Posts:
58
Registered:
11/13/07
|
|
|
|
Manage OCS 2007 users with PowerShell?
Posted:
Nov 13, 2007 8:11 AM
|
|
|
I made a quick search on Google and found this related to OCS and PowerShell:
get-qaduser -LDAPFilter '(msRTCSIP-UserEnabled=TRUE)' -IncludedProperties 'msRTCSIP-Line' | Format-table DN,msRTCSIP-Line
Are there any good ways to manage OCS with PowerShell?
I would like to have the ability to enable users for OCS with PowerShell, to be able to script new AD users to be OCS-enabled.
Also the possibility to manage the OCS-users` contact-lists...
|
Jan Egil Ring
---------------------
Blog: http://blog.powershell.no
UG: http://powershellug.ning.com
Twitter: http://twitter.com/janegilring
|
|
Posts:
415
Registered:
9/4/07
|
|
|
|
Re: Manage OCS 2007 users with PowerShell?
Posted:
Nov 14, 2007 3:13 AM
in response to: Jan Egil Ring
|
|
|
Try this:
set-qaduser <identity> -oa @{msRTCSIP-UserEnabled=TRUE}
Or, for batch process of multiple users:
get-qaduser <identity> | set-qaduser -oa @{msRTCSIP-UserEnabled=TRUE}
Please, let me know if that work.
|
|
|
Posts:
58
Registered:
11/13/07
|
|
|
|
Re: Manage OCS 2007 users with PowerShell?
Posted:
Nov 14, 2007 2:33 PM
in response to: Andrey Moiseev ...
|
|
|
PS H:\> Get-QADUser ocs.test | set-qaduser -oa @{msRTCSIP-UserEnabled=TRUE}
Missing '=' operator after key in hash literal.
At line:1 char:51
+ Get-QADUser ocs.test | set-qaduser -oa @{msRTCSIP-U <<<< serEnabled=TRUE}
OCS-enabled user:
PS H:\> Get-QADUser jan-egil* | fl *
objectClass : {top, person, organizationalPerson, user}
cn : OCS
sn : Test
givenName : OCS
distinguishedName : CN=OCS Test,OU=IT,DC=elev,DC=company,DC=local
instanceType : 4
whenCreated : 21.08.2004 12:44:53
whenChanged : 13.11.2007 17:53:39
uSNCreated : 1846779
uSNChanged : 31014172
homeMTA : CN=Microsoft MTA,CN=MAIL,CN=Servers,CN=First Administrative Group,CN=Administrati
ve Groups,CN=Elev,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=elev,DC=stein
kjer,DC=local
proxyAddresses : {sip:ocs.test@sipdomain.local, smtp:ocs.test@elev.company.no, SMTP:
ocs.test@sipdomain.local, X400:c=us;a= ;p=Elev;o=Exchange;s=OCS Test;}
homeMDB : CN=Mailbox Store (MAIL),CN=First Storage Group,CN=InformationStore,CN=ELEVMAIL,CN
=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Elev,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=elev,DC=company,DC=local
mDBUseDefaults :
mailNickname : ocs.test
objectGUID : 1BD19114FAB25547B8B720AC68368F50
userAccountControl : 66048
badPwdCount : 0
codePage : 0
countryCode : 0
homeDirectory : \\srv-fp\ocs.test$
homeDrive : H:
badPasswordTime : 17.06.2007 11:52:07
lastLogoff : 01.01.1601 00:00:00
lastLogon : 13.11.2007 19:58:10
scriptPath : netlogon.bat
pwdLastSet : 22.10.2007 10:28:06
primaryGroupID : 513
userParameters : ☺CtxCfgPresent????☺CtxCfgFlags1
???☺CtxShadow????*☻☺CtxMinEncryptionLevel?↑4☺CtxWFHomeDir?????????????????????????
?"♠☺CtxWFHomeDirDrive??? *☺CtxWFProfilePath?????????????????????
objectSid : 010500000000000515000000A837D665B1559C0F07E53B2BAF440000
adminCount : 1
accountExpires : 31.12.9999 23:59:59
logonCount : 234
sAMAccountName : jer
sAMAccountType : 805306368
showInAddressBook : {CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Containe
r,CN=Elev,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=elev,DC=company,DC=
local, CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=Elev,CN=Micros
oft Exchange,CN=Services,CN=Configuration,DC=elev,DC=company,DC=local}
legacyExchangeDN : /o=Elev/ou=First Administrative Group/cn=Recipients/cn=ocs.test
objectCategory : CN=Person,CN=Schema,CN=Configuration,DC=elev,DC=company,DC=local
dSCorePropagationData : {28.02.2007 20:20:54, 28.02.2007 20:20:54, 28.02.2007 20:20:54, 20.07.2006 13:38:16..
