locked
LCSEnableConfigureUsers.wsf RRS feed

  • Question

  • I'm trying to enable a whole bunch of users for OCS 2007 at once. I would like to enable users that are part of a certain group. Not an antire OU. In the reskit I found LCSEnableConfigureUsers.wsf for this. However when I run the tool I get the following error:

     

    Please check file with users - make sure SIP address is valid

    User cannot be SIP enabled with a valid Primary URI

     

     

    I'm confused here. Is it not the whole point of enabling users for OCS that they get a SIP address as well? What am I missing here.

     

    We run OCS 2007 in a Win2k3 environment with exchange 2003

     

    Kind Regards,

    Cyriel

    Wednesday, July 23, 2008 2:33 PM

All replies

  • Cyriel,

     

    I think the issue might be with the entries in your usersFile. Could you share your usersFile is possible?

     

     

    Wednesday, July 23, 2008 11:48 PM
  • Your user file should look something like this:

     

    sip:joe.bloggs@voicelab.org.uk

    sipBig Smileave.banthorpe@voicelab.org.uk

     

    -Dave

    Thursday, July 24, 2008 9:47 AM
  • I've blogged don another way to do this in which you can easily specify the exact scope of accounts: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=29

    Tuesday, July 29, 2008 2:53 AM
    Moderator
  • Indeed there was a mistake in the usersfile. So now I'm able to enable users in a specific OU. The next step is that I want to enable people in a specific group. It gives me the same error as before. Below the entry in my users file:

     

    DN:CN=mygroup,OU=OU1, OU=OU2, DC=Mydomain, DC=com

     

    Any suggestions are welcome.

     

    The blogpost is actually also very helpfull.

     

    Cyriel

    Monday, August 4, 2008 8:09 AM
  • What did the userfile look like?  I'm trying to input a list of individual users (not all users in an OU) and need to figure out how to do it.  The user's e-mail address will be their SIP addres.
    Thursday, February 19, 2009 8:05 PM
  • I have the same problem. My usersfile.txt looks exactly like the 2 entries below. Hopefully you can help.

    DN:CN=Users,DC=meb,DC=org##(cn=*)
    GROUP:CN=Domain Users,CN=Users,DC=meb,DC=org

    I'm not really sure why I need both lines but, these lines by themselves aren't working either? I would ultimately like to periodically run this script to ensure all users in the "Domain Users" group are enabled.

    Monday, March 30, 2009 9:37 PM
  • If you've published the user's e-mail address in AD and are planning on having the SIP address = the e-mail address, in the Usersfile, have everything start with "email:" and then use their e-mail addresses.  I was able to do this in our lab and everything works perfectly.
    • Edited by Sick Freak Thursday, April 9, 2009 3:49 PM
    Thursday, April 2, 2009 11:36 PM
  • This works great! What about if I wanted to enable many users at a time? Can I do it by group? Say enable everyone in the "Domain Users" group?
    Wednesday, April 8, 2009 5:23 PM
  • Actually, it works great if the user has been enabled before. When trying to enable a user for the first time, I get the following error: “User cannot be enabled for OCS as one of the required properties (UserDN or HomeServerDN/PoolName) is missing”. My users.txt file looks like this:

                email:davegee@meb.org

     

    My output file looks like this:

    Microsoft (R) Windows Script Host Version 5.6

    Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

     

    @------------------------------------------------------------

    @ Text file with Users:              users.txt

    @ Text file with User Configration:  globalconfig.txt

    @------------------------------------------------------------

     

     

    @------------------------------------------------------------

    @ Configuring user sip:davegee@meb.org

    @------------------------------------------------------------

    User sip:davegee@meb.org

    Since user has NOT been previously SIP enabled, creating...

