Lync Server Admin Guide: Delegating Control of Microsoft Lync Server 2010
This article is part of the Microsoft Lync Server 2010 Administration Guide: PowerShell Supplement.
Assigning an RBAC Role to a User
- Assigning a User to a Security Group
To assign an RBAC role to a user you simply make that user a member of the security group associated with the RBAC role; for example, to assign a user to the CsHelpDesk role all you have to do is make that user a member of the CsHelpDesk group. Microsoft Lync Server 2010 does not provide any cmdlets that can be used to assign a user to a security group. However, you can assign a user to a security group by using the following Windows PowerShell script:
$strFilter = "(&(objectCategory=Group)(SamAccountName=" + $args[0] +"))"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Subtree"
$colProplist = "distinguishedName"
foreach ($i in $colPropList)
{[void] $objSearcher.PropertiesToLoad.Add($i)}
$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
{$groupDN = $objResult.Path}
$userDN = (Get-CsUser -Identity $args[1]).DistinguishedName
$user = [ADSI] "LDAP://$userDN"
$group = [ADSI] $groupDN
$group.Add($user.PsBase.Path)
To use this script, copy the code, paste it into a text editor, and then save the file using a .ps1 file extension (for example, C:\Scripts\Assign-RBACRole.ps1). From there all you have to do is run the script, taking care to supply the RBAC role name (e.g., CsHelpDesk) and the Identity of the user being assigned the role (e.g., Ken Myer):
C:\Scripts\Assign-RBACRole.ps1 "CsHelpDesk" "Ken Myer"
For more information