# Lync Groupprovisioning # # Maintains Lync enabled Users based on a security group # # 20121126 Ver 1.0 Frank Carius # Initial Version # 20121210 Ver 1.1 Frank Carius # Suche "HomeDC" und nutzen diesen für Enable und Set-CSUser # 20121217 Ver 1.2 Frank Carius # Member-Attribut lieferte nur 1000 Member per Default. -> falches delete Änderung durch LDAP-Suche nach memberof # Ausgabe der "Anzahl" am Ende # Out-file mit encoding versehen und eigener status für noUPN und noMail # 20121217 Ver 1.3 Frank Carius # Defaults der Mailadresse korrigiert und aussagekräftigere Mails # WhatIf Switch statt EnabledADD und EnableDEL # 20130718 Ver 1.4 Frank Carius # Sonderbehandlung fuer $error[0].tostring() da manchmal wohl "null" # $maxorphaneditems addiert um irrtümliches löschen zu verhindern. # $enableremove addiert param ( [string]$reportcsv = "C:\Lync Groupprovisioning\Lync Groupprovisioning.csv", # CSV-Datei mit dem Log der Aenderungen [string]$reportcsvencoding = "unicode", # Format der CSv Datei [string]$GcDC = "dc1.msxfaq,de", # DC für alle Aktionen [string]$lyncuri = "https://lyncfe.msxfaq.de/ocsPowerShell", # URL für Lync Remote PowerShell [string]$lyncgroupdn = "CN=lyncUsers,ou=Provisioning,dc=msxfaq,dc=de", # Konfigurationsgruppe [string]$RegistrarPool = "lyncfe.msxfaq.de", # Lync Pool für die Aktivierung [string]$smtpserver = "mail.msxfaq.de", # Mailserver fuer Benachrichtigung [string]$smtpto = "lync@msxfaq.de", # SMTP Absenderadresse [string]$smtpfrom = "lync@msxfaq.de", # SMTP Zieladresse [int]$maxorphaneditems = 10, # max deprovisioning Sicherheitsgurt [switch]$enableremove = $false, # true um deprovisioning zu aktivieren [switch]$whatif = $false # true fuer simulation only ) Write-host "Lync Groupprovisioning Start" set-psdebug -strict $WarningPreference = "SilentlyContinue" Start-Transcript -path (".\logs\Lync Groupprovisioning."+(get-date -format yyyyMMddHHmmss)+".txt") if ($whatif){ write-host "WhatIf Mode" -backgroundcolor yellow -foregroundcolor black } if ($enableremove){ write-host "enableremove Mode" -backgroundcolor yellow -foregroundcolor black } Write-host "Initialize Eventlog für reporting and Debugging" $evt=new-object System.Diagnostics.EventLog("Application") $evt.Source="Lync Groupprovisioning" $infoevent=[System.Diagnostics.EventLogEntryType]::Information $warnevent=[System.Diagnostics.EventLogEntryType]::Warning $errorevent=[System.Diagnostics.EventLogEntryType]::Error $evt.WriteEntry("Lync Groupprovisioning gestartet",$infoevent,0) $summary = New-Object PSObject -Property @{ startcount = 0 enable = 0 enablesim = 0 enableerror = 0 nomail = 0 noupn = 0 disable = 0 disablesim = 0 disableerror = 0 } write-host "Initializing CSV-File" #$csvfile = New-Object System.IO.StreamWriter $reportcsv, $true # append #$csvfile.WriteLine("timestamp,action,dn") if (!