Sunday, 3 June 2012

To enable user in In Lync 2010, we have to use either the Lync Server Management Shell or the web-based Lync Control Panel, but most of the times the need arises that the users should be enabled automatically. So to perform this task manually is too cumbersome for many admins, especially in situations where almost everyone in an organization has to be enabled for Lync.

So I have written the Power shell script to automate this task. The script navigates through the entire domain and find for disabled(for Lync) AD user. After finding them it enbles them on the basis of "UserPrincipalName"  as a sip address type. You can provide any type like email address, display name etc.

File Name : enable.ps1

Import-Module ActiveDirectory;

$ouname=Get-ADOrganizationalUnit -filter * | select-object -property Name;

import-module 'C:\Program Files\Common Files\Microsoft Lync Server 2010\Modules\Lync\Lync.psd1';

$arr= new-object String[] $c;

for($i=0; $i -le $ouname.count; $i++){$arr[$i]=$ouname[$i];};

for($j=0; $j -le $c-2; $j++ ){$a=$arr[$j].Replace("@{Name=",""); $b=$a.Replace("}",""); get-csaduser -filter {Enabled -ne $True} -OU "ou=$b,dc=demodomain,dc=com" | Enable-CsUser -RegistrarPool "" -SipAddressType userprincipalname -SipDomain "" };

So, lets understsnd what has done:
Firstly, we have to import module of ActiveDirectory to list all the OU's in Active Directory. The line below that gets all OU names into $ouname variable.

Now, to execute Lync command, we have to import Lync module in Powershell.
The followinf three lines are to get Ou name in proper format, because second line gives output in the format of "@{Name=testou}" so while sending the name of OU to script we have to trim "@{Name=" and "}".

The last line navigates through entire domain of Active Directory and finds disabled user for Lync and enables them on the basis of Sip Address type as UserPrincipalName.

So now it's important to schedule it to run automatic; So we can use task scheduler or batch file script to schedule it execute at particular time interval.

File Name : enableuser.bat
@ECHO "Please, don't close this window"
@ECHO "AgreeYa Mobility"

powershell.exe -noprofile -executionpolicy Unrestricted -file enable.ps1

@ timeout 60
@ cls
goto msg

The above batch file script excutes the enable.ps1 file for every 60 second. If you don't want echo then, add another line at starting of script @echo off.

Just place above two files at any place and double click on enableuser.bat, magic will start.


  1. Hi ,

    This is Denny, the creator of this free automated employee
    provisioning/termination app-- Z-hire. I wrote this app for the TechNet community a year ago.

    Since you run a very informative blog, I would like your help
    spread the word. Since my application is free, i need supporters from the
    community. It would means a lot if you can help.

    Here is a link to my app


  2. Thanks Denny. I visited your site and read about your app, same thing I did earlier, all AD functionality's under one app, this post is small part of it.

    I am always ready to help.