Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1183
  • Last Modified:

Lync Server Standard 2010


We are testing Lync Server. Is there anyway to separate the ability for users to add other users from other OUs in this product? as of now, you see everyone in the AD that has a Lync account.

1 Solution
Cliff GaliherCommented:
OUs were never meant to be a security feature, so while MS continues to make great strides in Role Based Access Control in both Exchange and Lync, I wouldn't expect a feature adding that type of restriction any time soon.

joebilekAuthor Commented:

Any ideas on how to achieve this, or is there a way to force that a user needs to accept other users adding him/her before they are added and precense information is showed?
Cliff GaliherCommented:
If controlling presence visibility is your goal then you'd want to do that on tge client, not server. Lync 2010 has a robust enhanced presence engine that can accomplish quite a bit:


But if that isn't enough, you can do more with the Lync APIs, right up to writing your own custom client if need be. MSDN has dozens of articles on tge subject.

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Lync mainly shows all users who is enabled for Lync. There are no 'Built-in' ways to modify that unfortunately
Check out the PartitionByOU Setting? That was available in OCS 2007 R2 and can be migrated to Lync, so you should be able to set this.

Else, you might want to enable Lync 2010 enhanced presence privacy mode once you have migrated all your users:
Get-CsPrivacyConfiguration | Set-CsPrivacyConfiguration -EnablePrivacyMode $True

Lync 2010 privacy settings are not honored by previous versions (Microsoft Office Communicator 2007 R2 or Microsoft Office Communicator 2007). If previous versions of Office Communicator are allowed to sign in, a Lync 2010 user’s status, contact information, or picture could be viewed by someone who has not been authorized to view it. Additionally, a Lync 2010 user’s privacy settings are reset if he or she later signs in with previous version of Communicator.
For these reasons, in a migration scenario, before you enable Lync 2010 enhanced presence privacy mode:
* Ensure that every user has Lync 2010 installed.
* Define a client version policy rule to prevent previous versions of Communicator from signing in.

You can use Ethical wall API to build rules to prevent users from adding or comunicating with eachothers but this API need some development

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now