Skip to content

Integration of Lync Server 2010 Voice with Asterisk

In this article, I will be demonstrating integration of Lync Server 2010 with Asterisk open source voice over IP solution. Asterisk can serve as gateway for Lync server in test environment for validating voice connectivity and feature. 



To help you setup direct SIP with Asterisk, step-by-step instructions for configuring Asterisk, Lync Server and the 3CX SIP client for Asterisk are discussed. Installation of Asterisk server is not discussed in this article. If you want to try the same you can start after the default installation and basic “setup” is completed.

A. Configure Asterisk environment

I am using Asterisk Graphical Interface to create a new Dial plan and two user extensions associated with this dial plan.

  1. Login to Asterisk Graphical Interface “http://<AsteriskServerIP:8088/static/config/index.html”


Login with “Admin” user. In the left hand side menu expand “Dial Plans” section and click on “New DialPlan” button.


In “Create new Dial Plan” à type the name of Dialplan in “DialPlan Name” à Click Save.

Create Dial Plan

  Now Expand Users and click on “Create New User” Button.

Create Users

  Now add the details for new user

User Details


I have added two extensions for testing



You can install any SIP phone client on desktop or from Android Market on Android phone.  For this demonstration I have installed 3CXphone on my Android phone


Create extension profile on SIPPhone, Click on Settings button

Profile Settings


Add details for the user we just created in Asterisk, to profile

Profile setting 1

Click on Save button to save the profile.

Profile Save


SIP Phone is now connected to the server you would be able to make calls to local Asterisk extensions

3CXPhone Connected

 Let’s make a call to another extension and track the call status.

Run command below to open asterisk command line on Asterisk server

Asterisk Commandline

After running command, you will see the asterisk command prompt


To Show Current peer connections on Asterisk server

SIP Show Peer

Dial extension 6001, which is having voice mail enabled, extension is not online so call will be routed to voicemail. Enter the extension number in SIP phone and press 

Call connected

 Call status will be visible in Asterisk command prompt

Recording sound starts because extension is not online

Connected to voicemail

Configuring Asterisk for Lync integration

To configure Asterisk, you must edit a series of configuration files. The following files are in a text format and are normally found in the /etc/asterisk directory:



 SIP.conf File

The sip.conf file defines all SIP configurations for Asterisk.

The first section in this text file is labeled [general]. In the [general] section, you define general SIP settings for the entire Asterisk server.


Next, we define a section in the sip.conf file to instruct Asterisk how to connect to the Lync Server 2010, Mediation Server.


[Lynctrunk]   Tells Asterisk this is the start of a new section in the sip.conf file. Note the name is inside square brackets. You can name your SIP object anything you like.

type=friend   Set this option to friend. This tells Asterisk that this SIP object (that is, Mediation Server) is capable of sending and receiving calls.

If this field is set to peer. This indicates to Asterisk that this SIP object can receive calls.

qualify=yes   Instructs Asterisk to verify that this SIP object is reachable. Asterisk performs a check every 60 seconds. 

Extensions.conf File

This file defines the dial plan configuration in Asterisk. The dial plan dictates how calls flow in Asterisk. Every incoming call that Asterisk receives is processed depending on the instructions defined in the dial plan.


Contexts are nothing more than a convenient container for grouping extensions.


After changing configuration reload Asterisk by using following command

Conf Reload


 B.      Configuring Lync Server

 Using Lync 2010, Topology Builder define PSTN gateway

Define PSTN Gateway

PSTN Gateway properties

PSTN Gateway Properties


Associate PSTN gateway to the Mediation pools and define listening ports:

Mediation Associate PSTN Gateway


Publish the topology changes,

Publish Topology


Configure Dial Plan, voice policy and route to define route for Asterisk Extensions

Lync DialPlan


Open Dial plan to Create a Normalization rule.

Click New in “Associated Normalization Rules”

New Normalization Rule

 Add details for new Normalization rule and click OK

New Normalization rule details

Click on OK,

Normalization Rule


Click on Voice Policy Tab and double click on default “Global” policy to open

Update Voice Policy

Update Voice Policy


Click On New on “Associated PSTN Usages”

Create PSTN Usage


Add “Name” of PSTN Usage record name and Click on New on Associated Routes

PSTN Usage Record Name and New Route


Add Route details and click OK

Route Details


Click OK twice and exit voice policy.

Voice Policy Update


Route and PSTN Usage tab will populate with configuration we just added.

PSTN Usage Record and Route Tab


Commit the changes to apply

Apply Changes


Click Commit

Commit Changes



C.      Testing Voice Integration

1.  Dial Asterisk Extension from Lync Client

Dial Extn 6000


Call will land to the Asterisk Extension

SIP Phone Ringing

When call is answered

Trunk Status


SIP Client Call Connected


2. Dial Lync Extension from Asterisk SIP Client

Calling to Lync client

Call is connected


Call Answered

 Word Document of this This Post “Asterisk Configuration


Exchange 2010: Configure Enterprise Voice with Unified Messaging (Part 2 of 2)

In Part 1 we configured Exchange 2010 server unified messaging server, we will now continue with rest of the configurations

Step2: Configuring OCS 2007 R2 Enterprise Voice to Work with Exchange 2010 UM

 1.       Create a Location Profile and Phone number normalization Rule

Phone number normalization:   Phone number normalization translates number strings entered in various formats into a single standard format. Normalization rules specify how to convert telephone numbers dialed in various formats to standard E.164 format.

Location profiles:  A location profile is a named set of normalization rules that translates telephone numbers for a location to a single standard (E.164) format for telephone authorization and call routing. The name of each location profile must match the fully qualified domain name (FQDN) of its corresponding Exchange 2010 UM dial plan.

a.       On OCSFE-01, Click Start > Administrative Tools > Office Communications Server 2007 R2.
b.      In the OCS 2007 R2 Management Console, Right Click Select Properties, click on Voice Properties.

