I do not like Green-

Eggs-and-Ham.com. So I'll

Block federation.

 

Commentary

 

Can't we all just get along? Well, to be perfectly honest, you're asking the wrong people here: we're just a couple of lowly haiku writers. When it comes to getting along with others, all we know for sure is this: in Microsoft Lync Server 2010, just because you set up federation with some organizations doesn't mean that you have to set up federation with all organizations. Instead, Lync Server gives you the option of specifically identifying organizations with which your users can and cannot exchange instant messages and presence information. Is it OK for users to exchange instant messages with Domain A? That's fine; just put Domain A on the list of allowed domains. And if it's not OK for users to exchange instant messages with Domain B? Then put Domain B on the blocked list. In that case, Lync Server will automatically reject any messages sent to or from Domain B.

 

Blocked domain trivia. Yes, originally we did intend to license Santa Claus' Naughty or Nice List for use in Lync Server. After negotiations broke down, however, we independently created the Allowed Domains and Blocked Domains lists.

 

As you might have guessed, Lync Server includes a whole set of cmdlets designed for managing the Blocked Domain list: Get-CsBlockedDomain; New-CsBlockedDomain; Remove-CsBlockedDomain; and Set-CsBlockedDomain. For example, would you prefer that your users not exchange instant messages with fabrikam.com? That's fine; this command will put an end to those instant messaging sessions:

 

New-CsBlockedDomain -Identity "fabrikam.com"

 

And what happens if you later change your mind? Well, in that case all you have to do is remove fabrikam.com from the Blocked Domains list:

 

Remove-CsBlockedDomain -Identity "fabrikam.com"

 

We'd show you the really tricky, really complicated parts except for one thing: there aren't any tricky and complicated parts. Managing allowed domains and blocked domains is pretty darn easy.

 

There is, however, one thing to watch out for: you can't simultaneously have the same domain on the allowed list and on the blocked list. (Which makes sense: if it was both an allowed domain and a blocked domain how would Lync Server know whether to allow or block an instant message sent from that domain?) That's not a big deal; it's just something to keep in mind. For example, suppose fabrikam.com is on the Allowed Domains list and you now want to add it to the Blocked Domains list. If you just try to add fabrikam.com to the blocked list you'll get an error message like this:

 

There is a duplicate key sequence 'FABRIKAM.COM' for the 'urn:schema:Microsoft.Rtc.Management.Settings.Edge.2008:FederatedDomainName' key or unique identity constraint.

 

That's just our clever way of saying that fabrikam.com can’t be added to the blocked list because it's currently on the allowed list. To move fabrikam.com to the blocked list you'll need to first remove it from the allowed list:

 

Remove-CsAllowedDomain –Identity "fabrikam.com"

New-CsBlockedDomain –Identity "fabrikam.com"

 

And you know, you're right: that error message is better than any of the haikus we've managed to come up with so far, isn't it? We'll have to see what we can do about that.

 

References

 

Get-CsBlockedDomain

New-CsBlockedDomain

Remove-CsBlockedDomain

Set-CsBlockedDomain