Set-CsAccessEdgeConfiguration
Topic Last Modified: 2012-03-26
Modifies the property values of an existing collection of Access Edge configuration settings for computers running the Access Edge service. The Access Edge service running on these computers (also known as Edge servers) provides a way for users outside your internal network to communicate with users inside that internal network.
Syntax
Set-CsAccessEdgeConfiguration [-Identity <XdsIdentity>] [-AllowAnonymousUsers <$true | $false>] [-AllowFederatedUsers <$true | $false>] [-AllowOutsideUsers <$true | $false>] [-Confirm [<SwitchParameter>]] [-EnableArchivingDisclaimer <$true | $false>] [-Force <SwitchParameter>] [-KeepCrlsUpToDateForPeers <$true | $false>] [-MarkSourceVerifiableOnOutgoingMessages <$true | $false>] [-OutgoingTlsCountForFederatedPartners <UInt32>] [-WhatIf [<SwitchParameter>]]
Set-CsAccessEdgeConfiguration [-AllowAnonymousUsers <$true | $false>] [-AllowFederatedUsers <$true | $false>] [-AllowOutsideUsers <$true | $false>] [-BeClearingHouse <$true | $false>] [-Confirm [<SwitchParameter>]] [-EnableArchivingDisclaimer <$true | $false>] [-EnablePartnerDiscovery <$true | $false>] [-Force <SwitchParameter>] [-KeepCrlsUpToDateForPeers <$true | $false>] [-MarkSourceVerifiableOnOutgoingMessages <$true | $false>] [-OutgoingTlsCountForFederatedPartners <UInt32>] [-UseDnsSrvRouting <SwitchParameter>] [-WhatIf [<SwitchParameter>]]
Set-CsAccessEdgeConfiguration [-AllowAnonymousUsers <$true | $false>] [-AllowFederatedUsers <$true | $false>] [-AllowOutsideUsers <$true | $false>] [-Confirm [<SwitchParameter>]] [-DefaultRouteFqdn <String>] [-EnableArchivingDisclaimer <$true | $false>] [-Force <SwitchParameter>] [-IsPublicProvider <$true | $false>] [-KeepCrlsUpToDateForPeers <$true | $false>] [-MarkSourceVerifiableOnOutgoingMessages <$true | $false>] [-OutgoingTlsCountForFederatedPartners <UInt32>] [-UseDefaultRouting <SwitchParameter>] [-VerificationLevel <AlwaysVerifiable | AlwaysUnverifiable | UseSourceVerification>] [-WhatIf [<SwitchParameter>]]
Set-CsAccessEdgeConfiguration [-Confirm [<SwitchParameter>]] [-Force <SwitchParameter>] [-Instance <PSObject>] [-WhatIf [<SwitchParameter>]]
Detailed Description
Edge servers (also known as access proxy servers) provide a way for you to extend the capabilities of Microsoft Lync Server 2010 to people who are not logged on to your internal network. For example, if you have remote users, authenticated users who log on to Lync Server over the Internet rather than through the internal network, you will need to set up an Edge server in order to provide access to these users. Likewise, Edge Servers are required if you want to establish federation with another organization, or if you want to give your users the right to communicate with people who have accounts with a public instant messaging service such as Yahoo!, AOL, or MSN. Access Edge servers are located on the perimeter network, and are used to make and validate SIP connections between users inside and users outside your internal network.
In Lync Server 2010, the Access Edge servers are managed using a single, global collection of configuration settings; the Set-CsAccessEdgeConfiguration cmdlet enables you to modify these global settings. Note that the properties that can be modified depend on the routing type you choose for your Edge Servers. For example, if you choose to use Domain Name System (DNS) service routing, you will see and be able to change the property values BeClearinghouse and EnablePartnerDiscovery. If you use default routing, those two property values will not be available. Instead, you will see and be able to change the property values VerificationLevel and IsPublicProvider.
