Sunday, September 18, 2011

Tying things together

My two previous posts were about adding users into Active Directory, or editing Active Directory user-objects using Power-shell alone. The reason I wanted to create a few posts about this, is because however I searched Bing, Google or what-ever, I only found solutions using scripts or the old style ldifde/csvde scripts. Even Microsoft's own Technet site suggested one of these methods.

My problem with this, is how users are created either with no password or even disabled. In other words, a manual operation in AD is necessary after importing the users. And my goal was to create a script which could import active user objects into AD and enable them for Lync Enterprise Voice with as little administrative effort as possible.

Powershell turned out to be my great saviour. I have spent quite some time trying and failing, but this script has saved me a lot of work when I am implementing brand new installation at my company's hosting facilities.

I am not going to go through every step of this script, as most of it's content is explained in the two previous posts. I will focus on the few gotchas I stumbled upon, and what you need to prepare before you run the import script.

First of all, I expect your AD to be in good working order and with the target OU's in place. I also expect your Lync deployment to be fully operational with dial-plans, voice-routes and policies in place. In my example, I expect (and have prepared Lync for it) the user's sip address to be the same as their e-mail address.  If you have done all of this, then the script will work like a charm.

I also discovered an issue with my structure and the way the "-passthrough" switch works. I simply could not  import the file once, and run a "for each" to add users and pass it over to the "enable-csuser". That is why I import the file twice (If you have a better way of doing it, please let me know), once for adding the user to ad, the second time to enable the user for Lync, and setting all the policies I want. (Much more could be done, but this is a basic concept of what you can achieve through powershell.

Now the script:


$csvfile = read-host "file to import"
$filtertype = read-host "Field to filter import on"
$filtervalue = read-host "Value to filter"
$path = read-host "Enter OU (complete cn) for user"
$lyncregistrar = read-host "Front end pool to host users"
$CsDialPlan = read-host "Dial Plan for User - Enter Global if default"
$CsVoicePolicy = read-host "Voice policy for user - Enter Global if default"
Import-Csv $csvfile | Where-Object {$_.$filtertype -like $filtervalue} | foreach {new-aduser -verbose -AccountPassword(ConvertTo-SecureString -AsPlainText $_.AccountPassword -Force) -Name $_.DisplayName -Surname $_.Surname -GivenName $_.GivenName -DisplayName $_.Displayname -Company $_.Comapny -StreetAddress $_.StreetAddress -PostalCode $_.PostalCode -City $_.City -MobilePhone $_.MobilePhone -OfficePhone $_.OfficePhone -SamAccountName $_.SamAccountName -EmailAddress $_.EmailAddress -UserPrincipalName $_.EmailAddress -PasswordNeverExpires $true -CannotChangePassword $true -Enabled $true -Path $path -OtherAttributes @{info=$_.OtherAttributes}}
Import-Csv $csvfile | Where-Object {$_.$filtertype -like $filtervalue} | foreach {enable-csuser -verbose -identity $_.EmailAddress -registrarpool "$lyncregistrar" -SipAddressType UserPrincipalName -PassThru | Set-CsUser -EnterpriseVoiceEnabled $true -LineURI $_.LineURI -PassThru | Grant-CsDialPlan -PolicyName "$CsDialPlan" -PassThru | Grant-CsVoicePolicy -PolicyName "$CsVoicePolicy"}

I have added one mandatory parameter and two optional ones (because that's what I needed) to the previous script. These are: $lyncregistrar, $CsDialPlan ,$CsVoicePolicy. The $lyncregistrar is needed in the enable-csuser (even if you only have the one registrar pool). The two others I added to give the script some flexibility in my environment, where different customers get different dial-plans and gateways.

Running this script, with a csv file filled out with the information described earlier, is all you need to add 100's of users in a very short time. 

But what if you've already got your users (as most of you already have) and just need a way of enabling a few 100 users for enterprise voice? Then you should take a look at my previous post first. Extract the information you need from ad first (Properties "Name", "Email", and "Phone" are the absolute musts. Then import the information into a spreadsheet like excel. Edit the info and import it back into AD. But hold it for one more second before you add that information back in. Copy the phone field to a new field called line URI. Use a text editor like textpad or notepad++ to run a macro, adding the tel: to the lineURI field, making it look like my example. Then add the info back into AD. And use my script as a baseline for enabling the Lync users for Enterprise voice (Skipping the line for adding the user to AD of course).

I think that was all I had on my mind for now. I might be back with more powershell scripting or Lync info as I make progress on the hosted Lync installation I am working on for the time beeing. 

Here is the link to the script, and a tiny example csv. Dropbox