DrRez: Microsoft Lync Server Technical Reference Hub

Brought to you by the Microsoft Lync Server Resource Kit team

How to use the Office Communications Server 2007 R2 Resource Kit Script LCSEnableConfigureUsers

How to use the Office Communications Server 2007 R2 Resource Kit Script LCSEnableConfigureUsers

  • Comments 3
  • Likes

The Microsoft Office Communications Server 2007 R2 version of the LCSREnableConfigureUsers windows scripting file provides Office Communications Server 2007 R2 administrators with an unrestricted way to enable and configure Active Directory Domain Services user accounts for use with Office Communications Server 2007 R2.

Introduction

The Office Communications Server 2007 R2 LCSEnableConfigureUsers.wsf script demonstrates how a Visual Basic script can be used to access the Windows Management Interface (WMI) and to update user accounts that reside in the local Active Directory Domain Services domain. The LCSEnableConfigureUsers.wsf script automates enabling and configuring users belonging to the local Active Directory Domain Services domain. These Communications Server users may reside in the Users container or in user defined Organizational Units. Using the LCSEnableConfigureUsers.wsf script does not require membership in the local Domain Admins group or access to the console of the Office Communications Server. The LCSEnableConfigureUsers.wsf script allows members of the RTCUniversalUserAdmins group to access and perform updates to local Active Directory Domain Services domain user account through the WMI.

Description

To use the LCSEnableConfigureUsers.wsf script, two text files must be manually configured. First, configure the user file that contains the Active Directory Domain Services distinguished name (DN) path to the containers or organizational units that manage the domain user accounts. Second, configure the file that contains the Office Communications Server 2007 R2 user configuration and home server or pool distinguished name (DN). The LCSEnableConfigureUsers.wsf script uses the information listed in the user file, to traverse the organizational units and default Users container in the Active Directory Domain Services domain. It then enables and configures user account objects to meet the specifications listed in the configuration files.  

User Configuration Information

Configuration updates are applied to the specified user accounts using the Communications Server WMI class MSFT_SIPESUserSetting. These Communications Server user account updates are applied to newly enabled Communications Server user accounts or as configuration updates to pre-existing Communications Server user accounts.

The MSFT_SIPESUserSetting  WMI class properties used as part of the Communications Server user account creation or configuration update process are listed below:

Enabled (boolean)

EnabledForFederation (boolean)

EnabledForInternetAccess (boolean)

EnabledForEnhancedPresence (boolean)

PublicNetworkEnabled (boolean)

RemoteCallControlTelephonyEnabled (boolean)

ArchiveInternalCommunications (boolean)

ArchiveFederatedCommunications (boolean)

AllowOrganizeMeetingWithAnonymousParticipants (boolean)

IPPBXSoftPhoneroutingEnabled (boolean)

UCEnabled (boolean)

MeetingPolicy (string)

PresencePolicy (string)

LocationProfile (string)

UCPolicy (string)

To function, the configuration.txt file requires at least one line entry in the LCSEnableConfigureUsers.wsf script. That line requires a unique prefix along with the DN of the Communications Server pool or Front End Server. For example:

For Communications Server Enterprise Edition

HomeServerDN:=CN=LC Services,CN=Microsoft,CN=Pool01,CN=Pools,CN=RTC Service,CN=Configuration,DC=contoso,DC=com 

For Communications Server Standard Edition

HomeServerDN:=CN=LC Services,CN=Microsoft,CN=Server01,CN=Pools,CN=RTC Service,CN=Configuration,DC=contoso,DC=com

When saved to the configuration.txt file, the previously listed DN information allows the LCSEnableConfigureUsers.wsf script to enable users, defined in the users.txt file, for Communications Server and Enhanced Presence. This is the default action for the LCSEnableConfigureUsers.wsf script.

MSFT_SIPESUserSetting WMI class properties must be added to the configuration.txt file one line at a time. Append “:=” to the end of each WMI property to denote the following designated value for that WMI property.  See the following example:

UCEnabled :=true

LocationProfile:=ContosoLocationProfile

Before adding a list of WMI properties to the configuration.txt file, some possible caveats should be considered to ensure the LCSEnableConfigureUsers.wsf script completes its task.

  • The AllowOrganizeMeetingWithAnonymousParticipants feature is overridden when the global Communications Server Meeting policy’s Anonymous Participants setting is not set to Enforce per user.
  • The RemoteCallControlTelephonyEnabled feature will fail if set to true when enabling a new Communications Server user account. This occurs because the new account does not have LineURI and ServerLineURI values already in place.
  • The RemoteCallControlTelephonyEnabled feature will fail if set to true when the pre-existing Communications Server user account is Enterprise Voice enabled.
  • The RemoteCallControlTelephonyEnabled feature can be used to toggle the pre-existing RCC enabled user account between RCC enabled or RCC disabled.
  • The UCEnabled feature can be set to true after enabling a new Communications Server user account.
  • If the value for the LocationProfile property string value does not match an existing Communications Server Location Profile, the user configuration will complete without error and the Communications Server user will not have a location profile associated with their Enterprise Voice enabled Communications Server user account.
  • The MeetingPolicy WMI property requires that the global Communications Server Meeting policy’s Policy settings, Global settings are set to Use per user policy. The MeetingPolicy value is the meeting name, a string descriptor. The meeting name value must be a string with no spaces in it. If the meeting name assigned to MeetingPolicy has spaces, it will not be assigned to the MeetingPolicy WMI property by the LCSEnableConfigureUsers.wsf script.
  • The UCPolicy WMI property requires that the global Communications Server Voice policy’s Global Policy settings be set to Use per user policy. The UCPolicy value is the enterprise voice policy name. The enterprise voice policy name value must be a string descriptor with no spaces. If the meeting name assigned to UCPolicy has spaces, it will not be assigned to the UCPolicy WMI property by the LCSEnableConfigureUsers.wsf script.
  • The PresencePolicy WMI property requires that you create a custom Office Communications server presence policy before implementing the LCSEnableConfigureUsers.wsf script. For more detailed information on implementing a custom Office Communications server presence policy see: Configuring Presence Policies Using Configure Policies Script
  • If you add entries to disable Remote Call Control and enable Enterprise Voice to the configuration.txt file, the pre-existing Communications Server user account will be disabled for Remote Call Control and enabled for Enterprise Voice.  See the following example

RemoteCallControlTelephonyEnabled:=false

UCEnabled:=true

  • If you add the entries to enable Remote Call Control and disable Enterprise Voice to the configuration file, the pre-existing Communications Server user account will be disabled for Enterprise Voice and enabled for Remote Call Control. See the following example:

RemoteCallControlTelephonyEnabled:=false

UCEnabled:=true

User Information

The LCSEnableConfigureUsers.wsf script uses two different prefixes, specified in the users.txt file, to create and configure Communications Server user accounts. The two prefixes require that the line in the user’s file, which describes the user account, is prefixed with DN: or EMAIL: Here’s how it works:

DN:CN=Alan Brewer, OU=Users,OU=Communications Server,DC=contoso,DC=com

EMAIL:cycarey@contoso.net

Each line shown above can be used separately in the user.txt file. Each line creates an enabled Communications Server user or updates a pre-existing Communications Server user. The similarities between the two lines are:

  • The DN: prefix provides the user accounts distinguished name (DN) in its context.
  • The EMAIL: prefix points to the email address associated with the user account, in Active Directory Domain Services that retrieves the user account’s DN.

The differences between the two lines are:

  • The DN: prefix assigns a SIP URI, to the newly enabled Communications Server user account that uses a domain suffix that matches the user’s DN. Before the Communications Server enabled account can be used, the user account’s DN domain suffix must match the domain suffix of a supported Communications Server SIP domain.
  • The EMAIL: prefix assigns a SIP URI to the newly enabled Communications Server user account that uses a domain suffix of the email address associated with the user account. Before the Communications Server enabled account can be used, the email address’s domain suffix must match the domain suffix of a supported Communications Server SIP domain.
  • The DN: or EMAIL: prefix relies on the distinguished name (DN) of the pre-existing Communications Server user account to perform configuration updates.

