script. See more information for a script)

More Information:

What is Partitioned Intra Domain Federation?

Basically you share a sip domain between Jabber and Lync. That is, some of the users are defined on CUPS with Jabber ID (JID) userL@contoso.com and other users are defined on
Lync Server with sip address userJ@contoso.com. And Jabber users and Lync Users can send instant messages to each other and see presence.

What exactly DisableAccount.exe is doing?

Deletes all Lync attributes (attributes starts with msRTC) EXCEPT msRTCSIP-PrimaryUserAddress

What exactly DeleteAccount.exe is trying to do?

Remove users from Lync Server. Means delete user data on Lync Server Back End SQL database. But actually does not work properly

Why removed Lync user still has to have msRTCSIP-PrimaryUserAddress attribute on Active Directory? We wanted to remove user from Lync?

Jabber users must have msRTCSIP-PrimaryUserAddress in AD (this is the sip address of the user) so that:

1-Lync users can search the jabber user (Lync Address book generation can add jabber user to Lync Adress Book if the Jabber user has msRTCSIP-PrimaryUserAddress)

2- Lync user can send IM to jabber user. If a user does not have sip address (means msRTCSIP-PrimaryUserAddress is empty) Lync Client cannot start conversion window and even Lync Server cannot route the message to destination. Lync server checks its database if userJ@contoso.com is not defined in Lync, if not routes the message to CUPS node defined in routing configuration.
From the document Partitioned Intradomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 10.5(1):

“If an IM and Presence Service client user was never provisioned on the Microsoft server, you must performan Active Directory update to the msRTCSIP-PrimaryUserAddress field for such users to ensure that the user is available for the Microsoft server searches.”

Here I think “Microsoft server search” means Lync Client Address Book Search!

A helpful Script for adding sip addresses:

save it as filename.ps1 and run it inside the Active Directory Power Shell. Reads the usernames form DeletedLyncUsers.txt, reads email addresses from AD and adds it to msRTCSIP- PrimaryUserAddress attribute.

 
$UserIDs=Get-Content DeletedLyncUsers.txt
$UserIDs| ForEach-Object -process {

$_|out-file -append c:\ProcessedDeletedLyncUsers.txt

‘User Name: ‘+$_

$UserObject=Get-ADUser -Identity $_ -Server DC1.internal.contoso.com -Properties mail | select-object mail
’email: ‘+$UserObject.mail
$SIPAdress=’sip:’+ $UserObject.mail
‘SIP Adress: ‘+ $SIPAdress
Set-ADUser -Server DC1.internal.contoso.com -Identity $_ -add @{‘msRTCSIP-PrimaryUserAddress’=$SIPAdress}

}

Format and content Of DeletedLyncUsers.txt file (list of User names)
DenizA
KemalB

Advertisements
Gallery | This entry was posted in Cisco Cups & Jabber, Lync 2010 and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s