-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathLyncAutoOps.ps1
More file actions
585 lines (522 loc) · 28 KB
/
LyncAutoOps.ps1
File metadata and controls
585 lines (522 loc) · 28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
################################################################################################################################
# Name: LyncAutoOps Tool
# Version: v1.5.1 (20/1/2015)
# Created By: Max Sanna
# Web Site: http://blog.maxsanna.com
# Contact: max(at)maxsanna.com
#
# Notes: This is a Powershell tool designed to run unattended. It can be run from Powershell directly, but you'll probably want
# to set up a scheduled task that runs every 12 hours.
# For more information on the requirements for setting up and using this tool please visit http://blog.maxsanna.com
# or the relevant Technet Gallery page.
#
# Copyright: Copyright (c) 2015, Max Sanna - All rights reserved.
# Licence: Redistribution and use of script, source and binary forms, with or without modification, are permitted provided that
# the following conditions are met:
# 1) Redistributions of script code must retain the above copyright notice, this list of conditions and the following disclaimer.
# 2) Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
# 3) Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the distribution.
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
# BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; LOSS OF
# GOODWILL OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# Release Notes:
# 1.0.0 Initial Release.
# 1.1.0 Replaced having to use the New Lync Group DN with its SAM Account name for simplicity.
# Added comments to the code.
# 1.5.0 Added multi-pool support for global deployments based on user's location, and fallback mechanism
# Various code improvements.
# 1.5.1 Fixed some bugs when used in simple mode related to array manipulation
# Fixed all the LF back to CRLF (blame Github for that...)
#
################################################################################################################################
# You need to have installed the Lync 2013 Core Components for this script to work
Import-Module Lync
$Date=Get-Date
# We create a log file with today's timestamp
$Logfilepath= "Logs\LyncAutoOpsProgressLog_{0}{1:d2}{2:d2}-{3:d2}{4:d2}{5:d2}" -f $date.year,$date.month,$date.day,$date.hour,$date.minute,$date.second + ".log"
$ErrorLogfilepath= "Logs\LyncAutoOpsErrorLog_{0}{1:d2}{2:d2}-{3:d2}{4:d2}{5:d2}" -f $date.year,$date.month,$date.day,$date.hour,$date.minute,$date.second + ".log"
# We import all the config parameters
[xml]$XMLDoc = Get-Content ".\LyncAutoOps.config"
$Config = $XMLDoc.SelectNodes("/Config")
################################################################################################################################
#
# Function: Logging
# =============
#
# Input Parameters:
# $logtext: The text string to be written to the console or to a log file
# $logtype: The type of message to be written: normal, error, or debug
#
# Purpose:
# - Writes a text string to the console and/or to log files depending on the type.
# type=cINFO: output goes to console and the normal log file
# type=cERROR: Output goes to Console, normal log file, and error log file
#
#
###############################################################################################################################
function logger( $logtext, $logtype )
{
switch($logtype)
{
cINFO
{
write-host $logtext -b black -f green
$logtext | Out-file $Logfilepath -append
}
cERROR
{
write-host "ERROR: " $logtext -b black -f red
"ERROR: " + $logtext | Out-file $logfilepath -append
"ERROR: " + $logtext | Out-file $ErrorLogfilepath -append
}
}
}
################################################################################################################################
