Compartir a través de


Changing the behaviour of the Lync Online client using Group Policies & Powershell

I came across this set of documents whilst looking into a customer's case where they needed to restrict certain aspects of their user base.

Microsoft Lync 2010 Client Group Policy Documentation

Its a package which contains the group policy .adm for Lync 2010 as well as a spreadsheet describing the available values.  Its a handy thing to have around if you want to restrict the Lync online client.

Powershell, it can be a scary road for some.  But it is pretty simple once you realise whats what.  The O365 powershell cmdlets are more geared to Exchange, but they can be a great aid for an administrator.  Here is a list of all the cmdlets for Office 365.

Connecting is pretty easy, just have a read here for more information on it.  But I will give you a summary here, all assuming a Windows 7 machine:

Great, now all you need to do is to create a user credential, and then connect to the MSOnline service.

On the powershell prompt type (assuming we have imported the correct module!):

$adminuser ="theadministrativeuseraccount@thedomain.onmicrosoft.com"

Now type:

$admincred = Get-Credential -Credential $adminuser

This will fire up a dialog box in which you should type the password of the admin account.  We are just creating a credential object which will will use throughout the session.

Now we have to connect to the MSOnline service, to do this type:

Connect-MsolService -Credential $admincred

Now we have to connect to the exchange online powershell URL.

 $msolPSURL = “https://ps.outlook.com/powershell/”

 $PowerShellSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $msolPSURL -Credential $admincred -Authentication Basic -AllowRedirection

Great, we now have a session object established.  All we need to do is import it into our powershell session.

Import-PSSession $session

And that's that!  We have an active powershell session connected to our MSOnline tenant.  Have a look through the available cmdlets and then perform what you need to perform.

I'll go through a specific example.  A customer recently wanted to change the UPN's of his users.  Specifically he wanted to change the domain name associated with them.  I'll come to the solution that I gave them soon, but for the moment lets have a look at the suggestion I gave which used powershell.

The cmdlet for this particular change is set-Msoluserprinciplename.  Its pretty simple, on this occasion I just needed to pass on the user principle name of the target user then specify the new user principle name. 

So: set-Msoluserprincipalname -UserPrincipalName user@olddomain.com -NewUserPrincipalName user@newdomain.com

We had now a method to rename someones UPN.  The customer however had 50+ users, and executing this would take some time.  So I came up with this script, which was cobbled together from previous powershell scripts:

 Get-MsolUser | Where { -Not $_.UserPrincipalName.ToLower().StartsWith(“admin@”) } | ForEach { Set-MsolUserPrincipalName -ObjectId $_.ObjectId -NewUserPrincipalName ($_.UserPrincipalName.Split(“@”)[0] + “@contoso.com”) }

In the end, I re-checked the GUI that is the Microsoft Online Portal, and particularly the Lync Online Control Portal.  We can actually just place a tick next to each user we want to edit and then click edit.  The customer could then change the domain name from the dropdown supplied to bulk change a bunch of users.

So the lesson here is to keep it simple stupid.  Check what tools there are already in place and use them.