Tuesday, September 18, 2012

Auto Provision Lync 2010 Users Via LDAP

We have tools that automatically create Active Directory Users, Exchange mailbox, and Microsoft Lync 2010 accounts to simplify the hiring process.  I figured somebody might find this information useful, so in order to provision a user for Lync 2010 automatically I use a slightly altered version of this (in perl, using Net::LDAP):

use Net::LDAP;


$ldap = Net::LDAP->new("ldap://domain.local", debug =>0) or die("Could not connect to LDAP server.");
my $mesg = $ldap->bind('myUserDN',
password => 'myUserPassword')  or die("Could not bind to LDAP server.");

 $mesg = $ldap->search( # perform a search
base   => "dc=domain,dc=local",
filter => "(&(samAccountName=$username))"
  );

$mesg->code && die $mesg->error;

#there should only be one result in here anyway
foreach $entry ($mesg->entries) { 
$userdn = $entry->dn;
}



$rtn = $ldap->modify($userdn, replace => { "msrtcsip-userenabled" => "TRUE"});
$rtn = $ldap->modify($userdn, replace => { "msrtcsip-optionflags" => "449"});
$rtn = $ldap->modify($userdn, replace => { "msrtcsip-primaryhomeserver" => "CN=Lc Services,CN=Microsoft,CN=1:1,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=domain,DC=local"});
$rtn = $ldap->modify($userdn, replace => { "msrtcsip-primaryuseraddress" => "sip:$email"});
$rtn = $ldap->modify($userdn, replace => { "msrtcsip-line" => "tel:+$astextension;ext=$extension"});
$rtn = $ldap->modify($userdn, replace => { "msrtcsip-deploymentlocator" => "SRV:"});
$rtn = $ldap->modify($userdn, replace => { "msrtcsip-federationenabled" => "TRUE"});
$rtn = $ldap->modify($userdn, replace => { "msrtcsip-internetaccessenabled" => "TRUE"});
$rtn = $ldap->modify($userdn, replace => { "msrtcsip-userpolicies" => [("21=7", "0=1434923910")]});



You may find it best to provision a user the way you like, open the user in ADSI Edit to see all the parameters, and adjust this accordingly.  

That said, this should set you off in the right direction for how to fully provision a Lync user automatically.