    [-]   User cannot be enabled for OCS as one of the required properties (UserDN or HomeServerDN/PoolName) is missing

    Thursday, April 9, 2009 4:26 PM
  • Multiple questions, multiple answers... :)

    • Can you enable many users at one time?  Yes
      • If you want to be specific about each and every user - not every user in an OU - in the Usersfile, just add an individual "email:user@domain.com" entry for each person on separate lines.
      • If you want to do it by an OU, or multiple OUs, just put a "dn:OU=OCSUsers,OU=OurUsers,DC=department,DC=company,DC=com" entry per OU - this will enable every person in that OU.
    • Can you do enable users by group?
      • If you're talking about an OU, see above.
      • If you're talking about a security group, according to the docs, you do it very similar to above: "dn:CN=OCSUserGroup,CN=Users,DC=department,DC=company,DC=com" - I have tried this, but not been able to get it to work.
    • Can you enable everyone in the domain?
      • To my knowledge, it can't be done at a domain level (it's always failed for me in the lab,) but you can do an ADUC search for all users - select all, right-click and run the the enable / configure wizards.
    Thursday, April 9, 2009 4:29 PM
  • Unfortunately, despite all the great information above I am still having issues using lcsenableconfigureuser.wsf trying to enable just ONE user.

    For my user file I've tried:
    email:username@domain.com

    which returns "User cannot be enabled for OCS as one of the required properties (UserDN or HomeServerDN/PoolName) is missing"

    Next I tried:
    DN:CN=username,OU=Users,OU=Acme,DC=US,DC=East,DC=domain,DC=com

    which returns "Please check file with users - make sure SIP address is valid.  User cannot be SIP enabled with a valid Primary URI"

    Then I tried:
    DN:OU=Users,OU=Acme,DC=US,,DC=East,DC=domain,DC=com##(SamAccountName=username)
    which returns the same error as the second above.

    My config file is:
    Enabled:==true
    PoolName:==pool01.us.east.domain.com
    EnabledForFederation:==false
    EnabledForInternetAccess:==false
    PublicNetworkEnabled:==false
    RemoteCallControlTelephonyEnabled:==false
    ArchiveInternalCommunications:==false
    ArchiveFederatedCommunications:==false
    AllowOrganizeMeetingWithAnonymousParticipants:==false
    MeetingPolicy:==Policy 5 (Low)
    EnabledForEnhancedPresence:==false
    IPPBXSoftPhoneRoutingEnabled:==false
    UCEnabled:==false

    I've not worked with wmi scripts before so any help is greatly appreciated.

    Thanks!
    J

    Thursday, April 16, 2009 2:53 PM
  • In my lab, where my account has all privileges, the script runs absolutely perfectly - I can enable/configure any number of users using the script.

    Unfortunately, in production where my account doesn't have all the same privileges, I run into the exact same problem and just haven't taken the time to resolve it yet.  Now, if a user is already enabled, the script does go through and configure the users without a problem, but if the user isn't configured, then I get the “User cannot be enabled for OCS as one of the required properties (UserDN or HomeServerDN/PoolName) is missing” message as well.  I have not yet gone to the Enterprise Admins to see if they can run the script yet, but my hypothesis is that it's a permissions issue.

    Tuesday, April 21, 2009 3:52 PM
  • I'm having the exact same problem. I don't think it's a permissions issue though because I'm using a domain admin account that has all privileges (the same account I used to do the schema, forest, domian prep and the actual OCS server app install) with no issues. There's gotta be a better way to auto enable new user accounts? Maybe there is in R2?
    Thursday, April 30, 2009 4:33 PM
  • We didn't get it working and I was using a domain admin account as well.  We decided to go with a custom script (I'll post it once they're finished with it) but you might take a look at Jeff Schertz's solution posted above.  

    Alternative:  I understand powershell is a good way to enable batches of users, although I haven't used it myself.  Here is a post I found on using powershell.

    http://www.powergui.org/thread.jspa?messageID=14068&tstart=0

    Friday, May 1, 2009 1:49 PM
  • Jeff Schertz's solution is probably great but, it's way over my head. I'm not familiar with powershell either but, I would appreciate you posting the solution that you end up using.

    thx
    Tuesday, May 5, 2009 6:25 PM