You can sip coffee

And you can sip tea, too. But

You can't SipDomain.

You know what's interesting? Domains. (OK, so maybe they're not all that interesting. But we had to have something to act as the first sentence of this article.) For example, the other day the author of today's haiku received the following email from the US Department of Homeland Security:

This made the author of today's haiku very happy, and for two reasons. First, of course, is the fact that he won $800,000 in a lottery he didn't even enter. Second, he was happy to see that the Department of Homeland Security was using its "Intelligence Monitoring Network System" to keep track of lottery winners. His tax dollars at work!

Still, the author was a tad bit skeptical. Yes, it made sense that the Department of Homeland Security would be monitoring lotteries around the world and notifying US citizens who won those lotteries; after all, who else would you expect to do a job like that? At the same time, however, the author is well aware that this is the age of the Internet scam. Because of that, and before he sent in his $300 Cashier's Check Conversion Fee, he checked the email address of the message. As it turned out, the mail was sent from the mai.mn domain; if you aren't familiar with all the top-level country code domains, MN is the country code for Mongolia. In other words, the US Department of Homeland Security is apparently headquartered in Mongolia. And, for good measure, they had his $800,000 deposited in a bank in Nigeria.

Which all made perfect sense to him. After all, if you were trying to pull an Internet scam by misrepresenting yourself as the US Department of Homeland Security you'd probably send your email from a US email address. The fact that the message came from Mongolia means that it must be real. As for the bank in Nigeria, well, who would know better about the recent spate of problems that have plagued US banks than the Department of Homeland Security? No wonder they picked a bank outside the US as a safe place to stash his winnings.

Domains play an important role in Microsoft Lync Server 2010, too: Lync Server can't function unless you have at least one valid SIP domain. And while we won't go into the details of how you go about setting this up, we will note that it's possible for your organization to have multiple SIP domains. Which leads to an obvious question: how do we keep track of all these SIP domains?

The answer – which might be equally obvious to regular readers of the daily haiku (yes, both of you) – is this: the CsSipDomain cmdlets. (Get-CsSipDomain, New-CsSipDomain, Remove-CsSipDomain, and Set-CsSipDomain.) For example, suppose you'd like to return information about all the SIP domains available for use in your organization. Well, that's easy enough:

Get-CsSipDomain

Or maybe you're ready to create a new SIP domain. That's almost as easy:

New-CsSipDomain -Identity fabrikam.com

As you can see, all you have to do is call New-CsSipDomain and specify the name of the new domain (fabrikam.com). It's that easy.

There are really only two things to keep in mind when working with SIP domains. First, you must always have one – and only one – default domain. You can always determine which SIP domain is your default domain simply by running this command:

Get-CsSipDomain | Where-Object {$_.IsDefault -eq $True}

What's important about that is that you cannot remove the default domain. Suppose you do create a new domain named fabrikam.com, and want to delete your old domain, litwareinc.com, which happens to be the default domain. This command is doomed to fail:

Remove-CsSipDomain –Identity "litwareinc.com"

Why? Because you can't remove the default domain. Instead, the first thing you need to do is make fabrikam.com the default domain (which is something we could have done when we created the domain in the first place; see the New-CsSipDomain help for more information):

Set-CsSipDomain –Identity fabrikam.com –IsDefault $True

Now you can delete the litwareinc.com domain.

Uh, well, maybe. Remember when we said there were two things you had to keep in mind when working with SIP domains? Well, here's the second thing: you cannot remove a SIP domain if you have any users who are using that domain as part of their SIP address.

That's what we said: how the heck are we supposed to know which users are using litwareinc.com in their SIP address? But, as usual, it's Windows PowerShell to the rescue:

Get-CsUser | Where-Object {$_.SipAddress –like "*@litwareinc.com"}

Good question: how did we ever survive without PowerShell?

Of course, while we now know which users are still using litwareinc.com in their SIP address we still have one problem: we have to remove or change those SIP addresses before we can delete the SIP domain litwareinc.com. But there's probably nothing that PowerShell can do to help us with that, is there?

