Tuesday, November 9, 2010

Using PHP + LDAP to Configure Office Communications Server Users

We have automated the vast majority of the processes in our company, and having our users automatically updated saves a lot of time and missed updates.  Because this is more of a telephony blog I'm mostly covering how this relates to configuring users for Microsoft Office Communications Server, but I use this same code to update user titles, managers, locations and quite a few other settings.

First, you need PHP and LDAP set up and working.  If you do, the steps I've come up with are very simple and straightforward to follow.  If not, i'd recommend you get it installed and loaded up.  There is a good tutorial available here for the basics of what i'm doing.

Microsoft Office Communications Server 2007 R2 Settings:
  1. First I set up a user with the options I wanted using the Office Communications Server User management tools. 
    1.  For Asterisk integration you want to enable Enterprise Voice (but not PBX Integration). 
    2. Set the Line URI to tel:+ and an extension.  Mine is 2593 in OCS.  
    3. You may notice I have ext=1593 added.  This is to add support for the new teleconferencing added to OCS R2; if I dial in to an OCS R2 conference from my desk phone the call will come from 1593, and OCS will know (by looking at ext=) that I am Andrew Parisio. This bypasses the need to authenticate myself from my own phone.
  2. The finished product:
  3. Now to see what this looks like in LDAP I opened adsiedit, navigated to my users properties, and found the settings that pertain to OCS, this is what I found:
  4. Now we've found the settings, using this document you can find what optionflags value you want, or you can set the flags on a user and see what it ends up as in adsiedit, either way works.  In order to get the telephony settings set up like they are above, you need to set OptionFlags to 448.  If you set it to 449 you will enable Public IM Connectivity on the Other Options tab.
  5. Please note that you need to get the msRTCSIP-PrimaryHomeServer value, and use it in place of mine.  
  6. These are the settings I ended up with that are necessary for OCS & Telephony to work (and how I set them in my PHP script):
    1. $datam['msrtcsip-userenabled'] = "TRUE";
    2. $datam['msrtcsip-optionflags'] = "449";
    3. $datam['msrtcsip-primaryhomeserver'] = "CN=LC Services,CN=Microsoft,CN=ocs,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=mydomain,DC=com";
    4. $datam['msrtcsip-primaryuseraddress'] = "sip:andrewp@mydomain.com";
    5. $datam['msrtcsip-line'] = "tel:+2593;ext=1593";
  7. If you have a user you would like to configure for OCS but aren't worried about the Telephony integration you can use these settings instead:
    1. $datam['msrtcsip-userenabled'] = "TRUE";
    2. $datam['msrtcsip-optionflags'] = "321";
    3. $datam['msrtcsip-primaryhomeserver'] = "CN=LC Services,CN=Microsoft,CN=ocs,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=mydomain,DC=com";
    4. $datam['msrtcsip-primaryuseraddress'] = "sip:andrewp@mydomain.com";
  8. Once you have the settings, you need to get them in to a script that will allow you to run them easily.  I've stripped down the script I use in my office to just the OCS settings I've talked about above.  If you would like to use this as a base for updating all of the information about users in your company I have some examples at the bottom of my sample code for how to set some other information.

Generic LDAP Entry information and source code is available here:
The example source for what I use is available here, please note that I've renamed it to .inc because my server would parse it if it were named .php


  1. Your link for your source example is dead, any way you could remedy that? :D

    1. Doh, unfortunately I don't have it anymore