Lync Server 2010 - Add / Enable users in a Security group
The Challenge
In large complex Active directory's, there tends to be a challenge when targeting certain users across many OU`s. This article describes the process to enable users based on membership of certain groups.
Resolution
From Lync Powershell simply user the -Filter option as per below, changing the required text to match your needs.
Get-CsAdUser -LDAPFilter memberof=cn="MySecurityGroup,ou=mylowestou,ou=myou1,dc=mydomain,dc=co,dc=uk" | Enable-CsUser -RegistrarPool mylyncpool.mydomain.co.uk -SipAddressType EmailAddress
Wednesday 18 July 2012
Tuesday 17 July 2012
Lync Server 2010 - Install Fails server.msi Error code 1603
Issue
Whilst trying to Install Lync 2010 Server components the Install mail fail during and the following message is logged:
Error returned while installing Server.msi(RegistrarStore), code 1603
Cause
This may occur if the Admin$ Shares have been removed from the local server or SQL server (C$, D$)
Resolution
Re-create the admin shares on the server that the Intstall fails.
Issue
Whilst trying to Install Lync 2010 Server components the Install mail fail during and the following message is logged:
Error returned while installing Server.msi(RegistrarStore), code 1603
Cause
This may occur if the Admin$ Shares have been removed from the local server or SQL server (C$, D$)
Resolution
Re-create the admin shares on the server that the Intstall fails.
Friday 13 July 2012
Exchange 2010 - Outlook 2010 Personal Archive not visible
Symptom
After enabling a user for a personal archive, the archive does not show through outlook 2007 or 2010 but can be accessed via Outlook Web Access (OWA)
Resolution
Something that is not clearly stated on Technet is that only certain versions of Outlook / Office 2010 are supported with Exchange 2010 Personal Archive.
REF:
http://office.microsoft.com/en-us/outlook-help/license-requirements-for-personal-archive-and-retention-policies-HA102576659.aspx?CTT=5&origin=HA101830421
Symptom
After enabling a user for a personal archive, the archive does not show through outlook 2007 or 2010 but can be accessed via Outlook Web Access (OWA)
Resolution
Something that is not clearly stated on Technet is that only certain versions of Outlook / Office 2010 are supported with Exchange 2010 Personal Archive.
REF:
http://office.microsoft.com/en-us/outlook-help/license-requirements-for-personal-archive-and-retention-policies-HA102576659.aspx?CTT=5&origin=HA101830421
Outlook retail licenses
| Supported | Not supported |
|---|---|
|
|
Outlook volume licenses
These licenses are available through volume licensing only. For more information, see Microsoft Volume Licensing Programs.| Supported | Not supported |
|---|---|
|
|
Tuesday 15 May 2012
Mailtips / OOf
Simple little tip. This is one for the times you scratch your head after configuring EWS with what seems like a simple URL change (eg https://mail.consultantsrus.co.uk/ews/exchange.asmx). You are sure it is correct, and you have done an IISRESET on all your CAS servers. But still when you connect via Outlook Anywhere you get the annoying "Mailtips cannot be retrieved" on a new message, and the Out of Office cannot be set with the "server is not available" warning.
Go back into IIS and recycle the Autodiscover app pool ! Voila ! Simples :-)
Hope this helps
Go back into IIS and recycle the Autodiscover app pool ! Voila ! Simples :-)
Hope this helps
Friday 20 April 2012
Create or Modify Windows 2008 R2 DFS Targets
Scenario
You want to create, modify or Migrate to a nice new DFS Architecture and/or migrate data to new file servers/targets, and want to populate all your nice new links with new folder targets, yet ensuring users do not access them while you do this. So we create the targets via the GUI and set to Disable. Done. ! However the problem is you have hundreds of Links and Targets. So here comes a severe case tendentious, or we sort to engage Mr Script.
Solution
My Idea of tendentious and GUI screen burn does not bode to well for me as a concept, so utilizing the much more feature rich DFS comdlet of DFSUTIL.EXE is a far better and quicker option. So presuming you have completed your required planning on what, where and how the DFS and Shares are going to look, we put DFSUTIL.EXE into action. (Remember Excel and Notepad are your friend)
Adding a Folder Target to en existing DFS Link
dfsutil target add "\\contoso.local\dfsshare\Shared Files\HR" "\\Filserver1\Share\HR"
Making the Folder target Offline (Disabled)
dfsutil property state offline "\\contoso.local\dfsshare\Shared Files\HR" "\\Filserver1\Share\HR"
Making the Folder target Online (Enabled)
dfsutil property state Online "\\contoso.local\dfsshare\Shared Files\HR" "\\Filserver1\Share\HR"
Happy Migrating !
You want to create, modify or Migrate to a nice new DFS Architecture and/or migrate data to new file servers/targets, and want to populate all your nice new links with new folder targets, yet ensuring users do not access them while you do this. So we create the targets via the GUI and set to Disable. Done. ! However the problem is you have hundreds of Links and Targets. So here comes a severe case tendentious, or we sort to engage Mr Script.
