Saturday, January 28, 2012

TOP 10: Lync Server 2010 PowerShell Commands

I created this post in response to several requests from clients who wanted a go-to place to find the most commonly used commands and helpful commands for administering Lync Server 2010. In this post I cover the following commands:

1. Create and set up a Lync User
You will need an existing AD account for this command to function. Typically the SIP URI for users will follow their e-mail address. If not, you will need to specify the format to use or simply type it in. See the last help section of this post for more information on how to get effective help!

Enable-CsUser "Jason Shave" -RegistrarPool "poolname.domain.com" -SipAddressType EmailAddress

Next you may want to modify settings of the user such as their phone number (LineURI) or enable them for Enterprise Voice. These can both be set with one command as follows:

Set-CsUser "Jason Shave" -EnterpriseVoiceEnabled:$True -LineURI "tel:+17805551212;ext=1212"

2. Create a Common Area Phone
Common Area Phones (a.k.a. CAP's) are useful because you don't need an AD account to pre-exist as these objects are created as Contact objects in AD with the necessary properties set on them. You don't have to worry about resetting or setting passwords.

New-CsCommonAreaPhone -RegistrarPool "poolname.domain.com" -DisplayName "2FL Reception NE" -OU "OU=CAP,OU=Lync Server,DC=domain,DC=com" -DisplayNumber "+17805551212" -LineURI "tel:+17805551212;ext=1212"

NOTE: I've noticed a sort of bug with PowerShell in that if you specify the LineURI with an ";ext=" command in the string it won't tab-complete any other entries in the window so I typically leave that attribute to the end.

3. View or Assign a Policy/Dial Plan
Once you've created either a new user or CAP, you will need to set various attributes such as a Dial Plan, Voice Policy, Client Policy, Conferencing Policy, External Access Policy and so on.

To view all dial plans by name type:

Get-CsDialPlan | FL Identity
To view a voice policy, type the following: (since "Identity" is the only property beginning with the letter "I" we can use a wildcard character to save time)

Get-VoicePolicy | FL I*

To assign a Dial Plan to a user or set a voice policy to a CAP:

Grant-CsDialPlan "Jason Shave' -PolicyName EdmontonDialPlan1

Get-CsCommonAreaPhone "2FL Reception NE" | Grant-CsVoicePolicy -PolicyName NA-AB-Unrestricted

4. Assign a PIN
A PIN might not be as visibly necessary as you may think. Quickly though, a PIN is required for a non-tethered IP phone sign in, or a user joining a Lync audio conference as a leader from a non-Lync endpoint.

Set-CsClientPin "Jason Shave" -Pin 8675309
It is a good practice to set this PIN however users are able to create/set their PIN via the dialin simple URL accessible through the Lync client or the meeting request dialin phone number page (typically "dialin.domain.com").

5. Revoke a User Certificate
This one is more important than you may think as well. If you disable an AD account, and permit users to save their username/password, they will still be able to use Lync! I find a lot of people don't know this and it creates an interesting discussion with the security teams...

Revoke-CsClientCertificate "Jason Shave"

6. Move a User between pools or to an SBA

Move-CsUser "Jason Shave" -Target "poolname.domain.com"

7. Determine if a DID has been used
A common issue I see in environments where turnover is higher than normal is the recycling of DID's. When a user is disabled in Lync, their LineURI attribute in AD is still taken and cannot be reassigned. To find out the culprit, type:

Get-CsUser | Where {$_.LineURI -Like "*1212"}

The above command will find any LineURI attributes ending in "1212" such as "+17805551212" or "+17805551000;ext=1212".

8. Check CMS replication health
Any change to the CMS database such as a voice route, dial plan, or voice policy will result in the change being propagated to all Lync servers in the topology. Often times a change is made resulting in a test being performed (i.e. fixing a broken route). You will want to validate the change has been replicated to all servers in the topology before testing....and give it an extra 60 seconds after synchronization has been completed too!

Get-CsManagementStoreReplicationStatus

Alternatively if you have a very large topology, you can be more specific as follows:

Get-CsManagementStoreReplicationStatus | Where {$_.UpToDate -ne $True}

9. Determine number of users enabled for Enterprise Voice

(Get-CsUser | Where {$_.EnterpriseVoiceEnabled -eq $True}).Count

Getting more complex, lets try to count the total number of EV users and CAP's and get a combined total. In the following example we use the ";" command in a one-liner to initiate a carriage return. We also store the outcome in a variable called "$str1" and "$str2":

$str1 = (Get-CsUser | Where {$_.EnterpriseVoiceEnabled -eq $True}).Count; $str2 = (Get-CsCommonAreaPhone).Count; $str1 + $str2

10. Getting help from PowerShell 
I've found the following tips helpful when trying to find out what PowerShell can do for me...

To get help on a command such as Get-CsUser type:

Get-Help Get-CsUser

NOTE: Use the TAB key on your keyboard when typing in PowerShell to complete long commands. As an example, you wouldn't want to type these comands every time:

Get-CsManagementStoreReplicationStatus
Get-CsUserReplicatorConfiguration
Get-CsEnhancedEmergencyServiceDisclaimer

For example, type "Get-CsMan" for "Get-CsManagementStoreReplicationStatus"

Sometimes you want examples of a command such as "Get-CsUser" so in this case you would type:

Get-Help Get-CsUser -Examples

If you forget a command or want to know all the commands associating with setting a user property, try:

Get-Command Set-CsUser*

Again, you might want to know what a specific parameter for "Set-CsUser" does such as AudioVideoDisabled:

Get-Help Set-CsUser -Parameter Au*

Hope this helps! Feedback is always appreciated so let me know if you note a mistake or would suggest alternative top 10's. Cheers!

3 comments:

  1. Nice work thanks loads

    ReplyDelete
  2. Excellent job!

    Thank you

    ReplyDelete
  3. any command to know the created CAP accounts on the server?

    ReplyDelete