The Microsoft Office Communications Server 2007 R2 version of the LCSREnableConfigureUsers windows scripting file provides Office Communications Server 2007 R2 administrators with an unrestricted way to enable and configure Active Directory Domain Services user accounts for use with Office Communications Server 2007 R2.
Author: Mike Adkins
Publication date: August 2, 2011
Product version: Office Communications Server 2007 R2
The Office Communications Server 2007 R2 LCSEnableConfigureUsers.wsf script demonstrates how a Visual Basic script can be used to access the Windows Management Interface (WMI) and to update user accounts that reside in the local Active Directory Domain Services domain. The LCSEnableConfigureUsers.wsf script automates enabling and configuring users belonging to the local Active Directory Domain Services domain. These Communications Server users may reside in the Users container or in user defined Organizational Units. Using the LCSEnableConfigureUsers.wsf script does not require membership in the local Domain Admins group or access to the console of the Office Communications Server. The LCSEnableConfigureUsers.wsf script allows members of the RTCUniversalUserAdmins group to access and perform updates to local Active Directory Domain Services domain user account through the WMI.
To use the LCSEnableConfigureUsers.wsf script, two text files must be manually configured. First, configure the user file that contains the Active Directory Domain Services distinguished name (DN) path to the containers or organizational units that manage the domain user accounts. Second, configure the file that contains the Office Communications Server 2007 R2 user configuration and home server or pool distinguished name (DN). The LCSEnableConfigureUsers.wsf script uses the information listed in the user file, to traverse the organizational units and default Users container in the Active Directory Domain Services domain. It then enables and configures user account objects to meet the specifications listed in the configuration files.
Configuration updates are applied to the specified user accounts using the Communications Server WMI class MSFT_SIPESUserSetting. These Communications Server user account updates are applied to newly enabled Communications Server user accounts or as configuration updates to pre-existing Communications Server user accounts.
The MSFT_SIPESUserSetting WMI class properties used as part of the Communications Server user account creation or configuration update process are listed below:
To function, the configuration.txt file requires at least one line entry in the LCSEnableConfigureUsers.wsf script. That line requires a unique prefix along with the DN of the Communications Server pool or Front End Server. For example:
For Communications Server Enterprise Edition
HomeServerDN:=CN=LC Services,CN=Microsoft,CN=Pool01,CN=Pools,CN=RTC Service,CN=Configuration,DC=contoso,DC=com
For Communications Server Standard Edition
HomeServerDN:=CN=LC Services,CN=Microsoft,CN=Server01,CN=Pools,CN=RTC Service,CN=Configuration,DC=contoso,DC=com
When saved to the configuration.txt file, the previously listed DN information allows the LCSEnableConfigureUsers.wsf script to enable users, defined in the users.txt file, for Communications Server and Enhanced Presence. This is the default action for the LCSEnableConfigureUsers.wsf script.
MSFT_SIPESUserSetting WMI class properties must be added to the configuration.txt file one line at a time. Append “:=” to the end of each WMI property to denote the following designated value for that WMI property. See the following example:
Before adding a list of WMI properties to the configuration.txt file, some possible caveats should be considered to ensure the LCSEnableConfigureUsers.wsf script completes its task.
The LCSEnableConfigureUsers.wsf script uses two different prefixes, specified in the users.txt file, to create and configure Communications Server user accounts. The two prefixes require that the line in the user’s file, which describes the user account, is prefixed with DN: or EMAIL: Here’s how it works:
DN:CN=Alan Brewer, OU=Users,OU=Communications Server,DC=contoso,DC=com
Each line shown above can be used separately in the user.txt file. Each line creates an enabled Communications Server user or updates a pre-existing Communications Server user. The similarities between the two lines are:
The differences between the two lines are:
To enable multiple Communications Server user accounts or to update multiple pre-existing Communications Server user accounts, the DN: prefix can include the Organization Unit (OU) the user accounts belong to.
Here is the DN: line used to enable Communications Server user accounts or to update multiple pre-existing Communications Server user accounts in the Users OU:
Warning: it is not recommended to use DN: to point to the Active Directory Domain Services default Users container, for example, DN:CN=Users,DC-contoso,DC=com. This user.txt file entry forces the LCSEnableConfigureUsers.wsf script to enable and configure all user accounts and contacts located in thee Users container.
