If I Run Disable-CsUser Against a User Who Only Has a SIP Address Will That Delete the SIP Address?

This was an easy one: you bet that Disable-CsUser will delete the SIP address. The basic premise is this: we have a user who has been assigned a SIP address; to be a little more specific, we have a user who has a value assigned to the Active Directory attribute msRTCSIP-PrimaryUserAddress. We haven't enabled this user for Lync Server, but we have given them a SIP address.


For reasons we explain elsewhere, that user is going to show up any time you run the Get-CsUser cmdlet; in brief, that’s because Get-CsUser relies on the msRTCSIP-PrimaryUserAddress when determining whether a user has been enabled for Lync Server. This user has not been enabled for Lync Server, and they definitely won’t be able to log on to the system. However, they’ll still show up when you run Get-CsUser.


Note. How can you determine whether or not you have users who have a SIP address but haven’t actually been enabled for Lync Server? Well, your best bet is to use this command:


Get-CsUser –UnassignedUser


The UnassignedUser parameter causes Get-CsUser to return all the users who have a SIP address but have not been assigned to a Registrar pool. Typically, these will be users who have a SIP address but were never enabled for Lync Server. (That's because, when you enable someone for Lync Server, you have to assign them to a Registrar pool.)


OK, so we have a user who looks like he or she has been enabled for Lync Server even though he or she really hasn't been enabled for Lync Server. So what happens if we run Disable-CsUser against this account, using a command similar to this one:


Disable-CsUser "Ken Myer"


Here's what happens: the user will be disabled for Lync Server, which means that his or her SIP address will be erased. When you run Disable-CsUser, the cmdlet grabs the designated user account and clears all the Active Directory attributes related to Lync Server. (That’s going to be all the attributes with names that start with msRTCSIP-.) And that's going to include the SIP address: after all, the SIP address is stored in the msRTCSIP-PrimaryUserAddress attribute.


To be perfectly honest, we don’t know whether that’s good or bad; after all, there might be some very valid reasons for having users who have SIP addresses but are not enabled for Lync Server. At the same time, however, it can be a little confusing to run Get-CsUser and have those users mixed in with your "real" Lync Server-enabled users. Fortunately, there’s an easy way to prevent these users from showing up when you run Get-CsUser; just use this command:


Get-CsUser –Filter {RegistrarPool –ne $Null}


What that command does is use the Filter parameter to place a restriction on the returned data: it tells Get-CsUser to return only those users who have been assigned a Registrar pool. (That is, where the RegistrarPool attribute is not equal to a null value.) That should enable you to weed out users who have SIP addresses but have never been enabled for Lync Server.


This question is one of many asked during a session on managing Lync Server 2010 with Windows PowerShell at the TechReady 11 conference. For more questions and answers asked during that session, take a look at the Questions and Answers from TechReady 11.

Comments (1)
  1. Paper says:

    Thanks for the info! We are looking to using this to clean out our old OCS entries (which was not cleanly removed from our network) before we deploy Lync. Would you know if this would be a valid solution?

Comments are closed.

Skip to main content