#
# Function: DirectorySearcher
# =============
#
# Input Parameters:
# $LDAPQuery: The LDAP query to search for
# $SearchRootDN: The DN containing the root for the search to be performed
#
# Purpose:
# Outputs an array of results matching LDAPQuery.
#
#
###############################################################################################################################
function DirectorySearcher {
[CmdletBinding()]
param (
[parameter(Mandatory=$true,ValueFromPipeline=$false)]
[string]$LDAPQuery,
[parameter(Mandatory=$true,ValueFromPipeline=$false)]
[string]$SearchRootDN,
[parameter(Mandatory=$true,ValueFromPipeline=$false)]
[array]$ADAttributes
)
PROCESS {
try {
$DSDomain = New-Object System.DirectoryServices.DirectoryEntry("LDAP://"+$SearchRootDN)
$DSSearcher = New-Object System.DirectoryServices.DirectorySearcher
$DSSearcher.SearchRoot = $DSDomain
$DSSearcher.PageSize = 1000
$DSSearcher.Filter = $LDAPQuery
$DSSearcher.SearchScope = "Subtree"
foreach ($i in $ADAttributes){$DSSearcher.PropertiesToLoad.Add($i) | Out-Null}
$DSResults = $DSSearcher.FindAll()
}
Catch {
Write-Error ("An unknown error has occurred. The specific error message is: {0}" -f $_.Exception.Message)
Return
}
return $DSResults
}
}
################################################################################################################################
#
# Function: RemoveUserFromADGroup
# =============
#
# Input Parameters:
# $ADUserDN: The distinguished name of the user to be removed from a group
# $GroupDN: The group from which $ADuserDN needs to be removed from
#
# Purpose:
# Removes one user from an active directory group of choice.
#
#
###############################################################################################################################
function RemoveUserFromADGroup {
[CmdletBinding()]
param (
[parameter(Mandatory=$true,ValueFromPipeline=$true)]
[string]$ADUserDN,
[parameter(Mandatory=$true,ValueFromPipeline=$false)]
[string]$GroupDN
)
PROCESS {
try
{
$objADGroup = New-Object System.DirectoryServices.DirectoryEntry("LDAP://"+$GroupDN)
$objADGroup.Properties["member"].Remove($ADUserDN)
$objADGroup.CommitChanges()
$objADGroup.Close()
}
catch [System.DirectoryServices.DirectoryServicesCOMException]
{
Write-Error ("The specified group or user doesn't exist. The specific error message is: {0}" -f $_.Exception.Message)
Return $_.Exception.Message
}
catch
{
Write-Error ("An unknown error has occurred. The specific error message is: {0}" -f $_.Exception.Message)
Return
}
}
}
################################################################################################################################
#
# Function: EnableLyncUsers
# =============
#
# Input Parameters:
# $GroupDN: The distinguished name of the AD group containing users to be enabled
#
# Purpose:
# - Searches AD for users which are members of $GroupDN, have an email address set and don't have a SIP address
# - Enables the users in Lync, either on a single pool or 50/50 on a paired pool
# - After successful enablement it removes the users from $GroupDN
#
#
###############################################################################################################################
function EnableLyncUsers {
[CmdletBinding()]
param(
[parameter(Mandatory=$true,ValueFromPipeline=$false)]
[string]$GroupDN
)
PROCESS {
# Filter to find users in AD who are members of the new Lync users group, without SIP address and with an email configured
# Gather the array of users
$UserFilter = "(&(objectCategory=user)(objectClass=user)(!(msRTCSIP-PrimaryUserAddress=*))(mail=*)(memberOf=$($GroupDN)))"
# We load the array of users, but if we're in a multipool topology we also load their location
if ($Config.LyncSettings.PoolTopology -eq "Simple") {