Good heavens: how can you even think such a thing?!? Needless to say, PowerShell can do almost anything. For example, suppose all you want to do with your user's SIP addresses is replace @litwareinc.com with @fabrikam.com. If that's the case, then this little script should do the trick:

$users = Get-CsUser | Where-Object {$_.SipAddress –like "*@litwareinc.com"}

foreach ($user in $users)

    {

        $sipAddress = $user.SipAddress

        $sipAddress = $sipAddress.Replace("@litwareinc.com","@fabrikam.com")

        Set-CsUser –Identity $user.Identity –SipAddress $sipAddress   

    }

So what are we doing here? Well, to begin with, we use Get-CsUser to grab a collection of all the users who have a SIP address that ends in @litwareinc.com; we then set up a foreach loop to loop through all the users in that collection. Inside the loop, we grab the SIP address of the first user (for example, sip:kenmyer@litwareinc.com) and store that value in a variable named $sipAddress. That brings us to this line of code:

$sipAddress = $sipAddress.Replace("@litwareinc.com","@fabrikam.com")

Here we're simply taking the value stored in $sipAddress and replacing any instance of @litwareinc.com with this: @fabrikam.com. In other words, a SIP address that started out like this:

sip:kenmyer@litwareinc.com

Is going to end up looking like this:

sip:kenmyer@fabrikam.com

See what we did there? All that's left is to then use Set-CsUser to change the user's SIP address to the new fabrikam.com address:

Set-CsUser –Identity $user.Identity –SipAddress $sipAddress

See? We told you PowerShell can do almost anything.

That's all we have time for today; we have to go check the mail and see if our $800,000 has arrived yet. And what does the author intend to do with all that money? Not much; he'll probably just toss it on the pile with all the rest of his money. After all, when you're a technical writer at Microsoft, well, what's another $800,000? If you know what we mean.

To tell you the truth, based on the submissions we’ve received so far, it doesn’t look like anyone out there actually needs a hint in order to solve this week’s challenge. But, because a promise is a promise, here’s a hint for Challenge 2:

Per-fect, per-petual, per-pendicular, per-sonal, per-

OK, so maybe it’s not much of a hint. But, as we noted, it’s not like you really need it or anything.

Challenge Home

Looking for my soul

Mate. Must be Lync-enabled.

Non-smoker preferred.

If you believe what they say on TV (and, really, why wouldn't you believe what they say on TV?) then one of out every five new relationships starts through an online dating service. We like to think that Microsoft Lync Server 2010 is Microsoft's answer to online dating services such as Match.com and eHarmony.com.

Of course, it's definitely true that Lync Server is a little bit different than your usual online dating service. If you go to any of the other online dating services, you are able to search for that certain special someone who is intelligent, caring, responsible, romantic, flexible, understanding, faithful, compassionate, and communicative. That's nice, but, hey, who cares if someone is intelligent, caring, responsible, romantic, flexible, understanding, faithful, compassionate, and communicative? What you really want to know are things like their SamAccountName, the department they work for, their user principal name, and the date and time they last changed their Active Directory password. Those are the things that really matter in a relationship, and yet most online dating services ignore those qualities altogether. But not Lync Server. Want to find all the people who work in the Finance department, or all the people who have not been assigned a SIP address? Then you need Lync Server and the Get-CsAdUser cmdlet.

Admittedly, Get-CsAdUser has created a certain amount of confusion among Lync Server administrators; that's because Get-CsAdUser is designed to return information about Active Directory user accounts, which is fine except for the fact that there's another cmdlet (Get-CsUser) that's also designed to return information about Active Directory user accounts. As a result, it's not always clear to people which cmdlet to use, and when.

So when should you use Get-CsAdUser and when should you use Get-CsUser? Well, that depends on a couple of things. For one, there's the set of users you need information for. Get-CsAdUser is intended to return information about all your Active Directory user accounts, regardless of whether or not those accounts have been enabled for Lync Server. By contrast, Get-CsUser is intended to return information about only those user accounts that have been enabled for Lync Server. As a general rule, use Get-CsAdUser to look at all your accounts, and use Get-CsUser to look at just the accounts that have been enabled for Lync Server.

In addition to that, however, it also depends on what type of information you want returned. For the most part, Get-CsAdUser returns generic Active Directory information: office address, zip code, job title, department, etc., etc. What it doesn't return is Lync Server attributes such as the policies that have been assigned to a user. For that kind of data, you need to use Get-CsUser.

