What Happens if You are Enabling a User for Lync Server, and You Make a Typo When Entering the SIP Domain?

  • Article

We have a confession to make here. When we were first asked this question we said, "As far as we know, the Enable-CsUser cmdlet verifies that the SIP domain actually exists before it lets you assign that domain as part of a SIP address. We’ll have to double-check that, but we’re pretty sure that’s the way it works." Well, we double-checked it, and guess what: that’s not the way it works after all. We were wrong.

You think you’re shocked by that? Just imagine how we felt! After all, we'd never been wrong about anything ever before.

Although we might be wrong about that.

As it turns out, Enable-CsUser (and, for that matter, Set-CsUser, which provides a way for you to change a user’s SIP address) doesn’t validate SIP domains. For example, suppose you run the following command:

Enable-CsUser –Identity "Ken Myer" –RegistrarPool atl-cs-001.litwareinc.com –SipAddressType SamAccountName –SipDomain litwareinc.co

As you can see, we goofed: we typed litwareinc.co as the value for the SipDomain parameter; needless to say, we should have typed litwareinc.com. So will Enable-CsUser catch this mistake? No; Enable-CsUser doesn’t validate SIP domains. It doesn’t matter that litwareinc.co isn’t one of our approved SIP domains; that is, it doesn’t show up when you run the command Get-CsSipDomain. Enable-CsUser will let you use that SIP domain anyway. Enable-CsUser will fail if you enter an incorrect Identity, an invalid Registrar pool, or a bogus SIP address type. But SIP domains are not validated.

Note. Why not? Well, someone could have a valid SIP address that isn't in one of your SIP domains. And there's simply no way for the cmdlet to verify the validity of every SIP domain in the universe.

So what can you do about this? Well, nothing, really; that’s just the way the system works. If you wanted to, you could write a script that takes the required parameters and then, before calling Enable-CsUser to enable the user account, verifies that you’ve entered a valid SIP domain. A simple version of that script might look like this:

$x = Get-CsSipDomain | Select Name

foreach ($i in $x)

    {

        $valid = $i.Name -contains $args[2]

        if ($valid -eq $True)

            {

                Enable-CsUser $args[0] -RegistrarPool $args[1] -SipAddressType SamAccountName -SipDomain $args[2]

                break

    }

    }

if ($valid –eq $False)

    {"Invalid SIP domain."}

else

    {"User account has been enabled."}

To run this script (which we’ll assume has the file path C:\Scripts\ValidateSipDomain.ps1) just call the script along with three parameters: user Identity; Registrar pool; and Sip domain. In other words:

C:\Scripts\ValidateSipDomain "Ken Myer" "atl-cs-001.litwareinc.com" "litwareinc.com"

The script starts out by grabbing all your SIP domain names and then stashing those names in the variable $x. The script then loops through that collection of domain names to see if the SIP domain you entered ($args[2]) can be found anywhere in that collection. If it can, the script then calls Enable-CsUser and enables the user account. If it can’t then it doesn’t call Enable-CsUser. Either way, the script lets you know whether it failed because of an invalid SIP domain or if it successfully enabled the user account.

It’s a bit rudimentary (we only do a somewhat simple check for SIP domains names), but it gives you something to build on.

And what if you’re worried that maybe, somewhere along the way, you did give someone an invalid SIP domain? Well, in that case, here’s a command that might help; it returns a list of all the users who have a SIP address that does not end in litwareinc.com:

Get-CsUser | Where-Object {$_.SipAddress –notlike "*@litwareinc.com"} | Select-Object DisplayName

And suppose you did goof, and it turns out that you assigned a whole bunch of users SIP addresses that end with litwareinc.co. Relax. Here’s a script that can find all those invalid SIP addresses and then change litwareinc.co to litwareinc.com:

$x = Get-CsUser | Where-Object {$_.SipAddress -like "*@litwareinc.co"}

foreach ($i in $x)

    {

        $oldAddress = $i.SipAddress

        $newAddress = $oldAddress -replace "@litwareinc.co", "@litwareinc.com"

        Set-CsUser -Identity $i.Identity -SipAddress $newAddress

    }

PowerShell is so cool, eh?

This question is one of many asked during a session on managing Lync Server 2010 with Windows PowerShell at the TechReady 11 conference. For more questions and answers asked during that session, take a look at the Questions and Answers from TechReady 11 .