.}
lastLogonTimestamp : 128394500191462065
textEncodedORAddress : c=us;a= ;p=Elev;o=Exchange;s=test;g=ocs;
mail : ocs.test@sipdomain.local
msExchHomeServerName : /o=Elev/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=MAIL
msExchALObjectVersion : 112
msExchMailboxSecurityDescriptor :
msExchUserAccountControl : 0
msExchMailboxGuid : 8D3924912F9B6343893D0ED1859D8F14
msRTCSIP-PrimaryUserAddress : sip:ocs.test@sipdomain.local
msRTCSIP-UserEnabled :
msRTCSIP-PrimaryHomeServer : CN=LC Services,CN=Microsoft,CN=ocs,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=
elev,DC=company,DC=local
msRTCSIP-FederationEnabled :
msRTCSIP-InternetAccessEnabled :
msRTCSIP-ArchivingEnabled : 0
msRTCSIP-OptionFlags : 256
msExchPoliciesIncluded : {42BA9A15-2463-4538-B2CD-B189E09D2FFC},{26491CFC-9E50-4857-861B-0CB8DF22B5D7}
nTSecurityDescriptor :
City :
Company :
Department :
Email : ocs.test@sipdomain.local
Fax :
FirstName : OCS
HomePhone :
Initials :
LastName : Test
LogonName : OCS.test
Manager :
MemberOf : {CN=FlexProfile,OU=Tilgangs-grupper,DC=elev,DC=company,DC=local, CN=distr_Alle_Elev
er,OU=IT,DC=elev,DC=company,DC=local}
MobilePhone :
Office :
Pager :
PhoneNumber :
PostalCode :
PostOfficeBox :
StateOrProvince :
StreetAddress :
Title :
UserPrincipalName : ocs.test@domain.local
WebPage :
CanonicalName : domain.local/IT/OCS Test
CreationDate : 21.08.2004 12:44:53
Description :
DisplayName : OCS Test
DN : CN=OCS Test,OU=IT,DC=elev,DC=company,DC=local
Guid : 1491d11b-b2fa-4755-b8b7-20ac68368f50
ModificationDate : 13.11.2007 17:53:39
Name : OCS Test
Notes :
ParentContainer : domain.local/IT/
Sid : S-1-5-21-1708537768-261903793-725345543-17583
Type : user
DirectoryEntry : System.DirectoryServices.DirectoryEntry
NetworkCredential : System.Net.NetworkCredential
IsOpen : True
ConnectionParameters : Quest.ActiveRoles.ArsPowerShellSnapIn.ConnectionParameters
Not OCS enabled:
PS H:\> Get-QADUser ocs.test | fl *
objectClass : {top, person, organizationalPerson, user}
cn : OCS Test
sn : Test
givenName : OCS
distinguishedName : CN=OCS Test,CN=Users,DC=elev,DC=company,DC=local
instanceType : 4
whenCreated : 14.11.2007 22:13:31
whenChanged : 14.11.2007 22:13:31
uSNCreated : 31065580
uSNChanged : 31065585
objectGUID : 8EBEC0284C86124A83BCD57BD634F88F
userAccountControl : 66048
badPwdCount : 0
codePage : 0
countryCode : 0
badPasswordTime : 01.01.1601 00:00:00
lastLogoff : 01.01.1601 00:00:00
lastLogon : 01.01.1601 00:00:00
pwdLastSet : 14.11.2007 22:13:31
primaryGroupID : 513
objectSid : 010500000000000515000000A837D665B1559C0F07E53B2BC4550000
accountExpires : 31.12.9999 23:59:59
logonCount : 0
sAMAccountName : ocs.test
sAMAccountType : 805306368
objectCategory : CN=Person,CN=Schema,CN=Configuration,DC=elev,DC=company,DC=local
nTSecurityDescriptor :
City :
Company :
Department :
Email :
Fax :
FirstName : OCS
HomePhone :
Initials :
LastName : Test
LogonName : ocs.test
Manager :
MemberOf :
MobilePhone :
Office :
Pager :
PhoneNumber :
PostalCode :
PostOfficeBox :
StateOrProvince :
StreetAddress :
Title :
UserPrincipalName : ocs.test@elev.company.local
WebPage :
CanonicalName : elev.company.local/Users/OCS Test
CreationDate : 14.11.2007 22:13:31
Description :
DisplayName : OCS Test
DN : CN=OCS Test,CN=Users,DC=elev,DC=company,DC=local
Guid : 28c0be8e-864c-4a12-83bc-d57bd634f88f
ModificationDate : 14.11.2007 22:13:31
Name : OCS Test
Notes :
ParentContainer : elev.company.local/Users
Sid : S-1-5-21-1708537768-261903793-725345543-21956
Type : user
DirectoryEntry : System.DirectoryServices.DirectoryEntry
NetworkCredential : System.Net.NetworkCredential
IsOpen : True
ConnectionParameters : Quest.ActiveRoles.ArsPowerShellSnapIn.ConnectionParameters
|
Jan Egil Ring
---------------------
Blog: http://blog.powershell.no
UG: http://powershellug.ning.com
Twitter: http://twitter.com/janegilring
|
|
Posts:
415
Registered:
9/4/07
|
|
|
|
Re: Manage OCS 2007 users with PowerShell?
