Topic Last Modified: 2010-10-01

Removes a domain from the list of domains that are blocked for federation. By definition, your users are not allowed to use Microsoft Lync Server 2010 applications to communicate with people from the blocked domain; for example, users cannot use Microsoft Lync 2010 to exchange instant messages with anyone with a SIP account in a domain that appears on the blocked list.


Remove-CsBlockedDomain -Identity <XdsGlobalRelativeIdentity> [-Confirm [<SwitchParameter>]] [-Force <SwitchParameter>] [-WhatIf [<SwitchParameter>]]


Parameter Required Type Description




Fully qualified domain name (FQDN) of the domain to be removed from the blocked list; for example, Note that you cannot use wildcards when specifying a domain Identity.



Switch Parameter

Suppresses the display of any non-fatal error message that might occur when running the command.



Switch Parameter

Describes what would happen if you executed the command without actually executing the command.



Switch Parameter

Prompts you for confirmation before executing the command.

Detailed Description

Federation is a means by which two organizations can set up a trust relationship that facilitates communication between the two groups. When federation has been established, users in the two organizations can send each other instant messages, subscribe for presence notifications, and otherwise communicate with one another by using SIP applications such as Lync 2010. Lync Server 2010 allows for three types of federation: 1) direct federation between your organization and another; 2) federation between your organization and a public provider; and, 3) federation between your organization and a third-party hosting provider.

Setting up direct federation with another organization involves several tasks. To begin with, you must enable your servers running the Lync Server Access Edge service to allow federation. In addition, the other organization must enable federation with you; federation cannot be established unless both parties agree to the relationship.

To establish a federated relationship you might also need to manage two federation-related lists: the allowed list and the blocked list. The allowed list represents the organizations you have chosen to federate with; if a domain appears on the allowed list then (depending on your configuration settings) your users will be able to exchange instant messages and presence information with users who have accounts in that federated domain. Conversely, the blocked list represents domains that users are expressly forbidden from federating with; for example, messages sent from a blocked domain will automatically be rejected by Lync Server 2010.

Of course, messages are rejected only as long as the domain appears on the blocked list; after a domain has been removed from the list you can then establish a federated relationship with that domain. To enable federation with a previously-prohibited domain, you must first use the Remove-CsBlockedDomain cmdlet to remove that domain from the list of blocked domains. A domain cannot simultaneously appear on both the allowed and the blocked lists

Who can run this cmdlet: By default, members of the following groups are authorized to run the Remove-CsBlockedDomain cmdlet locally: RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Remove-CsBlockedDomain"}

Input Types

Microsoft.Rtc.Management.WritableConfig.Settings.Edge.BlockedDomain object. Remove-CsBlockedDomain accepts pipelined instances of the blocked domain object.

Return Types

Deletes instances of the Microsoft.Rtc.Management.WritableConfig.Settings.Edge.BlockedDomain object.


-------------------------- Example 1 ------------------------

Copy Code
Remove-CsBlockedDomain -Identity

The command shown in Example 1 removes the domain from the list of blocked domains. This is done by calling Remove-CsBlockedDomain and specifying the domain with the Identity "".

-------------------------- Example 2 ------------------------

Copy Code
Get-CsBlockedDomain -Filter *fabrikam* | Remove-CsBlockedDomain 

In Example 2, all the domains that have an Identity that includes the string value "fabrikam" are removed from the list of blocked domains. To do this, Get-CsBlockedDomain and the Filter parameter are first used to return a collection of all the blocked domains that include the string "fabrikam" somewhere in their Identity (for example,,, or That collection is then piped to Remove-CsBlockedDomain, which deletes each item in the collection from the list of blocked domains.

-------------------------- Example 3 ------------------------

Copy Code
Get-CsBlockedDomain | Remove-CsBlockedDomain 

The command shown in Example 3 completely clears the list of blocked domains. This is done by first calling Get-CsBlockedDomain without any parameters; that results in a returned collection that consists of all the domains currently on the blocked domain list. That collection is then piped to Remove-CsBlockedDomain, which removes each item in the collection from the blocked domain list. The net result: no domains will be left on the blocked domain list.

See Also