Lync Server Admin Guide: Managing External Connectivity
This article is part of the Microsoft Lync Server 2010 Administration Guide: PowerShell Supplement.
Enable or Disable External User Access for Your Organization
Enable or Disable Remote User Access for Your Organization
- To enable or disable remote user access for your organization
To enable remote user access, use the Set-CsAccessEdgeConfiguration cmdlet to set the AllowOutsideUsers property to True:
Set-CsAccessEdgeConfiguration –Identity global –AllowOutsideUsers $True
To disable remote user access, set the AllowOutsideUsers property to False:
Set-CsAccessEdgeConfiguration –Identity global –AllowOutsideUsers $False
Enable or Disable Federation for Your Organization
- To enable or disable federated user access for your organization
To enable federated user access, use the Set-CsAccessEdgeConfiguration cmdlet to set the AllowFederatedUsers property to True:
Set-CsAccessEdgeConfiguration –Identity global –AllowFederatedUsers $True
To disable federated user access, set the AllowFederatedUsers property to False:
Set-CsAccessEdgeConfiguration –Identity global –AllowFederatedUsers $False
Enable or Disable Anonymous User Access for Your Organization
- To enable or disable anonymous user access for your organization
To enable anonymous user access, use the Set-CsAccessEdgeConfiguration cmdlet to set the AllowAnonymousUsers property to True:
Set-CsAccessEdgeConfiguration –Identity global –AllowAnonymousUsers $True
To disable anonymous user access, set the AllowAnonymousUsers property to False:
Set-CsAccessEdgeConfiguration –Identity global –AllowAnonymousUsers $False
For more information
Manage Communications with External Users
Manage Remote User Access
- To configure an external access policy to support remote user access
To create an external user access policy that allows access by remote users, use the New-CsExternalAccessPolicy cmdlet and set the EnableOutsideAccess property to True:
New-CsExternalAccessPolicy –Identity "RedmondExternalAccess" –EnableOutsideAccess $True
Manage Federated Partner Access
Configure Policies to Control Federated User Access
- To configure a policy to support access by users of federated domains
To create an external user access policy that allows access by federated users, use the New-CsExternalAccessPolicy cmdlet and set the EnableFederationAccess property to True:
New-CsExternalAccessPolicy –Identity "RedmondExternalAccess" –EnableFederationAccess $True
Enable or Disable Discovery of Federation Partners
- To enable or disable automatic discovery of federated domains for your organization
To enable automatic discovery of federated domains, use the Set-CsAccessEdgeConfiguration cmdlet and the UseDnsSrvRouting parameter, and set EnablePartnerDiscovery to True:
Set-CsAccessEdgeConfiguration -UseDnsSrvRouting -EnablePartnerDiscovery $True
To disable automatic routing, use the UseDefaultRouting parameter, and set DefaultRouteFqdn to the fully qualified domain name of the Edge Server used for federation requests:
Set-CsAccessEdgeConfiguration -UseDefaultRouting -DefaultRouteFqdn "atl-edge-001.litwareinc.com"
Control Access by Individual Federated Domains
- To add an external domain to the list of allowed domains
To add a domain to the list of domains your users are allowed to communicate with, use the New-CsAllowedDomain cmdlet followed by the fully qualified domain name of the allowed domain:
New-CsAllowedDomain -Identity "fabrikam.com"
- To add an external domain to the list of blocked domains
To add a domain to the list of domains your users are not allowed to communicate with, use the New-CsBlockedDomain cmdlet followed by the fully qualified domain name of the "outlawed" domain:
New-CsBlockedDomain -Identity "contoso.com"
Enable or Disable Sending an Archiving Disclaimer to Federated Partners
- To enable or disable sending an archiving disclaimer to federated partners
To display an archiving disclaimer to federated partners at the beginning of an instant messaging session, use the Set-CsAccessEdgeConfiguration cmdlet and set the EnableArchivingDisclaimer property to True:
Set-CsAccessEdgeConfiguration –Identity global -EnableArchivingDisclaimer $True
To prevent the display of the archiving disclaimer, set the EnableArchivingDisclaimer property to False:
Set-CsAccessEdgeConfiguration –Identity global -EnableArchivingDisclaimer $False
For more information
- Haiku $107: The CsExternalAccessPolicy Cmdlets
- Haiku # 83: The CsAccessEdgeConfiguration Cmdlets
- Haiku #3: The CsBlockedDomain Cmdlets
- The Edit External Access Policy Dialog
- The Access Edge Configuration Dialog
- The New Federated Domains Dialog (Allowed Domains)
- The New Federated Domains Dialog (Blocked Domains)
Manage IM Provider Support
Configure Policies to Control Access by Users of IM Service Providers
- To configure an external access policy to support public user access
To enable users to communicate with a public provider such as MSN or AOL, use the Set-CsExternalAccessPolicy cmdlet to set the EnablePublicCloudAccess property of the appropriate external access policy to True:
New-CsExternalAccessPolicy -Identity site:Redmond -EnablePublicCloudAccess $True
Specify Supported IM Service Providers
- To configure support for an IM service provider
To enable users to communicate with a new public provider, use the New-CsPublicProvider cmdlet to add the new organization to the list of approved providers:
New-CsPublicProvider -Identity "Fabrikam" -ProxyFqdn "proxyserver.fabrikam.com" -Enabled $True -VerificationLevel "AlwaysUnverifiable"
Configure Conferencing Policies to Support Anonymous Users
- To configure policies to allow anonymous participation in meetings
To allow users to host meetings that include anonymous users, use the Set-CsConferencingPolicy cmdlet to set the AllowAnonymousParticipantsInMeetings property of the appropriate conferencing policy to True:
Set-CsConferencingPolicy –Identity global -AllowAnonymousParticipantsInMeetings $True
For more information
- Haiku #107: The CsExternalAccessPolicy Cmdlets
- Haiku #128: The CsPublicProvider Cmdlets
- No Conferencing Policy is an Island
- The Edit External Access Policy Dialog
- The Edit Provider Dialog
- The Edit Conferencing Policy Dialog
Apply Policies for External User Access to Users
Apply External User Access Policies to Users
- To apply an external user policy to a user account
To assign a per-user external access policy to a user, use the Grant-CsExternalAccessPolicy cmdlet.
Grant-CsExternalAccessPolicy –Identity "Ken Myer" –PolicyName "RedmondExternalAccess"
To unassign a per-user policy, use Grant-CsExternalUserAccess and set the PolicyName to a null value:
Grant-CsExternalAccessPolicy –Identity "Ken Myer" –PolicyName $null
Apply Conferencing Policies to Support Anonymous Users
- To configure a user policy for anonymous participation in meetings
To allow users to host meetings that include anonymous participants, use the Set-CsConferencingPolicy cmdlet and set AllowAnonymousParticipantsInMeetings to True:
Set-CsConferencingPolicy –Identity site:Redmond -AllowAnonymousParticipantsInMeetings $True
To prevent users from hosting meetings that include anonymous participants, set AllowAnonymousParticipantsInMeetings to False:
Set-CsConferencingPolicy –Identity site:Redmond -AllowAnonymousParticipantsInMeetings $False
Reset or Delete External User Access Policies
Delete a Site or User Policy for External User Access
- To delete a site or user policy for external user access
To delete a per-site external access policy, use the Remove-CsExternalAccessPolicy cmdlet followed by the policy Identity:
Remove-CsExternalAccessPolicy –Identity site:Redmond
You can also use this command to remove all the per-site policies:
Get-CsExternalAccessPolicy –Filter "site:*" | Remove-CsExternalAccessPolicy
To delete a per-user policy, use the Remove-CsExternalAccessPolicy cmdlet followed by the policy Identity:
Remove-CsExternalAccessPolicy –Identity "RedmondExternalAccessPolicy"
This command removes all the per-user policies:
Get-CsExternalAccessPolicy –Filter "tag:*" | Remove-CsExternalAccessPolicy
Reset the Global Policy for External User Access
- To reset the global policy to the default settings
To reset all the properties in the global external user access policy to their default values, use the Remove-CsExternalAccessPolicy cmdlet:
Remove-CsExternalAccessPolicy –Identity global
Note that this command will not remove the global policy. However, all the properties in that policy will be reset to their default values.
For more information