So we were enabling Skype for business for some of our users, and we came upon a strange occurrence. Although the feature is enabled in the licensing portal, certain users were unable to log on Skype for business. This despite the fact that
a) this came as part of an Office365 E3 package,
b) the user is able to log in the portal and use the other online services
c) the problem did not affect all users uniformly
Upon further investigation, we had determined the following:
a) We had a legacy Live Communications Server 2003 in the office (meaning we had additional Active Directory extensions specific to LCS and its counterparts, OCS and Lync)
b) We had enabled Azure AD Connect to our office domain, and specific attributes were being synced to Azure Active Directory that specifically block Skype for Business
c) We had disabled LCS for those particular users
In Microsoft messaging solutions, you can enable messaging for a user, and additional attributes will be added to the account. However when you disable messaging, the attributes are not removed. Instead the account is marked as inactive, and there is no interface to remove this. It does not help, furthermore, if you have already removed the server from your environment: these attributes are there to stay.
ADSIEdit to the rescue! Connecting to the domain, you can locate the specific accounts and edit them. An alternative is to use AD Powershell to locate the accounts with the specific attributes, and then empty the attribute. Anyway, the specific attributes to look for all start with "msRICSIP-". Searching through the entire forest, we removed the attributes from all user accounts, and hopefully we won't have to revisit this issue again.