Figure 14: Voice Propeties

c.       On the Office communication Server Voice Properties page, on the Location Profiles tab Click Add. On Add Location Profile Page, In Name field type, In Display Text type NG main Office. Under Normalization Rules, click Add.
Add Following details:
Name: Main Office 5-Digit Extensions
Description: Normalizes main Office 5-Digit Extensions to +142555XXXXX
Phone Pattern regular expression: ^5(\d{4})$
Translation Pattern regular expression: +1425555$1
Sample Dialed Number:50000
Verify that Translated Number is : +14255550000

Figure 15: Add Phone Number Normalization Rule

d. Click OK twice.

2.       Using OCSUMUtil.exe Utility to configure Enterprise voice integration

a.       Open command prompt on OCSFE-01, type
CD “C:\Program Files\Common Files\Microsoft Office Communications Server 2007 R2\Support”
and then press ENTER

Figure 16: Utility path

b.      At command prompt type OCSUMUtil.exe / and press ENTER.

Figure 17:OCSUMUtil.exe run

.      When command it completed, type OCSUMUtil.exe and press ENTER.

Figure 18:OCSUMUtil app run

d.      Verify that SIP Dial Plan and current contacts are visible when you click Load Data Button

Figure 19A: Verify data

3.       Restart the Unified Messaging Service on ExUM-01

a.       On ExUM-01, Open Exchange Management Shell. At PS prompt type the following and press ENTER:
Restart-Service MSExchangeUM
This will force UM to read the new configuration from OCS 2007 R2.

4.       Restart the OCS 2007 R2 Front-end Service on OCSfe-01

a.       On OCSFE-01 and in OCS 2007 R2 Administrative Snap-in.
b.      Expand> Enterprise pools ->ngocspool and right click,then click Stop -> Front End Services -> front End Service

Figure 20: Frontend service stop

c.       Expand> Enterprise pools ->ngocspool and right click,then click Start -> Front End Services -> front End Service 

Figure 21:Frontend Service start

Step3: Configure Users for Enterprise Voice and UM.

1.       Enable User for Enterprise Voice
a.       On OCSFe-01, switch to the OCS 2007 R2 Administrative Snap-in.
b.      Under > Enterprise pools -> ngocspool-> Click Users.
c.       In the right pane, right-click OCS Test and then click Properties.
d.      Next to Telephony Settings, click Configure.
e.      In Telephony Options page add details:
Click Enable Enterprise Voice
Line URI: +14255550563

Figure 21: Telephony Options - Enable Enterprise Voice

f.        Click OK twice.
g.       In the right pane, right-click OCS Test and then click Properties.
h.      Next to Telephony Settings, click Configure.
i.         In Telephony Options page add details:
Click Enable Enterprise Voice
Line URI: +14255550801

Figure 22: Telephony Options - Enable Enterprise Voice

j.        Click OK twice.

2.       Enable Users for Unified Messaging
a.       On ExCAS-01, In the Exchange Management console, Expand Recipient Configuration and then click Mailbox.
b.      In the result pane, click OCS Test, and then in the Action pane, Click Enable Unified Messaging.
c.       On the Enable Unified Messaging Wizard, Add following details and click NEXT.
Unified Messaging Mailbox Policy: OCSUMdial Default Policy
Manually specify PIN: 124365

Figure 23: Enable Unified Messaging - Introduction

d.      On the Extension Configuration Page, In the Manually-Entered Mailbox Extension field, type 50563 and click Next.

Figure 24: Enable Unified Messaging -Extn config

e.      On the Enable Unified Messaging page click Enable. Click Finish on completion page.
f.        Open Exchange management shell and type command below to enable Unified messaging for Manish Girdhar.

‘ Girdhar’ | Enable-UMMailbox -Pin ‘124365’ -PinExpired $false -UMMailboxPolicy ‘OCSUMdial Default Policy’ -Extensions ‘50801’ -SIPResourceIdentifier ‘’

 Exploring Office communicator 2007 R2 after completion of Integration

1.       Know the host Computer

Before logging in to Office Communicator 2007 R2 on host system make sure DNS resolution is working and Root Certification Authority is trusted.
My host system (hyperV) is not part of domain , IP address configuration of this system is shown in screenshot below

Figure 25:Host IPconfig

DNS resolution:
My host system can resolve OCS 2007 server records.

Figure 26: DNS Queries

I have downloaded and already installed Root Certificate on my host computer, so it is available in Trusted Root Certification Authority container.

Figure 27: Root Certificate on Host Computer

2.       Login to office communicator 2007 R2.

a.       On the host computer, click Start > All Programs > Microsoft Office communicator 2007 R2.
b.      In communicator, In the sign-In address field type

Figure 28:Office Communicator Sign-in

c.       In the Password filed type User’s password and click Sign in.

Figure 29: Office Communicator Password

d.      User will be signed in now

Figure 30: Office Communicator Sign-in done

3.       Office Communicator 2007 Voice mail

a.       User can change his voice mail greeting by clicking on drop down menu in the Upper right corner and then clicking on change Greetings option.

Figure 31: Change Greeting for voice mail

b.      To leave a voice mail for OCS Test,  In communicator right click on OCS test, Click Call, and then click Voice Mail to call OCS Test’s Voice mailbox.

Figure 32: Access Voice Mail

c. Listen to the default greeting and when prompted to leave a voice mail, say “Hi it’s Manish please give me a call back when you’re in office.” And then hang up.
d. OCS test will store the Voice mail, OCS Test can dial his voice mail to retrieve message. User can read transcript of voice message and can listen it from mailbox.