Who can run this cmdlet: By default, members of the following groups are authorized to run the Set-CsAccessEdgeConfiguration cmdlet locally: RTCUniversalServerAdmins. To return a list of all the role-based access control RBAC roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt:
Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Set-CsAccessEdgeConfiguration"}
Parameters
| Parameter | Required | Type | Description |
|---|---|---|---|
Identity |
Optional |
Xds Identity |
Unique identifier of the Access Edge configuration settings to be returned. Because you can only have a single, global instance of these settings, you do not have to include the Identity when calling Set-CsAccessEdgeConfiguration. However, if you prefer, you can use the following syntax to modify the global settings: -Identity global. |
Instance |
Optional |
DisplayAccessEdgeSettingsDnsSrvRouting object or DisplayAccessEdgeSettingsDefaultRoute object |
Allows you to pass a reference to an object to the cmdlet rather than set individual parameter values. |
AllowAnonymousUsers |
Optional |
Boolean |
Indicates whether or not anonymous users (that is, unauthenticated users) are allowed to cross the firewall and join meetings and conferences. The default value is False. |
AllowFederatedUsers |
Optional |
Boolean |
Indicates whether internal users are allowed to communicate with users from federated domains. This property also determines whether internal users can communicate with users in a split domain scenario. (In a split domain, some of your users have accounts hosted on-premises, while others have accounts hosted off-premises.) The default value is False. |
AllowOutsideUsers |
Optional |
Boolean |
Indicates whether users can access Lync Server across the Internet. This includes both anonymous users and remote users who are trying to log on to the system. The default value is True. |
BeClearinghouse |
Optional |
Boolean |
Indicates whether your Edge servers are directly connected to other organizations. The default value is False. This parameter should not be changed unless you are instructed to do so by Microsoft support personnel. |
DefaultRouteFqdn |
Optional |
Fqdn |
Fully qualified domain name (FQDN) of the server used for federation requests. This parameter is required if you use default routing. |
EnableArchivingDisclaimer |
Optional |
Boolean |
If set to True, Edge Servers send an archiving notification header to federated and clearinghouse partners. This notification (which informs people that instant messaging (IM) conversations might be archived) can be displayed in the conversation window of a federated or clearinghouse user. The default value is False. |
EnablePartnerDiscovery |
Optional |
Boolean |
If True, Lync Server will use DNS records to try and discover partner domains not listed in the AllowedDomains list. If False, Lync Server will only federate with domains found on the AllowedDomains list. This parameter is required if you use DNS service routing. The default value is False. |
IsPublicProvider |
Optional |
Boolean |
Must be set to True if the default route requires a public instant messaging license. |
KeepCrlsUpToDateForPeers |
Optional |
Boolean |
Determines whether or not Edge servers periodically check the certificate revocation lists (CRLs) for federated domain certificates. The default value is True. |
MarkSourceVerifiableOnOutgoingMessages |
Optional |
Boolean |
If True, outgoing messages are marked as verifiable; this enables federated domains to determine the verification level for each message. If False, outgoing messages are all marked as unverifiable. The default value is True. |
OutgoingTlsCountForFederatedPartners |
Optional |
Integer |
Specifies the maximum number of Transport Layer Security (TLS) connections that can be used for each federated partner. The minimum number of TLS connections is 1, and the maximum number is 4. By default, OutgoingTlsCountForFederatedPartners is set to 4. This parameter should not be changed unless you are instructed to do so by Microsoft support personnel. |
UseDefaultRouting |
Optional |
Switch Parameter |
Indicates that administrators must specify the fully qualified domain name of the server used to send and receive federation requests. If you include the UseDefaultRouting parameter then you must also include the DefaultRouteFqdn parameter.. |
UseDnsSrvRouting |
Optional |
Switch Parameter |
Indicates that Edge servers should rely on DNS SRV records when sending and receiving federation requests. This is the default routing method. |
VerificationLevel |
Optional |
PS List Modifier |
If you are using default routing, the VerificationLevel property is used to monitor and assess the verification level of incoming messages. Valid values are: AlwaysVerifiable: All requests received on the default route are marked as verified. If a verification header is not present it will automatically be added to the message. AlwaysUnverifiable: Messages are passed only if the addressee (the user the message is intended for) has configured an Allow ACE (access control entry) for the person who sent the message. UseSourceVerification: Message verification is based on the verification level included with the message. If no verification header is present then the message will be marked as unverified. |
Force |
Optional |
Switch Parameter |
Suppresses the display of any non-fatal error message that might occur when running the command. |
WhatIf |
Optional |
Switch Parameter |
Describes what would happen if you executed the command without actually executing the command. |
Confirm |
Optional |
Switch Parameter |
Prompts you for confirmation before executing the command. |
Input Types
None. Set-CsAccessEdgeConfiguration does not accept pipelined input.
Return Types
Set-CsAccessEdgeConfiguration does not return any objects or values.
Example
-------------------------- Example 1 ------------------------
Set-CsAccessEdgeConfiguration -AllowAnonymousUsers $True -VerificationLevel "UseSourceVerification"
In Example 1, two properties of the Access Edge configuration settings are modified: the AllowAnonymousUsers property is set to True and the VerificationLevel property is set to UseSourceVerification.
-------------------------- Example 2 ------------------------
Set-CsAccessEdgeConfiguration -UseDefaultRouting -DefaultRouteFqdn "atl-edge-001.litwareinc.com"
The command shown in Example 2 changes the routing method for the Edge server to default routing. In order to do this the command must include both the UseDefaultRouting parameter and the DefaultRouteFqdn parameter, along with a parameter value that specifies the fully qualified domain name of the Edge server.
-------------------------- Example 3 ------------------------
Set-CsAccessEdgeConfiguration -UseDnsSrvRouting -EnablePartnerDiscovery $True
The preceding command changes the routing method for the Edge server to DNS server routing. This requires the use of two parameters: UseDnsSrvRouting (with no parameter value) and EnablePartnerDiscovery (with the parameter value $True).