(Get-Command "Enable-CSUser" -errorAction SilentlyContinue)) { Write-host " Creating Lync Remote Session" $session = new-pssession ` -ConnectionUri $lyncuri ` -Authentication NegotiateWithImplicitCredential #-Authentication Kerberos # -Credential (Get-Credential) Write-host " Import Lync Remote Session Commandlets" import-pssession -Session $session -AllowClobber | out-null } else { Write-host " using existing Lync Remote Session" } Write-host "Loading current Lync Users into Hashtable" [hashtable]$csUserlist = @{} [int]$count=0 foreach ($csUser in (get-csUser -resultsize unlimited)) { $count+=1 write-host " Adding LyncUser($count):"$csUser.Distinguishedname.tolower() $csUserlist.add($csUser.Distinguishedname.tolower(),$csUser.SipAddress) } $summary.startcount = $csUserlist.count Write-host "Done Total LyncUser:" $csUserlist.count Write-host "Search MemberOf LyncGroup $lyncgroupdn" $error.clear() $root = [system.directoryservices.activedirectory.forest]::getcurrentforest().rootdomain.name $objSearcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]"GC://$root") $objSearcher.PageSize = 100 $objSearcher.Filter = "(Memberof=$lyncgroupdn)" $lyncUsergroupmember = $objSearcher.FindAll() Write-host "Done Search MemberOf:" $lyncUsergroupmember.count if ($error) { write-host "Err: unable to load Group $lyncgroupdn" send-mailmessage ` -from $smtpfrom ` -to $smtpto ` -subject "Lync Groupprovisioning: unable to load Group $lyncgroupdn" ` -body "Lync Groupprovisioning: unable to load Group $lyncgroupdn" ` -smtpServer $smtpserver } else { Write-host " Processing Group Members to enable" foreach ($csgroupmember in $lyncUsergroupmember) { $Error.Clear() $csgroupmemberdn = $csgroupmember.properties.distinguishedname[0].tolower() if ($csUserlist.containskey($csgroupmemberdn)) { write-host " Already Enabled" $csgroupmemberdn $csUserlist.remove($csgroupmemberdn) } else { write-host " New User:" $csgroupmemberdn $csadUser = Get-CsAdUser -Identity $csgroupmemberdn [string]$mail = $csadUser.WindowsEmailAddress.tostring() write-host " Mail:" $mail [string]$upn = $csadUser.UserPrincipalName write-host " UPN:" $upn if (!($mail.contains("@"))) { write-host " NoMail ENABLE für Lync:"$csgroupmemberdn -backgroundcolor yellow -foregroundcolor black #$csvfile.WriteLine((Get-Date -Format "dd.MM.yyyy HH:mm:ss") + ",ENABLE," + $csgroupmemberdn) ((Get-Date -Format "dd.MM.yyyy HH:mm:ss") + ",ErrNoMail," + $csgroupmemberdn) | out-file $reportcsv -append -encoding $reportcsvencoding $evt.WriteEntry(("NoMail Enable für Lync:"+$csgroupmemberdn),$infoevent,10) $summary.nomail +=1 if (!($whatif)) { send-mailmessage ` -from $smtpfrom ` -to $smtpto ` -subject "Lync Groupprovisioning: NoMail Enable LyncUser: $csgroupmemberdn" ` -body "Unable to enable User für Lync. User has not valid MAIL (NoMail Enable LyncUser: $csgroupmemberdn" ` -smtpServer $smtpserver } } elseif (!($upn.contains("@"))) { write-host " NoValidUPN ENABLE für Lync:"$csgroupmemberdn -backgroundcolor yellow -foregroundcolor black #$csvfile.WriteLine((Get-Date -Format "dd.MM.yyyy HH:mm:ss") + ",ENABLE," + $csgroupmemberdn) ((Get-Date -Format "dd.MM.yyyy HH:mm:ss") + ",ErrNoUPN," + $csgroupmemberdn) | out-file $reportcsv -append -encoding $reportcsvencoding $evt.WriteEntry(("NoValidUPN Enable für Lync:"+$csgroupmemberdn),$infoevent,10) $summary.noupn +=1 if (!