You can sip coffee

And you can sip tea, too. But

You can't SipDomain.

You know what's interesting? Domains. (OK, so maybe they're not all that interesting. But we had to have something to act as the first sentence of this article.) For example, the other day the author of today's haiku received the following email from the US Department of Homeland Security:

This made the author of today's haiku very happy, and for two reasons. First, of course, is the fact that he won $800,000 in a lottery he didn't even enter. Second, he was happy to see that the Department of Homeland Security was using its "Intelligence Monitoring Network System" to keep track of lottery winners. His tax dollars at work!

Still, the author was a tad bit skeptical. Yes, it made sense that the Department of Homeland Security would be monitoring lotteries around the world and notifying US citizens who won those lotteries; after all, who else would you expect to do a job like that? At the same time, however, the author is well aware that this is the age of the Internet scam. Because of that, and before he sent in his $300 Cashier's Check Conversion Fee, he checked the email address of the message. As it turned out, the mail was sent from the mai.mn domain; if you aren't familiar with all the top-level country code domains, MN is the country code for Mongolia. In other words, the US Department of Homeland Security is apparently headquartered in Mongolia. And, for good measure, they had his $800,000 deposited in a bank in Nigeria.

Which all made perfect sense to him. After all, if you were trying to pull an Internet scam by misrepresenting yourself as the US Department of Homeland Security you'd probably send your email from a US email address. The fact that the message came from Mongolia means that it must be real. As for the bank in Nigeria, well, who would know better about the recent spate of problems that have plagued US banks than the Department of Homeland Security? No wonder they picked a bank outside the US as a safe place to stash his winnings.

Domains play an important role in Microsoft Lync Server 2010, too: Lync Server can't function unless you have at least one valid SIP domain. And while we won't go into the details of how you go about setting this up, we will note that it's possible for your organization to have multiple SIP domains. Which leads to an obvious question: how do we keep track of all these SIP domains?

The answer – which might be equally obvious to regular readers of the daily haiku (yes, both of you) – is this: the CsSipDomain cmdlets. (Get-CsSipDomain, New-CsSipDomain, Remove-CsSipDomain, and Set-CsSipDomain.) For example, suppose you'd like to return information about all the SIP domains available for use in your organization. Well, that's easy enough:

Get-CsSipDomain

Or maybe you're ready to create a new SIP domain. That's almost as easy:

New-CsSipDomain -Identity fabrikam.com

As you can see, all you have to do is call New-CsSipDomain and specify the name of the new domain (fabrikam.com). It's that easy.

There are really only two things to keep in mind when working with SIP domains. First, you must always have one – and only one – default domain. You can always determine which SIP domain is your default domain simply by running this command:

Get-CsSipDomain | Where-Object {$_.IsDefault -eq $True}

What's important about that is that you cannot remove the default domain. Suppose you do create a new domain named fabrikam.com, and want to delete your old domain, litwareinc.com, which happens to be the default domain. This command is doomed to fail:

Remove-CsSipDomain –Identity "litwareinc.com"

Why? Because you can't remove the default domain. Instead, the first thing you need to do is make fabrikam.com the default domain (which is something we could have done when we created the domain in the first place; see the New-CsSipDomain help for more information):

Set-CsSipDomain –Identity fabrikam.com –IsDefault $True

Now you can delete the litwareinc.com domain.

Uh, well, maybe. Remember when we said there were two things you had to keep in mind when working with SIP domains? Well, here's the second thing: you cannot remove a SIP domain if you have any users who are using that domain as part of their SIP address.

That's what we said: how the heck are we supposed to know which users are using litwareinc.com in their SIP address? But, as usual, it's Windows PowerShell to the rescue:

Get-CsUser | Where-Object {$_.SipAddress –like "*@litwareinc.com"}

Good question: how did we ever survive without PowerShell?

Of course, while we now know which users are still using litwareinc.com in their SIP address we still have one problem: we have to remove or change those SIP addresses before we can delete the SIP domain litwareinc.com. But there's probably nothing that PowerShell can do to help us with that, is there?

