Skip to content

Instantly share code, notes, and snippets.

@darrenjrobinson darrenjrobinson/Export.ps1
Last active Nov 17, 2018

Embed
What would you like to do?
Microsoft Identity Manager Skype for Business / Lync PowerShell Management Agent Export Script. Supporting blog post is located here https://blog.darrenjrobinson.com/provisioning-users-for-lync-skype-for-business-with-fim-mim-using-the-granfeldt-powershell-management-agent/
param
(
$username,
$password,
$ExportType
)
begin
{
$DebugFilePath = "C:\PROGRA~1\MICROS~4\2010\SYNCHR~1\EXTENS~2\Lync\Lync\DebugLyncMA.txt"
if(!(Test-Path $DebugFilePath))
{
$DebugFile = New-Item -Path $DebugFilePath -ItemType File
}
else
{
$DebugFile = Get-Item -Path $DebugFilePath
}
"Starting Export : " + (Get-Date) | Out-File $DebugFile -Append
# Registrar Pool
$RegistrarPool = "Lync2013Pool.customer.com.au"
# Setup Remote Powershell Session
$server = "https://servername/OcsPowerShell"
$securestring = New-Object -TypeName System.Security.SecureString
$password.ToCharArray() | ForEach-Object {$securestring.AppendChar($_)}
$credential = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $username, $securestring
if (!(Get-Module -Name "Enable-CSUser"))
{
Write-Debug "Opening a new RPS Session." | Out-File $DebugFile -Append
$skipCertificate = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
$session = New-PSSession -ConnectionUri $server -Credential $credential -SessionOption $skipCertificate -Name "Lync"
$global:session = $session
$lyncCommands = "Get-CsUser", "Get-CsAdUser", "Enable-CsUser", "Set-CSUser"
Import-PSSession $global:session -CommandName $lyncCommands
Write-Debug "Opened a new RPS Session." | Out-File $DebugFile -Append
}
}
process
{
$error.clear()
$_ | Out-File $DebugFile -Append
$errorstatus = "success"
$errordetails = ""
$Identifier = $_.Identifier
$objectGuid = $_.DN
#Loop through changes and update parameters
foreach ($can in $_.ChangedAttributeNames)
{
$can
foreach ($ValueChange in $_.AttributeChanges[$can].ValueChanges)
{
if ( $can -eq 'msDScloudextensionAttribute20' ){$cloudextAttr20 = $ValueChange.Value}
Write-Output "extAttr20 val: $cloudextAttr20"
}
}
# Export uses Remote Powershell so we don't have to install the Lync commandlets on this MIM Server and keep them current.
if ($_.ObjectModificationType -eq 'Add')
{
# adds are caught by importing new objects from Active Directory (see import script)
# and joining these to existing user objects on the metaverse
throw "Add modification are not supported"
}
if ($_.ObjectModificationType -eq 'Delete')
{
# deletes are caught by importing deleted objects (isDeleted) from Active
# Directory (see import script). This way we clear up the CS
throw "Delete modification are not supported"
}
#Supported ChangeType is Replace
if ($_.ObjectModificationType -match 'Replace')
{
$errorstatus = "success"
# Lookup the object so we know it exists before we enable the user
$curUser = New-Object System.DirectoryServices.DirectoryEntry "LDAP://<GUID=$objectGuid>", $username, $password
if ( $curUser )
{
if (!$curUser.Properties["msRTCSIP-UserEnabled"])
{
# User isn't Lync enabled. Enable them
enable-csuser -identity $objectGuid -sipaddresstype userprincipalname -registrarpool $registrarpool -ErrorAction "SilentlyContinue"
if ($cloudextAttr20)
{
$curext20 = $curUser.properties["msds-cloudextensionattribute20"]
if ($curext20)
{
# compare current val to new. Replace if diff
if (!($cloudextAttr20 = $curext20))
{
set-aduser -Identity $objectGuid -Replace @{'msds-cloudextensionattribute20' = $cloudextAttr20} -ErrorAction SilentlyContinue
}
}
else
{
#set value
set-aduser -Identity $objectGuid -Add @{'msds-cloudextensionattribute20' = $cloudextAttr20} -ErrorAction SilentlyContinue
}
}
}
else
{
#user is enabled for Lync. Maybe the breadcrumb didn't get set
if ($cloudextAttr20)
{
$curext20 = $curUser.properties["msds-cloudextensionattribute20"]
if ($curext20)
{
# compare current val to new. Replace if diff
if (!($cloudextAttr20 = $curext20))
{
set-aduser -Identity $objectGuid -Replace @{'msds-cloudextensionattribute20' = $cloudextAttr20} -ErrorAction SilentlyContinue -ErrorVariable $errordetails
}
}
else
{
#set value
set-aduser -Identity $objectGuid -Add @{'msds-cloudextensionattribute20' = $cloudextAttr20} -ErrorAction SilentlyContinue -ErrorVariable $errordetails
}
}
}
}
}
#Return the result to the MA
$obj = @{}
$obj.Add("[Identifier]",$Identifier)
$obj.Add("[ErrorName]","success")
if($errordetails){$obj.Add("[ErrorDetail]",$errordetails)}
$obj
}
end
{
Remove-PSSession $global:session
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.