($whatif)) { send-mailmessage ` -from $smtpfrom ` -to $smtpto ` -subject "Lync Groupprovisioning: NoValidUPN Enable LyncUser: $csgroupmemberdn" ` -body "Unable to enable User für Lync. User has not valid UPN (NoValidUPN Enable LyncUser: $csgroupmemberdn" ` -smtpServer $smtpserver } } elseif ($whatif){ write-host " enable für Lync:"$csgroupmemberdn -backgroundcolor green -foregroundcolor black $summary.enablesim +=1 } else { write-host "Looking für User-DC based on DN" $csgroupmemberdn -match "^.*?(dc=.*)$" | out-null [string]$domain = $matches[1].replace("dc=","") [string]$domain = $domain.replace(",",".") write-host " Domain:" $domain $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("domain",$domain) $addomain=[system.directoryservices.activedirectory.domain]::GetDomain($context) $dc=$addomain.FindDomainController().Name write-host " using DC:" $dc write-host " Enable CSUser:" $csgroupmemberdn $error.clear() Enable-CSUser ` -identity $csgroupmemberdn ` -RegistrarPool $RegistrarPool ` -SipAddressType EmailAddress ` -Domaincontroller $dc ` -Erroraction Continue write-host " Set CSUser:" $upn Set-CsUser ` -identity $upn ` -AudioVideoDisabled $true ` -Domaincontroller $dc ` -Erroraction Continue if (!$error) { write-host " ENABLE für Lync:"$csgroupmemberdn -backgroundcolor green -foregroundcolor black #$csvfile.WriteLine((Get-Date -Format "dd.MM.yyyy HH:mm:ss") + ",ENABLE," + $csgroupmemberdn) ((Get-Date -Format "dd.MM.yyyy HH:mm:ss") + ",ENABLE," + $csgroupmemberdn)| out-file $reportcsv -append -encoding $reportcsvencoding $evt.WriteEntry(("Enable für Lync:"+$csgroupmemberdn),$infoevent,10) $summary.enable +=1 send-mailmessage ` -from $smtpfrom ` -to $smtpto ` -subject "Lync Groupprovisioning: Enable LyncUser: $csgroupmemberdn" ` -body "User was enabled für Lync: $csgroupmemberdn" ` -smtpServer $smtpserver } else { write-host " ERROR ENABLE für Lync:"$csgroupmemberdn -backgroundcolor green -foregroundcolor black #$csvfile.WriteLine((Get-Date -Format "dd.MM.yyyy HH:mm:ss") + ",ERRENABLE," + $csgroupmemberdn) ((Get-Date -Format "dd.MM.yyyy HH:mm:ss") + ",ERRENABLE," + $csgroupmemberdn)| out-file $reportcsv -append -encoding $reportcsvencoding $evt.WriteEntry(("Error Enable für Lync:"+$csgroupmemberdn),$errorevent,10) $summary.enableerror +=1 if (($error[0]) -eq $null) { $bodytext = ("Error enabling User für Lync: $csgroupmemberdn Error[0]:null") } else { $bodytext= ("Error enabling User für Lync: $csgroupmemberdn Error:" + $error[0].tostring()) ` } send-mailmessage ` -from $smtpfrom ` -to $smtpto ` -subject "Lync Groupprovisioning: ERROR Enable LyncUser: $csgroupmemberdn" ` -body $bodytext ` -smtpServer $smtpserver $error.clear() } } } } Write-host " Checking Orphaned Members" Write-host " maxorphaneditems : " $maxorphaneditems Write-host " EnableRemoveMode : " $enableremove Write-host " #Objects to delete:" $csUserlist.keys.count if (!