21 User Information Commands to Run Before You Die

21 User Information Commands to Run Before You Die

Perhaps the hottest trend in the publishing world these days is the 1,001 Things approach: 1,001 Places to See Before You Die; 1,001 Movies You Must See Before You Die; 1,001 Books You Must Read Before You Die. So what’s wrong with these books? Nothing, nothing at all. However, they did get us to thinking. Imagine this scenario:

It’s many years from now, and you’re lying on your death bed thinking, “Well, OK, so I did get to see the covered souks of Aleppo, and I did visit the Okavango Delta in Botswana. But I never got a chance to run any Microsoft Lync Server 2010 commands that return information about my users and their user accounts. I wasted my entire life!”

Do you want this to happen to you? We didn’t think so. That’s why we’ve put together our own addition to the 1,001 Things genre: 21 User Information Commands to Run Before You Die!

Note. Well, OK, if you want to get picky, sure, maybe that should be 1,001 User Information Commands to Run Before You Die. But, man, that’s a lot of work to write 1,001 user information commands. Because of that, we decided to get as close as we could to 1,001 commands and then stop. We like to think we got fairly close to 1,001 before we called it good enough.

With our writing style, there’s always a good chance one or more of our readers will die of boredom at any given time. Therefore, we better get right to the 21 commands. Note that we won’t bother to explain how these commands work. For more information, take a look at the article Retrieving Active Directory and Microsoft Lync Server 2010 User Accounts.

And, sure, go ahead and finish those 1,001 books first. But then take a look at that article.

Here are the commands:

Returning all the users in an OU

This one is pretty straightforward: it returns a collection of all the Active Directory users accounts found in the Sales OU (as well as any child OUs of the Sales OU). Note that you must enter the Active Directory distinguished name of the OU in question:

Get-CsAdUser –OU "OU=Sales,dc=litwareinc,dc=com"

If you want a collection of all the user accounts that have been enabled for Lync Server (as opposed to all the user accounts, enabled for Communications Server or not) then use the Get-CsUser cmdlet instead:

Get-CsUser –OU "OU=Sales,dc=litwareinc,dc=com"

Although there will be some exceptions, for most of these commands you can use either Get-CsAdUser (if you want information about all your Active Directory user accounts) or Get-CsUser (if you want information only about accounts that have been enabled for Lync Server).

Note that this returns users who have had their Active Directory accounts disabled. If you can wait a second, we’ll show you a command that returns users who have had their Lync Server accounts disabled.

Get-CsAdUser | Where-Object {$_.UserAccountControl –match "AccountDisabled"}

This is another easy one: as you can see, it returns all the users who work in the Sales department. Need a list of all the users who work in the Human resources department? That’s fine; just replace Sales with Human Resources: –LdapFilter "Department=Human Resources" .

Here’s the command:

Get-CsAdUser –LdapFilter "Department=Sales"

In the world of LDAP (Lightweight Directory Access Protocol), the l (lower L) attribute is short for locality:

Get-CsAdUser –LdapFilter "l=Redmond"

Here’s a command that returns all the users who work in the country (c) of Uruguay:

Get-CsAdUser –LdapFilter "c=UY"

What if you some of your users don’t work in Uruguay? That’s OK; just use the appropriate ISO-3166 country code. You can find a list of two-letter country codes here: https://www.iso.org/iso/english_country_names_and_code_elements.

Oh, here we go. This command returns a collection of users whose accounts have been enabled for Microsoft Lync Server:

Get-CsAdUser –Filter {CsEnabled –eq $True}

And, as promised, this one returns all the accounts that have not been enabled for Lync Server:

Get-CsAdUser –Filter {CsEnabled –eq $False}

You say you created a per-user conferencing policy named RedmondConferencingPolicy only you can’t remember which users have actually been assigned that policy. This command should help:

Get-CsUser –Filter {ConferencingPolicy –eq "RedmondConferencingPolicy"}

Here’s a useful query: it returns a collection of all the users who have been assigned a per-user voice policy of some kind:

Get-CsUser –Filter {VoicePolicy –ne $Null}

See Command 7 if you’re interested in returning information about users who have been assigned a specific policy.

