Lync Server 2010 Active Directory References, and how to Remove Them

A common theme I am seeing lately is that people have setup Lync test environments, and are required to start from scratch for one reason or another. The problem is active directory is still detecting their old topology and causing issues with moving forward with the new environment.This post will cover what is required to remove references to the Lync deployment from Active Directory.

One very important thing to note here, once you extend your AD Schema, unless you revert from a backup, you will not be able to back out those changes. As a quick reference, lets go over what Lync Server 2010 does when you extend the schema.

In Office Communications Server 2007 R2, majority of configuration data was stored in Active Directory, however Lync Server 2010 stores most of the configuration data in the Central Management Store, which is a SQL database that lives on your servers in the topology. Lync Server 2010 still stores certain information in active directory including:

  • Schema extensions:
    • User object extensions
    • Extensions for Office Communications Server 2007 and Office Communications Server 2007 R2 classes to maintain backwards compatibility with supported previous versions
  • Data (stored in Lync Server extended schema and in existing schema classes):
    • User SIP Uniform Resource Identifier (URI) and other user settings
    • Contact objects for applications such as Response Group and Conferencing Attendant
    • A pointer to the Central Management store
    • Kerberos Authentication Account (an optional computer object)

Now, there are a ton of Attributes and Classes involved, because of the backwards compatibility with OCS 2007 R2, however I am simply going to cover the references to your pools, pool servers and your topology, and how to get rid of them. When the RTM documentation is released, it will have a full list of all attributes and classes.

Central Management Store References

The key change in Lync Server 2010 is the reference to the Central Management Store that is created in active directory. When you install your first server in the environment an Active Directory Service Connection Point is created in AD referencing the location of the central management store, all servers going forward pull from that reference point to identify where they should be pulling configuration data from. Once they have made that first pull, Lync Server 2010 keeps each of the local configuration stores up to date in a replication process. It’s a similar setup to Active Directory, if you think about domain controllers having a local store of data, and it replicates across all, same concept with the Lync CMS.

You can view this SCP through ADSI Edit.

Open ADSI Edit and connect to the context where your data is stored, either Configuration or System. Below I am showing System.

Expand Microsoft->RTC Service->Topology Settings

image

If your right click and choose Properties you will see the most important data, the server and version that is holding the CMS.

propertiesofcms

Essentially the commands below manage this entry.

There are a couple PowerShell commands that can be used to manage the CMS Connection in Active Directory.

Commands to view the status and location of the CMS

 

The command Get-CSManagementStoreReplicationStatus

This command can be run by itself to see the status of replication across all of the servers in your topology

Get-csmanagementstorereplicationstatus

You can also run this command with the switch –CentralManagementStoreStatus to view information about your central management store:

csmanagementstorestatus

This command will give you very valuable information, for this purpose it will show you what your connection point is referencing, and in troubleshooting, you will be able to identify any issues with your CMS.

You can also do a very basic command to report on the location of the CMS.

The command Get-CSConfigurationStoreLocation

This simple command will print the CMS location in a single line.

There are a couple ways we can change where the CMS reference in AD points to, as well as to completely remove the connection point.

Modifying or Deleting the CMS Location in Active Directory

 

The command Move-CSManagementServer

This command will move your CMS between pools. This is useful if you have your existing CMS still online, and will be making a smooth transition to the new servers. If you do not have your old CMS server available, you will not be able to use this command unless you have a valid backup of your configuration data. These backups can be obtained by running Export-CSConfiguration and Export-CSLISConfiguration. That will backup to ZIP files, which can then be used with the Move-CSManagement store command to restore the configuration and repoint the SCP to the new pool.

The syntax for this command is pretty basic, here is the reference from the Help File:

Before you move the Central Management Server, you must do the following:

1. Verify that you have created the new Central Management store. This is d
one by running the Install-CsDatabase cmdlet and using the CentralManagemen
tDatabase parameter.

2. If you are moving the Central Management Server to a Standard Edition se
rver, verify that you have used local setup to run the Prepare Standard Edi
tion server option. This advance preparation is required to add firewall ru
les that will allow Windows PowerShell to remotely access the new Central M
anagement store.