Good heavens: how can you even think such a thing?!? Needless to say, PowerShell can do almost anything. For example, suppose all you want to do with your user's SIP addresses is replace @litwareinc.com with @fabrikam.com. If that's the case, then this little script should do the trick:

$users = Get-CsUser | Where-Object {$_.SipAddress –like "*@litwareinc.com"}

foreach ($user in $users)

    {

        $sipAddress = $user.SipAddress

        $sipAddress = $sipAddress.Replace("@litwareinc.com","@fabrikam.com")

        Set-CsUser –Identity $user.Identity –SipAddress $sipAddress   

    }

So what are we doing here? Well, to begin with, we use Get-CsUser to grab a collection of all the users who have a SIP address that ends in @litwareinc.com; we then set up a foreach loop to loop through all the users in that collection. Inside the loop, we grab the SIP address of the first user (for example, sip:kenmyer@litwareinc.com) and store that value in a variable named $sipAddress. That brings us to this line of code:

$sipAddress = $sipAddress.Replace("@litwareinc.com","@fabrikam.com")

Here we're simply taking the value stored in $sipAddress and replacing any instance of @litwareinc.com with this: @fabrikam.com. In other words, a SIP address that started out like this:

sip:kenmyer@litwareinc.com

Is going to end up looking like this:

sip:kenmyer@fabrikam.com

See what we did there? All that's left is to then use Set-CsUser to change the user's SIP address to the new fabrikam.com address:

Set-CsUser –Identity $user.Identity –SipAddress $sipAddress

See? We told you PowerShell can do almost anything.

That's all we have time for today; we have to go check the mail and see if our $800,000 has arrived yet. And what does the author intend to do with all that money? Not much; he'll probably just toss it on the pile with all the rest of his money. After all, when you're a technical writer at Microsoft, well, what's another $800,000? If you know what we mean.

Several months ago, before Lync Server 2010 was even released, we put up a list of cmdlets along with a short description of each. Well, we finally got around to updating that cmdlet list.

Hey, give us a break. Do you really expect us to run a Lync Server PowerShell Challenge and update cmdlets?

Oh.

Like we were saying, we finally got around to updating that list. Not only have we updated the list of cmdlets and descriptions, but we've linked each cmdlet to the full online Help documentation for each one. Just in case the short description wasn't enough and you'd actually like some more details, examples, and things like that.

Peruse to your heart's content (or your kidney's content, or your appendix's content [if you still have one], or ... well, just peruse): http://blogs.technet.com/b/csps/archive/2010/07/16/refallcmdlets.aspx

Looking for my soul

Mate. Must be Lync-enabled.

Non-smoker preferred.

If you believe what they say on TV (and, really, why wouldn't you believe what they say on TV?) then one of out every five new relationships starts through an online dating service. We like to think that Microsoft Lync Server 2010 is Microsoft's answer to online dating services such as Match.com and eHarmony.com.

Of course, it's definitely true that Lync Server is a little bit different than your usual online dating service. If you go to any of the other online dating services, you are able to search for that certain special someone who is intelligent, caring, responsible, romantic, flexible, understanding, faithful, compassionate, and communicative. That's nice, but, hey, who cares if someone is intelligent, caring, responsible, romantic, flexible, understanding, faithful, compassionate, and communicative? What you really want to know are things like their SamAccountName, the department they work for, their user principal name, and the date and time they last changed their Active Directory password. Those are the things that really matter in a relationship, and yet most online dating services ignore those qualities altogether. But not Lync Server. Want to find all the people who work in the Finance department, or all the people who have not been assigned a SIP address? Then you need Lync Server and the Get-CsAdUser cmdlet.

Admittedly, Get-CsAdUser has created a certain amount of confusion among Lync Server administrators; that's because Get-CsAdUser is designed to return information about Active Directory user accounts, which is fine except for the fact that there's another cmdlet (Get-CsUser) that's also designed to return information about Active Directory user accounts. As a result, it's not always clear to people which cmdlet to use, and when.

