Validate your Federated Domains

nslookupWe have hundreds of federated partners defined in our Lync environment. Having this many invariably means that our federation with a partner “breaks” because the partner changes their Access Edge configuration. They could be using closed federation and changed their Access Edge DNS. They could have been configured for Open Federation and switched to closed. They could have historically unreliable Open Federation so we stick in an Access Edge setting that then changes.

It’s also tedious to use NSLookup to manually check the partners SRV settings.

So this script addresses these issues.

By default, it will pull in all of your federated partners via the Get-CsAllowedDomains cmdlet. It then cycles through all of these and checks to see what the actual SRV record for _sipfederationtls._tcp.{domain} is set to. It then compares what you have in Lync with what the DNS lookup returns and spits out a .csv file with all of its results. It’s then up to you to do something with this report such as finding the discrepancies and updating your federation.

This script also supports a one-off check saving you the work of having to do the SRV lookup the manual way. Just run it as Validate-ProxyFQDN -Domain {domain} and it will compare your Lync configuration with what it finds via DNS.

I have done some decent testing of this script but please point out any errors or improvements you’d like to see as this all came together pretty quickly.

Click here to download the script.

1 comment

  1. Reblogged this on JC's Blog-O-Gibberish.

Leave a Reply

Your email address will not be published.