Skype for Business Server – Assign User policies to AD groups

This is an update to a previous version of this tool written by myself and Guy Bachar.
The updated version can now run (and was tested!) on both Lync server 2010 and 2013, and Skype for Business Server.

Run this tool from Lync Management Shell or Skype for Business Management Shell.

Note you will need to run this tool with Local Admin permissions (You will be prompted for elevation automatically if not) and you must have ADDS RSAT installed so you can use the Active Directory PowerShell Module.
You will be asked to provide an Active Directory Group name. Type the Display Name of the group, the tool will reply with the CN of the group, confirming you chose the right group:

Choose Group

Then choose the type of policy (or dial plan) you want to assign this group, there are 14 options:
1     Voice Policy
2     Client Policy
3     External Access Policy
4     Mobility Policy
5     Archiving Policy
6     Hosted Voicemail Policy
7     Client Version Policy
8     Conferencing Policy
9     Voice Routing Policy
10     Location Policy
11     PIN Policy
12     Presence Policy
13     Persistent Chat Policy
14     Dial Plan

After choosing one of the 14 options, you’ll be asked whether you want to assign the global policy to this group or choose from the existing user policies:

Choose from policies

If you choose 1 (This is always the Global policy), that will be assigned to the group.
If you choose 2, a new sub-menu will open, detailing the policies you can assign:

External Access

You will then be asked to confirm the change and the policy will be assigned the group.

The tool can be downloaded here.

 

 

 

Advertisements

Server 2012 or 2012R2 Blue Screen when installing Skype for Business or Lync Servers

Published earlier by Microsoft, a Stop error D1 when will occur when you start front-end services on Skype for Business Server 2015-based servers. This will also affect Microsoft Lync Server 2013 Enterprise Edition pools that have at least two front-end servers in Windows Server 2012. This will mostly impact organizations that will perform an in-place upgrade to Skype for Business Server 2015.

This is due to a bug on in Windows Server 2012 and Windows Server 2012 R2. The trigger is a TDI filter driver on the machine that may be used by some antivirus and VPN software.

To resolve this issue for Windows Server 2012 you will need to install the hotfix described in KB2957927 on all Lync 2013 Servers that are installed on Windows Server 2012.

Do determine if you have such a driver installed on your system, look for event 16001 on your system log.
A faster way of finding it out will be running the following command command from an elevated PowerShell window:

get-eventlog -logname system  | ?{$_.eventid -eq "16001"}

Source: Microsoft.

Skype for Business and Lync Servers certificate report

This is a cross-post with Guy Bachar’s blog, of a script we wrote back in August 2014 and that went through some technical (mostly Guy) and cosmetic (mostly yours truly) updates.

Report

This script will generate an HTML report of all Skype for Business \ Lync servers’ certificates, and you can even use it to send periodical emails.

As the new script supports contacting your Edge servers, there are some prereqs involved:

1. Enable Trusted Hosts on the Front-End server you’re running the script from:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value “*” -Force

2. Enable HTTP Compatibility Listener on all Edge servers:

Set-Item WSMan:\localhost\Service\EnableCompatibilityHttpListener -Value True

The script is pretty straight forward, all you have to do is run it form a local folder on your FE server with elevated permissions.
However, this will only give you the FE’s certificates.
Guy was smart enough to create the following additions:

-EdgeCertificates and -OWASCertificates

You can run either or both, and they will give you information about your Office Web Apps Servers’ certificates (-OWASCertificates) and your Edge Servers’ certificates (-EdgeCertificates).
When using the -EdgeCertificates option, you’ll be prompted to enter your Edge Server’s credentials.

Command

Visit Guy’s post for further information.

The script can be downloaded here, and we’ll love to hear your feedback.