locked
auto enable users for skype for business 2015 based on security group RRS feed

  • Question

  • Hi,

    i tried searching but didn't see any results so im sorry if this is a duplicate.

    i am looking at a number of scripts out there that automatically skype-enable users based on OU membership, but i am after a simple one that enables users based on Security Group membership. yet i seem to have difficulty finding one that actually works.

    does anyone have any suggestions or can recommend one that they have seen working?

    many thanks

    Carl

    Monday, January 15, 2018 1:51 PM

Answers

  • I would just add two lines, a delay so that the user is enabled before applying the policy. Keep in mind this would only run for users not already enabled for Skype due to the if statement.

    $groupMember = Get-ADGroupMember SkypeEnableGroup
    foreach ($member in $groupMember) 
    { 
    $adUser = Get-CsAdUser -Identity $member.Name | Where-Object {$_.enabled -ne "true"} 
    if($adUser) 
    { 
    	Enable-CsUser -identity $adUser.identity -RegistrarPool SkypePoolFQDN -SipAddressType emailaddress 
    
    Start-Sleep -s 5
    Grant-CsClientPolicy $adUser.identity -PolicyName ClientPolicyName
    } 
       


    Please mark posts as answers/helpful if it answers your question.
    Blog
    Skype Validator - Used to assist in the validation and documentation of Skype for Business/Lync Server.

    • Marked as answer by cs_280zx Tuesday, January 16, 2018 3:40 AM
    Monday, January 15, 2018 11:42 PM

All replies

  • An example to enable users based on group membership (always test prior to implementing in production):

    $groupMember = Get-ADGroupMember SkypeEnableGroup
    foreach ($member in $groupMember) 
    { 
    $adUser = Get-CsAdUser -Identity $member.Name | Where-Object {$_.enabled -ne "true"} 
    if($adUser) 
    { 
    	Enable-CsUser -identity $adUser.identity -RegistrarPool SKypePoolFQDN -SipAddressType emailaddress 
    } 
       

    Update the Group name, Registrar pool and sip address type.

    Also you could check out Anthony Caragol's blog: http://www.skypeadmin.com/2014/03/04/bulk-lync-user-addition-via-powershell/


    Please mark posts as answers/helpful if it answers your question.
    Blog
    Skype Validator - Used to assist in the validation and documentation of Skype for Business/Lync Server.


    Monday, January 15, 2018 2:19 PM
  • thankyou for your recommendations, is there a way to include specifying a clientpolicy as part of this string/code?

    thankyou again

    Monday, January 15, 2018 11:19 PM
  • I would just add two lines, a delay so that the user is enabled before applying the policy. Keep in mind this would only run for users not already enabled for Skype due to the if statement.

    $groupMember = Get-ADGroupMember SkypeEnableGroup
    foreach ($member in $groupMember) 
    { 
    $adUser = Get-CsAdUser -Identity $member.Name | Where-Object {$_.enabled -ne "true"} 
    if($adUser) 
    { 
    	Enable-CsUser -identity $adUser.identity -RegistrarPool SkypePoolFQDN -SipAddressType emailaddress 
    
    Start-Sleep -s 5
    Grant-CsClientPolicy $adUser.identity -PolicyName ClientPolicyName
    } 
       


    Please mark posts as answers/helpful if it answers your question.
    Blog
    Skype Validator - Used to assist in the validation and documentation of Skype for Business/Lync Server.

    • Marked as answer by cs_280zx Tuesday, January 16, 2018 3:40 AM
    Monday, January 15, 2018 11:42 PM
  • thankyou for your suggestion.

    this worked very well. i made a small change as it was giving me errors plus i needed to use SIP address and not the SAMaccountname: 

    ## Automating Skype user activation
    # Module Import
    Import-Module activedirectory
    Import-Module lync
    # User Activation and Policy assignment
    $groupmember = Get-ADGroupMember GRP_SkypeEnabledUsers
    foreach ($member in $groupmember)
    {
    $aduser = Get-CsAdUser -Identity $member.Name | Where-Object {$_.enabled -ne "true"}
    if($aduser -ne $())
    {
    Enable-CsUser -identity $aduser.identity -RegistrarPool sfbfepool01.domain.local -SipAddressType FirstLastName -SipDomain sipdomain.com.au

    Start-Sleep -s 5
    Grant-CsClientPolicy $adUser.identity -PolicyName SFB-Global
    }
    }


    • Edited by cs_280zx Tuesday, January 16, 2018 3:42 AM
    Tuesday, January 16, 2018 3:40 AM
  • Thanks for your sharing

    Regards,

    Leon Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, January 16, 2018 6:51 AM
  • This will work perfectly for small security group. However, it will fail if run against large security group.
    Monday, March 12, 2018 11:56 AM