Location: Articles

Articles

Articles

Current Articles | Categories | Search | Syndication

How to Enable, Disable and Maintain OCS 2007 (Office Communications Server) User Attributes using VBScript.

By Matty Holland on Thursday, May 15, 2008 4:51 PM

This script will enable and configure Active Directory users for OCS 2007.  This is an updated version of the re-written LCS reskit script published in article: How to Enable, Disable and Maintain LCS (Live Communications Server) User Attributes using VBScript.

Download - Download the script.

The attached script can be used to enable Active Directory users for OCS 2007.  The full background is described in a previous article that discussed managing LCS 2005 users via script:

How to Enable, Disable and Maintain LCS (Live Communications Server) User Attributes using VBScript

This script is a modified version of the LCSEnableConfigureUsers.wsf script that can be found in the OCS Resource Kit.  While the reskit script can be sufficient in many situations, the attached script as a little more flexible.  The main differences between this script and the reskit script are already documented in the LCS article mentioned above.   The key differences are:

 

  • Its possible to use LDAP queries to apply different configurations to different pools of users ; for example you could have all users in dept 1 with Federation Enabled while all users in dept 2 have federated services disabled

 

  • It's possible to use the users email address for SIP address instead of UPN.  We found that using a users UPN as sip address (where the UPN does not match the users email address) can prevent Smart Tags from working in Outlook. 

 

  • Supports renaming users : if a user has their UPN or Primary Mail address renamed then the script will also rename the users sip: address  

 

  • Use of a 'disable group' which is a sort of black list.  The members of which will never be enabled, even if they are included with the scope of any LDAP query in your configuration files. 


The true advantage of this script comes with the help of LDAP queries/filters to provide the functionality to specify different configuration to different groups of users.

Here is the text from the readme.txt which is also included in the download:



OCS PROVISIONING SCRIPT: AUTHOR MATTY HOLLAND (MATTY@ACTIVEDIR.ORG)


1. DISCLAIMER
2. Run.bat
3. users.txt
4. GlobalConfig.txt
5. Examples


------------------------------------


1. DISCLAIMER

This script is provided "as is" and should work in most environments, however, every environment is different so there are no guarantees! 
Every effort has been made to ensure the files work as stated.  ActiveDir.Org assume no responsibility for your use of these files.

The associated article to this script can be found here:

http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/54/Default.aspx

Please direct any questions to matty@activedir.org


------------------------------------

2. Run.bat:

Execute this file to start the OCS provisoning script with the correct parameters.  This can be called from scheduled task for example.

If you edit run.bat, you will notice the script has two parameters:

    ocsconfigureusers.wsf /usersFile:users.txt /globalconfigFile:globalconfig.txt


------------------------------------

3. Users.txt

This is the file specified by the script parameter /usersFile:

The users file contains the scope (LDAP filters and Search Bases) that control which users are OCS enabled and which OCS settings they will receive.

The format is as follows:

    DISABLEGROUP:<DistinguishedName Of a Group Containing users that should not be enabled>

        The 'DISABLEGROUP:' identifier is optional and must come first in the users.txt file.  The value is the path to a group in your directory
        to which you can add users who will never be enabled for OCS

        Example: cn=MYGROUP-OF-OCSDISABLEDUSERS,OU=GROUPS,DC=MYDOMAIN,DC=COM


    DN:<SearchBase>##<SearchFilter>##<ConfigFile>

        The 'DN:' identifier
 is where you can specify a scope for users who should be enabled for OCS.  There are several values:

        <SearchBase> =  The DistinguishedName of a container on which to start an ldap search (will always be a subtree search)

                Example: OU=MYUSERS,DC=MYDOMAIN,DC=COM


        <SearchFilter> = The LDAP filter (this is optional).

                Example: (&(objectClass=User)(objectCategory=Person))
                 
                The example will return all objects of type 'user' under the SearchBase

       

        <ConfigFile> =     If this value is ommited then the file specified with the script parameter /globalconfigFile: will be used

                The config file is used to specify which attributes of OCS to enable.


    GROUP:<GroupDistinguishedName>##configfile

        <GroupDistinguishedName> is the path to a group in your directory
        to which you can add users who will be enabled for OCS.

        Example: cn=MYGROUP-OF-OCSUSERS,OU=GROUPS,DC=MYDOMAIN,DC=COM

        <ConfigFile> =     If this value is ommited then the file specified with the script parameter /globalconfigFile: will be used

                The config file is used to specify which attributes of OCS to enable.


See the attached Users.txt for an example.


------------------------------------

4. globalconfig.txt


The global configuration file contains OCS configuration parameters, such as the PoolName which should be the name of your OCS pool.

PerformRenames:==true
ForceUpdate:==false
UseMailAddressAsSIPAddress:==true

Enabled:==true
PoolName:==pool01
EnabledForFederation:==false
EnabledForInternetAccess:==false
PublicNetworkEnabled:==false
RemoteCallControlTelephonyEnabled:==false
ArchiveInternalCommunications:==false
ArchiveFederatedCommunications:==false
AllowOrganizeMeetingWithAnonymousParticipants:==false
MeetingPolicy:==Policy 5 (Low)
EnabledForEnhancedPresence:==false
IPPBXSoftPhoneRoutingEnabled:==false
UCEnabled:==false

You can also checkout the oCS Reskit for a complete description of these attributes.