Posted:
Nov 15, 2007 4:16 AM
in response to: Jan Egil Ring
|
|
|
It seems I slightly mistaken in syntax. Try this:
get-qaduser <identity> | set-qaduser -oa @{'msRTCSIP-UserEnabled'=$true}
|
|
|
Posts:
822
Registered:
3/20/07
|
|
|
|
Re: Manage OCS 2007 users with PowerShell?
Posted:
Nov 15, 2007 5:49 AM
in response to: Andrey Moiseev ...
|
|
|
For those readers who don't know, 'oa' is a parameter alias for the ObjectAttributes parameter. To learn more about this specific parameter for Set-QADUser, simply execute this command:
Get-Help Set-QADUser -parameter ObjectAttributes
Alternatively, to discover what cmdlets use this parameter, execute this instead:
Get-Help * -parameter ObjectAttributes
--
Kirk Munro
Poshoholic
http://poshoholic.com
|
Kirk Munro [MVP]
Poshoholic
My blog: http://poshoholic.com
Follow me on Twitter: http://twitter.com/poshoholic
|
|
Posts:
58
Registered:
11/13/07
|
|
|
|
Re: Manage OCS 2007 users with PowerShell?
Posted:
Nov 15, 2007 8:47 AM
in response to: Andrey Moiseev ...
|
|
|
PS H:\> Get-QADUser ocs.test | set-qaduser -oa @{'msRTCSIP-UserEnabled'=$true} Name Type DN
---- ---- --
OCS Test user CN=OCS Test,CN=Users,DC=elev,DC=domain,DC=local
PS H:\> Get-QADUser ocs.test | fl *
objectClass : {top, person, organizationalPerson, user}
cn : OCS Test
sn : Test
givenName : OCS
distinguishedName : CN=OCS Test,CN=Users,DC=elev,DC=domain,DC=local
instanceType : 4
whenCreated : 14.11.2007 22:13:31
whenChanged : 15.11.2007 16:33:06
uSNCreated : 31065580
uSNChanged : 31096791
objectGUID : 8EBEC0284C86124A83BCD57BD634F88F
userAccountControl : 66048
badPwdCount : 0
codePage : 0
countryCode : 0
badPasswordTime : 01.01.1601 00:00:00
lastLogoff : 01.01.1601 00:00:00
lastLogon : 01.01.1601 00:00:00
pwdLastSet : 14.11.2007 22:13:31
primaryGroupID : 513
objectSid : 010500000000000515000000A837D665B1559C0F07E53B2BC4550000
accountExpires : 31.12.9999 23:59:59
logonCount : 0
sAMAccountName : ocs.test
sAMAccountType : 805306368
objectCategory : CN=Person,CN=Schema,CN=Configuration,DC=elev,DC=domain,DC=local
msRTCSIP-UserEnabled :
nTSecurityDescriptor :
City :
Company :
Department :
Email :
Fax :
FirstName : OCS
HomePhone :
Initials :
LastName : Test
LogonName : ocs.test
Manager :
MemberOf :
MobilePhone :
Office :
Pager :
PhoneNumber :
PostalCode :
PostOfficeBox :
StateOrProvince :
StreetAddress :
Title :
UserPrincipalName : ocs.test@elev.domain.local
WebPage :
CanonicalName : elev.domain.local/Users/OCS Test
CreationDate : 14.11.2007 22:13:31
Description :
DisplayName : OCS Test
DN : CN=OCS Test,CN=Users,DC=elev,DC=domain,DC=local
Guid : 28c0be8e-864c-4a12-83bc-d57bd634f88f
ModificationDate : 15.11.2007 16:33:06
Name : OCS Test
Notes :
ParentContainer : elev.domain.local/Users
Sid : S-1-5-21-1708537768-261903793-725345543-21956
Type : user
DirectoryEntry : System.DirectoryServices.DirectoryEntry
NetworkCredential : System.Net.NetworkCredential
IsOpen : True
ConnectionParameters : Quest.ActiveRoles.ArsPowerShellSnapIn.ConnectionParameters
The user doesn`t show up in the OCS user-list, and the Communcations-tab in Active Directory Users and Computers on the user doesn`t have the Enabled-check box marked.