$enableremove -and ($csUserlist.keys.count -gt 1)) { write-host "Err: Skip delete due enableremove ($enableremove )" send-mailmessage ` -from $smtpfrom ` -to $smtpto ` -subject "Lync Groupprovisioning: Skip delete due enableremove Limit ( $enableremove )" ` -body "Lync Groupprovisioning: Skip delete due enableremove Limit ( $enableremove )" ` -smtpServer $smtpserver } elseif ($csUserlist.keys.count -gt $maxorphaneditems) { write-host "Err: Skip delete due maxorphaneditems Limit ( $maxorphaneditems )" send-mailmessage ` -from $smtpfrom ` -to $smtpto ` -subject "Lync Groupprovisioning: Skip delete due maxorphaneditems Limit ( $maxorphaneditems )" ` -body "Lync Groupprovisioning: Skip delete due maxorphaneditems Limit ( $maxorphaneditems )" ` -smtpServer $smtpserver } else { Write-host " Processing Orphaned Members" foreach ($orphanedUser in $csUserlist.keys) { if ($whatif){ write-host " WhatIf remove from Lync:"$orphanedUser -backgroundcolor red -foregroundcolor white $summary.disablesim +=1 } else { write-host " disable: "$csUserlist.item($orphanedUser).tostring() # commandlet can't use DN. SIP-Address is fine $error.clear() Disable-CSUser -Identity ($csUserlist.item($orphanedUser)).tostring() ` -Erroraction Continue if (!$error) { write-host " REMOVE from Lync:"$orphanedUser -backgroundcolor red -foregroundcolor white #$csvfile.WriteLine((Get-Date -Format "dd.MM.yyyy HH:mm:ss") +",REMOVE," + $orphanedUser) ((Get-Date -Format "dd.MM.yyyy HH:mm:ss") +",REMOVE," + $orphanedUser)| out-file $reportcsv -append -encoding $reportcsvencoding $evt.WriteEntry(("REMOVE from Lync:"+$orphanedUser),$infoevent,20) $summary.disable +=1 send-mailmessage ` -from $smtpfrom ` -to $smtpto ` -subject "Lync Groupprovisioning: REMOVE LyncUser: $csgroupmemberdn" ` -body "User was removes from Lync : REMOVE LyncUser: $csgroupmemberdn" ` -smtpServer $smtpserver } else { write-host " Error REMOVE from Lync:"$orphanedUser -backgroundcolor red -foregroundcolor white #$csvfile.WriteLine((Get-Date -Format "dd.MM.yyyy HH:mm:ss") +",ErrREMOVE," + $orphanedUser) ((Get-Date -Format "dd.MM.yyyy HH:mm:ss") +",ErrREMOVE," + $orphanedUser)| out-file $reportcsv -append -encoding $reportcsvencoding $evt.WriteEntry(("Error REMOVE from Lync:"+$orphanedUser),$errorevent,20) $summary.disableerror +=1 if ($error[0] -eq $null) { $bodytext = ("Error enabling User für Lync: $csgroupmemberdn Error[0]:null" ) } else { $bodytext= ("Error enabling User für Lync: $csgroupmemberdn Error:" + $error[0].tostring()) ` } send-mailmessage ` -from $smtpfrom ` -to $smtpto ` -subject "Lync Groupprovisioning: Error removing LyncUser: $csgroupmemberdn" ` -body $bodytext ` -smtpServer $smtpserver $error.clear() } } } } } Write-host "-- Summary " Write-host "Startcount : "$summary.startcount Write-host "Enabled Users: "$summary.enable Write-host "Enabled Simul: "$summary.enablesim Write-host "Enable Errors: "$summary.enableerror Write-host "Error noMail : "$summary.nomail Write-host "Erorr noUPN : "$summary.noupn Write-host "Diable User : "$summary.disable Write-host "Disable Simul: "$summary.disablesim Write-host "Disable Error: "$summary.disableerror Write-host "Remove Lync Remote Session Commandlets" remove-pssession -Session $session | out-null Write-host "Closing CSV-File" #$csvfile.Close(); $evt.WriteEntry("Lync Groupprovisioning beendet",$infoevent,1) Write-host "Lync Groupprovisioning End" Stop-Transcript