Lync 2013 – Adding an Trusted Application using Johan’s SefaUtil GUI as the Demostration

Hello All

This blog post details how you would go about adding a trusted application to your Lync 2013 topology.

For this example I’m going to add the trusted application built by Johan Veldhuis which allows for configuration of the SefaUtil commands at a GUI level.

For the people who are unaware of what the Sefautil is. This is the extension features which is part of the Lync 2013 resource kit which allows for remote configuration of users call forwarding, sim ringing and call pickup group option. So essentially you can administer a users settings without whiteout actually visiting the users desk.

Johan has created a great utility which is GUI based as apposed to the powershell commands which is default to the sefautil running.

You can find details on Johan GUI here.

ok back to the trusted application piece. Creating a trusted application is the same process contrary to what the software application is which you are wanting to use.

Starting the trust..


Creating the new trusted application pool. For this we do need to initially run some powershell commands to get us going, but before we do that we need to find some information about our pool to add to the powershell command. to do this we need to run the following  PS Command

– Get-CsSite

New-CsTrustedApplicationPool -id <Pool FQDN> -Registrar <Pool Registrar FQDN> -site Site:<Pool Site>

eg: New-CsTrustedApplicationPool -id lyncse.northernlync.local -Registrar lyncse.northernlync.local -site Site:1

Once this has successfully completed, we then need to run our second powershell command

New-CsTrustedApplication -ApplicationId sefautil -TrustedApplicationPoolFqdn <Pool FQDN>  -Port 7489

eg: New-CsTrustedApplication -ApplicationId sefautil -TrustedApplicationPoolFqdn lyncse.northernlync.local  -Port 7489

Note: you will be prompted at both PS commands to run the enable-cstopolgy command. its at this point now you need to run it



We are now complete with the Lync management shell and the powershell commands for setting up a trusted application. (its also worth noting if you went into your Lync control panel or the Lync topology the application trust will now be showing within these areas)

So to complete our blog now we need to download the sefautil.exe which is part of the Lync 2013 resource kit which can be found here

go ahead and install it using the default locations etc. <default location \Program Files\Microsoft Lync Server 2013\Reskit.>


Now lets check that our commands do actually work from a cmd line approach. To do this we need to open up the normal command prompt but as Administrator and navigate to the default location path of the sefautil. (ABOVE Path).

Once you are within the Reskit folder run this command line

SEFAUtil.exe <user SIP address> /server:<Lync Server/Pool FQDN>

eg: SEFAUtil.exe /server:lyncse.northernlync.local

Running this will bring back the current call settings for the user.


Now the final piece of running Johan’s SefaUtil GUI.

to do this we need to head back to the Lync Management shell as Administrator and select Johan’s Powershell script. To do this navigate to the script (NOTE: you need to unzip the .zip file first)

Once your with the folder where the .ps1 file is located run the following command

start-sefautil -pool poolfqdn

eg: start-sefautil -pool lyncse.northernlync.local

<You will/might be prompt for a execution policy issue before the .ps1 will run.> If you are type this command set-executionpolicy Unrestricted. Then run the .ps1 command again.


Once the GUI is open you will have the ability to administer your users call settings.



Thank you for looking and below is the videoCast of me doing the above in my lab.

AND massive thanks from the Lync Comminitity goes to Johan for the excellent SefaUtil GUI.! You can find more information about Johan and the things he’s working on at his blog site.


Iain Smith

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s