Layer7 Identity Management

Expand all | Collapse all

Skype for Business (Lync) - Cannot add Active Directory Front-end Pool attribute

  • 1.  Skype for Business (Lync) - Cannot add Active Directory Front-end Pool attribute

    Posted 04-24-2018 11:11 AM

    Pre-requisites are met: We have a working AD endpoint with exchange functionality we are able to provision exchange mailbox We need to know how to Enable Skype for Business as an Active Directory Services Connector Endpoint we followed this doc: https://docops.ca.com/ca-identity-manager-and-governance-connectors/1-0/EN/connectors/microsoft-connectors/microsoft-active-directory-microsoft-exchange-and-microsoft-lync/how-to-connect-to-skype-for-business-server-lync according to documentation we have to log to Identity Manager's User Console, edit Active Directory Endpoint and add the Front-end pool in the Skype for Business tab but When We do a Search for an Active Directory Front-end Pool we get "no results"



  • 2.  Re: Skype for Business (Lync) - Cannot add Active Directory Front-end Pool attribute

    Posted 04-26-2018 08:57 AM

    When you acquire the AD endpoint there is a subtree search performed against the "CN=Pools,CN=RTC Service,CN=Services,CN=Configuration,DC=***,DC=yyy" for that AD domain with a filter of "(&objectClass=msRTCSIP-Pool)(msRTCSIP-PoolVersion>=327680))" to retrieve the dnsHostName attribute value. If this search is successful those values would be stored within the Provisioning Repository in the CA IM AD endpoint's eTADSlyncAvailableSIPPool attribute and this would have triggered the IDM UI to display the "Skype for Business Server" tab which would have display this value as the "Front-end pool". 

     

    What you would want to do as a first step would be to enable logging for the acquired AD endpoint for all message severity to a text file destination and review what the log captures for that search. You could also try using an ldapbrowser to directly search the AD domain controller itself using the same credentials used to acquire the AD endpoint to determine if there is a permissions/ACL restriction in viewing those objects.

     

    If further assistance is needed I recommend opening a support case.