Skip to main content
CallTower Solutions Center

Hosted Skype Federation Issues to Office 365 Skype for Business When Using AzureAD Connect

Issue:

When a customer is using AzureAD Connect to sync their on-prem AD to AzureAD, they'll need to make the configuration changes below to ensure that federation from Calltower's hosted Skype for Business service to Office 365 provided Skype for Business services works.

Please consult with Tier 3 or SFB Engineering prior to telling the customer to make these changes.

PrerequisitePlease make sure this is completed below prior to making the rule in Azure AD Connect

Make sure the Proxy addresses from the on-prem AD are set to sync to Office 365, and the proxy address list should include the hosted Skype for Business SIP address (i.e. SIP:bbrown@abc.com)

Open the proxyAddresses attribute in Attribute Editor for the user

proxy1.png

Add the SIP alias in the Value to add field (this should match the same username as the Skype for Business account)

proxy2.png

Click the Add button and then OK

proxy3.png

 

Admin access to the on premise server running Azure AD Connect.

All users that need to have changes provisioned in Skype Online need to have their Skype Online License Enabled until the new SIP Address is in place. 

  • Once the the Skype Online account has been provisioned with the updated SIP Address the Skype license can be removed again.

Resolution:

The changes below should be made in Azure AD and not in the on-prem environment.

  1. Open the Synchronization Rules Editor (As Administrator) on the Azure AD Connect sync server. 
    • 1.png
  2. Select Outbound from the Direction drop-down box
    • 1a.png
  3. Click on Add new rule
    • Name – “Out to AAD – User HostingProvider”
    • Connected System – Your Office 365 Azure Active Directory Name which ends in -AAD. (example: domain.onmicrosoft.com -AAD or domain.com -AAD)
    • Connected System Object Type – user
    • Metaverse Object Type – person
    • Link Type – Join
    • Precedence – 99
    4.png
  4. Click Next
  5. Click Add group
  6. Click Add clause twice
    1. First clause
      1. Attribute – sourceObjectType
      2. Operator – EQUAL
      3. Value – User
    • Second clause
      • Attribute – cloudMastered
      • Operator – NOTEQUAL
      • Value – True
      • 2.png
  7. Click Next twice
  8. Click Add transformations three time
    1. First transformation
      1. FlowType – Expression
      2. Target Attribute – msRtcSipPrimaryUserAddress
      3. Source – this needs to be something that doesn’t match your standard naming convention for user accounts and uses a domain not hosted by CallTower.
        • For example, if you don’t use First.Last@domain.onmicrosoft.com, you could use this string, including all quotation marks: "SIP:"&[givenName]&"."&[sn]&"@domain.onmicrosoft.com"
      4. Merge Type – Update
    1. Second transformation
      1. FlowType – Constant
      2. Target Attribute – msRtcSipUserEnabled
      3. Source – true
    1. Third transformation
      1. FlowType – Constant
      2. Target Attribute – msRtcSipDeploymentLocator
      3. Source – SRV:
        • 3.png
  9. Click Save
  10. Close the Synchronization Rules Editor