Share via


Lync Server Admin Guide: Managing External Connectivity

This article is part of the Microsoft Lync Server 2010 Administration Guide: PowerShell Supplement.

Enable or Disable External User Access for Your Organization

Enable or Disable Remote User Access for Your Organization

  • To enable or disable remote user access for your organization

To enable remote user access, use the Set-CsAccessEdgeConfiguration cmdlet to set the AllowOutsideUsers property to True:

Set-CsAccessEdgeConfiguration –Identity global –AllowOutsideUsers $True

 

To disable remote user access, set the AllowOutsideUsers property to False:

 

Set-CsAccessEdgeConfiguration –Identity global –AllowOutsideUsers $False

 

 

Enable or Disable Federation for Your Organization

  • To enable or disable federated user access for your organization

To enable federated user access, use the Set-CsAccessEdgeConfiguration cmdlet to set the AllowFederatedUsers property to True:

 

Set-CsAccessEdgeConfiguration –Identity global –AllowFederatedUsers $True

 

To disable federated user access, set the AllowFederatedUsers property to False:

 

Set-CsAccessEdgeConfiguration –Identity global –AllowFederatedUsers $False

 

 

Enable or Disable Anonymous User Access for Your Organization

  • To enable or disable anonymous user access for your organization

To enable anonymous user access, use the Set-CsAccessEdgeConfiguration cmdlet to set the AllowAnonymousUsers property to True:

 

Set-CsAccessEdgeConfiguration –Identity global –AllowAnonymousUsers $True

 

To disable anonymous user access, set the AllowAnonymousUsers property to False:

 

Set-CsAccessEdgeConfiguration –Identity global –AllowAnonymousUsers $False

 

 

For more information

 

 

 

 

Manage Communications with External Users

Manage Remote User Access

  • To configure an external access policy to support remote user access

To create an external user access policy that allows access by remote users, use the New-CsExternalAccessPolicy cmdlet and set the EnableOutsideAccess property to True:

 

New-CsExternalAccessPolicy –Identity "RedmondExternalAccess" –EnableOutsideAccess $True

 

 

Manage Federated Partner Access

Configure Policies to Control Federated User Access

  • To configure a policy to support access by users of federated domains

To create an external user access policy that allows access by federated users, use the New-CsExternalAccessPolicy cmdlet and set the EnableFederationAccess property to True:

New-CsExternalAccessPolicy –Identity "RedmondExternalAccess" –EnableFederationAccess $True

 

 

Enable or Disable Discovery of Federation Partners

  • To enable or disable automatic discovery of federated domains for your organization

To enable automatic discovery of federated domains, use the Set-CsAccessEdgeConfiguration cmdlet and the UseDnsSrvRouting parameter, and set EnablePartnerDiscovery to True:

Set-CsAccessEdgeConfiguration -UseDnsSrvRouting -EnablePartnerDiscovery $True

 

To disable automatic routing, use the UseDefaultRouting parameter, and set DefaultRouteFqdn to the fully qualified domain name of the Edge Server used for federation requests:

 

Set-CsAccessEdgeConfiguration -UseDefaultRouting -DefaultRouteFqdn "atl-edge-001.litwareinc.com"

 

Control Access by Individual Federated Domains

  • To add an external domain to the list of allowed domains

To add a domain to the list of domains your users are allowed to communicate with, use the New-CsAllowedDomain cmdlet followed by the fully qualified domain name of the allowed domain:

New-CsAllowedDomain -Identity "fabrikam.com"

 

 

  • To add an external domain to the list of blocked domains

To add a domain to the list of domains your users are not allowed to communicate with, use the New-CsBlockedDomain cmdlet followed by the fully qualified domain name of the "outlawed" domain:

New-CsBlockedDomain -Identity "contoso.com"

 

Enable or Disable Sending an Archiving Disclaimer to Federated Partners

  • To enable or disable sending an archiving disclaimer to federated partners

To display an archiving disclaimer to federated partners at the beginning of an instant messaging session, use the Set-CsAccessEdgeConfiguration cmdlet and set the EnableArchivingDisclaimer property to True:

Set-CsAccessEdgeConfiguration –Identity global -EnableArchivingDisclaimer $True

 

To prevent the display of the archiving disclaimer, set the EnableArchivingDisclaimer property to False:

Set-CsAccessEdgeConfiguration –Identity global -EnableArchivingDisclaimer $False

 

 

For more information

 

 

 

 

Manage IM Provider Support

Configure Policies to Control Access by Users of IM Service Providers

  • To configure an external access policy to support public user access

To enable users to communicate with a public provider such as MSN or AOL, use the Set-CsExternalAccessPolicy cmdlet to set the EnablePublicCloudAccess property of the appropriate external access policy to True:

New-CsExternalAccessPolicy -Identity site:Redmond -EnablePublicCloudAccess $True

Specify Supported IM Service Providers

  • To configure support for an IM service provider

To enable users to communicate with a new public provider, use the New-CsPublicProvider cmdlet to add the new organization to the list of approved providers:

New-CsPublicProvider -Identity "Fabrikam" -ProxyFqdn "proxyserver.fabrikam.com" -Enabled $True -VerificationLevel "AlwaysUnverifiable"

Configure Conferencing Policies to Support Anonymous Users

  • To configure policies to allow anonymous participation in meetings

To allow users to host meetings that include anonymous users, use the Set-CsConferencingPolicy cmdlet to set the AllowAnonymousParticipantsInMeetings property of the appropriate conferencing policy to True:

Set-CsConferencingPolicy –Identity global -AllowAnonymousParticipantsInMeetings $True

 

 

For more information

Apply Policies for External User Access to Users

Apply External User Access Policies to Users

  • To apply an external user policy to a user account

To assign a per-user external access policy to a user, use the Grant-CsExternalAccessPolicy cmdlet.

Grant-CsExternalAccessPolicy –Identity "Ken Myer" –PolicyName "RedmondExternalAccess"

 

To unassign a per-user policy, use Grant-CsExternalUserAccess and set the PolicyName to a null value:

 

Grant-CsExternalAccessPolicy –Identity "Ken Myer" –PolicyName $null

 

Apply Conferencing Policies to Support Anonymous Users

  • To configure a user policy for anonymous participation in meetings

To allow users to host meetings that include anonymous participants, use the Set-CsConferencingPolicy cmdlet and set AllowAnonymousParticipantsInMeetings to True:

Set-CsConferencingPolicy –Identity site:Redmond -AllowAnonymousParticipantsInMeetings $True

 

To prevent users from hosting meetings that include anonymous participants, set AllowAnonymousParticipantsInMeetings to False:

Set-CsConferencingPolicy –Identity site:Redmond -AllowAnonymousParticipantsInMeetings $False

 

Reset or Delete External User Access Policies

Delete a Site or User Policy for External User Access

  • To delete a site or user policy for external user access

To delete a per-site external access policy, use the Remove-CsExternalAccessPolicy cmdlet followed by the policy Identity:

Remove-CsExternalAccessPolicy –Identity site:Redmond

 

You can also use this command to remove all the per-site policies:

 

Get-CsExternalAccessPolicy –Filter "site:*" | Remove-CsExternalAccessPolicy

 

To delete a per-user policy, use the Remove-CsExternalAccessPolicy cmdlet followed by the policy Identity:

Remove-CsExternalAccessPolicy –Identity "RedmondExternalAccessPolicy"

 

This command removes all the per-user policies:

 

Get-CsExternalAccessPolicy –Filter "tag:*" | Remove-CsExternalAccessPolicy

Reset the Global Policy for External User Access

  • To reset the global policy to the default settings

To reset all the properties in the global external user access policy to their default values, use the Remove-CsExternalAccessPolicy cmdlet:

Remove-CsExternalAccessPolicy –Identity global

 

Note that this command will not remove the global policy. However, all the properties in that policy will be reset to their default values.

 

 

For more information