Part 2: Deploying Lync Server 2010 in a Resource Forest Topology
Topic Last Modified: 2011-08-18
The topics in this section explain how to configure Lync Server 2010 in a resource forest topology. In a resource forest topology, a single resource forest contains all servers running Lync Server and disabled user accounts for each logon-enabled account in a user forest.
If Lync Server and Microsoft Exchange Server are deployed in one Active Directory forest while all logon-enabled user accounts are located in a separate Active Directory forest, the resource forest hosts only servers and does not contain any primary user accounts. The primary user accounts from user forests are represented as disabled user accounts. An ObjectSID of a primary user account, from the account forest, is mapped to the corresponding disabled user account msRTCSIP-OriginatorSID attribute in the resource forest to allow for single sign in. These disabled user accounts are enabled for Lync Server and mail-enabled for Microsoft Exchange Server.
If Microsoft Exchange Server is deployed, then we recommend installing Lync Server in the same forest as Microsoft Exchange Server.
If Lync Server and Microsoft Exchange Server are deployed in different forests, you should create a custom management agent by using Microsoft Forefront Identity Manager 2010 or Microsoft Identity Lifecycle Manager 2007 FP1 to synchronize users from the different user forests as disabled user accounts to the resource forest where Lync Server is deployed. Also, to enable Exchange Unified Messaging (UM) and other Lync Server to office integration scenarios, the msRTCSIP-PrimaryUserAddress has to be added to list of proxyAddresses in both Microsoft Exchange Server and Lync Server forests, and a two-way trust should be established between both forests.