It has been a long road tring to find the root cause of this issue, especially since we at first saw no difference between the users we created where it worked, and users where it did not work. All users were deployed through the Citrix Cortex service for provisioning.
All users were provisioned correctly with Domainmap, TenentID and ObjectID. And if we moved users from one place to another it started working again.
It all turned out to be a rights issue in Active Directory. The root OU had it's correct settings, but when we deployed several resellers through the Cortex service, these reseller OU's did not inherit the rights from the parent OU. Applying the correct rights to all the sub OU's in the tree fixed the issue for all customers.
Here's a quick script to set the correct rights for hosting on all OU's in a tree:
Import-Module activedirectory
Import-Module lync
$counting = 0
$moreISH = Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase `
'ou=reseller,ou=hosting,dc=domain,dc=net'| select DistinguishedName
foreach ($ou in $moreISH){
Grant-CsOuPermission -OU $ou.DistinguishedName -Verbose -ObjectType user
$counting ++
}
Write-Host "Set rights on $counting OU's" -ForegroundColor Green
The commands above must be run a computer where the Active Directory and the Lync module is available.
These are the changes made by the command http://technet.microsoft.com/en-us/library/hh849655(v=ocs.14).aspx
These are the changes made by the command http://technet.microsoft.com/en-us/library/hh849655(v=ocs.14).aspx
