Some situations require you remove server roles on particular server or even remove the whole Skype for Business infrastructure in case you decided to move all users and services to the cloud. Even if you already moved all users to the cloud simple turning servers off won’t be enough.
What is Skype for Business Hybrid? Skype for Business Hybrid is two independent federated domains with a shared SIP address space. The sharing of the namespace allows administrators to move users between the two deployments with their data and redirect sign-in requests to the correct deployment. In any Hybrid configuration, the on premises deployment is the source of authority for that service. Therefore, sign-in requests will come to the on premises Front End servers using DNS lyncdiscover and SRV records. The on premises Front End server redirects requests to the cloud service from the discovery phase in case the user’s SIP identity and service lives (courtesy of AD) in Office 365. This allows the user’s client to sign in directly to the online tenant using Microsoft Office 365 URLs.
Have a look at the following diagrams, illustrating Sign In workflows for Internal and External users:
Skype for Business Internal user to Cloud sign-in workflow 
Skype for Business External user to Cloud sign-in workflow
Phase 1: Getting ready
Step 1: Make sure all users already migrated to the cloud. If the following commandlet returns nothing – you are good to go:
|
1 |
Get-CsUser -Filter {RegistrarPool -eq "PoolorServerFQDN"} |
If not – move them:
|
1 |
Get-CsUser -Filter {RegistrarPool -eq "PoolorServerFQDN"} | Move-CsUser -Target sipfed.online.lync.com -Credential -HostedMigrationOverrideUrl <URL> |
Step 2: Make sure all services your business relies on are migrated as well (like DIDs, faxes, etc.).
Step 3: Plan the activities: notify management and employees about possible service disruptions.
Phase 2: Modifying DNS and terminate federation with SIP shared address space
Step 1: Modify your external DNS zone to point to Skype for Business Online using the following table as reference
Modify Values
| Record Name | Type | Port | TTL | Destination |
| sip | CNAME | N/A | N/A | sipdir.online.lync.com |
| lyncdiscover | CNAME | N/A | N/A | webdir.online.lync.com |
| _sipfederationtls._tcp | SRV | 5061 | 3600 | sipfed.online.lync.com |
Delete Values
| Record Name | Type |
| dialin | A |
| meet | A |
| lyncweb | A |
| _xmpp-server | SRV |
| _sip._tls | SRV |
Please note that global DNS propagation could take up to 24 hours to complete, so once this step has been completed, do not move to step 2 until 24 hours has passed otherwise clients may stop working externally.
Step 2. Modify your internal DNS SIP domain zone to point to Skype for Business Online using the following tables
Add Values
| Record Name | Type | Port | TTL | Destination |
| _sipfederationtls._tcp | SRV | 5061 | 3600 | sipfed.online.lync.com |
Modify Values
| Record Name | Type | Port | TTL | Destination |
| sip | CNAME | N/A | N/A | sipdir.online.lync.com |
| lyncdiscover | CNAME | N/A | N/A | webdir.online.lync.com |
Delete Values
| Record Name | Type |
| lyncdiscoverinternal | A |
| dialin | A |
| meet | A |
| lyncweb | A |
| _sipinternaltls._tcp | SRV |
Wait for the DNS zone to replicate between domain controllers and then clear the Active Directory DNS Caches using the following PowerShell
|
1 |
Clear-DnsServerCache –ComputerName dc01.domain.local –Force |
Step 3. Clearing the Client machine DNS Cache (not necessary but desirable)
The following PowerShell command will flush the DNS cache of client machines by iterating through Active Directory for computer objects
|
1 2 3 4 5 6 |
$objects = Get-AdComputer –Filter * -Properties OperatingSystem | Where {$_.OperatingSystem –match 8} Foreach ($machine in $objects){ Invoke-Command -Cn $_.Name -Script { Clear-DnsClientCache Register-DnsClient} } |
Above command assumes Windows Operating System is Windows 8 and Remote Management must be enabled on the client workstation. User executing this must have local machine administrative rights (Domain Admin would be best).
Step 4. Disable Shared SIP Address Space
On Skype for Business Online disable Shared SIP address space using the Skype for Business Online PowerShell command
|
1 |
Set-CsTenantFederationConfiguration –SharedSipAddressSpace $false |
On your on premises Lync / Skype for Business deployment run the following commands in the respective Management Shell:
|
1 2 |
Set-CsAccessEdgeConfiguration -AllowOutsideUsers $false -AllowFederatedUsers $false Remove-CsHostingProvider -Identity SkypeforBusinessOnline |
Shared SIP Address space is removed now and federation between on-premises and online infrastructures has been terminated.
Now you don’t need your on-premises servers anymore. Shut them down and make sure all services work as expected.