To enable multiple Communications Server user accounts or to update multiple pre-existing Communications Server user accounts, the DN: prefix can include the Organization Unit (OU) the user accounts belong to.

Here is the DN: line used to enable Communications Server user accounts or to update multiple pre-existing Communications Server user accounts in the Users OU:

  • DN:OU=Users,OU=Communications Server, DCcontoso,DC=com

Warning: it is not recommended to use DN: to point to the Active Directory Domain Services default Users container, for example, DN:CN=Users,DC-contoso,DC=com. This user.txt file entry forces the LCSEnableConfigureUsers.wsf script to enable and configure all user accounts and contacts located in thee Users container.

After Communications Server user accounts are initially enabled and configured, the LCSEnableConfigureUsers.wsf script can be used to reconfigure specific Communications Server user accounts using the DN:, EMAIL:, or SIP: prefixes in the users.txt file. For example you can use the prefixes to update specific Communications Server enabled accounts:

SIP: abrewer@contoso.com

EMAIL: cycarey@contoso.com

DN:CN=Florence Flipo,OU=Users,OU=Communications Server,DC=contoso,DC=com

The LCSEnableConfigureUsers.wsf script can be used to reconfigure multiple Communications Server user accounts using the DN: prefix in the users.txt file. For example you can use DN to update all Communications Server enabled accounts in the Users OU: 

DN: OU=Users,OU=Communications Server, DC=contoso,DC=com

Output

The LCSEnableConfigureUsers.wsf script can enable and perform configuration updates to individual or multiple Communications Server user accounts. The LCSEnableConfigureUsers.wsf script updates Active Directory Domain Services user accounts that reside in a Communications Server enabled user’s domain. The Office Communications Server Active Directory preparation adds the msRTCSIP* attributes to all user accounts in the domain hosting Communications Server. By design, msRTCSIP* user attributes can be accessed through MSFT_SIP*WMI classes which are enabled locally during the installation of Communications Server. The LCSEnableConfigureUsers.wsf script performs requested updates on specified instances of the MSFT_SIPESUserSetting class properties. Updated MSFT_SIPESUserSetting class properties are then replicated to their corresponding msRTCSIP* user attributes in the Communications Server prepped Active Directory domain.

Warning: The LCSEnableConfigureUsers.wsf script is a powerful tool that can also affect the configuration of Active Directory Doman Services user accounts that are not enabled for Communications Server. Use the LCSEnableConfigureUsers.wsf script in a test lab environment using the constraints mentioned above before running it in your environment. Learning to correctly use the LCSEnableConfigureUsers.wsf script provides administrators with a quick and effective way to enable new and re-configure existing Communications Server users.

Purpose

The LCSEnableConfigureUsers.wsf script provides non domain administrators with an efficient way to update and enable Communications Server user accounts. Because the LCSEnableConfigureUsers.wsf script does not have to run from the Communications Server console, it provides administrators with remote access.

Requirements

The Communications Server Resource Kit tools are supported on the following Window Server operating systems:

  • Windows Server 2003 Standard Edition operating system with Service Pack 2.
  • Windows Server 2003 Enterprise Edition operating system with Service Pack 2.
  • Windows Server 2008 operating system.
  • The LCSEnableConfigureUsers.wsf script requires the domain user to be a member of the RTCUniversalUserAdmins group. Group membership grants permissions needed to enable and update Communications Server user accounts
  • The LCSEnableConfigureUsers.wsf script requires the installation of the Communications Server Administrative tools to access to the Communications Server WMI.

