With Skype for Business Online decommission the required DNS Records for tenants that are Teams Only changed, now we no longer required to have the following:
DNS Name | Record Type |
_sip._tls.<SIP Domain> | SRV |
sip.<SIP Domain> | CNAME |
lyncdiscover.<SIP Domain> | CNAME |
This means that the only required DNS record that remains is for SIP federation.
For more information regarding the new DNS requirements, please go to:
External DNS records required for Teams | Microsoft Learn
If we only have few domains, then we can manually check the DNS records using the following PowerShell cmdlets:
$Domain = "uclobby.com"
Resolve-DnsName ("lyncdiscover." + $Domain) -Type CNAME -ErrorAction SilentlyContinue
Resolve-DnsName ("sip." + $Domain) -Type CNAME -ErrorAction SilentlyContinue
Resolve-DnsName ("_sip._tls." + $Domain) -Type SRV -ErrorAction SilentlyContinue
Resolve-DnsName ("_sipfederationtls._tcp." + $Domain) -Type SRV -ErrorAction SilentlyContinue
Note: Adding the “-ErrorAction SilentlyContinue” is just to prevent the exception output when the DNS record doesn’t exist.
Test-UcTeamsOnlyDNSRequirements
However, if we have multiple domains as part of the tenant this can be a time-consuming task. To help identify which DNS record should be removed a new cmdlet was added to UCLobbyTeams PowerShell module, the Test-UcTeamsOnlyDNSRequirements since version 0.5.0.
We can use the cmdlet without any parameter, however, this requires we connect to Microsoft Teams PowerShell.
In this case we will use the Get-CsOnlineSipDomain to get a list of all enabled domains and then check the DNS records for each domain.
In case we specify the domain then it will use the Get-UcM365Domains to retrieve a list of the domains associated with that tenant:
The output will contain the following columns:
- Domain – “SIP Domain” that is part of the tenant.
- DiscoverRecord – lyncdiscover.<SIP Domain>.
- SIPRecord – sip.<SIP Domain>.
- SIPTLSRecord – _sip._tls.<SIP Domain>.
- FederationRecord – _sipfederationtls._tcp.<SIP Domain> with the following possible values:
- OK – DNS SRV Record exists, and it matches sipfed.online.lync.com or sipfed.online.gov.skypeforbusiness.us (GCC High) and port 5061.
- Not configured – DNS SRV record doesn’t exist. This can be expected since this DNS record is only a requirement if we need SIP federation.
- NOK – FQDN:PORT – the destination or port doesn’t match sipfed.online.lync.com or 5061 that is a requirement for TeamsOnly tenants that are configured for federation.
Please note that, by default, the output will only contain DNS records related to online.lync.com and online.gov.skypeforbusiness.us (GCC High), other values will be ignored. The exception will be for the SIP federation DNS record.
Here is the expected output if we still had the federation DNS record for Skype for Business OnPrem:
There is also a parameter -All to output all DNS records even if those are not related to online.lync.com or online.gov.skypeforbusiness.us (GCC High).
One thought on “Time to say goodbye to sipdir and webdir”
Comments are closed.