There are more RTCSIP attributes available, so I guess more of them need to be set.
|
Jan Egil Ring
---------------------
Blog: http://blog.powershell.no
UG: http://powershellug.ning.com
Twitter: http://twitter.com/janegilring
|
|
Posts:
822
Registered:
3/20/07
|
|
|
|
Re: Manage OCS 2007 users with PowerShell?
Posted:
Nov 15, 2007 9:18 AM
in response to: Jan Egil Ring
|
|
|
The reason this last test didn't work is because of a minor mistake in the script Andrey provided. In the current version of the AD cmdlets (1.0.5), boolean values must be specified in uppercase for the LDAP search to find them. I have voted that this be changed on this thread: http://www.powergui.org/thread.jspa?threadID=4794&tstart=0.
In the meantime, instead of this:
Get-QADUser ocs.test | set-qaduser -oa @{'msRTCSIP-UserEnabled'=$true}
Do this:
Get-QADUser ocs.test | set-qaduser -oa @{'msRTCSIP-UserEnabled'=TRUE}
Also note that boolean values don't show up at the moment in the output (also reported on the same thread posted above), so if you want to check a value after setting it you would have to do this:
(Get-QADUser ocs.test)['msRTCSIP-UserEnabled']
--
Kirk Munro
Poshoholic
http://poshoholic.com
|
Kirk Munro [MVP]
Poshoholic
My blog: http://poshoholic.com
Follow me on Twitter: http://twitter.com/poshoholic
|
|
Posts:
58
Registered:
11/13/07
|
|
|
|
Re: Manage OCS 2007 users with PowerShell?
Posted:
Nov 15, 2007 1:58 PM
in response to: KirkAMunro
|
|
|
|
|
PS H:\> Get-QADUser ocs.test | set-qaduser -oa @{'msRTCSIP-UserEnabled'=TRUE}
The term 'TRUE' is not recognized as a cmdlet, function, operable program, or script file. Verify the term and try agai
n.
At line:1 char:69
+ Get-QADUser ocs.test | set-qaduser -oa @{'msRTCSIP-UserEnabled'=TRUE} <<<<
PS H:\> Get-QADUser ocs.test | set-qaduser -oa @{'msRTCSIP-UserEnabled'='TRUE'} Name Type DN
---- ---- --
OCS Test user CN=OCS Test,CN=Users,DC=elev,DC=domain,DC=local
Didn`t notice any changes after executing this.
Please have a look at the attached files;
ocstest.jpg is the Communications-tab in ADUC.
enable-users.txt is the LCSEnableConfigureUsers.wsf from the LCS 2005 reskit.
|
Jan Egil Ring
---------------------
Blog: http://blog.powershell.no
UG: http://powershellug.ning.com
Twitter: http://twitter.com/janegilring
|
|
Posts:
415
Registered:
9/4/07
|
|
|
|
Re: Manage OCS 2007 users with PowerShell?
Posted:
Nov 16, 2007 1:53 AM
in response to: KirkAMunro
|
|
|
Kirk, no, '-ObjectAttributes' parameter doesn't use LDAP syntax. So, $true is correct here, while in LDAPFilter TRUE is the right case.
|
|
|
Posts:
822
Registered:
3/20/07
|
|
|
Posts:
1
Registered:
6/26/08
|
|
|
|
Re: Manage OCS 2007 users with PowerShell?
Posted:
Jun 26, 2008 1:18 PM
in response to: Jan Egil Ring
|
|
|
i too didn't get any changes after executing
PS H:\> Get-QADUser ocs.test | set-qaduser -oa @{'msRTCSIP-UserEnabled'='TRUE'}
Were you able to get it to work eventually?