$UserArray = DirectorySearcher -LDAPQuery $UserFilter -SearchRootDN $Config.ADSettings.DNDomain -ADAttributes @("sAMAccountName","distinguishedName")
} elseif ($Config.LyncSettings.PoolTopology -eq "MultiPool") {
$UserArray = DirectorySearcher -LDAPQuery $UserFilter -SearchRootDN $Config.ADSettings.DNDomain -ADAttributes @("sAMAccountName","distinguishedName",$Config.ADSettings.UserLocation)
}
# We check the last pool used configuration file, and if it doesn't exist we enumerate the pools
if (Test-Path ".\LastUsedPools.config" -PathType Leaf) {
$TargetPoolArray = Import-Clixml ".\LastUsedPools.config"
} else {
# Since the file doesn't exist, we recreate the object using the second pool names, as they'll be flipped over during activation
[array]$TargetPoolArray = @()
ForEach ($LyncPool in $Config.LyncSettings.PoolArray.Pool) {
# If the pool location doesn't have a paired pool, we'll just use the first value
If ($LyncPool.SecondPoolFQDN -ne "") {
[array]$TargetPoolArray += 1
} else {
[array]$TargetPoolArray += 0
}
}
}
foreach ($objResult in $UserArray) {
$objUser = $objResult.Properties
[string]$objItem = $Config.ADSettings.NetBiosDomain + "\" + $objUser."samaccountname"
[string]$objDN = $objuser."distinguishedname"
# We work out on which pool to enable the new user
if ($Config.LyncSettings.PoolTopology -eq "Simple") {
if($TargetPoolArray[0] -eq 0 -and $Config.LyncSettings.PoolArray.Pool.SecondPoolFQDN -ne "") {
$TargetPool = $Config.LyncSettings.PoolArray.Pool.SecondPoolFQDN
[array]$TargetPoolArray[0] = 1
} else {
$TargetPool = $Config.LyncSettings.PoolArray.Pool.FirstPoolFQDN
[array]$TargetPoolArray[0] = 0
}
} elseif ($Config.LyncSettings.PoolTopology -eq "MultiPool") {
# Lowercase version of the user location property as it's case sensitive
$UserLocationAttribute = $Config.ADSettings.UserLocation.ToLower()
# We check user location against pool location
$TargetLocation = $Config.LyncSettings.PoolArray.Pool | Where-Object {$_.Location -eq $ObjUser.$UserLocationAttribute}
# If the user has a different location or it's not specified we'll try with the fallback pool
If ($ObjUser.$UserLocationAttribute -eq $Null -or $TargetLocation -eq $Null) {
$TargetLocation = $Config.LyncSettings.PoolArray.Pool | Where-Object {$_.IsFallBackPool -eq "True"}
# If a fallback pool is not configured either, we'll skip the user
If ($TargetLocation -eq $Null) {
logger ( "CANNOT ENABLE LYNC USER - LOCATION NOT SUPPORTED AND FALLBACK POOL DISABLED: " + $objItem + " : " + $error ) cERROR
Continue
}
}
# Here we flip over the pool according to the last used one, or keep on using the first if there isn't a pairget-csuser
if($TargetPoolArray[$TargetLocation.PoolID] -eq 0 -and $Config.LyncSettings.PoolArray.Pool[$TargetLocation.PoolID].SecondPoolFQDN -ne "") {
$TargetPool = $TargetLocation.SecondPoolFQDN
$TargetPoolArray[$TargetLocation.PoolID] = 1
} else {
$TargetPool = $TargetLocation.FirstPoolFQDN
$TargetPoolArray[$TargetLocation.PoolID] = 0
}
}
$error.clear()
# We finally enable the Lync user here
Enable-CsUser -Identity $objItem -RegistrarPool $TargetPool -SipAddressType EmailAddress -Confirm:$False
if($error.count -gt 0) {
logger ( "ERROR ENABLING THE LYNC USER ON $($TargetPool): " + $objItem + " : " + $error ) cERROR
}
else
{
logger ("LYNC USER ENABLED SUCCESSFULLY ON $($TargetPool): " + $objItem ) CINFO
# We remove the user we just enabled from the new lync users group
RemoveUserFromADGroup -ADUserDN $objDN -GroupDN $GroupDN
if($error.count -gt 0) {
logger ("ERROR REMOVING USER FROM AD GROUP : " + $objItem ) cERROR
}
}
}
# We commit to file the last used pool for the next run
$TargetPoolArray | Export-Clixml ".\LastUsedPools.config"
Return $UserArray
}
}
################################################################################################################################
#
# Function: SuspendLyncUsers
# =============
#
# Input Parameters:
# None
#
# Purpose:
# - Searches AD for users who are disabled in AD, enabled in Lync and have a SIP address set
# - Compares the found users to the one or two paired pools stored in the configuration
# - If the user(s) found belong to one of these two pools, they'll be suspended for Lync. Not doing this would allow
# users to log into Lync for up to 6 months after being disabled, due to the user certificate Lync issues.
#
#
###############################################################################################################################
function SuspendLyncUsers {
[CmdletBinding()]
param()
PROCESS {
# Filter to find users in who are disabled in AD, but enabled on Lync on either of the two pools
# Gather the array of users
$UserFilter = "(&(objectCategory=user)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)(msRTCSIP-UserEnabled=TRUE)(msRTCSIP-PrimaryUserAddress=sip:*))"
$UserArray = DirectorySearcher -LDAPQuery $UserFilter -SearchRootDN $Config.ADSettings.DNDomain -ADAttributes @("sAMAccountName")
foreach ($objResult in $UserArray) {
$objUser = $objResult.Properties
[string]$objItem = $Config.ADSettings.NetBiosDomain + "\" + $objUser."samaccountname"
$error.clear()
$objLyncUser = Get-CsUser -Identity $objItem
# We compare whether the user(s) we found belong to the one/two pools specified in the config, to avoid changing users on pools we don't manage, as it often happens in a large deployment
If (($Config.LyncSettings.PoolArray.Pool.FirstPoolFQDN -contains $objLyncUser.RegistrarPool.FriendlyName) -or ($Config.LyncSettings.PoolArray.Pool.SecondPoolFQDN -contains $objLyncUser.RegistrarPool.FriendlyName)) {
# We suspend the user for Lync
Set-CsUser -Identity:$objItem -Enabled $False
if($error.count -gt 0) {
logger ( "ERROR SUSPENDING THE LYNC USER: " + $objItem + " : " + $error ) cERROR
}
else
{
logger ("LYNC USER SUSPENDED SUCCESSFULLY : " + $objItem ) CINFO
}
}
}
}
}
################################################################################################################################
#
# Function: ReactivateLyncUsers
# =============
#
# Input Parameters:
# None
#
# Purpose:
# - Searches AD for users who are enabled in AD, disabled in Lync and have a SIP address set
# - Compares the found users to the one or two paired pools stored in the configuration
# - If the user(s) found belong to one of these two pools, they'll be reactivated for Lync
#
#
###############################################################################################################################
function ReactivateLyncUsers {
[CmdletBinding()]
param()
PROCESS {
# Filter to find users in who are enabled in AD, but disabled on Lync on either of the two pools
# Gather the array of users
$UserFilter = "(&(objectCategory=user)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(msRTCSIP-UserEnabled=FALSE)(msRTCSIP-PrimaryUserAddress=sip:*))"
$UserArray = DirectorySearcher -LDAPQuery $UserFilter -SearchRootDN $Config.ADSettings.DNDomain -ADAttributes @("sAMAccountName")
foreach ($objResult in $UserArray) {
$objUser = $objResult.Properties
[string]$objItem = $Config.ADSettings.NetBiosDomain + "\" + $objUser."samaccountname"
$error.clear()
$objLyncUser = Get-CsUser -Identity $objItem
# We compare whether the user(s) we found belong to the one/two pools specified in the config, to avoid changing users on pools we don't manage, as it often happens in a large deployment
If (($Config.LyncSettings.PoolArray.Pool.FirstPoolFQDN -contains $objLyncUser.RegistrarPool.FriendlyName) -or ($Config.LyncSettings.PoolArray.Pool.SecondPoolFQDN -contains $objLyncUser.RegistrarPool.FriendlyName)) {
# This line reactivates the user
Set-CsUser -Identity:$objItem -Enabled $True
