Topic Last Modified: 2011-03-16

If you have configured support for federated partners, you can manage which specific domains can federate with your organization by doing either or both of the following:

Note:
This procedure describes how to configure support for specific domains, but implementing support for federated users also requires that you enable support for federated users for your organization, and configure and apply policies to control which users can collaborate with federated users. For details about enabling support for federated users, see Enable or Disable Federation for Your Organization in the Deployment documentation or the Operations documentation. For details about configuring policies to control federation, see Configure Policies to Control Federated User Access in the Deployment documentation or the Operations documentation.

To add an external domain to the list of allowed domains

  1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment.

  2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools.

  3. In the left navigation bar, click External User Access, and then click Federated Domains.

  4. On the Federated Domains page, click New, and then click Allowed domain.

  5. In New Federated Domains, do the following:

    • In Domain name (or FQDN), type the name of the federated partner domain.

      Note:
      This name must be unique and cannot already exist as an allowed domain for this server running the Access Edge service. The name cannot exceed 256 characters in length.

      The search on the federated partner domain name performs a suffix match. For example, if you type contoso.com, the search will also return the domain it.contoso.com.

      A federated partner domain cannot simultaneously be blocked and allowed. Lync Server 2010 prevents this from happening so that you do not have to synch up your lists.
    • If you want to restrict access for this federated domain to users of a specific server running the Access Edge service, in Access Edge service (FQDN), type the FQDN of the federated domain’s server running the Access Edge service.

    • If you want to provide additional information, in Comment, type information that you want to share with other system administrators about this configuration.

  6. Click Commit.

  7. Repeat steps 4 through 6 for each federated partner domain that you want to allow.

To enable federated user access, you must also enable support for federated user access in your organization. For details, see Enable or Disable Federation for Your Organization in the Deployment documentation or the Operations documentation.

Additionally, you must configure and apply the policy to users that you want to be able to collaborate with federated users. For details, see Configure Policies to Control Federated User Access in the Deployment documentation or the Operations documentation.

To add an external domain to the list of blocked domains

  1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment.

  2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools.

  3. In the left navigation bar, click External User Access.

  4. Click Federated Domains, click New, and then click Blocked domain.

  5. In New Federated Domains, do the following:

    • In Domain name (or FQDN), type the name of the federated partner domain that you want to block.

      Note:
      The name cannot exceed 256 characters in length.

      The search on the federated partner domain name performs a suffix match. For example, if you type contoso.com, the search will also return the domain it.contoso.com.

      A federated partner domain cannot simultaneously be blocked and allowed. Lync Server 2010 prevents this from happening so that you do not have to synch up your lists.
    • (Optional) In Comment, type information that you want to share with other system administrators about this configuration.

  6. Click Commit.

  7. Repeat steps 4 through 6 for each federated partner that you want to block.