Saturday, January 28, 2012

TOP 10: Lync Server 2010 PowerShell Commands

I created this post in response to several requests from clients who wanted a go-to place to find the most commonly used commands and helpful commands for administering Lync Server 2010. In this post I cover the following commands:

1. Create and set up a Lync User
You will need an existing AD account for this command to function. Typically the SIP URI for users will follow their e-mail address. If not, you will need to specify the format to use or simply type it in. See the last help section of this post for more information on how to get effective help!

Enable-CsUser "Jason Shave" -RegistrarPool "" -SipAddressType EmailAddress

Next you may want to modify settings of the user such as their phone number (LineURI) or enable them for Enterprise Voice. These can both be set with one command as follows:

Set-CsUser "Jason Shave" -EnterpriseVoiceEnabled:$True -LineURI "tel:+17805551212;ext=1212"

2. Create a Common Area Phone
Common Area Phones (a.k.a. CAP's) are useful because you don't need an AD account to pre-exist as these objects are created as Contact objects in AD with the necessary properties set on them. You don't have to worry about resetting or setting passwords.

New-CsCommonAreaPhone -RegistrarPool "" -DisplayName "2FL Reception NE" -OU "OU=CAP,OU=Lync Server,DC=domain,DC=com" -DisplayNumber "+17805551212" -LineURI "tel:+17805551212;ext=1212"

NOTE: I've noticed a sort of bug with PowerShell in that if you specify the LineURI with an ";ext=" command in the string it won't tab-complete any other entries in the window so I typically leave that attribute to the end.

3. View or Assign a Policy/Dial Plan
Once you've created either a new user or CAP, you will need to set various attributes such as a Dial Plan, Voice Policy, Client Policy, Conferencing Policy, External Access Policy and so on.

To view all dial plans by name type:

Get-CsDialPlan | FL Identity
To view a voice policy, type the following: (since "Identity" is the only property beginning with the letter "I" we can use a wildcard character to save time)

Get-VoicePolicy | FL I*

To assign a Dial Plan to a user or set a voice policy to a CAP:

Grant-CsDialPlan "Jason Shave' -PolicyName EdmontonDialPlan1

Get-CsCommonAreaPhone "2FL Reception NE" | Grant-CsVoicePolicy -PolicyName NA-AB-Unrestricted

4. Assign a PIN
A PIN might not be as visibly necessary as you may think. Quickly though, a PIN is required for a non-tethered IP phone sign in, or a user joining a Lync audio conference as a leader from a non-Lync endpoint.

Set-CsClientPin "Jason Shave" -Pin 8675309
It is a good practice to set this PIN however users are able to create/set their PIN via the dialin simple URL accessible through the Lync client or the meeting request dialin phone number page (typically "").

5. Revoke a User Certificate
This one is more important than you may think as well. If you disable an AD account, and permit users to save their username/password, they will still be able to use Lync! I find a lot of people don't know this and it creates an interesting discussion with the security teams...

Revoke-CsClientCertificate "Jason Shave"

6. Move a User between pools or to an SBA

Move-CsUser "Jason Shave" -Target ""

7. Determine if a DID has been used
A common issue I see in environments where turnover is higher than normal is the recycling of DID's. When a user is disabled in Lync, their LineURI attribute in AD is still taken and cannot be reassigned. To find out the culprit, type:

Get-CsUser | Where {$_.LineURI -Like "*1212"}

The above command will find any LineURI attributes ending in "1212" such as "+17805551212" or "+17805551000;ext=1212".

8. Check CMS replication health
Any change to the CMS database such as a voice route, dial plan, or voice policy will result in the change being propagated to all Lync servers in the topology. Often times a change is made resulting in a test being performed (i.e. fixing a broken route). You will want to validate the change has been replicated to all servers in the topology before testing....and give it an extra 60 seconds after synchronization has been completed too!


Alternatively if you have a very large topology, you can be more specific as follows:

Get-CsManagementStoreReplicationStatus | Where {$_.UpToDate -ne $True}

9. Determine number of users enabled for Enterprise Voice

(Get-CsUser | Where {$_.EnterpriseVoiceEnabled -eq $True}).Count

Getting more complex, lets try to count the total number of EV users and CAP's and get a combined total. In the following example we use the ";" command in a one-liner to initiate a carriage return. We also store the outcome in a variable called "$str1" and "$str2":

$str1 = (Get-CsUser | Where {$_.EnterpriseVoiceEnabled -eq $True}).Count; $str2 = (Get-CsCommonAreaPhone).Count; $str1 + $str2

10. Getting help from PowerShell 
I've found the following tips helpful when trying to find out what PowerShell can do for me...

To get help on a command such as Get-CsUser type:

Get-Help Get-CsUser

NOTE: Use the TAB key on your keyboard when typing in PowerShell to complete long commands. As an example, you wouldn't want to type these comands every time:


For example, type "Get-CsMan" for "Get-CsManagementStoreReplicationStatus"

Sometimes you want examples of a command such as "Get-CsUser" so in this case you would type:

Get-Help Get-CsUser -Examples

If you forget a command or want to know all the commands associating with setting a user property, try:

Get-Command Set-CsUser*

Again, you might want to know what a specific parameter for "Set-CsUser" does such as AudioVideoDisabled:

Get-Help Set-CsUser -Parameter Au*

Hope this helps! Feedback is always appreciated so let me know if you note a mistake or would suggest alternative top 10's. Cheers!

HOW TO: Copy Quintum Tenor Gateway Configuration

This post shows you how to copy the configuration from a Quintum Tenor analog voice gateway for the purpose of either backup or restoration. In my case I used this process in the deployment of several similarly configured gateways at a customer site instead of starting from scratch each time.

First a warning or three....NEVER copy a gateway configuration from a non-like device to another using this method. Be sure you copy the same configuration to the same type of device with the same port configuration every time.

Second, be sure you have updated the firmware of your target device to the same level of your source device.

Third, this method of copying a configuration from one device to another is officially not supported by NET. Use at your own risk!!

STEP 1: Logging into the device
The default login username for the Tenor gateways is "admin" with the password being the same. You can FTP to the device using Windows Explorer or via Command Prompt.

Using Windows Explorer is as easy as typing ftp:// and hitting enter followed by the username and password.

STEP 2: Copying the configuration from a source device 
Once you've gained access to the device, double-click the "cfg" folder and then double-click the "db" folder. You should see three files called "hw.txt", "db.txt", and "ipconfig.txt". Simply copy these files (if you're using Windows Explorer use CTRL-C) and paste them (CTRL-V) to a safe location you will remember.

The files are very small and can be stored just about anywhere. Be sure to place them in a directory with a name matching the make, model, and port density.

NOTE: If you want to modify the configuration of these files, please use the command-line or the Tencor Config Manager software. NEVER EVER modify these files while they're on the gateway (in flash memory).

STEP 3: Modify the configuration before deployment
Now you're ready to modify the configuration and prepare the files for deployment to your target device. The most obvious configuration change you will make will be the IP address of the device to prevent a duplicate IP on the network when you deploy the target device. This can be done by opening the "ipconfig.txt" file on your PC (again, never on the flash memory of the target or source device).

Make a copy of your backed up files to a new directory as these will be your working copies. Now, simply open the "ipconfig.txt" file using Notepad and modify the parameters necessary. As an example, please see the image below:

The two "set" commands will change the IP address and subnet mask while the "change" command highlighted above will change the default route (default gateway ip). To modify the DNS settings for the device you need to open the "db.txt" file and modify the following settings:

Once complete, save the file(s).

STEP 4: Copy the configuration to your target device
If you still have an open connection to your Tenor device, close it and open a new connection to your target device using the correct username and password. Since the new device may be new out of the box, you can use the Tenor Config Manager software to locate it or else use a console cable to determine the IP address.

As you can imagine, the process for copying is the same as you would any other file to a Windows folder. Copy/Paste the files into the /cfg/db location of the target device and overwrite the files.

Now you can safely reboot your target device and attempt to connect to it via FTP using the new address.