Get-CsExternalAccessPolicy
Topic Last Modified: 2012-03-23
Returns information about the external access policies that have been configured for use in your organization. External access policies determine whether or not your users can: 1) communicate with users who have Session Initiation Protocol (SIP) accounts with a federated organization; 2) communicate with users who have SIP accounts with a public instant messaging (IM) provider such as Windows Live; and, 3) access Microsoft Lync Server 2010 over the Internet, without having to log on to your internal network.
Syntax
Get-CsExternalAccessPolicy [-Identity <XdsIdentity>] [-LocalStore <SwitchParameter>]
Get-CsExternalAccessPolicy [-Filter <String>] [-LocalStore <SwitchParameter>]
Detailed Description
When you install Lync Server 2010 your users are only allowed to exchange instant messages and presence information among themselves: by default, they can only communicate with other people who have SIP accounts in your Active Directory Domain Services (AD DS). In addition, users are not allowed to access Lync Server 2010 over the Internet; instead, they must be logged on to your internal network before they will be able to log on to Lync Server.
That might be sufficient to meet your communication needs. If it doesn’t meet your needs, you can use external access policies to extend the ability of your users to communicate and collaborate. External access policies can grant (or revoke) the ability of your users to do any or all of the following:
1. Communicate with people who have SIP accounts with a federated organization. Note that enabling federation alone will not provide users with this capability. Instead, you must enable federation and then assign users an external access policy that gives them the right to communicate with federated users.
2. Communicate with people who have SIP accounts with a public instant messaging service such as Windows Live.
3. Access Lync Server 2010 over the Internet, without having to first log on to your internal network. This enables your users to use Microsoft Lync 2010 and log on to Lync Server 2010 from an Internet café or other remote location.
The Get-CsExternalAccessPolicy cmdlet provides a way for you to return information about all of the external access policies that have been configured for use in your organization.
Who can run this cmdlet: By default, members of the following groups are authorized to run the Get-CsExternalAccessPolicy cmdlet locally: RTCUniversalUserAdmins, RTCUniversalServerAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt:
Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Get-CsExternalAccessPolicy"}
Parameters
Parameter | Required | Type | Description |
---|---|---|---|
Identity |
Optional |
XdsIdentity |
Unique Identity assigned to the policy when it was created. External access policies can be assigned at the global, site, or per-user scope. To refer to the global instance use this syntax: -Identity global. To refer to a policy at the site scope, use this syntax: -Identity site:Redmond. To refer to a policy at the per-user scope, use syntax similar to this: -Identity RedmondPolicy. Note that wildcard characters such as the asterisk (*) cannot be used with the Identity parameter. To do a wildcard search for policies, use the Filter parameter instead. If neither the Identity nor Filter parameters are specified, then Get-CsExternalAccessPolicy will bring back a collection of all the external access policies configured for use in the organization. |
Filter |
Optional |
String |
Enables you to do a wildcard search for external access policies. For example, to find all the policies configured at the site scope, use this Filter: site:*. To find the per-user policies Seattle, Seville, and Saskatoon (all of which start with the letter "S") use this Filter: "S*". Note that the Filter parameter can only be applied to the policy Identity. |
LocalStore |
Optional |
Switch Parameter |
Retrieves the external access policy data from the local replica of the Central Management store rather than from the Central Management store itself. |
Input Types
None. Get-CsExternalAccessPolicy does not accept pipelined input.
Return Types
Returns instances of the Microsoft.Rtc.Management.WritableConfig.Policy.ExternalAccess.ExternalAccessPolicy object.
Example
-------------------------- Example 1 ------------------------
Get-CsExternalAccessPolicy
The preceding command returns a collection of all the external access policies configured for use in your organization. Calling Get-CsExternalAccessPolicy without any additional parameters always returns the complete collection of external access policies.
-------------------------- Example 2 ------------------------
Get-CsExternalAccessPolicy -Identity site:Redmond
Example 2 uses the Identity parameter to return the external access policy that has the Identity site:Redmond. Because access policy Identities must be unique, this command will never return more than one item.
-------------------------- Example 3 ------------------------
Get-CsExternalAccessPolicy -Filter tag:*
The command shown in Example 3 uses the Filter parameter to return all of the external access policies that have been configured at the per-user scope; the parameter value "tag:*" limits returned data to those policies that have an Identity that begins with the string value "tag:". By definition, any policy that has an Identity beginning with "tag:" is a policy that has been configured at the per-user scope.
-------------------------- Example 4 ------------------------
Get-CsExternalAccessPolicy | Where-Object {$_.EnableFederationAccess -eq $True}
In Example 4, the Get-CsExternalAccessPolicy and the Where-Object cmdlets are used to return all the external access policies that grant users federation access. To do this, Get-CsExternalAccessPolicy is first used to return a collection of all the external access policies currently in use in the organization. This collection is then piped to Where-Object, which selects only those policies where the EnableFederationAccess property is equal to True.
-------------------------- Example 5 ------------------------
Get-CsExternalAccessPolicy | Where-Object {$_.EnableFederationAccess -eq $True -and $_.EnablePublicCloudAccess -eq $True}
The command shown in Example 5 returns the external access policies that meet two criteria: both federation access and public cloud access are allowed. In order to perform this task, the command first uses Get-CsExternalAccessPolicy to return a collection of all the access policies in use in the organization. That collection is then piped to Where-Object, which picks out only those policies that meet two criteria: the EnableFederationAccess property must be equal to True and the EnablePublicCloudAccess property must also be equal to True. Only policies in which both EnableFederationAccess and EnablePublicCloudAccess are True will be returned and displayed on the screen.
To return a list of policies where either EnableFederationAccess or EnablePublicCloudAccess are True use the –or operator:
Where-Object {$_.EnableFederationAccess -eq $True -or $_.EnablePublicCloudAccess -eq $True}
See Also
Other Resources
Grant-CsExternalAccessPolicy
New-CsExternalAccessPolicy
Remove-CsExternalAccessPolicy
Set-CsExternalAccessPolicy