none
Lync External Access Policy

    Question

  • I created a script i wanna if i remove a user from the group will not remove from Federated Access? Or I should be remove manually from Lync Console and set External Access Policy for that user(s) to "Automatic"

    Here's my script below:

    Import-Module Lync

    get-csuser -LDAPFilter "memberOf=CN=LyncAllowFederationAccess,OU=Lync,OU=Groups,DC=qvcdev,DC=qvc,DC=net" | Grant-CsExternalAccessPolicy -PolicyName "Allow Federation Access"


    James

    Wednesday, November 25, 2015 3:07 PM

Answers

  • You can return the user to the global policy by doing

    Grant-CsExternalAccessPolicy -Identity User -PolicyName $null

    thanks


    Note: Please remember to `Mark as Answered` a post that answers your question and/or `Vote as Helpful` posts that have helped you. This will help others find answers to similar problems. For more Skype for Business help visit: http://www.skype4b.uk Please note that answers are based on my experience and opinion only and do not necessarily represent the views of my employer.

    • Marked as answer by JJOHN7 Tuesday, December 8, 2015 10:07 PM
    Wednesday, November 25, 2015 3:25 PM
  • add in my side script?

    James

    • Marked as answer by JJOHN7 Tuesday, December 8, 2015 10:07 PM
    Wednesday, November 25, 2015 3:29 PM
  • Seems like you want to apply settings via security group membership automatically.

    The only way to do this is script the removal of the user from the group and in the same script set their external access

    so I would do something like this

    Set your external access policies

    create your security groups

    for add / removal, checks users in Ad for all your security groups, any ones that are not a member of your defined security groups, check if they have a lync account, if they do, grant the $null policy which will be no access right? If they don't have an account then dont assign, if they do have membership, grant the right policy. one script does both tasks. add as a scheduled task and run once per hour?

    better doing this than a script that targets one particular task :)

    thanks


    Note: Please remember to `Mark as Answered` a post that answers your question and/or `Vote as Helpful` posts that have helped you. This will help others find answers to similar problems. For more Skype for Business help visit: http://www.skype4b.uk Please note that answers are based on my experience and opinion only and do not necessarily represent the views of my employer.

    • Marked as answer by JJOHN7 Tuesday, December 8, 2015 10:07 PM
    Wednesday, November 25, 2015 3:38 PM

All replies

  • You can return the user to the global policy by doing

    Grant-CsExternalAccessPolicy -Identity User -PolicyName $null

    thanks


    Note: Please remember to `Mark as Answered` a post that answers your question and/or `Vote as Helpful` posts that have helped you. This will help others find answers to similar problems. For more Skype for Business help visit: http://www.skype4b.uk Please note that answers are based on my experience and opinion only and do not necessarily represent the views of my employer.

    • Marked as answer by JJOHN7 Tuesday, December 8, 2015 10:07 PM
    Wednesday, November 25, 2015 3:25 PM
  • add in my side script?

    James

    • Marked as answer by JJOHN7 Tuesday, December 8, 2015 10:07 PM
    Wednesday, November 25, 2015 3:29 PM
  • Seems like you want to apply settings via security group membership automatically.

    The only way to do this is script the removal of the user from the group and in the same script set their external access

    so I would do something like this

    Set your external access policies

    create your security groups

    for add / removal, checks users in Ad for all your security groups, any ones that are not a member of your defined security groups, check if they have a lync account, if they do, grant the $null policy which will be no access right? If they don't have an account then dont assign, if they do have membership, grant the right policy. one script does both tasks. add as a scheduled task and run once per hour?

    better doing this than a script that targets one particular task :)

    thanks


    Note: Please remember to `Mark as Answered` a post that answers your question and/or `Vote as Helpful` posts that have helped you. This will help others find answers to similar problems. For more Skype for Business help visit: http://www.skype4b.uk Please note that answers are based on my experience and opinion only and do not necessarily represent the views of my employer.

    • Marked as answer by JJOHN7 Tuesday, December 8, 2015 10:07 PM
    Wednesday, November 25, 2015 3:38 PM