Skype for Business Online gives a DNS error on user logon

I was involved in migrating a business from one Office 365 Tenancy to another for business reasons.

In the old tenancy the users were successfully using SfB online.after migrating to the new tenancy, we have random users not capable of logging into Office 365 Skype for Business.

The odd thing was they were getting DNS errors

The Skype for Business DNS troubleshooter Link indicated that all was good and the fact that some users could connect and others could not from different parts of the world seemed to indicate further issues. The Skype for Business Troubleshooter of Admins Link indicated at step 12 that I may have the following issues

Check for duplicate SIP addresses:

KB 2430520: Error in the Office 365 portal: "Value of msRTCSIP-PrimaryUserAddress or the SIP address in the ProxyAddresses field in your local Active Directory is not unique"

Check the msRTCSIP-UserEnabled attribute:

KB 2705378: Error message when you try to sign in to Lync Online: "Cannot sign in to Lync because this sign-in address was not found"

After further investigation, it was found that Azure AD Connect had replicated some msRTC… attributes. Looking at a user using ADSIedit I found the following attributes on a user, that I cleared or set to not set

msRTCSIP-DeploymentLocator SRV:

Cleared this attribute

msRTCSIP-FederationEnabled true

Set to not set

msRTCSIP-InternetAccessEnabled true

Set to not set

msRTCSIP-OptionFlags 257

Cleared this attribute

msRTCSIP-PrimaryHomeServer CN=Lc Services,CN=Microsoft,CN=1:1,CN=Pools,CN=RTC Service,CN=Services,CN=Configuration,DC=domain,DC=IE

Cleared this attribute

msRTCSIP-PrimaryUserAddress sip:a.user@domain.IE

Cleared this attribute

msRTCSIP-UserEnabled true

Set to not set

msRTCSIP-UserPolicies 0=2023619321

Cleared this attribute

Clearing these attributes on on premise AD and then forcing a full synchronisation with Azure AD Connect, I could see the user update the cleared records.

Using the Powershell command

Get-CsOnlineUser -identity a.user@domain.ie | select OnPremSipAddress

I saw that the output had the attribute clear and Skype for Business could log in.

Running a slightly different query returned all the other users I had the issue with

# This will find the Lync onpremise enabled users.

Get-CsOnlineUser | select OnPremSipAddress | out-gridview

Turns out there was a Lync Server deployed in the early naughtys that was just unplugged and removed.

Azure AD Connect - Add OU’s and Run a Full Sync

What does this cover

This is based on my experience in trying to add objects from extra OU's I sync'd from AD to Office 365/ Azure AD using Azure AD Connect, the version released on December 28th - Version 1.1.380.0.

When I just added the OU's and ran a sync from PowerShell the OU's and objects did not sync.

How I did it.

You need to edit the connector if you add OU’s. Technically re-installing should work, but that's a lot of work

OU's. I tried re-running the installer on the install, but it did not add the OU’s or objects.

So open the Synchronisation Service

Default location - "C:\Program Files\Microsoft Azure AD Sync\UIShell\miisclient.exe"

Edit the AD DS connector, not the Windows Azure AD Connector.

On step 4, when you open containers, you will need to offer your on premise AD credentials.