Solution
My Idea of tendentious and GUI screen burn does not bode to well for me as a concept, so utilizing the much more feature rich DFS comdlet of DFSUTIL.EXE is a far better and quicker option. So presuming you have completed your required planning on what, where and how the DFS and Shares are going to look, we put DFSUTIL.EXE into action. (Remember Excel and Notepad are your friend)
Adding a Folder Target to en existing DFS Link
dfsutil target add "\\contoso.local\dfsshare\Shared Files\HR" "\\Filserver1\Share\HR"
Making the Folder target Offline (Disabled)
dfsutil property state offline "\\contoso.local\dfsshare\Shared Files\HR" "\\Filserver1\Share\HR"
Making the Folder target Online (Enabled)
dfsutil property state Online "\\contoso.local\dfsshare\Shared Files\HR" "\\Filserver1\Share\HR"
Happy Migrating !
Thursday 15 March 2012
+44 Normalisation
…… or normalization, as some may say ! ! !
To keep to best practice in a Lync Server 2010 project it is always recommended that users numbers in AD are in RFC 2916 (E164) format. Obviously for a customer with many users this becomes a bit of a chore and one that is always nicely filed under “Customer Pre-reqs” in any project plan ! !
So I had a play with the fabled company_phone_number_normalization_rules.txt file ……… this should be stored in the ABFiles folder of the Lync share that is published as part of your topology. In my case ……. D:\LyncShare\1-WebServices-1\ABFiles
There is a sample file included elsewhere in the Lync Program Files folder. A lot of the samples given are complex and mean nothing. My scenario is reasonably simple; in the UK most numbers stored in AD are 11 digits long, ie National (01246 123 456), Mobile (07790 123 456) or Private (0870 123 4567). The one thing you do learn from the sample file is that a correct normalisation rule will get rid of trailing spaces, gaps, brackets etc (ie it only reads the numbers !)
So in my scenario, I wanted to automate the normalisation. Looking in the event viewer prior to playing, there were regular 21034 LSAddressBook warnings as below indicating:
I created the text file in the above location and added one simple line as follows:
| ## ## Normalize 11-digit phone number patterns from Active Directory into +E.164 ## (\d{11}) +44$1 |
This seemed to be mentioned on a couple of respected web sites and blogs but it didn’t work for me. I ran a update-CSaddressbook –force –verbose but alas only succeeded in receiving a warning 21034 as above. So I found the following on a blog specifically discussing UK usage:
| ## match National to UK E.164 \+?0([1-9]\d{7,9}) +44$1 |
This seemed to do the trick and my 21034 warning is now a lot better and the 4 “failures” relate to disabled accounts.
I could have been a lot cleverer and made more rules but this is simple enough in my current environment. Thanks to http://visualplanet.org/blog/?p=91
Obviously the parsing of this file at address book update time DOES NOT change any attributes of users numbers in AD, it merely helps Lync to see them in a way it understands (E164) so it can present them properly in the Lync client and contact cards etc …….
Hope this helps, I’ve always fancied having a bash.
Monday 5 March 2012
Exceeded server limit for database copies
Situation
New DAG created, attempt to create copies for (6) databases. All create OK, but final 2 fail during seeding. Status is seen as "Failed and Suspended". A resume or update fails and warnings are generated:
"The database copy was automatically suspended due to failure item processing. At '7/5/201x9:01:14 AM' the copy of database '1234DB' on this server wasn't able to operate because the number of mailbox database copies on this server exceeds the supported limit. Recovery was not attempted."
The servers in question are activated and licensed for ENTERPRISE and manually adding the set-mailboxserver entry for maximum databases does not resolve the issue.
Resolution:
Via Exch Shell, run the following command: Set-ExchangeServer -ID -ProductKey
accept the warning (yellow) that the server is already licensed. Restart the information store and attempt to 'resume' or 'update' the copies.
Jobs a good 'un.
Wednesday 18 January 2012
Easily Produce HTML GPO Reports Windows 2008 Powershell
Challenge
As part of any discovery or health audit, It`s never been particularly easy to cleanly export a viewable and searchable report on the configured and deployed Group Policy Objects and their placement.
Solution
With Windows PowerShell you can now simply run a 1 line command that will export all GPO`s in a single swoop to a presentable HTML Report.
Simply follow the below steps to export ALL GPO`s into and single HTML Report.
1. From Powershell Import the GPO PSCommandlets -
Run import-module grouppolicy
2. Run the following command (Just changing the domain, DC and the output path)
Get-GPOReport -All -Domain mytestdomain.COM -Server test-DC3 -ReportType HTML -Path C:\temp\GPOReportsAll.html
As part of any discovery or health audit, It`s never been particularly easy to cleanly export a viewable and searchable report on the configured and deployed Group Policy Objects and their placement.
Solution
With Windows PowerShell you can now simply run a 1 line command that will export all GPO`s in a single swoop to a presentable HTML Report.
Simply follow the below steps to export ALL GPO`s into and single HTML Report.
1. From Powershell Import the GPO PSCommandlets -
Run import-module grouppolicy
2. Run the following command (Just changing the domain, DC and the output path)
Get-GPOReport -All -Domain mytestdomain.COM -Server test-DC3 -ReportType HTML -Path C:\temp\GPOReportsAll.html
Subscribe to:
Posts (Atom)