Examples

The LCSEnableConfigureUsers.wsf script can be run from a command line window on a computer that has the Communications Server administrative tools installed on it. The LCSEnableConfigureUsers.wsf script requires the configuration of two text files. These text files contain the user account location information and the intended user configuration information. Here are three configuration examples of user.txt and configuration.txt:

Enabling all Communications Server users for Enterprise Voice

Users.txt

DN:OU=Users,OU=Communications Server,DC=contoso,DC=com

Configuration.txt

Enabled:=true

UCEnabled:=true

EnabledForEnhancedPresence:=true

IPPBXSoftPhoneroutingEnabled:=true

MeetingPolicy:=VoIPConferencing

LocationProfile:=ContosoLocationProfile

UCPolicy:=ContosoEnterpriseVoicePolicy

Updating a single Communications Server for Remote Call Control

Users.txt

SIP:abrewer@contoso.com

Configuration.txt

RemoteCallControlTelephonyEnabled:=true

Enabling one Communications Server user for Enterprise Voice

Users.txt

DN:CN=Florence Flipo,OU=Users,OU=Communications Server,DC=contoso,DC=com

Configuration.txt

Enabled:=true

EnabledForFederation:=true

EnabledForInternetAccess:=true

EnabledForEnhancedPresence :=true

PublicNetworkEnabled:=true

ArchiveInternalCommunications:=true

ArchiveFederatedCommunications:=true

AllowOrganizeMeetingWithAnonymousParticipants:=true

UCEnabled:=true

IPPBXSoftPhoneroutingEnabled:=true

MeetingPolicy:=VoIPConferencing

LocationProfile:=ContosoLocationProfile

UCPolicy:=ContosoEnterpriseVoicePolicy

Using LCSEnableConfigureUsers.wsf  from the Command Line

The LCSEnableConfigureUsers.wsf script can be run from a command prompt window as follows: 

C:\Tools> LCSEnableConfigureUsers.wsf /usersFile:users.txt /configFile:configuration.txt

To record the positive or error feedback add the “>” operator to the end of the command line and point it to the folder where you want the log file stored. For example: 

C:\Tools> LCSEnableConfigureUsers.wsf /usersFile:users.txt /configFile:configuration.txt > C:\output.txt

When the LCSEnableConfigureUsers.wsf script completes its process, view the output.txt file for the results of the command.

Summary

The LCSEnableConfigureUsers.wsf script allows non domain administrators to perform Active Directory updates on Communications Server user accounts from a remote location. To use the LCSEnableConfigureUsers.wsf script from a non-Communications Server computer, you must install the Communications Server Administrative tools on the local machine. Important: exercise caution when using the LCSEnableConfigureUsers.wsf script. When improperly used, the script tries to apply Communications Server updates to all user accounts in the Active Director Domain Services container. When used correctly; however, the LCSEnableConfigureUsers.wsf script is an efficient and powerful tool for administering Communications Server user accounts.

Additional Information

To learn more, check out the following articles:

Lync Server Resources

We Want to Hear from You

Keywords: LCSEnableConfigureUsers.wsf, communications, server, user, configure, script

 

Comments
  • Mike, another great, in-depth article, thanks!

  • Microsoft (R) Windows Script Host Version 5.7

    Copyright (C) Microsoft Corporation. All rights reserved.

    @------------------------------------------------------------

    @ Text file with Users:              users.txt

    @ Text file with User Configration:  userconfig.txt

    @------------------------------------------------------------

    @------------------------------------------------------------

    @ Configuring CN=juan jose martin colome eleno, OU=Estandar,OU=Usuarios,OU=GrupBS,OU=GrupBS,OU=Edificios Singulares,DC=adgbs,DC=com

    @------------------------------------------------------------

    Using userPrincipalName [SipUri: sip:B126371@adgbs.com]

    User sip:B126371@adgbs.com

    Since user has NOT been previously SIP enabled, creating...

    [-]   User update unsuccessful. Error: -1007200231

    @------------------------------------------------------------

    @ Configuring user sip:hp2@bancsabadell.com

    @------------------------------------------------------------

    User sip:hp2@bancsabadell.com

    Since user has NOT been previously SIP enabled, creating...

    [-]   User update unsuccessful. Error: -1007200231

    @------------------------------------------------------------

    @ Configuring user sip:provesOCSSC1@bancsabadell.com

    @------------------------------------------------------------

    User sip:provesOCSSC1@bancsabadell.com

    Since user has NOT been previously SIP enabled, creating...

    [-]   User update unsuccessful. Error: -1007200231

  • Do you need some kind of special permits?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment