codesalot.com

Disable AD disabled CS users powershell script

10/03/2011, 17:13

I’ve made a script to disable AD disabled users from Lync. The script pulls all AD disabled users and checks if they are disabled for Lync as well. If not, they will be. Optional output to screen and/or file.


#####################################################################################
# Disable-AdDisabledCsUsers.ps1
#
# Pulls all AD disabled users from AD and disables them for Lync as well
#
# Can optionally write logs to file or screen using -verbose and/or -logFile inputs
#
# eg.
#
# .\Disable-AdDisabledCsUsers.ps1 -verbose $true -logFile "c:\logfile.log"
#
#
#
# Written by Tom-Inge Larsen (codesalot.com)
#
####################################################################################
param($verbose,$logFile)
Import-Module active*

if ($logFile -ne "") {
    $logoutput = [System.IO.StreamWriter] $logFile
    $logoutput.WriteLine("AD disabled users that was Lync disabled:")
}

$disabledADusers = Search-ADAccount -AccountDisabled -UsersOnly | Select-Object userprincipalname

$disabledADusers | foreach-object {
    $identity = $_.userprincipalname
    $csuser = Get-CsUser -Identity $identity -ErrorAction SilentlyContinue | Select-Object Enabled

    if ($csuser.enabled -eq $true) {
        Disable-CsUser -Identity $identity
        if ($verbose -eq $true) {
            Write-Host "AD disabled user" $identity "is now disabled for Lync as well"
        }
        if ($logFile -ne "") {
            $logoutput.WriteLine($identity)
        }
    }
}

if ($logFile -ne "") {
    $logoutput.close()
    if ($verbose -eq $true) {
        Write-Host $logFile "written."
    }
}

Tags: automation, Lync 2010, powershell, script, usermanagement
Category: Unified Communications | 2 Comments

Lync 2010 and Exchange Web Services/autoconfigure

03/03/2011, 13:43

I’ve recently been upgrading an OCS 2007 R2 environment to Lync 2010 where the users have SMTP adresses in several SMTP domains, but they only have one SIP domain. All users have an SMTP address at least in the SIP domain, but many of them have their primary SMTP address in different domains from the SIP domain.

What happened when we migrated the first couple of users to the new Lync FE pool and the new client, some of them lost their calendar integration and recent calls list. It was early apparent that these users were the ones that didn’t have their primary SMTP address in the SIP domain, so at least we were able to find a common denominator.

Taking up the configuration information on the client showed “EWS not deployed” and the fields for EWS Internal and External URL were empty. Testing autoconfigure in Outlook did not return any errors. Of course google is my friend, so I found this post at confusedamused that listed a couple of things to check. None of these solved it for me, but check them first in any case.

When more googling didn’t result in any more possible solutions, I started looking at wireshark traces, and noticed that the Lync client was actually looking up DNS autoconfigure for the users primary SIP domain, not the SMTP domain. As it turned out, autoconfigure was set up to use SCP in all the other domains than the SMTP domain that was equal to the SIP domain, so the Lync client failed to get autoconfigure config for the other domains. I dont know why this was not a problem in R2, so theres probably been some kind of change to how the Lync client handles EWS configuration. Adding the autoconfigure host to HOSTS on the client machine I saw that the Lync client was getting “401 Unauthorized” messages back from the EWS server. I didn’t notice at first, but it was trying HTTP, not HTTPS which had failed a couple of packets earlier, because EWS didn’t have a SAN name in the correct domains.

The solution then was to either add autoconfigure names for the other domains to SAN on the EWS IIS certificate, or adding a SRV record pointing to the Exchange CAS for autoconfigure in the other domains. Hey presto!

Tags: Autoconfigure, Calendar Sync, EWS, Exchange, Lync 2010, Presence
Category: Unified Communications | 10 Comments

OpenSSL in X6.0

31/01/2011, 14:08

There seems to be a bug eith the openSSL running on VCS X6.0. It has some problems with .pfxes created by the MS Certificates snapin. Should be fixed before X6.3.

In the mean time, we’ll have to use openSSL elsewhere to create certs for the VCSes and Codian MCUs.

Tags: openSSL, VCS
Category: video conferencing | Comment

URI dialing domain check

25/01/2011, 11:45

I made a quick and dirty php script to check if your domain is correctly configured in DNS to support standards based URI dialling. Just input your URI domain and your target gateway, and the script will check if the SRV records are correctly configured and that the A record for the gateway exists.

I’ll add more functionality and nicer looks as time goes by feature requests in comments.

http://www.codesalot.com/dnscheck/

Tags: DNS, URI Dialing
Category: video conferencing | 3 Comments

Cisco VC Dialer

03/01/2011, 14:41

Getting my new iPad this weekend, I got to try the Cisco (Tandberg) VC Dialer from Sping BV on some of my endpoints. It seems to be working perfectly! It is basically an app that can dial any number from any MXP, C, EX or E series endpoint. You can get it from the AppStore, search for VC Dialer (it is an iPhone app originally). The app is free for a limited number of downloads, after which it will be priced €4.99

The dialer screen

Last calls screen

Choose endpoint

Add endpoint screen

You need to be able to reach the endpoints on http (s?), and you need the admin password of the endpoint to be able to control it.

You can only make calls and hang up with the app, it is not a full remote control of the endpoint, but I can still se uses for this.

Tags: Cisco Telepresence, iPad app, remote control, Tandberg, video conferencing
Category: video conferencing | Comment

Test post from my iPad

30/12/2010, 20:11

Just a test post from my new ipad!

Tags: ipad, test
Category: General | Comment

Merry Christmas!

24/12/2010, 14:46

Category: General | Comment

Problems adding phone numbers to a conference call

21/12/2010, 12:10

I’ve recently had some problems with an OCS 2007 R2 installation where the users were complaining that they couldn’t add external phone numbers to a conference call. Internal numbers and SIP contacts were working fine.

I did some tracing, and noticed that the service provider gateway returned a 404 Not found when answering to the SIP Invite of the phone number. I checked the number, and it seemed correct.

But the FROM: field of the INVITE was populated with the users SIP URI not the users TEL URI, which the service provider didn’t handle. Normally a call through the mediation server will use the TEL URI, but turns out that it doesn’t in this case. There is AFAIK no way to handle this in OCS 2007 R2. (There might be in Lync, but I’ll need to lab that. The conference call behaves the same way in Lync, but you have the option to substitute the dialed from number on the route.)

This means that the service provider needs to handle this and substitute all unknown URI’s in the FROM: field with some known number, ex. the Dial In conference number or the main number of the organization, unless the service provider wants to maintain a database of the users and their corresponding TEL URI.

It might also be a solution to put some kind of gateway between the PSTN and OCS that does the conversion.

Has anyone else seen this?

Tags: enterprise voice, OCS 2007 R2
Category: Unified Communications | 1 Comment

Photos in Lync 2010

08/12/2010, 15:48

So I’ve been fiddling a bit with photos in Lync today. Seems easy enough when you have Exchange 2o10 and can use powershell, see this post, but can be more tricky if you haven’t. Lync 2010 does not supply a method of uploading the pictures to AD, it just uses the photo found in the user attribute thumbnailPhoto. You’ll have to upload the pictures another way.

After a bit of searching on the net, I found this post that had a link to a small .dll, written by a guy named OliD, that extends the ADUC (Active Directory Users and Computers) MMC with two tabs to the user properties page. The first tab we don’t really need, but it will enable you to add employee ID/number. The other will upload and resize the selected image to 96×96 px. It can be downloaded from:

http://www.dewdney.co.uk/adext/adext.zip

Installation instructions can be found in the .zip file.

It will give you this tab: (that’s me in the picture btw)

If you have a multidomain forest you will also need to enable global replication of the attribute. This procedure is described in the Exchangeteam blogpost linked in the beginning of this post.

The photo won’t display in the Lync client right away though. As per this the ABServer in Lync 2010 has an update pass every night at 01:30AM Server time, just as in OCS2007R2. To speed this up you can run the cmdlet

Update-CsAddressBook

in the Lync management shell. Note that by default it will still take up to 5 minutes before the actual update pass is run. Look for event 21056 in the event log.

If the user has not had any photos before, just log the user in and out of Lync, and it should be updated. If this is an updated photo, you will have to log out and exit the client and then delete the file

%userprofile%\AppData\Local\Microsoft\Communicator\sip_<SIP URI>\ABS_<SIP URI>.cache

Start the client again, and the photo should be updated!

A complete description on how photos are handled in Lync 2010 can be found here.

Tags: Address Book, Lync 2010, photo
Category: Unified Communications | 11 Comments

Test post

28/11/2010, 00:43

Nothing to see here, move along!

Tags: testing
Category: Uncategorized | Comment