I had this question come up today, and figured I would share. What is involved in adding a new SIP domain to an already existing Lync deployment.
Its recommended for a users SIP address to be the same as their Primary STMP address, so in most cases you can gather all the current email domains to plan and deploy the appropriate SIP domains initially. Of course cases do come up where a new SIP domain has to be added, change in company name, acquisition, or other issues.
So the process for adding a new SIP domain to a Lync deployment would roughly be the following:
1. Add the new SIP domain to the Topology.
2. Create DNS records for simple URLs
3. Request new certificates to support Auto configuration and simple URLs (both internal and external)
4. Run Enable-CSComputer on each Pool and director Server.
I will take a closer look at some of these steps.
Add the New SIP domain to the Topology
In this first step, we simply need to Open Topology builder and add the new SIP domain as a supported domain.
In the example below, Lyncfreak.com is the existing SIP domain, and I am adding Lyncfreak.net
1. Open Topology Builder and download the Topology from existing deployment.
2. Highlight the “Lync Server 2010” node at the top of the tree in the left hand pane to review what your current SIP domains are.
3. Right click and select “Edit Properties”.
4. Type the additional SIP domain in the appropriate box and click add. This will also automatically add the simple Meet URL for the new domain. Ensure that the format is appropriate for your deployment and select “OK”
5. Publish the Topology
Once the Topology is published you will be able to assign users the new SIP domain name. However you will want to rerun the Lync Certificate Utility and create the new DNS records.
Create DNS records
In most cases, the only simple URL that will be added for a new SIP domain is the meet URL. For my lab this takes the form of https://meet.lyncfreak.net. It can take other forms however such as:
If a format like the third example is used we don’t have a new A record to create for the Simple URL.
We do however have to create new DNS records to allow for auto configuration.
Internally we must create:
lspool1.lyncfreak.net (or sip.lyncfreak.net)
SRV _sipinternaltls._tcp.lyncfreak.net 5061 –> lspool1.lyncfreak.net (or sip.lyncfreak.net)
and Externally we must create:
access1.lyncfreak.net (or sip.lyncfreak.net)
SRV _sipfederationtls._tcp.lyncfreak.net 5061 –> access1.lyncfreak.net
SRV _sip._tls.lyncfreak.net 443 –> access1.lyncfreak.net
Below are the screen shots for the internal DNS records created.
Note: The need for the SRV record to point to a “lyncfreak.net” domain name is for strict domain matching and Lync phone editions. You may have to manually add the SAN names to certificates if you don’t use sip.domain.com
Request new certificates
You can request updated certificates using the Certificate Wizard in the Lync deployment wizard. If you had to create new A records for either Simple URLs or user login (including sip.domain.com) you will need to update certificates. Often this means both internal and external certificates, so cost from a Public CA provider may be involved.
Note here I add the lspool1.lyncfreak.net manually to the cert request. sip.lyncfreak.net is adding automatically so it may be easier to use that.
The last thing we have to do is to run Enable-CSComputer on each computer hosting IIS. This will be the Front end servers in a pool and director servers.
This will configure IIS to accept the new Simple URL we created. This sets up the mapping that allows Lync to parse the URL for the correct meeting.
There are no parameters for this command simply