Home > Uncategorized > #Lync and Remote PowerShell

#Lync and Remote PowerShell

December 12, 2013 Leave a comment Go to comments

Lately, I have found myself in situations where I don’t have full domain admin rights while working on Lync. This isn’t a bad thing but one area that I consistently run into issues with is the Lync Management Shell. If you are on a Lync Front-end and you don’t have Administrator rights, the local Lync Management Shell doesn’t actually do Role Based Access Control (RBAC). Therefore, I’ll try to execute a command (say, set-csuser, grant-csdialplan, etc) and get a permission denied. Yet, I can go into the Lync Control Panel and change a setting on the user just fine.

The way around this is remote PowerShell. Since I work on many different clients, I wrote a nice little script that will prompt me for my credentials and the remote server or pool.

 

############################################
# Connect-LyncRemotePoSH.ps1
# Written By: Adam Ball
# Version History:
# 1.0 - 12/12/2013 - Initial Script
#
############################################

#You can pass a server or pool name with the script (i.e. .\Connect-LyncRemotePoSH.ps1 myserver.mydomain.com )
param ($poolname)

#If no server or pool was passed when the script executed, pop up a box and ask for it.
if ($poolname -eq $null){
[System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null
$poolname = [Microsoft.VisualBasic.Interaction]::InputBox("Enter a Pool or Server to connect to", "Remote Lync Pool or Server", "")
}

#Change the server or pool name in to a properly constructed URL
$poolname = "https://" + $poolname + "/OcsPowershell"
$cred = Get-Credential
$session = New-PSSession -ConnectionURI $poolname -Credential $cred
Import-PsSession $session

 

To execute, simply run the script (assuming proper execution policy is set). It will pop-up a box and ask you for the remote server or pool then pop up another box and ask for your credentials. You can also pass the server or pool name to it as part of the script execution (i.e. “.\Connect-LyncRemotePoSH.ps1 mypool.mydomain.com”).

This is also a nice way for being able to do Lync Management from your desktop without having the Lync tools installed.

Just remember, when you are done, remove the session by running “Remove-PsSession $session”.

Advertisements
Categories: Uncategorized
  1. Thomas
    December 17, 2015 at 5:39 am

    Does it work on the new 2015 SFB ? i keep getting the error msg: ‘The server certificate on the destination computer has the following errors: SSL certificate could not be checked for revocation.’

    Any ideas ?

    thanks !!

    • December 17, 2015 at 8:11 am

      I just did some testing. It does work on SfB 2015. The one thing I see is that it works no problem from a domain joined machine but fails from a non-domain joined machine. That tells me that the machine cannot access the CRL distribution point. I’ll document the changes needed to make that work later today or tomorrow and post an update.

      • Thomas
        December 17, 2015 at 8:32 am

        Great ! Thanks man !

  2. August 23, 2017 at 7:01 pm

    Adam – I just came across another blog article that solves the non-domain join machine scenario.. I just tested it and it works. Here is the fix
    $sessionoption = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
    $session = New-PSSession -ConnectionURI $poolname -Credential $cred -SessionOption $sessionOption
    Import-PsSession $session
    Credits:
    https://tsoorad.blogspot.com/2013/10/lync-2013-remote-admin-with-powershell.html

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: