Adaxes

Lync User Create and Apply Policy

0 votes

I have pieced together a some powershell to enable Lync for a user and then try to apply policies. The user is created but the policies are not:

# Get domain controller FQDN
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$rootDSE = $Context.BindToObject("Adaxes://$domainName/rootDSE")
$domainControllerFQDN = $rootDSE.Get("dnsHostName")

$lyncServer="coplyncpool."
$registrarPool="coplyncpool."

$sessionOptions = New-PSSessionOption -SkipRevocationCheck -SkipCACheck -SkipCNCheck
$session = New-PSSession -ConnectionUri https://$lyncServer/ocspowershell -SessionOption $sessionOptions -Authentication NegotiateWithImplicitCredential

Import-PSSession -session $session -AllowClobber

#Enable Lync User
Enable-CsUser -Identity "%displayName%" -RegistrarPool $registrarPool -SipAddress "sip:%userPrincipalName%" -DomainController $domainControllerFQDN

# Sets policies
Grant-CsConferencingPolicy -identity "%displayName%" -PolicyName NoConferencingWithExternalUsers
Grant-CsClientPolicy -identity "%displayName%" -PolicyName NoClientSideArchiving
Grant-CsArchivingPolicy -identity "%displayName%" -PolicyName NoServerSideArchiving
Grant-CsExternalAccessPolicy -identity "%displayName%" -PolicyName NoExternalAccess
Grant-CsMobilityPolicy -identity "%displayName%" -PolicyName NoMobility

Remove-PSSession -Session $session

Here is the error while the policies are trying to be created.:

Management object not found for identity "Geary Eppernator".

Management object not found for identity "Geary Eppernator".

The term 'Grant-CsArchivingPolicy' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

Management object not found for identity "Geary Eppernator".

Management object not found for identity "Geary Eppernator".

Thanks

by (480 points)
0

Hello,

Management object not found errors: how many domain controllers do you have for the domain of the user?

Error with the Grant-CsArchivingPolicy cmdlet: the user whose credentials are used to run the script is not a member of any of the role groups that allow running the cmdlet. By default, only members of the RTCUniversalUserAdmins role group can run it. For details, see the following article by Microsoft: https://technet.microsoft.com/en-us/lib ... 15%29.aspx.

by (216k points)
0

We have 3 DC's and the user is member of that group.

Thanks

by (480 points)

1 Answer

0 votes
by (216k points)

Management object not found errors: most probably, when assigning the policies, the Lync Server connects to a different DC than when enabling the user for Lync. Since the commands are executed within a short time frame, there is not enough time to replicate information on the new Lync user to the other DCs. To remedy the issue, append information on the domain controller used every time you call a cmdlet for assigning a policy:

...
Grant-CsConferencingPolicy -identity "%displayName%" -PolicyName NoConferencingWithExternalUsers -DomainController $domainControllerFQDN
Grant-CsClientPolicy -identity "%displayName%" -PolicyName NoClientSideArchiving -DomainController $domainControllerFQDN
Grant-CsArchivingPolicy -identity "%displayName%" -PolicyName NoServerSideArchiving -DomainController $domainControllerFQDN
Grant-CsExternalAccessPolicy -identity "%displayName%" -PolicyName NoExternalAccess -DomainController $domainControllerFQDN
Grant-CsMobilityPolicy -identity "%displayName%" -PolicyName NoMobility -DomainController $domainControllerFQDN
...- - - - - -

Error with the Grant-CsArchivingPolicy cmdlet: we've checked with documents available from Microsoft, but the only possible reason for such an error seems to be that the user doesn't have sufficient permissions to call the cmdlet. Please re-check that the user specified in the Run As setting of the action that runs this script is a member of the RTCUniversalUserAdmins role group. Also, try logging in to your Lync Server as that user and running the cmdlet directly from the Lync Shell.

For more information, see Planning for role-based access control in Lync Server 2013.

Related questions

0 votes
1 answer
Create a report about a user and the number of mailboxes with Full Access permission.

Hallo Everyone I've seen the Report for Exchange Mailboxes with OU, Send on Behalf, Full Rights and Send As Rights: https://www.adaxes.com/questions/ ... . Example: User: Peter.Steinmann Identity: Which Mailboxes AccessRights: FullAccess Kind regards,

asked Jul 6, 2022 by Sandberg94 (340 points)
0 votes
1 answer
Create user and select a group

Hello, is it possible to create a user and at the same time, select the security groups and distribution groups for this user ? Thx

asked Mar 19, 2012 by mmichard (360 points)
0 votes
1 answer
French and create user by copy

Hello, I'd like to know if a french translation is planed. And if users can be created by a copy from an existant user. Thanks for your answers.

asked Dec 21, 2011 by yoann.hamon (180 points)
0 votes
1 answer
WINRM Error when enabling user for Lync

Hi all, I get the error below when enabling a user for Lync. I have opened port 5986 for winrm over https and have verified the correct certificates ... winrm quickconfig -transport:https". For more information, see the about_Remote_Troubleshooting Help topic.

asked May 8, 2017 by joshua.amune (50 points)
0 votes
1 answer
Enable the user for Lync

Hi We are experiencing problems with the "Enable the user for Lync" function: Enable the user for Lync (Pool: 'lync-server.domain.local', SIP URI: 'sip:%mail%') Processing ... Help topic. This is for a managed domain, not the one Adaxes is installed in.

asked Oct 31, 2013 by kjesoo (960 points)
3,346 questions
3,047 answers
7,782 comments
544,992 users