Hey Guys,

I just setup my Lync server and it works great for Domain A where everything important is located.

I have a Domain B setup at another location which is unfortunately not on the same forest (even though it should be in my opinion).  My issue is that I can add users to the Lync Server Control Panel from Domain B just fine however I cannot get a user on a pc in Domain B to log into the Lync client at all.  It doesn't work with a user I created on Domain B but does work if I am logged in to windows as Domain B logging into a Lync account created for Domain A.

In addition users on Domain A cannot search users on Domain B but can add them manually and the users information comes up.  What have missed here to not allow users on Domain B to log into Lync?

This is Lync 2013 btw

In that case, Domain A would act as a resource forest.  You'd want to create a disabled account in Domain A that matches the user account of the user in Domain B and populate the msRTCSIP-OriginatorSID attribute with the SID of the user account from Domain B. 

http://www.microsoft.com/en-us/download/details.aspx?id=44276

Would I need to change anything on the Lync server to say that Domain A is going to be the Resource Forest?

Where do I find the msRTCSIP-OriginatorSID attribute?

Nothing specific to the Lync server, but you'll need to Lync enable the accounts you create in Domain A that match the domain B users.  That attribute can be found via ADSIEdit, the attribute editor in Active Directory Users and Computers, or you can reach it via script/PowerShell.

Follow Saleesh's blog: http://blogs.technet.com/b/saleesh_nv/archive/2014/06/07/lync-2013-resource-forest-deployment-with-manual-sync-part-1.aspx through part 3 and you'll see it.

Hey Guys,

I just setup my Lync server and it works great for Domain A where everything important is located.

I have a Domain B setup at another location which is unfortunately not on the same forest (even though it should be in my opinion).  My issue is that I can add users to the Lync Server Control Panel from Domain B just fine however I cannot get a user on a pc in Domain B to log into the Lync client at all.  It doesn't work with a user I created on Domain B but does work if I am logged in to windows as Domain B logging into a Lync account created for Domain A.

In addition users on Domain A cannot search users on Domain B but can add them manually and the users information comes up.  What have missed here to not allow users on Domain B to log into Lync?

This is Lync 2013 btw

Have you created forest trust between 2 domains. when searching for users in B domain you will need to change the location

Ok so I figured out the attributes and copying the string needed. I took the Hex string from the SID of Domain B and created a new user in Domain A and pasted the string into the msRTCSIP-OriginatorSIDattribute.

So my understanding is that with the hex string in place the SID username of the user in Domain A would share with Domain B and I would add the disabled user in Domain A to the Lync Control Panel and it would then in turn find its way to the user in Domain B.  Am I correct?

Yes, if trusts are in place as Bulent correctly added... that's it in a nutshell. 

Yea the Trusts are in place but still wont search anyone on Domain B.

I did create a duplicate user on Domain A and copied the attributes you mentioned earlier from Domain B to Domain A but still cant login with a user account from Domain B.  Pretty odd

You wouldn't see Domain B users, but you should see the Domain A copies.  You may have to start up the logger and double-check the guides to make sure you've got everything in there correctly.  There are a few blogs out there such as Saleesh's that I mentioned that are good walkthroughs to see if you missed something.

Hi,

From your description above, the Lync topology should be Multiple Forests, Central Forest.

If it is the case, please check the configuration with the help of the link below:

https://technet.microsoft.com/en-us/library/gg670912%28v=ocs.14%29.aspx?f=255&MSPPError=-2147217396

Please check the Lync client log file, check if there is any 401/404 errors. If there is any 401 error, there may be an authentication issue. If there is any 404 error, there may be a replication issue.

You can troubleshooting the central forest topology with the help of the link below, the link is for Lync Server 2010 but similar for Lync Server 2013 as well:

https://technet.microsoft.com/en-us/library/gg670890(v=ocs.14).aspx

Best Regards,
Eason Huang