List All the Microsoft Lync Server 2010 Cmdlets and the RBAC Roles Those Cmdlets Have Been Assigned To

  • Article

Submitted by Cezar Ungureanasu, Microsoft

Cezar Ungureanasu is a Program Manager (make that the Program Manager) for the Microsoft Lync Server 2010 implementation of Windows PowerShell. Not too long ago, Cezar asked us if we could write a script that could take all the Lync Server cmdlets and determine which Role-Based Access Control (RBAC) roles those cmdlets were assigned to. Cezar posed the question using Microsoft Lync; seconds later he sent another instant message that said, “Never mind; I’ve got it figured out.” As a result, we didn’t have to do a thing.

Needless to say, we wish there were more Cezars around here.

At any rate, Cezar created a script that retrieves all the Lync Server cmdlets, grabs all the RBAC roles, and then methodically checks to see which roles each of those cmdlets have been assigned to. After doing all these checks the script then creates a tab-separated values file that looks something like this when opened in Excel:

That looked like a pretty useful little script to us, so we asked Cezar if he’d be willing to share his code with the rest of the world. What did he say when we asked him about that? This:

$roles = Get-CsAdminRole | where-object { $_.IsStandardRole -eq $true} | Sort Identity

$d = "Cmdlet"

foreach($role in $roles)

    {

        $d = $d + "`t" + $role.Identity

    }

Out-File -FilePath "C:\cmdlettorole.tsv" -InputObject $d

$x = Get-Command -module Lync -commandType cmdlet | Sort Name

foreach($i in $x)

    {

        $a = $i.Name

        $c = $a +"`t"

        foreach($role in $roles)

            {

                if ($role.cmdlets -match $i.Name)

                    {

                        $c = $c + "yes" + "`t"

                    }

                else

                    {

                        $c = $c + "no" + "`t"

                    }

             }

    Out-File -FilePath C:\cmdlettorole.tsv -InputObject $c -Append

    }

Nice, huh? Best of all, the script is amazingly easy to run. Just copy the code and paste it into your favorite text editor. Save the file with a .ps1 file extension; for example C:\Scripts\CmdletsAndRoles.ps1. And then just run that script from within the Lync Server Management Shell:

C:\Scripts\CmdletsAndRoles.ps1

Like we said: amazingly easy.