Figure 33: Access Voice mail via OWA

4.       Call Unified Messaging Auto Attendant

a.       On base computer, in office communicator type 50000, Notice that the number is normalized to +1(425) 555-0000. PressENTER.

Figure 34: Auto Attendent Extn number

b.      Listen to the Auto attendant greeting, and say OCS Test when prompted

Figure 35: Auto Attendent in Call

c.       If the auto attendant has problems recognizing name, use the dial pad to type 50563.

Figure 37: Auto Attendant transfer

d.      Call will made.
e.      On the system (Client-01) where OCS test is logged in, notice that Answer incoming call prompts and that the caller name is Manish Girdhar. Click redirect and then click Voice mail.

Figure 38: Redirect to Voice Mail

f. On the host computer leave a voice mail and hang up.

5.       Dialing Unified messaging Subscriber Access number

a.       On the host computer, in office communicator type 50001, press ENTER.

Figure 39: Subscriber Access Extn no

c.       When call is connected, enter 123465# when prompted for the PIN.

Figure 40: Subscriber Access In call

Figure 41: Subscriber Access Dial Pin no

d.      Listen options to access Voice mail, Email, Calendar etc. and then hang up.

Exchange 2010: Configure Enterprise Voice with Unified Messaging (Part 1 of 2)

Exchange 2010: Configure Enterprise Voice with Unified Messaging

Enterprise Voice is an implementation of IP telephony that uses Session Initiation Protocol (SIP) for signaling and Realtime Transport Protocol (RTP) for voice messaging.  Enterprise voice enables users to make voice calls to and from telephones and to other Office communicator users (PC to PC calls).

Enterprise Voice takes benefit of the Exchange 2010 Unified Messaging infrastructure to provide voice mail, subscriber access, call notification, and auto attendant services.

In this article I would be configuring integration of OCS 2007 R2 Enterprise Voice with Exchange 2010 Unified Messaging. 


Figure 1: HyperV Virtual Machines

DC-01: On Windows 2008 Server core R2_Sp1, Active Directory Domain Services and Domain System Installed. My domain name used in this setup is “” (

ExCAS-01 – Exchange 2010’s Mailbox, client Access and Hub Transport Server roles installed on Windows 2008 R2 R2_Sp1 Enterprise Edition.  (

ExCAS-02 – Exchange 2010’s Mailbox Server roles installed on Windows 2008 R2 R2_Sp1 Enterprise Edition. (

ExUM-01 – On Windows 2008 R2_Sp1 Enterprise Edition, Exchange 2010 sp1 with Unified Messaging Server role Installed.  (

OCSFE-01 – This Machine is running OCS 2007 R2 front end server and Internal Certification Authority on Windows 2008 SP2 Enterprise Edition.  

OCS front pool Name: (

SQLSVR-01- Microsoft SQL Server 2008 Enterprise Edition installed on Windows 2008 R2 Enterprise Edition.  (

Gate-01: This system has Routing and Remote Access component installed on Windows 2008 R2. This system allows network routing between base network and Lab Network.   (

Client-1:  On this system Microsoft Office 2010 is installed on Windows 7 Sp1 Enterprise Edition.  This system is part of domain.  (

 I would be completing configuration of Enterprise voice Integration with Unified Messaging in three steps:

Step 1: Configure Unified Messaging on Microsoft Exchange to work with OCS 2007 R2 Enterprise Voice
Step 2: Configure Unified Messaging on Microsoft Exchange to work with OCS 2007 R2 Enterprise Voice
Step3: Configuring Users for Enterprise Voice and Unified Messaging.

Step 1:  Configure Unified Messaging on Microsoft Exchange to Work with Office Communications Server

To begin with configuration we need to create a UM dial plan for Unified Messaging. A UM dial plan is an Active Directory object that represents sets or groupings of IP PBXs or PBXs that share common user extension numbers. UM dial plans in Unified Messaging require that user telephone extension numbers be unique

1.       Create a new Unified Messaging Dial Plan

a.       On ExCAS-01, Click Start-> All Programs -> Microsoft Exchange Server 2010 -> Exchange management console.
b.      In Microsoft Management console -> Click on Microsoft Exchange on-Premises -> Organization Configuration -> Unified Messaging c.       In Actions pane, click New UM Dial Plan. In new UN Dial Plan Wizard, On the New UM Dial Plan Page add details as
Name: OCSUMdial
Number of Digits in Extension Number:
VoIP Security: Secured
Country/Region Code: 1      

Figure2: New UM Dial Plan Wizard- Introduction Page

We must associate the UM server with UM dial plan after adding to dial plan it can answer a call. You can also associate this UM server with multiple UM dial plans. You can add EXUM-01 to this dial plan on Set UM Servers page.

Figure3: Set UM Servers Page

d.      Click New to create Dial Plan 

Figure4: New UM Dial Plan Page

e.      Following commands will be completed when you click on New Button:
New-UMDialPlan -Name ‘OCSUMdial’ -NumberOfDigitsInExtension ‘5’ -URIType ‘SipName’ -VoIPSecurity ‘Secured’ -CountryOrRegionCode ‘1’ 
Set-UmServer -Identity ‘EXUM-01’ -DialPlans ‘OCSUMdial’
Leave Exchange management console open.

 2.       Edit UM dial plan (OCSUMdial) to add subscriber access and Dialing rule groups

Subscriber Access
A subscriber is an internal business user or network user who’s enabled for Exchange 2010 Unified Messaging. Subscriber access is used by users to access their individual mailboxes to retrieve e-mail, voice messages, contacts, and calendaring information.

Dialing rule Groups
Dialing rule groups specify settings for in-country/region and international calls that will be placed by UM-enabled users from inside your organization. After you create a dialing rule group, you must add a dialing group entry. Each dialing rule entry that’s defined in the dialing rule group determines the types of calls, in-country/region or international that users within a specific dialing rule group can make when they place outgoing calls. By default, UM-enabled users aren’t allowed to dial external telephone numbers from inside the organization. However, they’re allowed to dial UM-enabled users who are associated with the same dial plan.

a.       On ExCAS-01, in Exchange Management console, on the UM Dial Plan tab, right click OCSUMDial and then click Properties.
b.      In subscriber Access Tab, In Field below “Telephone Number to associate:” type +14255550001, click Add.

Figure5:Subscriber Access Tab

c.        Click on Dialing rule group.
d.      Under In-Country / Region Rule Groups, Click Add.
e.      On the Dialing Rule Entry Page, in the Name field. Type All Calls.
f.        In the Number mask and Dialed Number fields, type * (asterisk Character).
A number mask is represented by a series of Xs or asterisks and replaces the number of digits that follow the prefix for a telephone number, for example, 91425xxxxxxx, or 91425*. If a number that’s dialed by a caller matches the prefix configured in the dialing rule entry, the PBX will dial the number that was specified in the Dialed number field.

Figure 6:Dialing Rule Entry Page

 g.       In the comment Field, type Allow All Calls and then click OK.

Figure7: Dailing Rule Group Tab

h.      Click OK Again. Leave Exchange Management console Open.

3.       Edit the UMOCSdial Default Policy

a.       In the Exchange Management console on ExCAS-01, click UM Mailbox Policies tab.
b.      Right click on UMOCSdial Default Policy and then click Properties.
c.       On Dialing Restrictions tab click Add under “Select Allowed in-country/region rule groups from dial plan:”.
d.      Select All Calls and then click ok.

Figure8:UMOCSdial Default Policy Properties

e.      Click OK again.

4.       Create a New Auto Attendant.
Auto attendants help internal and external callers locate users or departments that exist in an organization and transfer calls to them.

a.       In the Exchange Management console, Expand Organization configuration, click Unified Messaging, and then in the Actions pane, click New UM Auto Attendant.
b.      Add following details, and then click New.
Name: NG_AA
Select Associated Dial Plan: OCSUMdial
Pilot Identifier list: +14255550000
Check Auto Attended as enabled
Check Create auto attendant as Speech-enabled.

Figure9: New UM Auto Attendant Page

5.       Run ExchUCUtil.ps1 to configure connectivity with OCS 2007 R2.

a.       On ExCAS-01, open Exchange Management Shell, at the PS Prompt, type the following and then press Enter:
               Cd “C:\Program Files\Microsoft\Exchange Server\V14\Scripts”
b.      At the PS Prompt, type the following and then press Enter:
Wait for script to finish.  Leave the Exchange management Shell running.
c.       See results of script in screenshot below: 

Figure10: ExchUCUtil.ps1 script results

d.      The UM IP Gateway and Hunt Group are created using the script ExchUCUtil.ps1.

Figure11: UM IP gateway and Hunt group

6.       Set Port No for the UM IP gateway created by ExchUCUtil.ps1. It will allow SIP communication.

a.       At Exchange Management Shell command prompt type and press ENTER:
            Set-UMIPGateway -Identity NGOCSpool -Port 5061

Figure12: SIP Port 5061

Wait for the script to finish. There will not be any output from this command. Leave the Exchange management Shell running.

7.       Get the PhoneContext of the UM Dial Plan

a.       At Exchange Management Shell Command prompt type the following and then press ENTER:
(Get-UMDialPlan OCSUMDial).PhoneContext

Figure13: Phonecontext

Leave the Exchange management Shell running.

In Part2 I would continuing with Step2 and Step3 of configuration

Transitioning to Windows 2008 Active Directory Domain Services (AD DS)

Transitioning to Windows 2008 Active Directory Domain Services (AD DS) from Windows 2003 Domain Controller

Information on this page talks about high level steps required to migrate from windows 2003 domain controller to Windows 2008 AD DS.  Microsoft Active Directory on Windows Server 2008 has many exciting new features allowing improved control of the system and easier administration, while maximizing performance and mitigating security issues. There are many different features available in Windows 2008 AD DS. Here are the few new features which are included in Active Directory on Windows 2008:

  • Auditing: Windows Server 2008 is adding the capability of AD DS auditing to log old and new values of an attribute when a successful change is made to that attribute. Previously, AD DS auditing only logged the name of the attribute that was changed; it did not log the previous and current values of the attribute.   

Directory Service Changes is not enabled by default, After it is enabled, AD DS logs events in the Security event log when changes are made to objects that an administrator has set up for auditing.  Following Event will be recorded in Event logs:

              Event 5136 Modify, 5137 Create, 5138 undelete, 5139 move

  • Fine-Grained Password Policies: With Fine grained password policies you can define different set of Password and account lockout settings different group of users.  These policies can only be applied on user objects and Global security groups, it cannot be directly applied on OUs. For this new feature domain functional level should be windows 2008 Native.
  • Restartable Active Directory Domain Service role:  Restartable AD DS reduces the time that is required to perform certain operations. AD DS can be stopped so that updates can be applied to a domain controller. Also, administrators can stop AD DS to perform tasks, such as offline defragmentation of the Active Directory database, without restarting the domain controller. Other services that are running on the server and that do not depend on AD DS to function, such as Dynamic Host Configuration Protocol (DHCP), remain available to satisfy client requests while AD DS is stopped. For this new feature no additional function level requirement.

Transition is a way of migrating older version of Windows Domain controllers to Windows 2008 AD DS. This way of Migration involves adding a Windows 2008 member server in existing Active Directory Environment and promoting it into Active Directory Domain Services. After successfully moving Flexible Single Operation Master (FSMO) roles to this new domain controller, you will simply demote the previous Domain Controllers. Transitioning to Windows 2008 AD DS is possible if Domain Functional level of existing domain environment is Windows 2000 Native. When transition is completed for all the older Domain controllers, to enable many more advanced features you can change domain / forest functional level to Windows 2008.