Which user was assigned the line URI (425)555-1298? Beats us. But this command should tell you:

Get-CsUser –Filter {LineUri –eq "TEL:+14255551298"}

Remember that famous line from Shakespeare “First, kill all the lawyers”? Scholars now believe that that was a misprint. What Shakespeare actually said was, “First, find all the lawyers.” That line was inspired by the following command:

Get-CsAdUser –LdapFilter "Title=Attorney"

OK, we showed you how to find a user who had been assigned a specific line URI. But now you need to find a list of all the Lync Server-enabled users who’ve been assigned a line URI of some kind. Okey-doke:

Get-CsUser –Filter {LineUri –ne $Null}

And this command shows you all the Lync Server-enabled users who haven’t been assigned a line URI:

Get-CsUser –Filter {LineUri –eq $Null}

This one’s so easy we’re almost too embarrassed to add it to the list.

Like we said, almost too embarrassed:

Get-CsUser -Filter {EnterpriseVoiceEnabled –eq $True}

This one is pretty handy; just make sure you configure the Office property in Active Directory Users and Computers:

Get-CsUser –LdapFilter "physicalDeliveryOfficeName=Building 32"

Yes, you can use PIN numbers for dial-in conferencing authentication, but only if you’ve actually been assigned a PIN number. Here’s a command that returns a collection of all the users who’ve been assigned a PIN number:

Get-CsUser | Get-CsClientPinInfo | Where-Object {$_.IsPinSet –eq $True}

Audio Conferencing Providers enable users to conduct audio-only conferences with people both inside and outside the organization. How do you know if any of your users have been assigned an Audio Conferencing Provider? Well, you could walk around and ask them all. Or you could run this command:

Get-CsUserAcp –Filter {AcpInfo –ne $Null}

Microsoft Lynjc Server 2010 is designed to play nicely with others; for example, you can simultaneously run both Communications Server “14” and Office Communications Server 2007 R2 as you slowly begin to migrate from 2007 R2 to the new product. Let’s assume you do that, and let’s assume you now need to know which users are homed on 2007 R2. If that’s the case, then this command should come in handy:

Get-CsUser -OnOfficeCommunicationServer

This is really nice when you’re testing new commands or scripts. If you have 10,000 users in your organization, you might not want to return all 10,000 user accounts, especially if you’re trying out a new script for the first time. Fortunately, the –ResultSize parameter lets you specify the number of accounts to be returned. Only want to get back 10 accounts, even if you do have 10,000 users enabled for Lync Server? Then run this command:

Get-CsUser –ResultSize 10

You say you need to temporarily shut down one of your Registrar pools, and you’d like to run a command that returns a collection of all the user accounts that are homed on that pool? You mean a command like this one?

Get-CsUser –Filter {RegistrarPool –eq "atl-cs-001.litwareinc.com"}

What’s a private line? Let’s quote from the Lync Server PowerShell help:

“A private line is a phone number that is not published in Active Directory, and thus is not readily available to other people. In addition, this private line bypasses most in-bound call routing rules; for example, a call to a private line will not be forwarded to a person's delegates. Private lines are often used for personal phone calls or for business calls that should be kept separate from other team members.”

Here’s how you can return a collection of all the users who have been assigned a private line:

Get-CsUser –Filter {PrivateLine –ne $Null}

Believe it or not, it can happen: sometimes you have users who have been enabled for Lync Server but who are not assigned to a Registrar pool (meaning that they can’t actually log on to Lync Server). Do you have any Lync Server-enabled users who aren’t assigned to a Registrar pool? There’s one way to find out:

Get-CsUser -UnassignedUser

This one is cool, and one that we will explain, sort of. It’s a command that returns all the users whose Active Directory user accounts were created on June 1, 2010 or later:

Get-CsAdUser –LDAPFilter "(WhenCreated>=20100601000000.0Z)"

We won’t go into enormous detail in explaining how this command works; we’ll save that for a future article. (See? Yet another reason to live!) But we will explain what the date 20100601000000.0Z means:

Put them altogether and you get a date that looks like this:

20100601000000.0Z