Changing the behaviour of the Lync Online client using Group Policies & Powershell
I came across this set of documents whilst looking into a customer's case where they needed to restrict certain aspects of their user base.
Microsoft Lync 2010 Client Group Policy Documentation
Its a package which contains the group policy .adm for Lync 2010 as well as a spreadsheet describing the available values. Its a handy thing to have around if you want to restrict the Lync online client.
Powershell, it can be a scary road for some. But it is pretty simple once you realise whats what. The O365 powershell cmdlets are more geared to Exchange, but they can be a great aid for an administrator. Here is a list of all the cmdlets for Office 365.
Connecting is pretty easy, just have a read here for more information on it. But I will give you a summary here, all assuming a Windows 7 machine:
- Install Windows Powershell (via Programs and Features) and .NET 3.5.1
- Install the "Microsoft Online Services Sign-in Assistant".
- Install the Microsoft Online Services Module for Windows Powershell (administrationconfig.msi from the installation paths below).
- The MSI should install a shortcut, which when activated, will start a powershell session with the correct import-module command already run, if you like the vanilla powershell session, just type in import-module MSOnline at the powershell prompt.
Great, now all you need to do is to create a user credential, and then connect to the MSOnline service.
On the powershell prompt type (assuming we have imported the correct module!):
$adminuser ="theadministrativeuseraccount@thedomain.onmicrosoft.com"
Now type:
$admincred = Get-Credential -Credential $adminuser
This will fire up a dialog box in which you should type the password of the admin account. We are just creating a credential object which will will use throughout the session.
Now we have to connect to the MSOnline service, to do this type:
Connect-MsolService -Credential $admincred
Now we have to connect to the exchange online powershell URL.
$msolPSURL = “https://ps.outlook.com/powershell/”
$PowerShellSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $msolPSURL -Credential $admincred -Authentication Basic -AllowRedirection
Great, we now have a session object established. All we need to do is import it into our powershell session.
Import-PSSession $session
And that's that! We have an active powershell session connected to our MSOnline tenant. Have a look through the available cmdlets and then perform what you need to perform.
I'll go through a specific example. A customer recently wanted to change the UPN's of his users. Specifically he wanted to change the domain name associated with them. I'll come to the solution that I gave them soon, but for the moment lets have a look at the suggestion I gave which used powershell.
The cmdlet for this particular change is set-Msoluserprinciplename. Its pretty simple, on this occasion I just needed to pass on the user principle name of the target user then specify the new user principle name.
So: set-Msoluserprincipalname -UserPrincipalName user@olddomain.com -NewUserPrincipalName user@newdomain.com
We had now a method to rename someones UPN. The customer however had 50+ users, and executing this would take some time. So I came up with this script, which was cobbled together from previous powershell scripts:
Get-MsolUser | Where { -Not $_.UserPrincipalName.ToLower().StartsWith(“admin@”) } | ForEach { Set-MsolUserPrincipalName -ObjectId $_.ObjectId -NewUserPrincipalName ($_.UserPrincipalName.Split(“@”)[0] + “@contoso.com”) }
In the end, I re-checked the GUI that is the Microsoft Online Portal, and particularly the Lync Online Control Portal. We can actually just place a tick next to each user we want to edit and then click edit. The customer could then change the domain name from the dropdown supplied to bulk change a bunch of users.
So the lesson here is to keep it simple stupid. Check what tools there are already in place and use them.