Configure support for allowed external domains in Lync Server 2013
Topic Last Modified: 2012-10-19
If you have configured support for federated partners, you can manage which specific domains can federate with your organization. You configure one or more specific external domains as allowed federated domains. To do this, add each domain to the list of allowed domains. Even if partner discovery is enabled for your organization, do this if the domain is a federated partner that might need to communicate with more than 1,000 of your users or might need to send more than 20 messages per second. If partner discovery is not enabled for your organization, only users of external domains that you add to the allowed domains list can participate in IM and conferencing with users in your organization. If you want to restrict access for a federated domain to a specific server running the Access Edge service of the federated partner, you can specify the domain name of the server running the Access Edge service for each domain in the list of allowed domains.
This procedure describes how to configure support for specific domains, but implementing support for federated users also requires that you enable support for federated users for your organization, and configure and apply policies to control which users can collaborate with federated users. For details about enabling support for federated users, see Enable or disable remote user access in Lync Server 2013. For details about configuring policies to control federation, see Configure policies to control federated user access in Lync Server 2013.
To add an external domain to the list of allowed domains
From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment.
Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server 2013 administrative tools.
In the left navigation bar, click External User Access, and then click Federated Domains.
On the Federated Domains page, click New, and then click Allowed domain.
In New Federated Domains, do the following:
In Domain name (or FQDN), type the name of the federated partner domain.
This name must be unique and cannot already exist as an allowed domain for this server running the Access Edge service. The name cannot exceed 256 characters in length.
The search on the federated partner domain name performs a suffix match. For example, if you type contoso.com, the search will also return the domain it.contoso.com.
A federated partner domain cannot simultaneously be blocked and allowed. Lync Server 2013 prevents this from happening so that you do not have to synch up your lists.
If you want to restrict access for this federated domain to users of a specific server running the Access Edge service, in Access Edge service (FQDN), type the FQDN of the federated domain’s server running the Access Edge service.
If you want to provide additional information, in Comment, type information that you want to share with other system administrators about this configuration.
Repeat steps 4 through 6 for each federated partner domain that you want to allow.
To enable federated user access, you must also enable support for federated user access in your organization. For details, see Enable or disable remote user access in Lync Server 2013.
Additionally, you must configure and apply the policy to users that you want to be able to collaborate with federated users. For details, see Configure policies to control federated user access in Lync Server 2013.