In a nutshell you have 3 options:
1) Use a Windows Script (e.g. VBScript or JavaScript/JScript)
2) Use the OCS 2007 Resource Kit Script (LCSEnableConfigureUsers.wsf)
3) Use Microsoft Powershell
I explore these 3 options below which all make use of WMI under the covers to set the “Enabled” property on the OCS user in Active Directory.
Important Prerequisites for all Options:
- All options require the OCS WMI class MSFT_SIPESUserSetting be available locally. The OCS Administrative Tools installs this WMI class and is an important pre-requisite.
- You should run these solutions with the appropriate permissions to access the Active Directory user objects. The user you run as should be a member of the RTCUniversalUserAdmins group.
- These options assume that the underlying AD user object has been created and the user has been provisioned for OCS (e.g. SIP address created). The scripts are setting an OCS AD attribute to enable or disable the user; not creating the actual AD object and provisioning it.
Option 1: Using a Script (e.g. VBScript or JavaScript/JScript)
I’ve put together a sample VBScript to enable or disable a single OCS user. Set the g_userURI and g_OCSEnableUser variables accordingly. You can use the guts of this script to easily do it for a batch of users (i.e. read a list of users from a file).
‘ SET THE USER WE WANT TO ENABLE or DISABLE
g_userURI = “sip:someTestUser@SIPDomain.com”
‘ TRUE TO ENABLE or FALSE TO DISABLE
g_OCSEnableUser = True
‘ Connect to a WMI object
Set wmiServer = CreateObject(“WbemScripting.SWbemLocator”).ConnectServer()
‘ Get the SIP User
Query = “SELECT * FROM MSFT_SIPESUserSetting where PrimaryURI = ‘” & g_userURI & “‘”
Set OCSUsers = wmiServer.ExecQuery(Query)
If ( IsEmpty(OCSUsers) Or OCSUsers.Count = 0) Then
WScript.Echo “No matching SIP user was found.”
Else
For each OCSUser in OCSUsers
PrimaryURI = OCSUser.PrimaryURI
HomeServerDN = OCSUser.HomeServerDN
UserDN = OCSUser.UserDN
‘ Wscript.Echo “URI: ” & PrimaryURI & Chr(13) & Chr(10) & HomeServerDN & Chr(13) & Chr(10) & UserDN
OCSUser.Enabled = g_OCSEnableUser
Err.Clear()
OCSUser.Put_ 0 ‘ 0 for create or update
If Err = 0 Then
WScript.Echo “Operation Successfull”
Else
WScript.Echo “Detected an error”
End If
Next
End If
Option 2: Using an OCS 2007 Resource Kit Script
The script requires 2 input files: one file containing a list of users to enable or disable (specified with their SIP or distinguished names), and another file with the corresponding OCS user settings.
These files require some time and effort to set up, so this option is best for big batch operations. The Resource Kit ReadMe contains good information on prerequisities and permissions expected for this script.
Option 3: Using Microsoft PowerShell
Microsoft PowerShell is a powershell scripting environment that comes with a WMI provider that can be used to manage OCS. You can download Powershell 1.0 here: http://www.microsoft.com/windowsserver2003/technologies/management/powershell/download.mspx.
Once installed, you can easily script a solution to enable/disable OCS users.
To get a list of OCS Enabled users, you can simply issue the command:
> get-wmiobject -class msft_sipesusersetting | ForEach-Object { $_.Enabled = true}
To enable a particular SIP user for OCS:
> get-wmiobject -class MSFT_SIPESUserSetting | where-object { $_.PrimaryURI -eq “sip:userid@SIPDomain” } | % { $_.Enabled = $True; $_.put() | out-null }