Thanks!
|
|
|
Posts:
3
Registered:
10/6/08
|
|
|
|
Re: Manage OCS 2007 users with PowerShell?
Posted:
Nov 26, 2008 5:37 AM
in response to: gilagri
|
|
|
I've found that running PS H:\> Get-QADUser ocs.test | set-qaduser -oa @{'msRTCSIP-UserEnabled'='$true'} works only on accounts that were previously enabled and subsequantly disabled. I also saw that it took 1-2 min. for the enable to take effect.
Anyone know how to quesry a user for the 'msRTC...' type properties? I just want to query one of the users I've enabled through ADUC so I know what parameters to configure in my new user creation script.
Thanks!
|
|
|
Posts:
1,919
Registered:
1/31/08
|
|
|
|
Re: Manage OCS 2007 users with PowerShell?
Posted:
Nov 26, 2008 6:09 AM
in response to: Manitou
|
|
|
The reason for the change to take effect might be replication. Your code may change the value on one DC and ADUC may be connected to another.
Try to get all user properties and filter just the msRTCSIP* ones before you make a c hange (in ADUC) and after. This can help you determine which properties were updated:
Get-QADUser ocs.tst -IncludeAllProperties | fl msRTCSIP*
|
Shay Levy [MVP]
http://blogs.microsoft.co.il/blogs/ScriptFanatic
PowerShell Toolbar
|
|
Posts:
3
Registered:
10/6/08
|
|
|
|
Re: Manage OCS 2007 users with PowerShell?
Posted:
Nov 26, 2008 7:20 AM
in response to: Shay Levy
|
|
|
shay.. thank you so much. That one piece was all I needed to figure the rest out. Can't thank you enough for taking the time to post that up.
Here's a piece of my new user script that sets up OCS for me:
Get-QADUser $Fullname | set-qaduser -oa @{'msRTCSIP-ArchivingEnabled'=0 } Get-QADUser $Fullname | set-qaduser -oa @{'msRTCSIP-FederationEnabled'=$true } Get-QADUser $Fullname | set-qaduser -oa @{'msRTCSIP-InternetAccessEnabled'=$true } Get-QADUser $Fullname | set-qaduser -oa @{'msRTCSIP-OptionFlags'=257 } Get-QADUser $Fullname | set-qaduser -oa @{'msRTCSIP-PrimaryHomeServer'=$serverpool } Get-QADUser $Fullname | set-qaduser -oa @{'msRTCSIP-PrimaryUserAddress'=("sip:" + $Fullname + "@ourdomain.com").ToString() }
Get-QADUser $Fullname | set-qaduser -oa @{'msRTCSIP-UserEnabled'=$true }
I'm sure there's a better way rather then doing 6-8 lines, but it works! woo hoo :)
Message was edited by: Manitou
|
|
|
Posts:
1,919
Registered:
1/31/08
|
|
|
|
Re: Manage OCS 2007 users with PowerShell?
Posted:
Nov 26, 2008 8:44 AM
in response to: Manitou
|
|
|
You can set all attributes using one Set-QADUser call. The syntax for updating multiple user attributes is as follows:
Set-QADUser $Fullname -oa @{attr1=val1; attr2=val2; attr3=val3 ...}
Another way is to assign the hash table to a variable and pass it to -oa:
$oa = @{'msRTCSIP-ArchivingEnabled'=0; 'msRTCSIP-FederationEnabled'=$true; 'msRTCSIP-InternetAccessEnabled'=$true; 'msRTCSIP-OptionFlags'=257; 'msRTCSIP-PrimaryHomeServer'=$serverpool; 'msRTCSIP-PrimaryUserAddress'=("sip:$Fullname@ourdomain.com"); 'msRTCSIP-UserEnabled'=$true }
Set-QADUser $Fullname -oa $oa
|
Shay Levy [MVP]
http://blogs.microsoft.co.il/blogs/ScriptFanatic
PowerShell Toolbar
|
|
|
Legend
|
|
MVP: 2501
+
pts
|
|
Guru: 2001
- 2500
pts
|
|
Expert: 751
- 2000
pts
|
|
Enthusiast: 31
- 750
pts
|
|
Novice: 0
- 30
pts
|
|
Moderators
|
|
Helpful answer
(5 pts)
|
|
Answered
(10 pts)
|
|
