Share via

Enabling User Accounts in Lync Server vs. Exchange Server

  • Article

Does the Active Directory object for a user have to exist before you can enable that user for Lync Server?

Yes; if you're going to enable a user for Lync Server then that user must already have an Active Directory user account. For example, suppose you try to enable Ken Myer for Lync Server, but Ken doesn't have an Active Directory user account. In that case, you're going to get an error message similar to this:

Enable-CsUser : Management object not found for identity "Ken Myer".

Note. Ken's Active Directory account doesn’t have to be enabled; you can run Enable-CsUser against a disabled account and everything will work just fine. The account just has to exist.

The reason this question came up is because the New-Mailbox cmdlet in Microsoft Exchange will create an Active Directory account for you. For example, this command will not only create a new mailbox for Ken Myer, but it will create a new Active Directory account for him as well:

New-Mailbox -UserPrincipalName "kenmyer@litwareinc.com" -Alias kenmyer -Database "Mailbox Database 1" -Name kenmyer -OrganizationalUnit "Redmond" –Password "ken395HJ2" -FirstName "Ken" -LastName "Myer -DisplayName "Ken Myer" -ResetPasswordOnNextLogon $True

The Lync Server cmdlets won't do this; there's no way to create an Active Directory user account using a Lync Server cmdlet. In fact, and for the most part, the Lync Server cmdlets work only on Lync Server-specific attributes. For example, suppose Ken Myer has gotten a promotion and needs to have his job title changed to Assistant to the Regional Manager. Can you use, say, the Set-CsUser cmdlet to change his job title? No. You're going to have to look elsewhere in order to change a non-Lync Server attribute.

Note. For example, this command mixes a little Lync Server PowerShell (the Get-CsAdUser cmdlet) and some generic Windows PowerShell in order to change Ken Myer's job title:

$userDN = (Get-CsAdUser "Ken Myer").DistinguishedName

$userAccount = [ADSI] "LDAP://$userDN"

$userAccount.Title = "Assistant to the Regional Manager"

$userAccount.SetInfo()

And yes, we know: you're a little disappointed, aren't you? But here's something that will brighten your day: when it comes to user accounts, Exchange PowerShell and Lync Server PowerShell speak the same language. Why do you care about that? Well, for one thing, that means you can use the New-Mailbox cmdlet to create both an Active Directory user account and a new Exchange mailbox and then – in the very same command – pipe that user object to Enable-CsUser and enable that user for Lync Server!

Hey, would we kid you about a thing like that?

New-Mailbox -UserPrincipalName "kenmyer@litwareinc.com" -Alias kenmyer -Database "Mailbox Database 1" -Name kenmyer -OrganizationalUnit "Redmond" –Password "ken395HJ2" -FirstName "Ken" -LastName "Myer -DisplayName "Ken Myer" -ResetPasswordOnNextLogon $True | Enable-CsUser -RegistrarPool pool0.litwareinc.com –SipAddressType SamAccountName
–SipDomain litwareinc.com

Give it a try and see what happens.

Oh, and yes, this also works with the Enable-Mailbox cmdlet. This command enables a user's Exchange mailbox and enables that user for Lync Server, all in one fell swoop:

Enable-Mailbox "Ken Myer" | Enable-CsUser -RegistrarPool pool0.litwareinc.com –SipAddressType SamAccountName –SipDomain litwareinc.com

Cool, huh?