I would like to share Lync user provisioning steps in central forest Lync topology without FIM. I have deployed a central forest Lync topology. Lync 2013 servers are hosted in ‘Green.com’ forest and wanted enable users from an additional forest called ‘Blue.com’.
1. DNS Zone Replication Between Forests :
Open DNS manager in ‘green.com’ forest and create a secondary DNS zone for blue.com.
Provide blue.com domain controller FQDN or IP address on the window as below. Make sure that domain controller is reachable. Open all required network ports between the domain controllers.
Once replication is completed , you should be able to see both zones as seen below.
2. Forest Trust Creation :
Open active directory domain and trusts console from green.com forest and create a new trust.
Select trust type as forest trust and direction should be two way. Make sure that it is completed successfully.
3. Linked Mailbox Provisioning :
Open exchange 2013 admin center and select new Linked mailbox option as seen below.
Select the trusted forest as blue.com from the drop down list and click next.
Linked mailbox wizard will show all the account from blue.com forest. Select the account from the list as seen below. Click OK and it will provision a linked mailbox.
Linked mailbox will create a disabled account in green.com forest. It would have been associated with the mailbox.
Install Lync resource kit on one of the frontend server. Run the SIDMap script to map the SID between the forests.
SIDmap will associate the SID and you will get a popup message as below.
4. Client Testing
Once it is completed, launch the Lync client from blue.com forest. Select the sign-in address as user@green,com with blue.com account credentials. You might need to import the root CA certificate in the client machine if it is not trusted.
I was able to access Lync client and Linked mailbox from blue.com forest.