Remove Lync Server from Active Directory

Step#1: Remove permissions
To removes the original Lync permissions from the active director, follow below steps.

  • Open Active Directory Users and Computers
  • Right click on your top level domain being cleaned and select Properties
  • From the Properties windows, select the Security tab.
  • Remove all security users titled RTC*
    These are usually
    – RTCUniversalServerReadOnlyGroup
    – RTCUniversalUserReadOnlyGroup
    – RTCUniversalUniversalServices
    – RTCUniversalUserAdmins

Image

  • Repeat the same steps for each of the following AD Folders and OUs
    NOTE: Not all RTC permissions will exist in each AD Folder or OU, but these three OUs do:
    – Domain Controllers
    – System
    – Users

Step#2: Remove the RTC Services branch

Image

  • Drill down to the following path:
    CN=Configuration[ your domain] CN=Services
  • Delete the CN=RTC Service entry

Image

Step#3: Reverting A.D Preparation

  •  Reverting the domain preparation

To remove the permissions lists for the groups run the cmdlet:

Disable-CsAdDomain [-Domain < Fqdn > AD] [-DomainController < Fqdn of domain controller >] [-Force] [-GlobalCatalog <Fqdn>]

         Image

The -Force parameter indicates that the cmdlet will run Perforce. If this option is not present the cmdlet verifies the presence of    some active Front End in the domain if the server role is found the cmdlet does not run. If the option is this removal action is taken regardless of which server roles are active in the field.
The -Verbose option is used to generate an html file with the status of the cmdlet. The log should show the task executed successfully.

  • Reversing the forest preparation

To remove Active Directory Domain groups are created by the installation wizard of Lync run the cmdlet:

     Disable-CsAdForest [-Force] [-GroupDomain < FQDN of the domain in which universal groups were created >]

       Image

The parameter-Forceindicates that the cmdlet will run Perforce. If this option is not present the cmdlet verifies the presence of some active Front End in the domain if the server role is found the cmdlet does not run. If the option is this removal action is taken regardless of which server roles are active in the field.
The option-Verboseis used to generate an html file with the status of the cmdlet. The log should show the task executed successfully.

  •    Removing the Machine account

To finish removing Lync Server you must remove the machine account from Active Directory.
Access the Active Directory management console, locate the Remove Server account.

Image

With this procedure all Lync configuration are removed, except for the change in the Schema that are irreversible.

Step#4: Additional AD cleanup

  • Open Active Directory Users and Computers
  • Drill down as follows
    [Your Domain] Program Data Distributed KeyMan
  • Delete LyncCertificates
    NOTE: This may not exist in all scenarios.

Image

  • Delete all RTC* and CS* users created by Lync
    I.E. CSAdministrator, CSHelpDesk, RTCComponentUniversalServices, Etc.

Step#5: Cleanup existing users
To resets Lync attributes for any domain users and contacts, follow below steps.

  • Open Active Directory Users and Computers
  • Click View from the menu and activate Advanced Features
  • Right click on your domain and select Find
  • Set the Find: option to Custom Search
  • Select the Advance Tab
  • Enter the following LDAP Query: (msRTCSIP-PrimaryHomeServer=*)

Image

  • Click Find Now
  • Note each returned user or object
  • Close Find
  • Right click on each user or object found in the search
  • Select Properties
  • Select the Attribute Editor tab
  • Find and reset all msRTCSIP* attributes for the user/object

Image

Advertisements
This entry was posted in Micorosft Lync. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s