Enable users for Lync, via AD Group Membership

Hi.

I have written a small Powershell script that reads an Active Directory group, and Lync Enables users in that group or in any Groups-in-Groups.
The users e-mail address is used when enabling the user for Lync.

Changes will come to the script, in terms of more error checking and other improvments.

Requirements:

  • Needs access to Active Directory and Lync PowerShell modules

Please feel free to use the script AS-IS, and I’ll be happy for feedback, any kind 🙂

I have successfully created a scheduled task at several customers – They are all happy 🙂

Updates:

  • Changed the requirements of Log folder – Script creates logfile from where the command is called
  • Changed the format of Logfilename, Convertet to uFormat – Should cover most 🙂

Changes are based on feedback 🙂


#############################################################################################
# Enable-LyncUsers.ps1
#
# v1.0 - April 2012 by Trond Egil Gjelsvik-Bakke (https://trogjels.wordpress.com)
# v1.1 - October 2012
#        Changed script regarding to LogFile creation.
#
# Syntax:
#	Enable-LyncUsers AD-GroupName
#
#############################################################################################
param($CSGroup)

Import-Module ActiveDirectory
Import-Module Lync

#Check if AD Group contains members
$Members = Get-ADGroupMember $CSGroup -Recursive
if ($Members -eq $NULL)
{
    write-host "AD Group $CSGroup don't contain any users. Please add members to this group before continuing" -foregroundcolor red -backgroundcolor black
    exit 0
}

#Create LogFile
$LogFile = "Enable-LyncUsers-Log-"+(get-date -uformat %d%m%Y-%H%M%S)+".txt"
$LogTXT = "Processing Users.....`n"

Out-File -FilePath $LogFile -InputObject $LogTXT

Write-Host "Processing Users.....`n" -foregroundcolor Yellow -backgroundcolor Black

ForEach ($user in $Members)
{
	$samaccountname = $user.samaccountname

	$ADUser = get-csaduser -Filter {SamAccountName -eq $SamAccountName}

	$display = $ADUser.FirstName + " " + $ADUser.LastName

	write-host "Processing:" $display

	$adexist = get-csaduser | where {$_.samaccountname -eq $samaccountname}

	if ($adexist -eq $null)
    	{
        	$usernotinad = $true
		write-host "User " $samaccountname " not in AD"
    }

    else
    {
        $usernotinad = $false
    }

    if ($usernotinad -ne $true)
    {
        $enabled = Get-CsUser -filter {SamAccountName -eq $SamAccountName}

	# Check if user is enabled for for OCS/Lync
	if ($enabled)
	{
		# Check if user is enabled for OCS
	        if ($enabled.RegistrarPool -eq $null)
        	{
			Write-Host "User is on OCS, enabling for Lync" -foregroundcolor Yellow -backgroundcolor Black

			$pool = get-csservice -registrar | where {$_.ServiceID -eq "1-Registrar-1"}

			Move-CsLegacyUser -Identity $ADUser.SipAddress -Target $pool.PoolFQDN -Force -Confirm:$false
			$LogTXT = "Successfully moved $display to Lync Server 2010"

			Write-Host "Successfully moved $display to Lync Server 2010"
        	}

		else
		{
			Write-Host "User is already on Lync - Skipping..." -foregroundcolor Yellow -backgroundcolor Black
			$LogTXT = "$display is already on Lync Server 2010, skipping....."
		}
	}
	else
	{
		Write-Host "Enabling user for Lync - Processing..." -foregroundcolor Yellow -backgroundcolor Black

                $pool = get-csservice -registrar | where {$_.ServiceID -eq "1-Registrar-1"}

		get-csaduser | where {$_.samaccountname -eq $samaccountname} | Enable-Csuser -registrarpool $pool.PoolFQDN -sipaddresstype EmailAddress
		$LogTXT = "Successfully enabled $display for Lync Server 2010"

		Write-Host "Successfully enabled $display for Lync Server 2010" -foregroundcolor Yellow -backgroundcolor Black
	}
    }
	#Write Log
	Out-File -FilePath $LogFile -InputObject $LogTXT -Append
}

Advertisements

Lync Disable – AD Disabled users

Hi.

Have written a short powershell script that disables AD disabled Lync users.
This will prevent some warnings in Lync Eventlog.

Script changed with regards to some of the feedback.
Not changed with regards to the comment around Syntetic Transactions – Work in progress….


#####################################################################################
# Disable-AdDisabledCsUsers.ps1
#
# v1.0 - August 2012 by Trond Egil Gjelsvik-Bakke (trogjels.wordpress.com)
# v1.1 - October 2012
#        Changed script regarding to LogFile creation.
#
#
# Pulls all AD disabled users from AD and disables them for Lync as well
#
# Writes automatically to auto created logfile
# Can optionally write to screen using -verbose
#
# Example usage.
#
# .Disable-AdDisabledCsUsers.ps1 -verbose $true
#
####################################################################################
param($verbose)
Import-Module active*

#Create LogFile
$LogFile = "DisabledAdUsers-"+(Get-Date -uFormat %Y-%m-%d-%H%M%S)+".txt"
$LogTXT = "Processing Users.....`n"
Out-File -FilePath $LogFile -InputObject $LogTXT

$disabledADusers = Get-CsAdUser | ?{$_.UserAccountControl -match "AccountDisabled" -and $_.Enabled -eq $true}

Foreach ($user in $disabledADusers)
{
    $displayname = $user.FirstName + " " + $user.LastName
    
    #Disable-CSUser -Identity $identity
    if ($verbose -eq $true)
    {
        Write-Host "Disabled AD user $displayname is now disabled for Lync as well"
    }
    $LogTXT = "$displayname is disabled in AD, and now disabled for Lync"
    Out-File -FilePath $LogFile -InputObject $LogTXT -Append
}