Lync Server Admin Guide: Delegating Control of Microsoft Lync Server 2010



Assigning an RBAC Role to a User


  • Assigning a User to a Security Group


To assign an RBAC role to a user you simply make that user a member of the security group associated with the RBAC role; for example, to assign a user to the CsHelpDesk role all you have to do is make that user a member of the CsHelpDesk group. Microsoft Lync Server 2010 does not provide any cmdlets that can be used to assign a user to a security group. However, you can assign a user to a security group by using the following Windows PowerShell script:


$strFilter = "(&(objectCategory=Group)(SamAccountName=" + $args[0] +"))"

$objDomain = New-Object System.DirectoryServices.DirectoryEntry

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Subtree"

$colProplist = "distinguishedName"
foreach ($i in $colPropList)
    {[void] $objSearcher.PropertiesToLoad.Add($i)}

$colResults = $objSearcher.FindAll()

foreach ($objResult in $colResults)
    {$groupDN = $objResult.Path}

$userDN = (Get-CsUser -Identity $args[1]).DistinguishedName
$user = [ADSI] "LDAP://$userDN"

$group = [ADSI] $groupDN



To use this script, copy the code, paste it into a text editor, and then save the file using a .ps1 file extension (for example, C:\Scripts\Assign-RBACRole.ps1). From there all you have to do is run the script, taking care to supply the RBAC role name (e.g., CsHelpDesk) and the Identity of the user being assigned the role (e.g., Ken Myer):

C:\Scripts\Assign-RBACRole.ps1 "CsHelpDesk" "Ken Myer"



For more information






Comments (0)

Skip to main content