LCS - Determine which users are enabled for PIC

One nice thing about the blog and the IM technology is that I am able to establish contacts with many folks I would not normally have an opportunity to meet otherwise.

/ Edit December 12, 2007

Bobby Pena sent me the following email comment regarding the query on an LCS 2005 SP1 system, published with his permission -

Tom,  I was reading your post from several months ago concerning a powershell query that would return the users enabled for PIC in an organization. We here are just completing our installation of PIC and I was preparing some reports on that very same query.  We use Bindview to query Active Directory instead of Powershell.  I was glad to find the answer to my question so quickly but as I looked at the results of my query something was not quite right.  The enabledforinternetaccess attribute was not returning what I wanted.  This was instead returning the users that were enabled for Remote Access.  The atribute that worked for me for PIC was msRTCSIP-OptionFlags.  This is a interger attribute and when set to 1 the user is enabled for PIC.  I'm sure you've figured this out by now but thought I would share. 

End Edit /

Chad at Intercall and I had an IM conversation (you can too if you federate with Microsoft) in January regarding the need to determine how many of the users were enabled for PIC. Now Chad used the terms license and usage in his request but we don't really have the ability to do that because the attribute is for the user and is not tied to the "license" you receive when provisioning. I knew the value was in Active Directory and I also know that we leverage WMI as our mechanism for retrieving information. In the month since we had communicated another team member working on an LCS/OCS Best Practice Analyzer mentioned that we should consider the use of Windows PowerShell 1.0 as a tool for our OCS 2007 scripting needs.

I took it upon myself to try and handle Chad's inquiry using Windows PowerShell 1.0 (noting it this way in the event of a version change). I found 3 books on the subject which I will list at the bottom as well as much internal online information.

Caveat - Any and all code is shared here as an example with no implied promises.

To start - what field am I actually interested in? Working with the product I know that the AD attribute is not what I am really interested in for any query or script, I have to find the WMI class/attribute. From history I know that I am interested in MSFT_SIPESUserSetting.

So here is the script I generated and I would LOVE for someone to help me with the remaining challenge I have with TOO MUCH info.

get-wmiobject msft_sipesusersetting -filter "enabledforinternetaccess = true"

Prize offering: The Prize has been claimed as of Mon2/26/07 9am. I have extended the prize to both submissions received over the weekend as they used different syntax which allowed for a different display of results. Please read the comments for both users submissions. I have to follow up with the second commentor as only the first of the 3 items suggested worked for me.

So if you can figure out how to alter this script so that I return only the user name (Personally, I want the UserDN as it provides me a location), I will snail mail you a $10 Starbucks gift card. Please submit your script sample to me via email toml at microsoft dot com or via the comments of this site. I will test the scripts in the order I receive them and the first one to do what I want wins.

TomL OCSKid