Scenario

You are attempting to take existing OCS (Office Communications Server) users and create Lync Enabled objects using a workflow from within FIM.

Issue

You discover that the Lync objects are not being created.

Details

The following workaround is taken from a customer site. 

The issue at hand was that the FIM Service essentially had to be configured as a Lync Administrator to create the Lync Enabled objects.  

Looking at the issue and breaking out the piece parts of the customer’s solution.

There were two critical things that we quickly noted:

1. The PowerShell user provisioning script was running outside of FIM just fine
2. The PowerShell provisioning script was prompting for credentials

As long as we provided the credentials the PowerShell script fired just fine.  The issue appeared to be FIM in that credentials were not being manually entered upon each run.

Working with the LYNC team a method was determined of invoking the necessary PowerShell session so that the account credentials for the FIM Service would not have to be entered each time.

Here is the script to start a session in the context of the user who invokes the session and these credentials will be used for the remainder of the session.

$so = New-PSSessionOption -SkipRevocationCheck            
$CSSession = New-PSSession -ConnectionUri  https://randomserver.contoso.com/ocspowershell -Authentication NegotiateWithImplicitCredential -SessionOption $so

Essentially once this was entered into the FIM Workflow and the FIM Service was granted the necessary permissions to provision a Lync enabled object the LYNC Specific PowerShell worked flawlessly.

See Also

• Setting Up Kerberos Authentication
• Enable-CsUser
• Lync Server 2010 Role-Based Access Control