none
Lync Script to Enable Users based on AD Group RRS feed

  • Question

  • Is there a max number of users a script can support? im trying to run against a group of 10000 to 150000 users and it is failing...if i run against a smaller group it works? here is some of the code...

     

    $group = "ADGROUPNAMEHERE"
    $strFilter = "(&(objectCategory=Group)(SamAccountName=$group))"
    $objDomain = New-Object System.DirectoryServices.DirectoryEntry
    $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
    $objSearcher.SearchRoot = $objDomain
    $objSearcher.Filter = $strFilter
    $objSearcher.SearchScope = "Subtree"
    $colProplist = "member"
    foreach ($i in $colPropList)
    {[void] $objSearcher.PropertiesToLoad.Add($i)}
    $colResults = $objSearcher.FindAll()
    foreach ($objResult in $colResults)
    {$objItem = $objResult.Properties; $group = $objItem.member}
    foreach ($x in $group)
    {
    $ADuser = Get-CsADUser $x
    $DN = $ADuser.DisplayName
    If ($ADuser.Enabled -ne $true)
    {
    #Enabling for Lync : $DN
    $Llog = $Llog + $DN + "`n "
    Enable-CsUser $x -RegistrarPool lync.contoso.com -SipAddressType SAMAccountName -SipDomain contoso.com

    Grant-CsConferencingPolicy -identity $x -PolicyName "Standard CAL"
    }

    Tuesday, August 16, 2011 12:32 PM

Answers

  • Hi David,

    If you install ActiveRoles Management Shell for Active Directory from Quest you can use Get-QADGroupMember cmdlet for nested group membership.

     

    Then I guess, a single line of code will help you achieve your desired result.

     

    Get-QADGroupMember 'ADGROUPNAMEHERE'  -SizeLimit 0 -Type 'user' -Indirect | Enable-CsUser -RegistrarPool lync.contoso.com -SipAddressType SAMAccountName -SipDomain contoso.com

    hth

    Turgay

     

     

    • Marked as answer by David Stamen Wednesday, August 17, 2011 2:01 PM
    Wednesday, August 17, 2011 1:56 PM

All replies

  • You have to set the Page Size if you are using the DirectorySearcher to find all groups

    $objSearcher.PageSize = 100000


    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    Tuesday, August 16, 2011 10:01 PM
  • This didnt work.

     

     i am trying to pull 10,000-15,000 members from a single group.

     

    the script runs and stops immediately almost like it see's too many records and quits. if i point it to a smaller group it works perfectly.

    Wednesday, August 17, 2011 12:25 PM
  • http://msdn.microsoft.com/en-us/library/ms676302(VS.85).aspx

     

    i guess i found my answer with 03/08 you can only retrieve 1500 users at a time.

     

    anyone know how to possibly configure my script for range retrieval?

     

    thanks.

    Wednesday, August 17, 2011 12:49 PM
  • Hi David,

    If you install ActiveRoles Management Shell for Active Directory from Quest you can use Get-QADGroupMember cmdlet for nested group membership.

     

    Then I guess, a single line of code will help you achieve your desired result.

     

    Get-QADGroupMember 'ADGROUPNAMEHERE'  -SizeLimit 0 -Type 'user' -Indirect | Enable-CsUser -RegistrarPool lync.contoso.com -SipAddressType SAMAccountName -SipDomain contoso.com

    hth

    Turgay

     

     

    • Marked as answer by David Stamen Wednesday, August 17, 2011 2:01 PM
    Wednesday, August 17, 2011 1:56 PM
  • thank you that should work. i had it before, but the size limit is what i couldnt get doing..now i just need to get a way to keep all the user id's written to a log and then be able to email that log. can you think of a way to keep a log of who was enabled and email it? its probably something like $log = $log + $DisplayName" or something?
    Wednesday, August 17, 2011 2:01 PM
  • so i figured out a one-liner with your help to get the user activated.....however they are activated but the policies arent being assigned...here it is... please let me know..

    Get-QADGroupMember 'TestLync' -SizeLimit 0 -Type 'user' -Indirect | foreach {Enable-CsUser -identity $_.DisplayName -RegistrarPool lync.contoso.com -SipAddressType SAMAccountName -SipDomain consoto.com | Grant-CsConferencingPolicy -identity $_.DisplayName -PolicyName "Standard CAL"}
    


    Wednesday, August 17, 2011 3:28 PM
  • i guess it wasnt replicating fast enough. i had to do it as a seperate line item.

     

    script is now working..

     

    thanks

    Wednesday, August 17, 2011 4:40 PM