Thursday, March 02, 2006

Populating users in Office Communicator / LCS

OK - so now you've setup your Live Communications Server environment and login to Office Communicator 2005 or Windows Messenger just to see an empty list of users. Then the next questions come into mind - how do you populate users?

In Inceptio we initially used dsquery and some of the scripts that are part of the LCS 2005 SP1 Resource Kit.

First of I used dsquery to create a file with contacts (Check dsquery /? for further commands e.g. for traversing more OU's)

dsquery * "OU=Users,OU=Inceptio,DC=domain,DC=com" -attr msRTCSIP-PrimaryUserAddress -filter (msRTCSIP-UserEnabled=TRUE) > contacts.txt

Then I used the LCSAddcontacts.wsf script that will add contacts to a list of LCS users (The contacts.txt created earlier) - the script can be found in "%Programfiles%\Microsoft LC 2005\ResKit\WMI Samples" and information on the use can be found in LCSAddcontacts_readme.htm file

CScript LCSAddContacts.wsf /usersfile:contacts.txt /contactsfile:contacts.txt /contactsgroup:Inceptio

As you can se I use the same file twice for both the user and contact list, thereby adding all users to all users contacts list (Thanks to Ray Breen / Google for this trick).

Then I need to auto allow the users. This is (in my case) easily done by using LCSAddACEs.wsf (Also from the reskit)

CScript LCSAddACEs.wsf /usersfile:contacts.txt /acesfile:Acesfile.txt

I reuse the same contacts.txt file used earlier, but I now use also use an Acesfile.txt file containing the following text (Notice that Allow, Prompt, Block and Deny are case sensitive) -

domain inceptio.dk Allow Allow

As we are a small consulting company there is no problem in auto allowing all users to see each other, I recognize that this will not be useful in most larger companies (Certainly not in our customers), in these cases I would manipulate the contacts.txt file to create a new file looking like this -

user: sip:alice@inceptio.dk Allow Allow
user: sip:bob@inceptio.dk Allow Allow

etc.


I would not recommend using All Allow Allow as acesfile.txt input as it also gives All Other Contacts allow rights (Instead of notifying as usual), which probably isn't a desirable behavior for PIC or Federation contacts.

The above is just an example of how to use the sample scripts to populate users. It would be a good idea to join and refine the scripts into a single script taking e.g. OU or AD Group as input and then populating organization groups etc. with each other contacts.

Btw. the above scripts should be run from the LCS Home Server

55 comments:

Anonymous said...

This is a great blog. I used this exact setup to build our groups and keep them updated within our enterprise. The groups get created on a nightly basis and overwrite the existing structure.

The only issue I found was that if you only disable and not delete the user accounts from the LCS server the sip: address is still in the user’s AD properties and they would still get populated to the group. I would suggest adding “-filter (msRTCSIP-UserEnabled=TRUE)” (without the quotes)to the dsquery so you only get active accounts.

Thanks!

Dave!

Anonymous said...

where can I find more information on configuration files options for lcsenableconfigureusers.wsf script? Thanks for any help in advance.

Unknown said...

Hi Tommy,

Yes you can find documentation in LCSEnableConfigureUsers_readme.htm, it can be found in C:\Program Files\Microsoft LC 2005\ResKit\WMI Samples after you have installed the resource kit.

/Dennis

Anonymous said...

Could it be possible to ask for an example of how to use AD groups to administer lcs users and contacts? My firm hasn't got any usable structure defined in OU's :-(

Anonymous said...

Great Post.
I would like to see a more simple script that can query my AD group that contains all LCS users and then sets the domain.com allow allow for everyone in that group.

Anonymous said...

Great Post.
I would like to see a more simple script that can query my AD group that contains all LCS users and then sets the domain.com allow allow for everyone in that group.

Unknown said...

Are you thinking in terms of a separate Vbscript - or do you wan't to use the command line tools.

Anonymous said...

Command Line Tools would be great.

Anonymous said...

We want to automatically add contacts to users based on the group membership. Like, if A is a member of X group, then all the member of X group will be added to A's contact list. I run dsquery with "member of" filter, but it's not working. Is their any way to do that?

Unknown said...

Hi Anon,

It is certainly possible using dsquery but I would move to vbscript or PowerShell to do the filtering more efficiently.

With dsquery the filter would be -

- filter memberOf="distinguishedName of group"

Anonymous said...

Hi There

I have a silly question. I keep getting prompted when the user is successfully installed with a + and i have to keep pressing space bar to contiune.. is there anyway to take away the pause??

Unknown said...

Hi,

I'm not sure I understand the problem - could you explain further and perhaps grab some screenshots and send them to me directly by e-mail to dlt @ inceptio.dk (Please only the screenshots pr. e-mail, I prefer to keep the actual discussion here)

Anonymous said...

Hi There

Thankyou for responding. My problem is just that when i run the script in command prompt it doesnt automatically populate the whole directory itself, instead it tells me every step like adding contacts--add contact x, and i have to press space bar to contiune with the script import. So for 40 users i have to press contuie 40 times! I just want to run the script without interuption.

Is there any other way to run the *.wsf without user intervenion?

Thanks again

RS

Unknown said...

Aah - now I understand. You need to write e.g.

Cscripts LCSAddContacts.wsf /parametrs

to launch the command line version of Windows Script Host

I will correct the post ;-)

Anonymous said...

Arhh of course thanks Dennis for you help!!!

Anonymous said...

Arrhh thanks for pointing me in the right direction all working!!!

Unknown said...

No problem ;-)

BC said...

Hello,

I am hoping someone gets notified about comments. Anyway, I am having a problem with running the DS query mentioned in the first part of the article. I keep getting a message back that the server returned a referral. Does anyone know what that means exactly? I can't seem to find much about it in Google or Microsoft's site.

Thanks,

Bill

Unknown said...

Hi Bill,

Yes someone reads the comments - we actually love comments (It shows us that someone actually reads our blogs).

When you are receiving a referral from a domain controller it usually means that it doesn't hold the requested object or attribute. Check that the server you are querying is a Global Catalog Server or that it's a domain controller for the domain, you are requesting objects from.

BC said...

It is a domain controller, when I right click on a user however, there is no option to enable LCS for that user. I can only do that when I run ADUC from the LCS server. Do I need to install the LCS admin tools on the DC for those attributes to be exposed?

Unknown said...

Another subject I guess - hope you solved the first problem.

Yes - to use the display specifiers for LCS, you need to install the admin tools on the DC.

BC said...

Dennis,

No, my post was related to the same subject. My question should have said, Do you think if I install the LCS admin tools on my DC that the referral error will stop happening?

Unknown said...

Is there a way to use the /contactsGroup switch to copy contacts across multiple groups?

EG: we have several department breakdowns and offices that we would like to create groups for, but when using the group switch is pulls them out of the group they were in previously

Unknown said...

Thanks for the awesome reference. I've managed to build my contact lists, and this also works for those users that haven't had the communicator application installed yet which is great.

Do you know if there is a way to use the /contactsGroup switch to copy users across multiple groups?

EG: I'm in IT and also a branch office, and I need to be in both groups, but the switch defaults me to the last group that I'm included in

Anthony said...

What is the purpose of running LCSAddACEs?

I've used the AddContacts to populate the 50users with a contact group and the names of everyone. (That was a blessing. Thank you).


But what does LCSAddACEs do?

Anthony said...

Damn Google deleting my comment after selecting my username.

What is the purpose of LCSAddACEs?

thank you for the LCSAddContacts. I've added the 50users into a group for everyone to use. Aren't I done?

Anonymous said...

Thank you for putting this together, it has helped us tremendously in getting our contacts auto-populated.