Two other possible ways of Migration are:

  • In place upgrade:  In this way of migration, you will install windows 2008 AD DS on the existing Windows domain controller which can be due to some limitation moving between hardware.  
  • Restructuring existing Active Directory Environment:  This path requires moving all of the resources from existing domain environment to fresh restructured Active Directory Domain Services environment. You will have to use tools like Active Directory Migration Tool.

Installation Steps for Transitioning windows 2008 Active Directory Domain Services

You may be running other applications which need connection on Active directory. There may be some requirements by these applications running in your environments having Windows 2008 domain controller. You have to consider these applications before introducing Active Directory on Windows 2008. I have included details about some messaging applications which you will find in Messaging Application consideration section at the end.

Pre Installation Steps

  • Add windows 2008 member sever which will be promoted to Active Directory Domain Services.

Installation steps

  • Run Adprep /forestprep to update Schema.  You can run this command directly on Windows 2003 Schema Master Server. Check schema version on all the domain controllers

repadmin /showattr * “cn=schema,cn=configuration,dc=domain,dc=com” /atts:objectVersion

  • Prepare each domain where you want to install a domain controller that runs Windows Server 2008 or Windows Server 2008 R2 by running “adprep /domainprep /gpprep”
  • If you are also planning to introduce windows 2008 Read only domain controller in environment then run” adprep.exe /rodcprep”. This update allows Read-Only Domain Controllers.
  • Install Active Directory Domain Services role on Member Server and run DCpromo.exe to promote it to Domain Controller.

Post  installation Steps

  • It is a best practice to review the logs to identify any problems that might have occurred during the promotion. The logs to scrutinize specifically are

All the events regarding the creation and removal of Active Directory, SYSVOL trees and the installation, modification and removal of key services

This file tracks all the events from a graphical interface perspective

Also check the event viewer

  • Move FSMO roles to new Windows 2008 domain controller.

i. To Change the Domain Naming Master -> go to Active Directory Domains and Trusts snap in-> connect to Windows 2008 domain controller -> Operations Master -> Change

 ii. To Change the Schema Master -> go to Active Directory Schema snapin  -> connect to Windows 2008 domain controller -> Operations Master -> Change

 iii. To Change the infrastructure/RID/PDC Master -> go to Active Directory Users and computer snap in -> connect to Windows 2008 domain controller -> Operations Master -> Change

 iv. Check status of FSMO role move by running command “netdom.exe query fsmo”

  • Run DCpromo on previous version of domain controller to demote it.  Before demoting this domain controller make sure all the hosts/ servers in network are configured to send DNS queries to Windows 2008 DNS server.
  • Delete the DNS records still pointing to demoted domain controller on Windows 2008 DNS server

If exists, delete the old reference.

Check the zone

If an entry for “(same as parent) A <oldIpAddress>” exists, delete it.

Check the and the zones for the NS (nameserver) records to make sure it no longer exists. If it still shows

a. Right-click the zone properties

b. Choose Nameserver tab

c. Highlight the old entry

d. Choose Delete. Ok the message that pops up asking are you sure you want to delete it.

  • From Site and services console remove server object of demoted domain controller if still exists.  

To delete the server object.             

Open Active Directory Sites & Service,
Drill down and expand the AD Site name the domain controller exists in
Right-Click on the DC’s name
Choose Delete (or hit the delete key)

Messaging Applications Considerations:

Before starting deploying Active Directory on Windows 2008, you will have to put some consideration on running applications like Exchange, OCS, Blackberry and Enterprise vault in environment.

  1. Exchange 2003 / 2007 and Active directory Domain Services
    1.  Exchange Server 2003 Service Pack 2, Exchange 2007, and Exchange 2007 SP1 / SP2 are supported in environments that either partly or entirely use writeable Windows Server 2008 directory servers.
    2. Microsoft exchange server 2003 and later can work with Read only domain controllers, as long as there are writeable domain controllers available. Exchange 2007 effectively ignores RODCs and ROGCs. Exchange 2003 also ignores RODCs and ROGCs in default conditions where Exchange components automatically detect available domain controllers. No changes were made to Exchange 2003 to make it read-only directory server-aware. Therefore, trying to force Exchange 2003 services and management tools to use RODCs may result in unpredictable behavior.
  2. OCS 2007 server and Active Directory Domain Services.
  • Office Communications Server 2007 R2 supports Windows Server 2008, both for servers running Office Communications Server and for domain controllers. For a new installation of Office Communications Server 2007 R2 in an Active Directory forest that already includes at least one Windows Server 2008 domain controller in any domain, the installation of Office Communications Server does not require any extra preparation and will install successfully.
  • If you have an existing Windows Server 2003 forest running Office Communications Server and you upgrade any of the domain controllers to Windows Server 2008, Office Communications Server will not work correctly. Some user interface elements disappear, and you will be unable to add Office Communications Server servers or pools. To resolve this issue, rerun the Active Directory forest preparation step by using either Setup.exe or LcsCmd.exe.

