0 votes

I'm working on setting up business rule provisioning for Lync and UM. I've cobbled together a couple of scripts which should work by looking at them, but do not always work when initiated through the after user creation business rule. However, the same scripts work when executing manually through admin interface or website.

The first try/catch block will usually enable the user for Lync. However, the second block with Set-CsUser fails when business rule initiated with the outpur error referencing not being able to find the user. Using UPN or sip address.

Any help will be greatly appreciated.

$lyncServer = "LYNCSERVER.com"
$sessionOptions = New-PSSessionOption -SkipRevocationCheck -SkipCACheck -SkipCNCheck
$session = New-PSSession -ConnectionUri https://$lyncServer/ocspowershell -SessionOption $sessionOptions -Authentication NegotiateWithImplicitCredential

Import-PSSession -session $session -AllowClobber

$registrarPool = "POOL.LYNCSERVER.com"

$officeNumber = "%telephoneNumber%" -ireplace '.*([2-9]\d{2})(\D*)([2-9]\d{2})(\D*)(\d{4}).*', '+1$1$3$5'
$ext = $officeNumber.substring($officeNumber.length - 5, 5)

$StopLoop = $False
do{
    try{
        Enable-CsUser -Identity "%userPrincipalName%" -RegistrarPool $registrarPool -SipAddressType SamAccountName -SipDomain SIPDOMAIN.com
        $StopLoop = $True
    }
    catch{
        Write-Host "Wait for user sync"
        Start-Sleep -s 60
    }

}
While ($StopLoop -eq $False)
#wait a second
Start-Sleep -s 4
$StopLoop = $False
do{
    try{
        Set-CsUser -Identity "%userPrincipalName%" -EnterpriseVoiceEnabled $True -LineUri "tel:$officeNumber;ext=$ext" -PassThru | Set-CsClientPin -Pin #######
        $StopLoop = $True
    }
    catch{
        Write-Host "Wait for user sync"
        Start-Sleep -s 60
    }

}
While ($StopLoop -eq $False)

Remove-PSSession -Session $session
by (1.2k points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

As far as we can see from the steps you tried to rectify the issue, you are experiencing a replication issue. Most probably, the root cause for it is that Adaxes creates a new user on one of your domain controllers, while Lync uses another DC to enable a Lync account for the user and set the properties. The best strategy for mitigating the issue would be to make Adaxes and Lync use the same DC instead of adding wait loops. Almost all Lync Management cmdlets support the -DomainController parameter that allows specifying the DC that will be used by Lync to perform the operation. Thus, you need to pass the DC where Adaxes creates the user as a paramter to the cmdlets. We've modified your code to pass the DC to the cmdlets as follows:

$lyncServer = "LYNCSERVER.com"
$registrarPool = "POOL.LYNCSERVER.com"

# Get telephone number and extension
$officeNumber = "%telephoneNumber%" -ireplace '.*([2-9]\d{2})(\D*)([2-9]\d{2})(\D*)(\d{4}).*', '+1$1$3$5'
$ext = $officeNumber.substring($officeNumber.length - 5, 5)

# Get domain controller FQDN
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$rootDSE = $Context.BindToObject("Adaxes://$domainName/rootDSE")
$domainControllerFQDN = $rootDSE.Get("dnsHostName")

$sessionOptions = New-PSSessionOption -SkipRevocationCheck -SkipCACheck -SkipCNCheck
$session = New-PSSession -ConnectionUri https://$lyncServer/ocspowershell -SessionOption $sessionOptions -Authentication NegotiateWithImplicitCredential

Import-PSSession -session $session -AllowClobber

Enable-CsUser -Identity "%userPrincipalName%" -RegistrarPool $registrarPool -SipAddressType SamAccountName -SipDomain SIPDOMAIN.com -DomainController $domainControllerFQDN
Set-CsUser -Identity "%userPrincipalName%" -EnterpriseVoiceEnabled $True -LineUri "tel:$officeNumber;ext=$ext" -PassThru  -DomainController $domainControllerFQDN | Set-CsClientPin -Pin #######

Remove-PSSession -Session $session

Related questions

0 votes
1 answer

Hi support, We have security groups named like Test-Group--Users, where is different for each group. I have a powershell query which gets a list of those Test-Group--Users" ... only Test-Group-<variable>-User that user is member of but it is an array

asked Oct 31 by Vish539 (460 points)
0 votes
1 answer

Hello, I am scripting user creation. I have created a custom command where an end user will submit info for the user to be created from: Here is the scirpt: # Import the ... Schema. I have tried using "Employee Type" as in the screen shot above but same error.

asked Apr 6, 2023 by mightycabal (1.0k points)
0 votes
1 answer

I'm seeing this error when I run a user deprovision. It still executes the script but nobody likes errors! Run PowerShell Script 'DuoDeprovisionExport' For the user. The term ' ... running an export script in the first place for my Duo user info. ) Thanks.

asked Feb 19, 2020 by rainamaina (60 points)
0 votes
1 answer

We were wondering if Adaxes has a script available to create AS400 accounts during the AD creation. This will allow us to totally automate the new hire process going forward.

asked Jan 26, 2017 by willy-wally (3.2k points)
0 votes
1 answer

I need to replace one Active Directory security group that has been given rights over many OUs within several Security Roles. There are likely ~300 entries that need ... in the SDK documentation appears to be broken - http://adaxes.com/scriptrepository

asked May 1, 2013 by SomeUser (90 points)
3,589 questions
3,278 answers
8,303 comments
548,121 users