After Communications Server user accounts are initially enabled and configured, the LCSEnableConfigureUsers.wsf script can be used to reconfigure specific Communications Server user accounts using the DN:, EMAIL:, or SIP: prefixes in the users.txt file. For example you can use the prefixes to update specific Communications Server enabled accounts:
DN:CN=Florence Flipo,OU=Users,OU=Communications Server,DC=contoso,DC=com
The LCSEnableConfigureUsers.wsf script can be used to reconfigure multiple Communications Server user accounts using the DN: prefix in the users.txt file. For example you can use DN to update all Communications Server enabled accounts in the Users OU:
DN: OU=Users,OU=Communications Server, DC=contoso,DC=com
The LCSEnableConfigureUsers.wsf script can enable and perform configuration updates to individual or multiple Communications Server user accounts. The LCSEnableConfigureUsers.wsf script updates Active Directory Domain Services user accounts that reside in a Communications Server enabled user’s domain. The Office Communications Server Active Directory preparation adds the msRTCSIP* attributes to all user accounts in the domain hosting Communications Server. By design, msRTCSIP* user attributes can be accessed through MSFT_SIP*WMI classes which are enabled locally during the installation of Communications Server. The LCSEnableConfigureUsers.wsf script performs requested updates on specified instances of the MSFT_SIPESUserSetting class properties. Updated MSFT_SIPESUserSetting class properties are then replicated to their corresponding msRTCSIP* user attributes in the Communications Server prepped Active Directory domain.
Warning: The LCSEnableConfigureUsers.wsf script is a powerful tool that can also affect the configuration of Active Directory Doman Services user accounts that are not enabled for Communications Server. Use the LCSEnableConfigureUsers.wsf script in a test lab environment using the constraints mentioned above before running it in your environment. Learning to correctly use the LCSEnableConfigureUsers.wsf script provides administrators with a quick and effective way to enable new and re-configure existing Communications Server users.
The LCSEnableConfigureUsers.wsf script provides non domain administrators with an efficient way to update and enable Communications Server user accounts. Because the LCSEnableConfigureUsers.wsf script does not have to run from the Communications Server console, it provides administrators with remote access.
The Communications Server Resource Kit tools are supported on the following Window Server operating systems:
The LCSEnableConfigureUsers.wsf script can be run from a command line window on a computer that has the Communications Server administrative tools installed on it. The LCSEnableConfigureUsers.wsf script requires the configuration of two text files. These text files contain the user account location information and the intended user configuration information. Here are three configuration examples of user.txt and configuration.txt:
The LCSEnableConfigureUsers.wsf script can be run from a command prompt window as follows:
C:\Tools> LCSEnableConfigureUsers.wsf /usersFile:users.txt /configFile:configuration.txt
To record the positive or error feedback add the “>” operator to the end of the command line and point it to the folder where you want the log file stored. For example:
C:\Tools> LCSEnableConfigureUsers.wsf /usersFile:users.txt /configFile:configuration.txt > C:\output.txt
When the LCSEnableConfigureUsers.wsf script completes its process, view the output.txt file for the results of the command.
The LCSEnableConfigureUsers.wsf script allows non domain administrators to perform Active Directory updates on Communications Server user accounts from a remote location. To use the LCSEnableConfigureUsers.wsf script from a non-Communications Server computer, you must install the Communications Server Administrative tools on the local machine. Important: exercise caution when using the LCSEnableConfigureUsers.wsf script. When improperly used, the script tries to apply Communications Server updates to all user accounts in the Active Director Domain Services container. When used correctly; however, the LCSEnableConfigureUsers.wsf script is an efficient and powerful tool for administering Communications Server user accounts.
To learn more, check out the following articles:
Keywords: LCSEnableConfigureUsers.wsf, communications, server, user, configure, script
Mike, another great, in-depth article, thanks!
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.
@ Text file with Users: users.txt
@ Text file with User Configration: userconfig.txt
@ Configuring CN=juan jose martin colome eleno, OU=Estandar,OU=Usuarios,OU=GrupBS,OU=GrupBS,OU=Edificios Singulares,DC=adgbs,DC=com
Using userPrincipalName [SipUri: sip:B126371@adgbs.com]
Since user has NOT been previously SIP enabled, creating...
[-] User update unsuccessful. Error: -1007200231
@ Configuring user sip:firstname.lastname@example.org
@ Configuring user sip:provesOCSSC1@bancsabadell.com
Do you need some kind of special permits?