So when should you use Get-CsAdUser and when should you use Get-CsUser? Well, that depends on a couple of things. For one, there's the set of users you need information for. Get-CsAdUser is intended to return information about all your Active Directory user accounts, regardless of whether or not those accounts have been enabled for Lync Server. By contrast, Get-CsUser is intended to return information about only those user accounts that have been enabled for Lync Server. As a general rule, use Get-CsAdUser to look at all your accounts, and use Get-CsUser to look at just the accounts that have been enabled for Lync Server.

In addition to that, however, it also depends on what type of information you want returned. For the most part, Get-CsAdUser returns generic Active Directory information: office address, zip code, job title, department, etc., etc. What it doesn't return is Lync Server attributes such as the policies that have been assigned to a user. For that kind of data, you need to use Get-CsUser.

For the most part, Get-CsAdUser is pretty easy to use. Would you like to get back information for all your Active Directory user accounts? Great; that's really easy:

Get-CsAdUser

How about information for just one user, Ken Myer? Okey-doke:

Get-CsAdUser –Identity "Ken Myer"

Or let's try getting a little fancy. What about all the users who work in the Finance department? OK, try this:

Get-CsAdUser –LdapFilter "Department=Finance"

Now let's get really fancy: the display name, department, and job title of all the users who have not been enabled for Lync Server. You know, a command like this one:

Get-CsAdUser –Filter {Enabled –eq $Null} | Select-Object DisplayName, Department, Title

And remember: beauty is only skin deep. What really matters is what a person is like on the inside.

And, of course, the values assigned to his or her user account control, their primary group ID, their proxy addresses, pager number, and country or region display name. All information, coincidentally enough, that can be retrieved by Get-CsAdUser.

Oh, you beautiful

Doll. Oh, you must be joking.

OU permission.

Before we launch into today's article we thought we should mention that time is running out in order to enter the first-ever Lync Server PowerShell One of These Things is Not Like the Others Challenge. Do you have to enter the Lync Server PowerShell One of These Things is Not Like the Others Challenge? Well, unfortunately for us, Microsoft's legal department repeatedly insists that you don't. On the other hand, picture this: it's several years in the future, and you're sitting around the breakfast table with your darling daughter. "Mommy," says your pride-and-joy, "How did you do in the first-ever Lync Server PowerShell One of These Things is Not Like the Others Challenge?" At that point, will you really be able to look your daughter in the eye and admit that you didn't even bother to enter the first-ever Lync Server PowerShell One of These Things is Not Like the Others Challenge?

We didn't think so.

Fortunately, time is still on your side: we'll continue to accept entries until 9:00 AM Pacific Standard Time on Monday, January 24, 2011. And yes, that looks like you have lots of time to get your entry in. On the other hand, there are people who believe that Judgment Day will arrive on May 21, 2011. What if they're off by a couple months and Judgment Day comes this weekend? Picture this scenario: you're standing in front of St. Peter and he says, "OK, this is just a formality, I simply need to verify your score on the first-ever Lync Server PowerShell One of These Things is Not Like the Others Challenge -- oh, dear. It appears we have a problem here …."

If that happens to you, those of us here at the Lync Server PowerShell blog will not be held responsible. After all, we warned you.

For now, however, let's focus on today's haiku. When you install Microsoft Lync Server 2010, one of the first things you do (or, to be more precise, one of the first things Setup does) is prepare your domain for the installation of the software; that's a process that includes such things as extending the Active Directory schema to allow for the addition of attributes specific to Lync Server as well as assigning the required Access Control Entries to the universal groups needed for managing and operating Lync Server. As a general rule, you don't have to do anything when it comes to domain preparation: you just sit back and wait for Setup to finish.

As we all know, however, general rules are made to be broken. If you have disabled permission inheritance on Active Directory then Setup will not be able to give the RTCUniversalUserAdmins group the permissions needed to manage users, computers, contacts, application contacts, and InetOrg persons. Domain administrators will still be able to manage these entities, but Lync Server admins won't.