3. Verify that there is enough free disk space on the computer where Move-C
sManagementStore is being run to accommodate the Central Management Server.

4. Verify that the Front End Server service has been installed on the compu
ter where Move-CsManagementStore is being run. If this service is not insta
lled, and running, then the move will fail.

5. Verify that you can successfully run the Enable-CsTopology cmdlet on the
computer where Move-CsManagementStore is going to be run. If Enable-CsTopo
logy cannot be run on that computer then the move will fail and you will no
longer have a functioning Central Management store.

After you have completed these steps, all you need to do to move the Centra
l Management Server from Pool A to Pool B is log on to a computer in Pool B
and then call Move-CsManagementServer without any additional parameters:

Move-CsManagementServer

When you do that, Move-CsManagementServer will consult the topology to dete
rmine the prior location of the Central Management Server  (Pool A), and th
en transfer the Central Management Server and the Central Management store
to the current pool (Pool B).

If the move succeeds, Move-CsManagementServer will display a list of comput
ers on the screen. In order to finish the move, you must run local setup on
each of these computers. Computers in Pool A will still be running an inac
tive version of the Central Management service; running local setup will de
lete that service. The computer in Pool B where the Central Management Serv
er was moved will be running the Central Management service; however, other
computers in the pool will not. Running local setup on these computers wil
l install the Central Management service.

 

 

Two important parts:

  1. Make sure you have properly prepared your new Front End/Pool Server prior to running this command (see documentation on setting that up)
  2. Login to the NEW server which will contain the CMS, open the Lync Powershell, and run Move-CSManagementServer

    The command Remove-CSConfigurationStoreLocation

    This command will actually remove the service control point in Active Directory that points to your Central Management Store. You can also include the parameter –Report with a file path to output a report of the activity for confirmation.

    When you perform Remove-CSconfigurationStoreLocation the reference is deleted from active directory.

    This step would be more common in lab scenarios where you are starting from scratch and just need a quick and dirty way to remove reference to your topology. To completely remove references to old topology objects, you will also need to remove some additional entries using ADSI Edit.

    How to Remove Server Entries from AD using ADSI Edit

    When you deploy a Lync topology in your environment, the servers are also references in AD. Most importantly, when you do not properly remove a server, there will be stale references to this throughout the entire RTC Service CN in Active Directory.

    I will show you how to remove references to these old servers and old pools.
    When you are looking at the tree, you will find specific references to servers and pools in Global Settings, Pools, Trusted MCUs, Trusted Services and Trusted WebComponentsServers.

You may also find old references to application contacts and conference directories if those were not properly removed. It is safe to say that you can run through each of these and remove references to your old servers if you are certain they will not be in use anymore.

Global Settings and Trusted Services

If you expand Global Settings you will see entries, the number of entries will depend on how much you have going on in your environment.

image

We can search for specific servers are are looking to remove by using LDP to perform queries looking for this server.

First, you must open LDP and bind to the correct DN.

Start->Run type LDP and hit enter

image

Select Connection choose Connect and enter a valid domain controller to connect to

image

Then you must Bind as a valid user, choose Connection and choose Bind, either use the currently logged in user, or specify an account with privileges.

image

Now we will display the Tree we will be searching through. Select View->Tree

image

If your information is stored in your System container, you must choose DC=domain,DC=com where domain is your domain. If it is stored in configuration you should choose CN=Configuration,DC=Domain,DC=COM

image

Expand down to your RTC Service container that we were viewing before in ADSI Edit

image

Now that we are bound and connected to the correct tree, its time to start searching. If your server is referenced in Global Settings or Trusted Services we will be looking for msRTCSIP-TrustedServerFQDN

Right Click on RTC Service and choose Search

image

For the filter enter the following, replacing serverfqdn with the server you wish to remove

(msRTCSIP-TrustedServerFQDN=SERVERFQDN)

In my example I am searching for “winx-cs2010b3.winxnet.com”

image

Make sure to select Subtree so it searches all trees below for this entry.

