Apply Lync policy based on Active Directory group Membership

Hi Readers,

Sharing a script that we have written for Lync so that we can enable or disable a particular policy based on Active Directory group Membership.

You can simply modify it to include other Policies as well, We have just used for external access only.

Pre-requisites: Lync & Active Directory Shell Module.

Extract the script from below link & change the variables

https://gallery.technet.microsoft.com/scriptcenter/Apply-Lync-policy-based-on-bf184ba2

$dir= “.\logs”

$limit = (Get-Date).AddDays(-30) # for scripts lof recycling

$groupname = “Lyncexternalaccess” # Ad group to whcih users will be added

$policyExt = “Allow Outside Access” # External Policy Name

$SMTPServer = “SMTP SErver”

$emailFrom = “DoNotReply@labtest.com”

$emailTo = “Vikassukhija@labtest.com”

 

Run the batch file or schedule it to run on daily basis.

This script will also send a report in the email about the status of user ids & what action has been taken.

############################################################################################## 
#                Author: Manhur Mannan 
#                Reviewer: Vikas Sukhija 
#                Date: 09/01/2015 
#                Review: 09/15/2015 
#                Update: Fixed bug & logic,as it was working intermittently 
#                Update: 01/21/2016 
#                Desc: Apply Lync policy based on Ad group Membership 
############################################################################################### 
 
########################Import AD / Lync Modules######################################## 
 
Import-Module 'C:\Program Files\Common Files\Microsoft Lync Server 2010\Modules\Lync\Lync.psd1' 
Import-Module activedirectory 
 
 
 
######################Define LOgs/ Variables############################################# 
 
$date = get-date -format d  
$date = $date.ToString().Replace(“/”, “-”)  
$time = get-date -format t  
$time = $time.ToString().Replace(":""-")  
$time = $time.ToString().Replace(" """) 
 
$output = ".\Logs" + "\"+ "LyncExternalAccess_" + $date + "_.csv" 
$logs = ".\Logs" + "\" + "Powershell" + $date + "_" + $time + "_.txt" 
 
$dir".\logs" 
$limit = (Get-Date).AddDays(-30)  
 
 
$groupname = "Lyncexternalaccess" 
$policyExt = "Allow Outside Access" 
$SMTPServer = "SMTP SErver"  
$emailFrom = "DoNotReply@labtest.com"  
$emailTo = "Vikassukhija@labtest.com"  
 
Start-Transcript -Path $logs 
 
#################### Get all Lync suers ################################################ 
 
$users = Get-CsUser -resultsize unlimited 
$usercount = $users.count 
 
"Total Enabled users = $usercount" 
 
$resultarray =@() 
 
Foreach ($user in $users) 
    { 
     $lncobj = new-object PSObject  
     $usersam = $user.SamAccountName 
     $userid = $user.identity 
            
     $groups = Get-ADPrincipalGroupMembership $usersam  
 
###########Check users is member of $groupname ################################## 
      $mem = $null 
      Foreach ($group in $groups) 
       { 
        If ($group.name -like $groupname) { 
    $mem = "Yes"} 
 
        }  
################################if user is member of $groupname################## 
 
    If ($mem -eq "Yes") 
            { 
            Write-host "Processing.....memberof...... $usersam Member" -foregroundcolor Green 
             $policies = Get-Csuser $userid 
             $extpolicy = $policies.ClientVersionPolicy 
             $policy = $extpolicy.FriendlyName 
          
 
                If($policy -ne $policyExt){ 
        Grant-CsExternalAccessPolicy -Identity $userid -PolicyName $policyExt 
                "$usersam has been enabled for lync External Access policy" 
        $lncobj | add-member -membertype NoteProperty -name "SamaccountName" -Value $usersam 
        $lncobj | add-member -membertype NoteProperty -name "Access Level" -Value "Added" 
        }  
                Else  
         { 
          "$usersam is Already Enabled" 
          #$lncobj | add-member -membertype NoteProperty -name "SamaccountName" -Value $usersam 
          #$lncobj | add-member -membertype NoteProperty -name "Access Level" -Value "Already Added" 
         } 
            }  
########################If user is not emember of $groupname################## 
     Else  
            { 
            Write-host "Processing....notmemberof........ $usersam Member" -foregroundcolor Yellow 
            $policies = Get-Csuser $userid 
            $extpolicy = $policies.ClientVersionPolicy 
            $policy = $extpolicy.FriendlyName 
              
             If($policy -eq $policyExt){ 
         Grant-CsExternalAccessPolicy -Identity $userid -PolicyName $Null 
             "$usersam has been disabled for lync External Access policy" 
          $lncobj | add-member -membertype NoteProperty -name "SamaccountName" -Value $usersam 
          $lncobj | add-member -membertype NoteProperty -name "Access Level" -Value "Removed" 
                 }  
                Else  
         { 
          "$usersam is not Enabled for External Access Policy" 
        #$lncobj | add-member -membertype NoteProperty -name "SamaccountName" -Value $usersam 
         #$lncobj | add-member -membertype NoteProperty -name "Access Level" -Value "Not Enabled" 
         } 
            }  
     $resultarray +$lncobj 
    } 
###############################send logs via email #################################### 
 
$resultarray | select "SamaccountName","Access Level" -uniq | Export-csv $output -notypeinformation 
 
# Variable initializing to send mail 
$TXTFile = $output 
$subject = "Lync Policy Applied via AD group Log"  
$emailBody = "Lync Policy Applied via AD group Log" 
 
# Code to Send Mail  
Send-MailMessage -SmtpServer $SMTPServer -From $emailFrom -To $emailTo -Subject $subject -Body $emailBody -Attachment $TXTFile 
 
###################################################################################### 
 
$path = $dir  
  
Get-ChildItem -Path $path  | Where-Object {   
$_.CreationTime -lt $limit } | Remove-Item -recurse -Force  
 
###################################################################################### 
 
stop-transcript

Regards

Sukhija Vikas

http://msexchange.me

Regards

Sukhija Vikas

http://msexchange.me

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s