if($error.count -gt 0) {
logger ( "ERROR REACTIVATING THE LYNC USER: " + $objItem + " : " + $error ) cERROR
}
else
{
logger ("LYNC USER REACTIVATED SUCCESSFULLY : " + $objItem ) CINFO
}
}
}
}
}
################################################################################################################################
#
# Function: DeleteLyncUsers
# =============
#
# Input Parameters:
# None
#
# Purpose:
# - Searches AD for users who are disabled in AD and haven't logged on in the number of days specified in the config,
# with a SIP address set
# - Compares the found users to the one or two paired pools stored in the configuration
# - If the user(s) found belong to one of these two pools, they'll be permanently deleted from Lync
#
#
###############################################################################################################################
function DeleteLyncUsers {
[CmdletBinding()]
param()
PROCESS {
# Filter to find users in who have been disabled in AD for more than the DeleteThreshold parameter
$oldDate = (Get-Date).AddDays("-" + $Config.ScriptFunctions.DeleteThreshold).ToFileTime().toString()
$UserFilter = "(&(objectCategory=user)(objectClass=user)(lastLogonTimeStamp<=$oldDate)(userAccountControl:1.2.840.113556.1.4.803:=2)(msRTCSIP-PrimaryUserAddress=sip:*))"
$UserArray = DirectorySearcher -LDAPQuery $UserFilter -SearchRootDN $Config.ADSettings.DNDomain -ADAttributes @("sAMAccountName")
foreach ($objResult in $UserArray) {
$objUser = $objResult.Properties
[string]$objItem = $Config.ADSettings.NetBiosDomain + "\" + $objUser."samaccountname"
$error.clear()
$objLyncUser = Get-CsUser -Identity $objItem
# We compare whether the user(s) we found belong to the one/two pools specified in the config, to avoid changing users on pools we don't manage, as it often happens in a large deployment
If (($Config.LyncSettings.PoolArray.Pool.FirstPoolFQDN -contains $objLyncUser.RegistrarPool.FriendlyName) -or ($Config.LyncSettings.PoolArray.Pool.SecondPoolFQDN -contains $objLyncUser.RegistrarPool.FriendlyName)) {
# This line deletes the user
Disable-CsUser -Identity:$objItem
if($error.count -gt 0) {
logger ( "ERROR DELETING THE LYNC USER: " + $objItem + " - LAST LOGON TIME: " + $objtime + " : " + $error ) cERROR
}
else
{
logger ("LYNC USER DELETED SUCCESSFULLY : " + $objItem + " - LAST LOGON TIME " + $objtime ) CINFO
}
}
}
}
}
################################################################################################################################
#
# Function: GrantLyncPolicies
# =============
#
# Input Parameters:
# $UserArray: The array of users who need to have their policies modified. Can also be pipelined from another cmdlet.
#
# Purpose:
# - Given an array of Lync users, it will modify their user policies as specified in the config file, namely:
# Exchange archiving policy, client policy, conferencing policy, external access policy, pin policy and archiving
# policy. The script can be customised to assign more policies if required although they're rarely used.
#
#
###############################################################################################################################
function GrantLyncPolicies {
[CmdletBinding()]
Param(
[parameter(Mandatory=$false,ValueFromPipeline=$true)]
[System.Array]$UserArray
)
PROCESS {
foreach ($objResult in $UserArray) {
$objUser = $objResult.Properties
[string]$objItem = $Config.ADSettings.NetBiosDomain + "\" + $objUser."samaccountname"
$error.clear()
# We only assign policies to successfully activated users
If (Get-CsUser -Identity $objItem -ErrorAction SilentlyContinue) {
# The following IF statements check whether the policy was set to something in the config. If left empty, the global policy will be left assigned.