3.  Enterprise vault and Blackberry Enterprise vault Server

  1. Recreate Outlook profile for Blackberry Service account on BES server and restart Blackberry server.
  2. Windows Server 2008 only allows for a default maximum of 50 concurrent NSPI connections per user to any domain controller. Additional NSPI connections are rejected with a MAPI_E_LOGON_FAILED error code. Windows Server 2003 and earlier versions of Microsoft Windows operating systems do not exhibit this behavior. The change of behavior in Windows Server 2008 is intended to protect domain controllers against clients that open too many NSPI connections without then closing the connections. Too many connections such as these can result in resource depletion. As we need more concurrent NSPI connections from EV and Blackberry server, We can change the default limit. To do this, follow these steps:
    1. Click Start, click Run, type regedit, and then click OK.
    2. Locate and then click the following registry key:
    3. Click the Parameters key.
    4. On the Edit menu, point to New, and then click DWORD Value.
    5. Type NSPI max sessions per user, and then press ENTER.
    6. Double-click NSPI max sessions per user, type the maximum number of the NSPI connections that you want to have, and then click OK.Note There is no specific upper-limit to this setting beyond the limits that are imposed by it being a DWORD (that is, 0xffffffff or about 4 billion). Configuring the server in this manner will make it function similarly to Windows Server 2003 in terms of the maximum number of NSPI connections that are allowed per user.
    7. Exit Registry Editor.
    8. Restart the computer or restart Active Directory Domain Services.

Moving Exchange Mailbox Users Account in Different OU Windows 2008 Domain Controller- Management Shell

Open Management Shell on Exchange server where Remote Server Administration Tools Role and Exchange Management Shell installed to perform following step:

  1. Enter all the user mailbox aliases as a list in a file called “alias_list.csv” in folder c:\data. 

                 Note: keep headline of list as “alias” see example below:

                Contents of “alias_list.csv” should look like Figure 1.                

Figure 1: Alias_list file

Figure 1: Alias_list file

 2. Run commands below to get Distinguished Name of these users:

Start-transcript  c:\data\Log\OUmove.log

Import-Csv c:\data\alias_list.csv | foreach { get-mailbox $_.alias| fl DistinguishedName }  > c:\data\dn.csv

3.  Modify content of “Dn.csv” to look like figure 2 below (Tip: You can use Excel for these modifications)

Figure 2: DN

 4. Modify -newparent value with DN of Destination OU. Run Command below

Import-Csv c:\data\dn.csv | foreach { dsmove  $_.dn  -newparent “OU=USA,OU=Accounts,DC=maha,DC=IN”} 

5. Verify Logs stored in file c:\data\Log\OUmove.log

Delete old Blackberry Enterprise Server (BES) logs folder using vbscript

Deleting old BES logs can be simplified using this script. You can run this script manually on regular intervals or create /schedule a task on Blackberry server. To run this script you need to provide log folder path,  number of days older than logs to be deleted and whether to move or delete log file folders.

The method of running this script in command prompt…

cscript //NoLogo c:\scripts\deleteBESLogFolders.vbs  {BES logs folder path} {Mention: number of days} {mention: move|delete}


This command will move logs older than 7 days from the folder “C:\Scripts\logs” where folder name value only contains numbers like “21112010”.

cscript //NoLogo c:\scripts\deleteBESLogFolders.vbs “C:\Scripts\logs” 7 move>> c:\scripts\BESLOg_Folder_Delete.log

This command will delete logs older than 7 days from the folder “C:\Scripts\logs” where folder name value only contains numbers like “21112010”.

cscript //NoLogo c:\scripts\deleteBESLogFolders.vbs “C:\Scripts\logs” 7 delete>> c:\scripts\BESLOg_Folder_Delete.log


‘Copy and paste all the text below and create deleteBESlogFolders.vbs file.

‘Script: deleteBESlogFolders.vbs
‘Created By: Manish Girdhar
‘Date: 26 Nov 2010
‘Purpose: To delete/move folders from given path and all subfolders below this folder
‘ Usage: cscript DeleteBESlogFolders.vbs {DriveLetter:\FolderName} {#ofDays} {Delete or Move}
‘     or: cscript DeleteBESlogFolders.vbs {\\servername\FolderName} {#ofDays} {Delete or Move}
‘ Usage: cscript DeleteBESLogFolders.vbs c:\BES\log 3 d
‘    (deletes folders older than 3 days from the \BES\log file on drive C:)
‘Usage: cscript DeleteBESLogFolders.vbs c:\BES\log 3 m
‘  (moves folders older than 3 days from the \BES\log file on drive C: to C:\BES_Log_Backup)

Const BACKUP_FOLDER = “C:\BES_Log_Backup”   ‘Change path folder  to move log files
Set ObjUsrInput = WScript.Arguments
FolderName =ObjUsrInput(0)
if action = “delete” or action = “move” or action = “d” or action = “m” then 
set fso = createobject(“scripting.filesystemobject”)
set folders = fso.getfolder(FolderName)
datetoday = now()
wscript.echo “”
wscript.echo “”
wscript.echo “”
wscript.echo “”
newdate = dateadd(“d”, Days*-1, datetoday)
wscript.echo “Current Date (Today):” & now()
wscript.echo “==================================================================”
wscript.echo “STARTING: Folders where date created is older than date :” & newdate &  ” Will be deleted / Moved.”
wscript.echo “<<________________________________________________>>”
wscript.echo “”
route folders
wscript.echo “”
wscript.echo “COMPLETED: All Folders created older than date :” & newdate &  ” are deleted / Moved.”
wscript.echo “<<________________________________________________>>”

