Lync Server 2010 Remote Administration

When Lync Server 2010 is deployed, there are two main administration tools:

  • Lync Server Control Panel
  • Lync Server Management Shell

Both are available from the Start-menu on a Lync Server:

image

 

Lync Server Control Panel

The Lync Server Control Panel are a web-based graphical administration tool built on Silverlight:

image

When deploying Lync, an administrative access URL needs to be specified, i.e. https://lync-admin.contoso.local. This makes it possible to administer the Lync Server 2010 environment from any web-based client that supports Silverlight.
In fact, every operation we`re performing in the Lync Server Control Panel is running PowerShell Lync cmdlets in the background.

 

Lync Server Management Shell

The Lync Server Management Shell is based on Windows PowerShell 2.0:

image

Like Exchange Server 2010, Lync Server 2010 provides an IIS (Internet Information Services) PowerShell provider.

This makes it possible to administer the Lync Server 2010 environment using PowerShell remoting. An example:

001
002
$session = New-PSSession -ConnectionUri https://lync-admin.contoso.local/OcsPowershell -Credential (Get-Credential)
Import-PSSession -Session $session

 

When running the above example, you are prompted for credentials. Specify a domain user account that has been delegated permissions to administer the Lync Server 2010 environent, i.e. one of the default security groups CSAdministrator or RTCUniversalServerAdmins. When the session are successfully established all cmdlets in the remote session are imported to your local PowerShell-session. This is what`s called PowerShell implicit remoting.

 

Additional resources

Lync Server TechCenter

Microsoft TechNet: Lync Server Management Shell

Lync Server PowerShell Blog

NextHop

Exchange Circular Logging in SBS 2008

While studying for exam 70-653 (SBS 2008, Configuring) I got aware of the fact that Circular Logging in Exchange 2007 are enabled by default in Small Business Server 2008. When the “Configure server backup”-wizard are run,  Circular Logging are automatically disabled afterwards.

For those using a 3rd party backup software this means that Circular Logging must be manually disabled. This is a real gotcha which should be stated clearer for SBS admins in my opinion.

Like I`ve configured in one scenario, backup are set up on a separate server using 3rd party backup software. Still the “Windows SBS Console” shows a warning stating that “Backup is not configured”. I contacted Microsoft support asking if it is possible to disable this warning, which it turned out to not be. I think there should be an option for choosing that the integrated Windows Server backup (which can`t backup to tape drives like NTBackup did) will not be used in the “Configure server backup”-wizard, in addition to giving the option whether to disable Circular Logging.

Hopefully this will be implemented in a future SBS Service Pack :)

Tips when scripting users in SBS 2008

If you`re like me you like to automate repetitive tasks. Today I was setting up a Windows Small Business Server 2008, and got an Excel spreadsheet with the users to be created.
I customized the spreadsheet and saved it as a csv-file. This is the headers I used in the csv-file:

givenname,middlename,sn,displayname,name,telephonenumber,samaccountname,userprincipalname,company,parentcontainer

I then installed Quest`s PowerShell AD Cmdlets to use when creating the user accounts. PowerShell was already installed since Exchange 2007 are installed on SBS 2008.

This the PowerShell code i used:

  1. import-csv "C:tempusers.csv" |   
  2. foreach-object { $username = $_.samaccountname;New-QADUser -FirstName $_.givenname -LastName $_.sn -ParentContainer $_.ParentContainer -SamAccountName $_.samaccountname -Name $_.name -displayname $_.displayname -userprincipalname $_.userprincipalname -Company $_.company -Department $_.department -PhoneNumber $_.telephonenumber | Set-QADUser -UserPassword Password1 -ObjectAttributes @{homeDrive= ‘F:’ ;homeDirectory= "\domain.localDataUsers$username" ;scriptPath=‘netlogon.bat’}|Enable-QADUser} 

SBS 2008 aren`t actually meant for using other tools than the SBS Console, i.e. users should not be created using “Active Directory Users and Computers”. Instead there is a wizard for creating users in the SBS Console. When using this several things happens in the background, like creating home folders, mailboxes, permissions, group membership, and so on…

Also users which are not created using the SBS Console wizard does not show up in the user list in the SBS Console. I knew there is a attribute on the AD objects which the wizard stamps so they are shown in the SBS Console, but I couldn`t remember the name of the attribute. So I asked my very good friend Mr Google, and he gave me a link to a post on the SBS Blog. There I found the name of the attribute which is “msSBSCreationState”, and was planning to script the value of this attribute to the users I`ve just scripted.
Then I read this part of the blogpost:

“If you have users that do not show in the SBS Console, you can get them to show by using the Change user role for user accounts wizard. It is important to notice that this wizard does much more than correctly “stamping” the user’s msSBSCreationState attribute. Using this wizard is only a work around to get the users to show in the SBS Console that were not created using the SBS provided tools. As shown above, the only recommended way adding new users are using the Add a new user account or Add multiple user accounts wizard.”

Then I ran the “Change user role for accounts wizard” to set the account type to “Standard user” for all the scripted user accounts, and afterwards the “magic” of permissions, group membership, mailbox creation and so on were applied. So the tips when scripting user accounts in SBS 2008 is to run this wizard afterwards.

If anyone got any reasons not to create users this way in SBS, please let me know.

You might wonder if there was so many users to be created on a SBS-server which is too much to be done manually, the number was 40 and I`m just too lazy to do that manually :)