Tag Archives: AD Groups

Enable users for Lync, via AD Group Membership

Posted on by

Hi.

I have written a small Powershell script that reads an Active Directory group, and Lync Enables users in that group or in any Groups-in-Groups.
The users e-mail address is used when enabling the user for Lync.

Changes will come to the script, in terms of more error checking and other improvments.

Requirements:

  • Needs access to Active Directory and Lync PowerShell modules

Please feel free to use the script AS-IS, and I’ll be happy for feedback, any kind πŸ™‚

I have successfully created a scheduled task at several customers – They are all happy πŸ™‚

Updates:

  • Changed the requirements of Log folder – Script creates logfile from where the command is called
  • Changed the format of Logfilename, Convertet to uFormat – Should cover most πŸ™‚

Changes are based on feedback πŸ™‚


#############################################################################################
# Enable-LyncUsers.ps1
#
# v1.0 - April 2012 by Trond Egil Gjelsvik-Bakke (https://trogjels.wordpress.com)
# v1.1 - October 2012
#        Changed script regarding to LogFile creation.
#
# Syntax:
#	Enable-LyncUsers AD-GroupName
#
#############################################################################################
param($CSGroup)

Import-Module ActiveDirectory
Import-Module Lync

#Check if AD Group contains members
$Members = Get-ADGroupMember $CSGroup -Recursive
if ($Members -eq $NULL)
{
    write-host "AD Group $CSGroup don't contain any users. Please add members to this group before continuing" -foregroundcolor red -backgroundcolor black
    exit 0
}

#Create LogFile
$LogFile = "Enable-LyncUsers-Log-"+(get-date -uformat %d%m%Y-%H%M%S)+".txt"
$LogTXT = "Processing Users.....`n"

Out-File -FilePath $LogFile -InputObject $LogTXT

Write-Host "Processing Users.....`n" -foregroundcolor Yellow -backgroundcolor Black

ForEach ($user in $Members)
{
	$samaccountname = $user.samaccountname

	$ADUser = get-csaduser -Filter {SamAccountName -eq $SamAccountName}

	$display = $ADUser.FirstName + " " + $ADUser.LastName

	write-host "Processing:" $display

	$adexist = get-csaduser | where {$_.samaccountname -eq $samaccountname}

	if ($adexist -eq $null)
    	{
        	$usernotinad = $true
		write-host "User " $samaccountname " not in AD"
    }

    else
    {
        $usernotinad = $false
    }

    if ($usernotinad -ne $true)
    {
        $enabled = Get-CsUser -filter {SamAccountName -eq $SamAccountName}

	# Check if user is enabled for for OCS/Lync
	if ($enabled)
	{
		# Check if user is enabled for OCS
	        if ($enabled.RegistrarPool -eq $null)
        	{
			Write-Host "User is on OCS, enabling for Lync" -foregroundcolor Yellow -backgroundcolor Black

			$pool = get-csservice -registrar | where {$_.ServiceID -eq "1-Registrar-1"}

			Move-CsLegacyUser -Identity $ADUser.SipAddress -Target $pool.PoolFQDN -Force -Confirm:$false
			$LogTXT = "Successfully moved $display to Lync Server 2010"

			Write-Host "Successfully moved $display to Lync Server 2010"
        	}

		else
		{
			Write-Host "User is already on Lync - Skipping..." -foregroundcolor Yellow -backgroundcolor Black
			$LogTXT = "$display is already on Lync Server 2010, skipping....."
		}
	}
	else
	{
		Write-Host "Enabling user for Lync - Processing..." -foregroundcolor Yellow -backgroundcolor Black

                $pool = get-csservice -registrar | where {$_.ServiceID -eq "1-Registrar-1"}

		get-csaduser | where {$_.samaccountname -eq $samaccountname} | Enable-Csuser -registrarpool $pool.PoolFQDN -sipaddresstype EmailAddress
		$LogTXT = "Successfully enabled $display for Lync Server 2010"

		Write-Host "Successfully enabled $display for Lync Server 2010" -foregroundcolor Yellow -backgroundcolor Black
	}
    }
	#Write Log
	Out-File -FilePath $LogFile -InputObject $LogTXT -Append
}