‘=== Route Function Defined
sub route( byref folders)
set subfolders = folders.subfolders
‘==== For loop started
for each folder in subfolders
wscript.echo “” 
‘Check if Date is in limit
if folder.datecreated < newdate then
””check if folder name is numeric
if IsNumeric(folder.Name) = true then
”if action is MOve
if action = “move” or action = “m” then
wscript.echo “__________________________________________________________________________”
wscript.echo “Move folder :” & folder.path
wscript.echo “”
folder.move BACKUP_FOLDER & “\” & folder.Name
‘track if error
if err <> 0 then
wscript.echo “”
wscript.echo “Folder Moved :” & folder.path
wscript.echo “__________________________________________________________________________”
end if ‘ tracking error
end if
‘End if Action is Move
‘===================== D
‘if Action is delete
if action = “delete” or action = “d” then
dim foldpath
wscript.echo “__________________________________________________________________________”
foldpath = folder.path
wscript.echo “Deleting folder :” & foldpath
wscript.echo folder.path
if err <> 0 then
wscript.echo “”
wscript.echo “Folder Deleted :” & foldpath
wscript.echo “__________________________________________________________________________”
end if
End if
‘End of action Delete
End if
end if
on error resume next
‘====== for loop ended
set subfolders = nothing
set files = nothing
end sub
”’Function Route Ended
Else  ‘1

wscript.echo “Correct Action type not defined”

End if ‘1

Sub DisplayErrorInfo
    WScript.Echo “Error:      : ” & Err
    WScript.Echo “Error (hex) : &H” & Hex(Err)
    WScript.Echo “Source      : ” & Err.Source
    WScript.Echo “Description : ” & Err.Description
End Sub

sub creatfold
dim objFSO
set objFSO = createobject(“Scripting.FileSystemObject”)
if objFSO.FolderExists(BACKUP_FOLDER) then
end if
End sub

Microsoft Exchange Server 2007 CCR with Standby Continuous Replication Target – an additional Disaster Recovery Option

Activating Standby Continuous Replication as a additional DR setup
Single Copy Cluster (SCC) and Cluster continuous Replication (CCR) are built on top of Windows Failover Clusters. Clustered mailbox server is name of Exchange Virtual server which holds all the exchange resources on Active failover cluster node. SCC is same method of clustering used in Exchange 2003, which has single copy of database on shared drive. This shared drive is accessible from all the nodes in Cluster. Node which holds the quorum resource can read and write in the database. CCR keeps the two copies of databases. One on active node and another one on passive nodes and provides fault tolerance in situation where one copy of database is corrupted or lost.      

With Exchange 2007 sp1, Microsoft introduced another method of high availability Standby Continuous Replication.       

To provide an addition disaster tolerance to Single Copy Cluster and Cluster Continuous Replication, we can implement Standby Copy Replication target machine at the remote site (different subnet) or in local site (same subnet). If SCR target is install at the remote site with different subnet it is required to have HUB and CAS servers available in that Subnet.          

In this post, I am demonstrating to setup SCR with CCR as an additional high availability.       

1 Virtual Machines Setup       

Figure 1. Virtual Machine Setup

 DC-01 – Services:Active directory / DNS :       

CASHUB-01  Services: Client access and Hub Transport Server:       


                       (receive connector)       

EXCCLUN-01 ( : Active node in Cluster EXCMBXV-01(       

EXCCLUN-02 ( : Passive node in cluster EXCMBXV-01(        

                            EXCMBX-01: Clustered Mailbox server Name resource       

EXCSCRT-01(( Standby continues replication target: Installed Exchange 2007 Sp2 as Passive node in Cluster DREXCMBXV-01 (       

WINXP-01 – Outlook 2007 SP 2 Installed       

I have already setup two node windows 2008 SP1 cluster EXCMBXV-01 with EXCCLUN-01 (Active) and EXCCLUN-02(Passive) nodes. Cluster continuous replication cluster mailbox server name is EXCMBX-01.       

 To activate Standby continuous replication, we need to install failover clustering on the node EXCSCRT-01.  I have created cluster resource named DREXCMBXV-01 and run setup to install passive copy of Exchange 2007 server SP2.       

 Assign Full permission on EXCMBX-01 computer account to DREXCMBXV-01 computer account in Active Directory user and computer MMC console. This is required so that DREXCMBXV-01 can reset the account when moving resources from EXCMBXV-01.       

 1. Activate standby replication for all the storage groups by using shell command       

 Get-StorageGroup -Server EXCMBX-01 | Enable-StorageGroupCopy -StandbyMachine EXCSCRT-01       

Figure 1.1 Activate SCR target replication

     1.2 Get-StorageGroupCopyStatus ‘EXCMBX-01\First Storage Group’ -StandbyMachine EXCSCRT-01    

Figure 1.2 SCR Copy Status

Wait for some time so that seeding of databases from EXCMBX-01 to EXCSCRT-01 completed.       

2. Moving Site/Mailbox Server on Standby Continuous Replication database server       

2.1 Dismount database on EXCMBX-01       

 Get-MailboxDatabase –Server EXCMBX-01 | dismount-database       

Figure 2.1 Dismount All Databases

2.2 Make SCR database copy active command below will activate all the databases        

       GetSCRSources | Restore-StorageGroupCopy -StandbyMachine EXCSCRT-01       

Figure 2.2 Activate SCR database copies

2.3 STOP Cluster mailbox server       

 Stop-ClusteredMailboxServer EXCMBX-01 –StopReason “Testing Site Failure” –Confirm:$False       

Figure 2.3 Stop Clustered Mailbox Server

Shutdown both the nodes (Passive node EXCCLUN-02 first then Active node EXCCLUN-01)       

 2.4 Delete DNS record of EXCMBX-01, which will be recreated again when running setup with /recoverCMS       

Figure 2.4 Delete DNS Record

2.5 Disable copying of Storage groups from failed Clustered mailbox server       

GetSCRSources | Disable-StorageGroupCopy –Confirm:$false   

Figure 2.5 Disable Storage Group Copy

2.6 Run Setup program to recover CMS on EXCSCRT-01, enter different CMS IP address on this server. /recoverCMS /CMSName:EXCMBX-01 /CMSIPAddress:  

2.7 When setup completed mount database  

Get-mailboxdatabase –server EXCMBX-01 | mount-database   

Figure 2.7 Mount databases

2.8 Restore host TTL value which is reset to default with /recovercms command  

Cluster.exe res “Network Name (excmbx-01)”  /priv HostRecordTTL=300  

Figure 2.8 Set Host Record TTL

2.9 Login to outlook and check connection with recovered clustered mailbox server on DREXCMBXV-01.  

Figure 2. 9 Outlook Connection

2.10 Check mails are available which were sent and received before failure  

Figure 2.10 Outlook mails

        3. Moving back to old CCR setup – Active / Passive node CCR with SCR as disaster recovery server.  

Old Setup -(EXCCLUN-01 and EXCCLUN-02 CCR active passive cluster and EXCSCRT-01 as standby continuous replication Target)  

To verify success at the end sent/received few mails.  