For the most part, Get-CsAdUser is pretty easy to use. Would you like to get back information for all your Active Directory user accounts? Great; that's really easy:

Get-CsAdUser

How about information for just one user, Ken Myer? Okey-doke:

Get-CsAdUser –Identity "Ken Myer"

Or let's try getting a little fancy. What about all the users who work in the Finance department? OK, try this:

Get-CsAdUser –LdapFilter "Department=Finance"

Now let's get really fancy: the display name, department, and job title of all the users who have not been enabled for Lync Server. You know, a command like this one:

Get-CsAdUser –Filter {Enabled –eq $Null} | Select-Object DisplayName, Department, Title

And remember: beauty is only skin deep. What really matters is what a person is like on the inside.

And, of course, the values assigned to his or her user account control, their primary group ID, their proxy addresses, pager number, and country or region display name. All information, coincidentally enough, that can be retrieved by Get-CsAdUser.

That picture makes me

Look fat. Thank goodness for the

Privacy settings.

Remember privacy? If you don't, well, we forgive you: after all, privacy seems to have fallen completely out of style these days. And yet, believe it or not, there was a time when people didn't feel compelled to share everything they do, or think, with the rest of the world. (No, we are not making that up!) Instead, some things were kept, well, private:

Weird, huh? After all, how could life possibly be worth living if we weren't able to quickly and easily discover what everyone else in the world had for breakfast this morning?

At first glance you might not think that privacy would be too terribly important to Microsoft Lync Server 2010; after all, the software is designed for you to share all sorts of information – including your current location and your current availability – with Tom, Dick, and Harry. And yet, in Lync Server 2010 Microsoft has tried to strike a balance between those who want to (and/or need to) share information with those who might want to keep at least some of their information a little more private.

One way Lync Server does this is through the aptly-named privacy configuration settings. (Oh, and through the corresponding privacy configuration cmdlets: Get-CsPrivacyConfiguration, New-CsPrivacyConfiguration, Remove-CsPrivacyConfiguration, and Set-CsPrivacyConfiguration.) For example, by default Microsoft Lync does the following:

·         Automatically adds all your team members to your Contacts list.

·         Publishes your photo, making it available to anyone who might be interested.

·         Makes your presence information available to everyone in your organization.

·         Publishes your location information along with your status and availability.

Now, in theory, users can always go in and disable these options themselves. Like we said, though, that's just a theory: as the millions of VCRs still dutifully flashing the time 12:00 attest, people hardly ever go in and change default settings.

This is where the CsPrivacyConfiguration cmdlets come into play: they let you flip-flop the default privacy settings. What does that mean? Well, like we said, by default your photo is published in Microsoft Lync; if you don't want your photo published you have to open up the Options dialog box and select Do not show my photo. By changing the privacy configuration settings, however, you can set things up so that your photo is not published by default; instead, if you want people to be able to see your photo you'll have to go into the Options dialog and configure Lync to show photos.

And how hard is it to modify the privacy configuration settings? Not really all that hard, to tell you the truth:

Set-CsPrivacyConfiguration –Identity global –DisplayPublishedPhotoDefault $False

That's all you have to do. Oh, and you're not limited to just changing global settings (settings that would then affect all your users). Instead, you can have different privacy configuration settings for each of your sites, and even different privacy settings for each of your User Server services. For example, suppose, for some reason, the users who employ the User Server atl-cs-001.litwareinc.com should only have their presence information exposed to people on their contact list. Okey-doke:

Set-CsPrivacyConfiguration –Identity service:UserServer:atl-cs-001.litwareinc.com –EnablePrivacyMode $True

And, of course, simply reviewing your privacy configuration settings is as easy as … well, we're not sure what it's as easy as. (Pie? Falling off a log? Shooting fish in a barrel?) But it is pretty darn easy:

Get-CsPrivacyConfiguration

That's all we have time for today. Tune in tomorrow when we continue our journey through the dusty annals of history. Up next: telephones that were actually wired to the wall and couldn't be carried around from place-to-place! And, if time allows, a mysterious and long-forgotten device called the newspaper.

Several months ago, before Lync Server 2010 was even released, we put up a list of cmdlets along with a short description of each. Well, we finally got around to updating that cmdlet list.

Hey, give us a break. Do you really expect us to run a Lync Server PowerShell Challenge and update cmdlets?

Oh.

Like we were saying, we finally got around to updating that list. Not only have we updated the list of cmdlets and descriptions, but we've linked each cmdlet to the full online Help documentation for each one. Just in case the short description wasn't enough and you'd actually like some more details, examples, and things like that.

Peruse to your heart's content (or your kidney's content, or your appendix's content [if you still have one], or ... well, just peruse): http://blogs.technet.com/b/csps/archive/2010/07/16/refallcmdlets.aspx