Actions
1. UPDATE AD
- Download here or load from a Skype for Business installation DVD / file
- Open command prompt as administrator and go to the schematic map on the hard drive
Start the commands below (replace dc.contoso.local with the address of a domain controller and "DC=contoso,Dc=local" with the distinguishedName of your AD).
ldifde -i -v -k -s dc.contoso.local -f ExternalSchema.ldf -c DC=X "DC=contoso,DC=local" -j c:\Schema ldifde -i -v -k -s dc.contoso.local -f ServerSchema.ldf -c DC=X "DC=contoso,DC=local" -j c:\Schema ldifde -i -v -k -s dc.contoso.local -f BackCompatSchema.ldf -c DC=X "DC=contoso,DC=local" -j c:\Schema ldifde -i -v -s dc.contoso.local -f VersionSchema.ldf -c DC=X "DC=contoso,DC=local" -j c:\Schema -j = Log file location -i = Import operation performed -v = Verbose (show changes on screen) -k = Keep going even if some entries can't be processed -s = Server location -f = File location -c = Change from-string in data to to-string. This lets you customize a generic LDIF file for your installation. For example, from-string might be the placeholder DC=X, and to-string might be your domain DN. Replaces in this case the DC=X without your domain location.
An import will look like this:
Note that the log will always be called LDIF.txt. You may want to make a copy of the output during each command. Look especially at the information in the file, often you see information like this:
You can do the same by performing Step 1: Prepare schedule of the Skype for Business Deployment wizard ( https://technet.microsoft.com/en-us/library/dn951386.aspx ).
2. TESTING AD
- Check whether the values on the AD objects are correct
#Requirements #- Install-Module AzureADPreview #Options #$user: this is the user to check in the Active Directory $USER = "username@domain.com" #Do not change below here. Connect-AzureAD $AAD_USER = Get-AzureADUser -ObjectId $USER $AAD_USER | SELECT -ExpandProperty ExtensionProperty
If the values are empty, make sure that the AAD values are correctly included. In the AAD sync you can find the attributes that should be included.
Sample script
Save script below as ps1 and run on domain controller.
Param(
[ValidateSet("ou","group")]
[Parameter(Mandatory=$true)]
[string]$user_container,
[Parameter(Mandatory=$true)]
[string]$user_location,
[Parameter(Mandatory=$false)]
[ValidateSet("OneLevel","Subtree")]
[string]$user_location_scope,
[Parameter(Mandatory=$true)]
[ValidateSet("onpremise","cloud","clear")]
[string]
$location
)
##### About script
# Created by: Maarten Meijer
# Copyright: SoftApp-distribution (2018)
# Version: 1.1-b04072018
# 04-07-2018: Added scoping on OU
# 04-07-2018: Added option to clear attributes and reset to defaults
# 04-07-2018: Changed searching to a Searchbase to limit the results and fix error with incorrect OU name
#
# Requirements:
# - Run on AD domain controller
#
# Usage:
# 1. Just run the script! Parameters will be asked upon running.
# Options/Parameters:
## -user_container ==> object that contains the user subset ("group" or "ou")
## -user_location ==> if a "group" is selected enter the sAMACCOUNTNAME here of the group. On selecting a OU enter the DN of the OU (use opening and closing ")
## -location ==> location of the hosted users ("onpremise" or "cloud")
## -user_location_scope ==> depth of OU searching ("OneLevel" or "Subtree")
#
# Important
# This script sets the UPN as the SIGN IN ADDRESS of the user. If those are not the same, modify the script!
#
#
# DO NOT CHANGE ANYTHING BELOW HERE
$Logfile = "C:\change_ad.log"
Function LogWrite
{
Param ([string]$logstring)
Add-content $Logfile -value $logstring
}
LogWrite("UPDATE AD: " + (Get-Date).tostring())
LogWrite("user_container: " + $user_container)
LogWrite("user_location: " + $user_location)
LogWrite("location: " + $location)
Import-Module ActiveDirectory
Write-Host "[AD UPDATE] Start" -foregroundcolor Green
#Get users from OU
switch($user_container) {
"group" {
$found_group = Get-ADGroup -Identity $user_location
if ($found_group -ne $null) {
$users = Get-ADGroupMember -Identity $user_location | Get-ADuser
} else {
LogWrite("Unable to find group")
Write-Host "Unable to find group" -foregroundcolor red
break
}
}
"ou" {
#use searchbase instead of pipeline filter, otherwise can catch too many users if string is not correctly formatted.
$users = Get-ADUser -Filter {Enabled -eq $true} -SearchBase $user_location -SearchScope $user_location_scope
}
}
foreach ($user in $users) {
#update attributes
Write-Host "[$($user.UserPrincipalName)] Updating attributes" -foregroundcolor green
LogWrite("[$($user.UserPrincipalName)] Updating attributes")
if($location -eq "onpremise") {
LogWrite("[$($user.UserPrincipalName)] onpremise")
Set-ADUser -Identity $user.SamAccountName -replace @{'msRTCSIP-DeploymentLocator'="SRV:";'msRTCSIP-PrimaryUserAddress'="sip:$($user.UserPrincipalName)";'msRTCSIP-UserEnabled'="TRUE";}
} elseif ($location -eq "cloud") {
LogWrite("[$($user.UserPrincipalName)] cloud")
Set-ADUser -Identity $user.SamAccountName -replace @{'msRTCSIP-DeploymentLocator'="sipfed.online.lync.com";'msRTCSIP-PrimaryUserAddress'="sip:$($user.UserPrincipalName)";'msRTCSIP-UserEnabled'="TRUE";}
} elseif ($location -eq "clear") {
LogWrite("[$($user.UserPrincipalName)] clear")
Set-ADUser -Identity $user.SamAccountName -clear @('msRTCSIP-DeploymentLocator';'msRTCSIP-PrimaryUserAddress';'msRTCSIP-UserEnabled';)
}
}
LogWrite("[AD UPDATE] Done")
Write-Host "[AD UPDATE] Done" -foregroundcolor Green
Additional information
About LDIFDE https://msdn.microsoft.com/en-us/library/Bb727091.aspx
- Technet about Skype for Business schema expansions https://technet.microsoft.com/en-us/library/gg398607(v=ocs.15).aspx
- Expand on schedule http://www.markc.me.uk/blog/files/SchemaUpdateMethods.html
- Technet about Skype for Business schema attributes https://technet.microsoft.com/en-us/library/gg412841.aspx
user_container