So what are you supposed to do if you find yourself in this situation? For that matter, how do you even know if you're in this situation? Listen, don't worry about that: that's what the CsOUPermission cmdlets (Grant-CsOUPermission, Revoke-CsOUPermission, and Test-CsOUPermission) are for.

To begin with, if you aren't sure whether or not the proper permissions have been granted on a given OU you can verify that by using the Test-CsOUPermission cmdlet. All you have to do is run a command similar to this one:

Test-CsOUPermission –OU "ou=Redmond,dc=litwareinc,dc=com" –ObjectType "user", "contact", "inetOrgPerson"

As you can see, all we're doing here is checking to see if permissions exist for managing users, contacts, and inetOrgPersons. (The inetOrgPerson class is very similar to the user class, and is often used when you migrate to Active Directory from some other directory service.) Test-CsOUPermission will report back True if the required permissions are there or report back False if the required permissions are not there.

And yes, that is pretty easy, isn't it?

And what if Test-CsOUPermission does report back False? No problem; you can simply apply the correct permissions to the OU by running the Grant-CsOUPermission cmdlet:

Grant-CsOUPermission –OU "ou=Redmond,dc=litwareinc,dc=com" –ObjectType "user", "contact", "inetOrgPerson"

Note that Grant-CsOUPermission gives the necessary permissions only to the security groups who would typically be given those permissions when you run Setup. You can’t use this cmdlet to grant permissions to an arbitrary user or group. If you want that user or group to have user management permissions then simply add that user (or group) to the RTCUniversalUserAdmins group.

Oh, one more thing we should mention: when we set up the first-ever One of These Things is Not Like the Others Challenge, we accidentally configured the thing for "chain letter mode." That means that, if you fail to enter the challenge, and thus break the chain, you'll endure 10 years of bad luck. Is it really true that breaking the challenge chain will result in 10 years of bad luck? Let's put it this way: 10 years ago, the author of today's haiku broke a challenge chain. Recently, he received his official award for 10 years of service at Microsoft. Coincidence? Maybe. But, then again ….

One of these things is not like the others,

One of these things just doesn't belong.

Can you tell which thing is not like the others

By the time I finish my song?

—  Sesame Street

One of These Things is Not Like the Others

If you fancy yourself an educator (as those of us here at the Lync Server PowerShell blog are wont to do) then you have one mortal enemy in life: Sesame Street. Not that there's anything wrong with Sesame Street; as a matter of fact, Sesame Street is about as close to the perfect TV show (and educational vehicle) as you can find. And that's the problem: how can any educator hope to stand up to the juggernaut that is Sesame Street? No matter what you try to do, Sesame Street has not only done it, but has done it better. Case in point? Our all-muppet version of the help file for Get-CsAddressBookConfiguration turned out to be a complete disaster.

But you know what they say: when the going gets tough, the tough get going. With that in mind, we made a vow to do something that was better than anything Sesame Street had ever done. And, after several long, hard days and sleepless nights, we came up with something: we realize that there's no way we'll ever do anything better than Sesame Street. At that point, and being true Americans, we made a new vow: if you can't beat 'em, steal one of their ideas and pass it off as your own. Ladies and gentlemen, our new weekly feature: One of These Things is Not Like the Others.

So what is this new weekly feature? We're glad you asked that. If you've ever watched Sesame Street, then you've no doubt seen their version of One of These Things is Not Like the Others. On the TV show, they'll typically show you three things; for example:

As a Sesame Street viewer, your job is to figure out which of these things is not like the others. Which of these things is not like the others? You got it: the blue circle, which is not like the two blue rectangles.

So how does this work with Lync Server PowerShell? The exact same way: we'll show you four things (four cmdlets, four PowerShell nouns, four PowerShell parameters, etc.), and then it's your job to figure out which of the four is not like the others. For example:

Which of those four things is not like the others? That's right: New-CsMeetingConfiguration. And why isn’t New-CsMeetingConfiguration like the others? Right again: because that cmdlet deals with configuration settings, and the other three cmdlets deal with policies. See how easy that is? Kind of makes you wonder why Sesame Street plays their game using blue rectangles and circles instead of Lync Server PowerShell cmdlets, doesn't it?