Select Run, the query should return results in the right pane with specific CNs, we will want to navigate to these Cs and delete them.

image

Copy these results, we will use them as a reference to delete these entries using ADSI edit.

Before deleting, review the properties of each of the CN to make sure it is a valid item to delete. Most of these are references to the individual services on those machines, which is evident from the different TrustedServicePort and ServiceType

image

Open ADSI Edit for each entry in your search results, navigate to the full DN, right click and choose Delete

image

Pools

Pools usually does not require the use of LDP as the list is so short and easy to identify. Lync identifies pools in active directory with numbers, if you have any beta pools, you may also see them referenced as Sitename:1,2,3 . As you can see in my screenshot, I have a few of each. identify the pool you want to delete, and simply right click and choose Delete

image

Trusted MCUs

The Trusted MCUs entry is similar to Trusted Services. We will perform a LDP query for the attribute msRTCSIP-TrustedMCUFQDN

Follow the steps above for Global Settings and Trusted Services replacing msRTCSIP-TrustedServerFQDN with msRTCSIP-TrustedMCUFQDN

image

Your results should return three per server, because of IM/Audio/Video and Data. Copy the results and set aside.

Following the same steps above for Global Settings and Trusted Services, delete each DN that you wish to remove.

image

Trusted WebComponentsServers

Trusted WebComponentsServers entries are created usually per front end server you put in your environment both for OCS 2007 R2 and Lync Server 2010. You can search using LDP and the attribute msRTCSIP-TrustedWebComponentsServerFQDN

Follow the same steps above to search for that attribute, and delete any DNs associated with the server you are trying to remove.

I hope this helps people understand how the central management store is referenced in active directory, and also how to do some cleanup if you did not properly remove servers from your environment. As always. open to comments about ways to improve the methods, or your own methods for performing these steps!

(6082)

If you like it, share it!

    Posted on by Randy Wintle in Communications Server 2010, Lync, Lync RC, OCS, OCS 2007 R2, Unified Communications 31 Comments

    31 Responses to Lync Server 2010 Active Directory References, and how to Remove Them

    1. Dustin

      Nice blog post!!

       
    2. Pingback: Lync Server 2010 Active Directory References, and how to Remove Them « Microsoft UC Made Easy « JC’s Blog-O-Gibberish

    3. Charbel Hanna

      useful information, thank you

       
    4. Pingback: Lync 2010 Active Directory References and how to remove them « Zero Hour Sleep

    5. Pingback: Change #Lync standard server–moving CMS (move central management server | Unified Communications

    6. Valy GREAVU

      Problem solved. Thank you!

       
    7. pjbonc

      If you have ocs2007 working in the same environment as the lync server you are trying to remove are there any catch 22’s to removing all of the lync server entries that will impact the existing ocs2007?

       
    8. Pingback: Lync Server 2010 Move legacy users troubleshooting « Valy Greavu's Live Blog

    9. Jason

      nice post. Remove-CSconfigurationStoreLocation easily resolve my issue.

       
    10. Pingback: Livediesel Blog » Blog Archive » Lync 2010 Topology publishing error

    11. memo

      Now i setup to pool lync enterprise edition but i want see server database name for them in active directory can you help me please

       
    12. Adrian

      Absolutely brilliant! Thank you for an insightful and educational run through removing rouge entries in the active directory. No one likes left overs! Especially when they interfere with your next dinner.

      Thanks again!

       
    13. Keith Alabaster

      Nice one – wouldn’t have found the entry for my test server central management location in a million years on my ow.

      Thanks
      Keith Alabaster
      MVP

       
    14. Bobby

      Thanks very much 🙂 I’d made the school boy error (due to lack of resources) of doing a test deploy of Lync Server in a live AD network. It of course screwed up, and then I was left with the debries in the Schema. Just your reference for the shell command to remove the reference to the old Central Management Store did the trick, and I now have Lync 2010 installing again. Many thanks!

       
    15. Greg Small

      Don’t forget to remove the folder c:csdata if you are really trying to clean up the install. I was getting a clusterid not matching until I removed this.

       
    16. SysAdmin-E

      To elaborate on Greg Small’s comment, I also had the “Cluster ID is not consistent with current deployment” error (among other errors which the post here helped fix). I stopped SQL and renamed the Lync database files, lis.mdf and xds.mdf located under C:\CsData\CentralMgmtStore\rtc\dbpath\.

      I was in a rush to install Lync and didn’t understand some of the limitations of a Standard Edition pool. The New Front End Wizard allowed me to use a FQDN for the pool that didn’t match the FQDN of the Standard Edition server (even though they are required to match, per Lync help). I cleared out all the AD info but every time I tried to publish a new topology with the correct FQDN, I’d get errors referencing the original FQDN (the wrong FQDN and its related CMS). I even put in a call with MS support and the tech reviewed this post and also had me uninstall all Lync related programs but after reinstalling everything, I still got the same errors when I tried to publish the new topology. So the problem here was that Lync didn’t remove the SQL database and log files so when I reinstalled, the CMS used the same database and thus kept referencing the wrong pool FQDN. So renaming the database files prior to my last reinstall fixed everything. Thanks all.

       
    17. John Weber

      Nice block of information.

       
    18. Jerry

      Thank you Randy! Good refresher on LDP. This info helped me clean up a few dups in my lab.

       
    19. Gene

      Invaluable information for migrating to a new lync deployment.

       
    20. Paul

      I too did a test install in my production environment. This article looks like it will help me clean up AD before I attempt my production deployment. Can I remove the configuration store location using ADSi Edit ahead of time so I have a nice, clean, squeaky environment before I roll with the real thing?

       
      • Randy Wintle

        Yes, if you remove that location entry, as well as clean up any extra pool information like in the post, it will be clean.

         
    21. Aniruddh Gohil

      Thanks a lot…
      very useful….

       
    22. Pingback: » Remove the old conference directory from AD by using LDP in Lync server/OCS

    23. Enrique Jaime

      And remove the ocs topology from the site backcompat Lync 2010? because when I remove the edge server I get error “No Office Communications Server 2007 / Office Communications Server 2007 R2 Edge has been enabled for federation”. Unfortunately the Edge server was damaged and could not despromover

       
    24. Bryon Alberty

      Will this work for Lync 2013 as well? Our Lync 2010 server died and we are trying to upgrade to 2013.

       
    25. eddysamson

      Hello I have an interesting problem. My 2010 FE server was on a VM which became corrupted. I re-created the VM and was able to somewhat resurrect the FE server, but it booted into an old state about 1.5 years out of date. I cannot publish my topology due to the problem described at the top. Is there a way I can reconnect the AD CMS parts instead of remove them like this article describes? I would also like to migrate to Server 2013 so if I can just do that without needing to reconnect the CMS first that would be great to know.

       
    26. Anthony

      Just want to say this blog answered all the problems I have after I decommission my Lync 2013.

      People, sside from ADSI cleanup, you need to make sure that you uninstall the SQL instances and DELETE the c:\csDATA folder (in all affected servers) or you’ll waste your time cleaning it up again. In my case I have 2 SQL servers (for RTC and for Monitor/Chat/Archive).

      Once again, thank you for posting this blog!!!

       
    27. James

      Hi Randy – this is a great posting just what I was looking for – does this mean I can remove Lync 2010 completely, CMS and all and leave OCS 2007 R2 intact and working ?

      Our problem is we have production OCS, started to deploy Lync 2010 and then the management wanted to jump straight to 2013, if we can remove 2010 and keep OCS is some of our more remote sites then we can move other parts of the business to Lync 2013.

      Thanks J

       
      • Randy Wintle

        Yes, should work for you.

         
    28. Sorin

      Great article. Many thanks.
      Very helpful.

       
    29. Pingback: Why can’t I complete the initial Lync topology on a new Lync deployment? Is something wrong with topology builder? | digitalbamboo's Blog

    Add a Comment