Bring both the nodes up EXCCLUN-01 and EXCCLUN-02 (Bring primary node up first)  

 3.1 Remove EXCMBX-01 clustered mailbox server configuration from EXCCLUN-01 /ClearLocalCMS /CMSName:EXCMBX-01  

Figure 3. 1 Clear CMS configuration from CCR

EXCMBXV-01 is now a failover cluster with two Passive Nodes, EXCCLUn-01 and EXCCLUn-02, which each have the passive Mailbox server role installed. At this point, there is no clustered mailbox server on EXCMBXV-01 cluster.  

 3.2 Enable CMS computer account from AD which got disabled during /ClearLocalCMS operations  

 —Verifying using cluster administrator that all the Cluster resources are removed  

3.2 Cluster resources on EXCCLUn-01   


Figure 3.2 Cluster Resources on EXCCLUN-01

       3.3 Cluster Resources on Excclun-01  

Figure 3.3 Cluster Resources on EXCCLUN-02

 Remove database files from EXCCLUN-01 as it is obsolete.  

> Reseed the database from current EXCMBX01 (on eXCSCRT-01) to EXCCLUN-01 using following command:  

Get-StorageGroup -Server EXCMBX-01 | Enable-StorageGroupCopy -StandbyMachine EXCCLUN-01  

3.4 Check status of standby replication to EXCCLUn-01  

 Get-StorageGroupCopyStatus ‘EXCMBX-01\First Storage Group’ -StandbyMachine EXCCLUN-01  

Figure 3.4 SCR copy status

 If reply queue length is 0( Zero) then it is safe Dismount the database on CMS EXCMBX-01 which is on DREXCMBX-01 cluster.  

 Get-MailboxDatabase –Server EXCMBX-01 | dismount-database  

 3.5 Disable Storage group copy otherwise /recoverCMS setup will fail  

 Disable-StorageGroupCopy -Identity “EXCMBX-01\First Storage Group” -StandbyMachine EXCCLUN-01 -Confirm:$False  

Figure 3.5 Disable Storage group Copy

 3.6 Verify all the log files sequence on EXCclun-01.  

3.7 Verify all the log files sequence on EXCSCRT-01. log Sequence should match with point 3.6.  

3.8 Prepare database to be mounted on EXCCLUN-01 

 GetScrSources | Restore-StorageGroupCopy -standbyMachine EXCCLUN-01 

3.9 Stop clustered mailbox server on EXCSCRT-01 and shutdown EXCSCRT-01 

Stop-ClusteredMailboxServer Excmbx-01 –stopReason “moving to original CCR” –Confirm:$false 

3.10 Again Delete the DNS record of EXCMBX-01 on DNS server 

Figure 3.10 Delete DNS host record

Wait for DNS replication to complete if you are running multiple sites and domain controllers 

 3.11 Login to EXCCLUN-01 to recover cluster in old form, you will get the error mentioned below if standby replication was not disabled 

Figure 3.11a Errors

 If no errors recovered setup should finish /recoverCMS /CMSName:EXCMBX-01 /CMSIPAddress: 


Figure 3.11b Recover CMS

 3.12 Set TTL on the clustered mailbox server EXCCLUN-01, DNS record will be set back to its default. 

Cluster.exe res “Network Name (excmbx-01)”  /priv HostRecordTTL=300 

3.13 Mount database 

As ReplyQueueLenght was not Zero when I dismounted and disabled replication in step 3.4 and step 3.5, I encountered errors shown below 

Figure 3.13a Database Mount Errors

Database shutdown state.. on EXCCLUn-01 

Figure 3.13b Database Header of database copy EXCCLUN-01



Missing log files details in Event ID 455 

Figure 3.13c Event ID 455 E00.log missing

Copy Missing log files from EXCSCRT-01 to EXCCLUn-01 database logs path. In my case only E00.log was missing so copied it and tried mounting database 

Get-mailboxDatabase –server EXCMBX-01 | Mount-database 

Figure 3.13d Database Mount Success

3.14 Restore copy on passive node EXCCLUN-02 

 Get-StorageGroup –server EXCMBX-01 | Resume-StorageGroupCopy 

Figure 3.14 Resume CCR replication

3.15 Open outlook and Check if all the data intact.. 

Figure 3.15 Check Data in outlook

4 Activate EXCSCRT-01 again as Standby continuous replication target 

 4.1 Clear the cluster mailbox server configuration from EXCSCRT-01 to set it back to standby continuous replication target. Run this command on EXCSCRT-01 /ClearlocalCMS /cmsname:excmbx-01 

Figure 4.1 Clear CMS on EXCSCRT-01

4.2 Enable the computer account of EXCMBX-01 which got disabled due the /clearlocalcms command 

Figure 4.2 Enable Computer account of Clustered Mailbox Server

4. 3 Restore SCR target replication 

 Get-StorageGroup –server EXCMBX-01 | Enable-StorageGroupCopy –standbyMachine EXCSCRT-01 –TruncationLagTime 0.00:00:00 –ReplayLagTime 5.00:00:00 

Figure 4.3 Enable Standby Continous replication