And before you ask, yes, each time we post a new challenge it's going to be as easy as the New-CsMeetingConfiguration challenge. Or at least it will be for us; after all, we have the answers right in front of us. For the rest of you, however, some of these challenges might prove to be a bit more, uh, challenging. But that's OK; here's what we're going to do about that, and here's how the weekly challenges will work:

·         Every Monday morning, we'll post a new One of These Things is Not Like the Others challenge. If you think you know the answer, then send an email to cspshell@microsoft.com.

Oh, and be sure to include the answer in that email. Otherwise it's kind of pointless, if you know what we mean.  Also include your name or an alias you’d like to use for the challenge. We’ll keep a running total of points as we go along.

If you come up with the correct answer (or an answer that's seems equally-plausible, at least in our opinion) you'll be awarded 3 points. And what do those points get you? We'll talk about points in a minute.

·         Of course, there's always the chance that you won't know the correct answer: some challenges are bound to be a little more difficult than others. So suppose a given challenge is kind of hard? Are you just out of luck? You bet you're out of luck. Maybe next time you'll try a little harder, you big crybaby.

No, hey, just joking. If a challenge is hard, you're definitely not out of luck; far from it. After all, we're not doing these weekly challenges just to be mean; we're just trying to find a different way to help educate people on Lync Server PowerShell. With that in mind, every Thursday we'll publish a hint that should help you solve the challenge. Suppose the hint does help you solve the challenge; what then? Well, again, send your answer (along with your name or an alias you’d like to use) to cspshell@microsoft.com. If we agree with you, we'll give you 1 point for your effort.

And yes, we know, if you solve the challenge without a hint you get 3 points. But fair is fair, right? What do you want, 5 points if you solve the challenge after being given a hint?

·         Every Monday morning we'll post the solution to the previous challenge. And when we do so, we'll post not only the answer we came up with, but any interesting/unique answers that you came up with.

Admittedly, it's not quite as exciting as watching grass grow or paint dry. But we like to think it's pretty close.

We should also note that – unless you really know Lync Server PowerShell – you probably won't be able to solve all of the challenges simply by looking at the four choices. So how can you solve the challenges? Let's put it this way. We know that many of you spend your days thinking, "Why does Microsoft still write help for their applications? Don't they know that nobody reads help these days?" Well, now you have the answer to your question. We write help for Lync Server PowerShell for one reason: because that help can assist you in solving the One of These Things is Not Like the Others challenges. If it's not obvious which of the items is not like the others, well, you could do worse than take a peek at the Lync Server PowerShell help. (And how do you do that? See this article for some useful hints.) And here's another hint: when you look at the help, take a look at things like scopes, datatypes, available verbs, etc., etc.

And yes, we could give you an even more-specific list of things to look for. But if we take out the challenging aspect of this that would sort of defeat the whole purpose of doing a weekly challenge in the first place, wouldn't it?

Anything else? Oh, right, we almost forgot: what about those points; what do you get for accumulating a bunch of points in the One of These Things is Not Like the Others challenge?

Well, obviously, there is the enormous sense of pride and the worldwide prestige that comes with being one of the true giants in the field of One of These Things is Not Like the Others. We’ll be posting your scores (that’s why you should include your name or an alias you’d like to use to identify your score). Besides that – well, to tell you the truth, we're not really sure what there is besides that. No doubt you're thinking to yourself, "Man, these guys are obscure technical writers at Microsoft: they must have a huge budget for contests, giveaways, and other promotional items!" We're not allowed to talk about money in this blog, so all we can say is this: Microsoft gives us the exact budget that we deserve.

Yes, it's that bad.

But don't despair; we're looking into ways to con somebody out of something that can be awarded to people who earn X number of points. Don't worry about prizes and awards; let us worry about prizes and awards. You worry about acquiring as many points as possible.

In fact, don't even worry about that. Instead, the only thing you should worry about is this: how can you solve the first-ever One of These Things is Not Like the Others challenge?

Go to the Challenge Home Page.