if ($Config.UserPolicies.ExchangeArchiving -eq "True") {
Set-CsUser -Identity $objitem -ExchangeArchivingPolicy ArchivingToExchange
}
if ($Config.UserPolicies.ClientPolicy -ne "") {
Grant-CsClientPolicy -Identity $objitem -PolicyName $Config.UserPolicies.ClientPolicy
}
if ($Config.UserPolicies.ConferencingPolicy -ne "") {
Grant-CsConferencingPolicy -Identity $objitem -PolicyName $Config.UserPolicies.ConferencingPolicy
}
if ($Config.UserPolicies.ExternalPolicy -ne "") {
Grant-CsExternalAccessPolicy -Identity $objitem -PolicyName $Config.UserPolicies.ExternalPolicy
}
if ($Config.UserPolicies.PinPolicy -ne "") {
Grant-CsPinPolicy -Identity $objitem -PolicyName $Config.UserPolicies.PinPolicy
}
if ($Config.UserPolicies.ArchivingPolicy -ne "") {
Grant-CsArchivingPolicy -Identity $objitem -PolicyName $Config.UserPolicies.ArchivingPolicy
}
if($error.count -gt 0)
{
logger ( "ERROR SETTING POLICIES FOR THE LYNC USER: " + $objItem + " : " + $error ) cERROR
}
else
{
logger ("LYNC USER POLICIES SET SUCCESSFULLY : " + $objItem ) CINFO
}
}
}
}
}
################################################################################################################################
#
# Function: EmailNotifier
# =============
#
# Input Parameters:
# None
#
# Purpose:
# - Verifies whether the log file and/or the error log file were created during the script run
# - If they exist, the script will use the parameters from the config file to connect to the specified SMTP server
# and send an email to the recipients contained in Recipients.txt with the logs attached
#
#
###############################################################################################################################
function EmailNotifier {
[CmdletBinding()]
param()
PROCESS {
if (Test-Path $logfilepath -PathType Leaf) {
[string[]]$Recipients = Get-content $Config.Notifications.Recipientspath
Send-MailMessage -To $Recipients -From $Config.Notifications.FromAddress -Subject "Lync AutoOps Results" -body "Log file from Lync AutoOps" -SmtpServer $Config.Notifications.SMTPServer -attachments $Logfilepath -usessl
}
if (Test-Path $Errorlogfilepath -PathType Leaf) {
[string[]]$Recipients = Get-content $Config.Notifications.Recipientspath
Send-MailMessage -To $Recipients -From $Config.Notifications.FromAddress -Subject "Lync AutoOps Error Log" -body "Error Log file from Lync AutoOps" -SmtpServer $Config.Notifications.SMTPServer -attachments $Logfilepath -usessl
}
}
}
################################################### Main Script Section #######################################################
# If the configuration file was set to enable Lync users, the following block will be executed
if ($Config.ScriptFunctions.Enablement -eq "True") {
# We add an ID to the pools to simplify match with last used pool during enablement
If ($Config.LyncSettings.PoolArray.Pool.Length -ne $Null) {
For ($i=0; $i -le $Config.LyncSettings.PoolArray.Pool.Length; $i++) {
$Config.LyncSettings.PoolArray.Pool[$i] | Add-Member -MemberType NoteProperty -Name PoolID -Value $i
}
}
# Here we convert the SAMAccountName of the new lync users AD group into a distinguished name
$GroupSearcher = DirectorySearcher -SearchRootDN $Config.ADSettings.DNDomain -LDAPQuery "(&(objectCategory=group)(sAMAccountName=$($Config.ADSettings.NewLyncGroup)))" -ADAttributes @("distinguishedName")
$GroupDN = ($GroupSearcher.Properties.distinguishedname[0]).ToString()
# We enable the lync users and store the array temporarily
$EnabledUsers = EnableLyncUsers -GroupDN $GroupDN
If ($EnabledUsers -ne $Null) {
# If users have been enabled, we sleep the script for 30 seconds to allow AD replication to happen before we assign the Lync policies
Sleep -Seconds 30
# Here we assign the Lync policies to the user array created above
$EnabledUsers | GrantLyncPolicies
}
}
# This block gets executed if the config file was set to suspend Lync users disabled in AD
if ($Config.ScriptFunctions.Suspension -eq "True") {
SuspendLyncUsers
}
# This block gets executed if the config file was set to reactivate Lync users enabled in AD
if ($Config.ScriptFunctions.Reactivation -eq "True") {
ReactivateLyncUsers
}
# This block gets executed if the config file was set to delete Lync users disabled in AD who haven't logged on in <x> days
if ($Config.ScriptFunctions.Deletion -eq "True") {
DeleteLyncUsers
}
# This block gets executed if the config file was set to send email notifications for every script run
if ($Config.Notifications.EnableNotifications -eq "True") {
EmailNotifier
}
##################################################### Script End ##############################################################