Skype for Business Top Tip – Making Life Easy with(out) ADSI Edit

Have you ever been in that situation where you need to make a change to an AD attribute of a Lync / Skype for Business contact object, or RGS object, or any object other than a standard user? Consider the scenario where you want to hide Application Contacts from the user’s address book. These contacts may be Response Groups, or Trusted Application Endpoints. If you read the massively useful blog posts that guide you through how to do this then you’ll quickly realise you have to immerse yourself in ADSI Edit.

One of the biggest problems with ADSIEdit is that although it is incredibly powerful, it is also incredibly unfriendly to admins. Look at your Application Contacts object for instance and you’ll see a massive list of object guids and you will think “how the <expleative of your choice> am I supposed to find the object I need to edit in this list!”.

image

Trust me! You try and find 3 objects in this list and you will use every word in your urban dictionary too!

BUT, there is a way you can easily do what you need without spending 24 hours right clicking on each object, selecting properties and viewing it’s Display Name or proxyAddresses or whatever attribute, thankfully. Que the fanfare…

In my situation, I wanted to hide 3 trusted application endpoints from the Skype Address Book. So first you need to know what attribute you are trying to edit. In my case this was the msExchHideFromAddressLists attribute. The second of course is the Distinguished Name of each of the trusted application endpoints I wanted to edit.

To get the second part, have you ever noticed the output from a Get-Cs<User,TrustedApplicationEndpoint,RgsWorkflow… etc etc.> command? It’s IDENTITY is the AD Object’s Distinguished Name

Example:

Get-CsTrustedApplicationEndpoint | Where {$_.DisplayName -eq “SD EMEA”}

image

So great now I have both elements I need to make my change.

So I have a choice, go into ADSI Edit and try and find this DN (good luck with that), or use PowerShell foo to make my change. I think i’ll choose the latter…

First we need to use the Active Directory PowerShell Module, so the following command will import this for you if you have it installed on your server. If you are running this on a Skype for Business FE, then it will be there!

Import-Module ActiveDirectory

Now, let’s get the DN into a variable we can use to make some changes with

$object = Get-CsTrustedApplicationEndpoint | Where {$_.DisplayName -eq “SD EMEA”} | Select Identity

Ok, so we have our DN in a variable, now we use AD PowerShell commandlet to apply the change

Set-ADObject -Identity $object.Identity -Replace @{msExchHideFromAddressLists = ’TRUE’}

And voilla! the change is made!

You can take this further if you want to edit multiple objects by using a loop, for example:

$objects = Get-CsTrustedApplicationEndpoint | Where {$_.DisplayName -like “SD *”} | Select Identity
ForEach ($object in $objects){
Set-ADObject -Identity $object.Identity -Replace @{msExchHideFromAddressLists = ’TRUE’}
}

Obviously, you can replace the msExchHideFromAddressLists attribute with the name of your specific attribute you want to edit. The -Replace parameter is good for a True / False attribute property change. If you want to add a value to a multiple choice attribute then use the -Add parameter instead.

So there you go, a Skype for Business Top Tip to save your eyes, time and stress!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s