Assign Lync Policies to Lync users based on Active Directory Group membership

Published: July 7, 2014.
Updated: September 8, 2014

I’ve been looking for this functionality for quite some time, and with great help from Guy Bachar, we created the following script to help assign Lync policies to Active Directory Security Groups.

This version of the script allows assigning user-scope policies to any all Lync enabled users in a certain Active Directory Group.
The process is easy:

Run the script from a computer or a sever that has both the Lync Management Shell the Active Directory PowerShell Module installed. If they’re not there – The script will let you know.

As you run the script, it will automatically check if you have local admin privileges on this machine and will prompt you to elevate your PS session if you didn’t choose “Run As…”. Many thanks to Ben Armstrong for creating the self-elevating script. We changed it to match our needs here.

Verifying permissions

If all is ok, the script will next ask you to choose your desired AD group: Enter the group’s display name, and in return the script will show you its CN, just to make sure it’s what you’re looking for:


The script will immediately ask you to choose which type of policy or dial plan you would like to assign from the following 14 options:

1     Voice Policy
2     Client Policy
3     External Access Policy
4     Mobility Policy
5     Archiving Policy
6     Hosted Voicemail Policy
7     Client Version Policy
8     Conferencing Policy
9     Voice Routing Policy
10     Location Policy
11     PIN Policy
12     Presence Policy
13     Persistent Chat Policy
14     Dial Plan

When you choose the type of policy you wish to apply, the script will display the User-scope policies that can be assigned:

2_chosen2After choosing the policy you wish to apply you’ll be prompted to confirm the operation:

Confirm applying policy2

If confirmed, the script will run through all the users in this group and assign the policy.


  • Use at your own risk – We tested it, but make sure it works for you too.
  • We’re working on the next version in which you’ll be able to reset a certain groups’ policy to “Global” (-PolicyName $null)
  •  We’re working on some reporting for the next version.

Please use and share and give us your feedback!

September 8, 2014, Vesion 2.4.2:
– Fail sae warnings and indications.
– Error messages cleared.
– Anility to default a group to the Global policy.

Download the script here.



7 thoughts on “Assign Lync Policies to Lync users based on Active Directory Group membership

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s