Managing Lync 2010 users is a boring-slash-routine job, especially when you have integrated several VoIP solutions and you want to maintain consistency, for example maybe you use a single extension for the same user across multiple platforms.
In my case, users extensions in Lync is the same as their CUCM’s but prefixed with “5”, imagine setting this manually for 9000 users, if you get paid per hour, Kudos for you, you’ve got yourself a new MacBook ! But if you are a poor fellow like me (who dine at the office and no overtime), then you can use the below script, just change the Lync “Pool” and the “SIP domain” names to meet yours:
import-module lync
import-module activedirectory
#setting your environment
$pool="lyncpool.domain.com"
$sipdomain="domain.com"
get-csaduser | %{
#setting every user's variables
$samAccountName=$_.samAccountName
$sipaddress=($_.WindowsEmailAddress).split("@")[0]
$IPPhone=$_.IPPhone
$lineURI="tel:5"+$IPPhone #prefix the user's IPphone AD attribute with the number "5"
[string]$UPN=$_.UserPrincipalName
$enabled=$TRUE
#check if the user is not enabled in ActiveDirectory
if(!((get-aduser -identity $samAccountName).enabled)){
$enabled=$FALSE
}
#if the account is enabled,execute the following
if($enabled){
Enable-CsUser -identity $sipaddress -RegistrarPool $pool -SipAddressType emailaddress -SipDomain $sipdomain
set-csuser -identity $sipaddress -EnterpriseVoiceEnabled $TRUE
Grant-CsDialPlan -Identity $sipaddress -PolicyName "Internal calls"
if($IPphone){
set-csuser -identity $sipaddress -LineURI $lineURI
}
#if the account is disabled, disable its Lync account
}else {
try{
disable-csuser -identity $UPN
}catch{
write-host $UPN " Already Disabled"
}
}
}
The above script-look-alike executes the following in order:
- get every Active Directory account one by one ( you can filter them based on an OU or whatever, like i care…)
- check if the account is enabled
- if the account is enabled, it enable it in Lync, grant it a “local calls” dial plan and assign its Lync extension (which is the stored AD IPphone attribute prefixed with “5”)
- if the account is disabled, it disable it in Lync (just in case)
After running it, expect a lot of “was not changed” warnings.
Now uou can run this every few days, but that’s still considered as manual work, or you can schedule it ! Below is a nifty tutorial on how to schedule Powershell scripts correctly:
Adios…
Skripting 