------------------------------------

5. Examples


Example A.
* Simple example that enables all users under OU=MYUSERS in THAT.LOCAL domain

Users.txt
DN:OU=MYUSERS,DC=THAT,DC=LOCAL

Note: because no other parameters have been specfied the default global config file is used as shown above.

-----------------------------------------------------

Example B.
* Enable all users under OU=MYUSERS that have a username starting with A in THAT.LOCAL domain
* Disable an no longer re-enable $users in CN=MYGROUP-OF-OCSDISABLEDUSERS,OU=GROUPS,DC=THAT,DC=LOCAL

Users.txt
DISABLEGROUP:CN=MYUSERS,DC=THAT,DC=LOCAL
DN:OU=MYUSERS,DC=THAT,DC=LOCAL##(SamAccountName=A*)

Note: because no other parameters for a config file have been specfied the default global config file is used as shown above.


-----------------------------------------------------

Example C.
* Enable all users under OU=MYUSERS that have a username starting with A in THAT.LOCAL domain
* Enable all members of group CN=MYGROUP-OF-OCSUSERS,OU=GROUPS,DC=THAT,DC=LOCAL
* Disable an no longer re-enable $users in CN=MYGROUP-OF-OCSDISABLEDUSERS,OU=GROUPS,DC=THAT,DC=LOCAL

Users.txt
DISABLEGROUP:CN=MYUSERS,DC=THAT,DC=LOCAL
DN:OU=MYUSERS,DC=THAT,DC=LOCAL##(SamAccountName=A*)
GROUP:CN=MYGROUP-OF-OCSUSERS,OU=GROUPS,DC=MYDOMAIN,DC=COM

Note: because no other parameters for a config file have been specfied the default global config file is used as shown above.

-----------------------------------------------------

Example D.
* Enable all users under OU=MYUSERS that have a username starting with A in THAT.LOCAL domain
* Enable all users under OU=MYEXTERNALUSERS,DC=THAT,DC=LOCAL that do not have a mail address and applies configuration set in the GlobalConfig_UsersWithoutEmail.txt

* Enable all members of group CN=MYGROUP-OF-OCSUSERS,OU=GROUPS,DC=THAT,DC=LOCAL
* Disable an no longer re-enable $users in CN=MYGROUP-OF-OCSDISABLEDUSERS,OU=GROUPS,DC=THAT,DC=LOCAL

Users.txt

DISABLEGROUP:CN=MYUSERS,DC=THAT,DC=LOCAL
DN:OU=MYUSERS,DC=THAT,DC=LOCAL##(SamAccountName=A*)
DN:OU=MYEXTERNALUSERS,DC=THAT,DC=LOCAL##(!mailNickName=*)##GlobalConfig_UsersWithoutEmail.txt
GROUP:CN=MYGROUP-OF-OCSUSERS,OU=GROUPS,DC=MYDOMAIN,DC=COM


GlobalConfig_UsersWithoutEmail.txt

PerformRenames:==true
ForceUpdate:==false
UseMailAddressAsSIPAddress:==false

Enabled:==true
PoolName:==pool01
EnabledForFederation:==false
EnabledForInternetAccess:==false
PublicNetworkEnabled:==false
RemoteCallControlTelephonyEnabled:==false
ArchiveInternalCommunications:==false
ArchiveFederatedCommunications:==false
AllowOrganizeMeetingWithAnonymousParticipants:==false
MeetingPolicy:==Policy 5 (Low)
EnabledForEnhancedPresence:==false
IPPBXSoftPhoneRoutingEnabled:==false
UCEnabled:==false


Note:
The important difference in this example is this line:

    DN:OU=MYEXTERNALUSERS,DC=THAT,DC=LOCAL##(!mailNickName=*)##GlobalConfig_UsersWithoutEmail.txt

This line is applying a special configuraton to all users (external users in this case) that do not have an internal company email address. 
By specifying a different globalconfig file GlobalConfig_UsersWithoutEmail.txt a different OCS configuration can be applied to their user account
so they can be OCS enabled but this time not using the Mail Address as their SIP address:

    UseMailAddressAsSIPAddress:==false


 


Rating
Comments

By CL @ Friday, November 07, 2008 4:15 AM

Hi,
Your script seems very insteresting because we plan to implement LCS2007 with communicator 2007 instead of messenger in our organisation but I can not download your script (access denied error).

Thanks

By christophe Lambre @ Friday, November 07, 2008 4:18 AM

Problem solved after I have done a logoff and logon.

Thanks

By jc @ Monday, June 29, 2009 10:44 PM

hi, have you tested this with r2? i get an error at line 825,4 swbrmobjectex: type mismatch

seems it doesnt like the archving settings?

thanks.

Click here to post a comment
Friends

Friends

Button

Ads

Copyright 2009 ActiveDir.org
Terms Of Use