One thing that has come up numerous times in other threads about this and within my company is the fact that when you run this, all contacts are reset back to the "All" group that you specify when you run the script. Well, I wanted to share one way that has fixed that for us. Basically I edited the LCSAddContacts.wsf script so that it would check to see if the contact existed on that users' contact list already, and if it does, do not re-add it. This was easy to do because if you're looking at the code you'll notice there's a DeleteContact function right below the AddContact function that includes a query and check to see if the user exists on the contact list before trying to delete it. I basically took that code and pasted into the AddContact function and wrapped the actual code that adds the contact in an If statement.

Its hard to make out but if you copy and paste this into a VBScript interpreter it should all make sense. Anyway, here's what it looks like:

Function AddContact(ByVal UserInstanceID, ByVal SIPURI, ByVal GroupID, ByVal Name, ByVal Subscribed)
Dim vReturn : vReturn = -1

Dim vGroupID : vGroupID = null
If Not IsNull(GroupID) And Not IsEmpty(GroupID) Then
Redim vGroupID(0)
vGroupID(0) = GroupID
End If

Dim oInstances
Dim oInstance
Dim oInstances_test
Dim oInstance_test
Dim usertest

usertest = 0

Set oInstances_test = GetObject("winmgmts:\\" & cComputer).ExecQuery("SELECT * FROM " & cWMIUserContactClass & " WHERE UserInstanceID = '" & UserInstanceID & "'")
If Not oInstances_test.Count < 1 Then
For Each oInstance_test In oInstances_test
If StrComp(SIPURI, oInstance_test.SIPURI,1) = 0 Then

usertest = 1
'Wscript.Echo "Found " & SIPURI & " against " & oInstance_test.SIPURI
End If
Next
End If

If usertest = 0 Then
Set oInstances = GetObject("winmgmts:\\" & cComputer).Get(cWMIUserContactClass)
Set oInstance = oInstances.SpawnInstance_

oInstance.UserInstanceID = UserInstanceID
oInstance.SIPURI = SIPURI
oInstance.GroupID = vGroupID
oInstance.Name = Name
oInstance.Subscribed = Subscribed

On Error Resume Next
oInstance.Put_ 0 'Put flag 0 for createOrUpdate

If Err.number = vbEmpty Then
Wscript.Echo "[+] Put successful for contact: " & Name & " (" & SIPURI & ")"
vReturn = 0
Else
Wscript.Echo "[-] Put failed for contact: " & Name & " (" & SIPURI & ") " & Err.number & ": " & err.description
vReturn = Err.number
End If
On Error Goto 0
Else
Wscript.Echo "[/] No put necessary for contact: " & Name & " (" & SIPURI & ")"
vReturn = 0
End If
AddContact = vReturn
End Function

Werner said...

I got this message

"sorry, your contact list is full"

or [Err] Invalid line in contacts.txt: 'sip:xxx.yyy@zzz.no'
[-] Put failed for contact: (sip:xxx.yyy@zzz.no) -1007200235:
[Err] Invalid line in contacts.txt: 'sip:xxx.yyy@zzz.no'

It seems like there is a limit at 150 contacts. Is that through ?

Unknown said...

Hi Werner,

Yes there is a limit set on the Global level. On Office Communications Server 2007 the default limit is 200 (Can't recall the LCS limit).

Banky said...

this blog really helped me in getting the hang of how to add users, as i am a newbie to OCS. the issue is i have over 5000 users in my domain, and i set my max contat limit per user to 1000 (which is the max allowed). what can i do, to enable a user within that domain to be able to search for another user . i got the put failed for contact error seriously most likely after the first 1000 users. any help please

Unknown said...

Hi bankole,

You are not supposed to add all contacts to each and every user to see their presence in OC.

Putting more than a 100 users in OC will affect performance significantly.

Banky said...

Thanks Dennis,performance was hampered but didnt even know it was that. the problem i have is getting the Address book service to work. every communicator client display "Cannot synchronise address book information", help on how to get this working

Unknown said...

Will this work with OCS 2007?

Unknown said...

This is great. thanks for putting this altogether.

I have done what you mentioned and it all works very well, but I am having one strange problem. Some of the users in my company already had contact lists that included other company employees. No problem when I run the scripts, it just adds them to the group I defined in the script. However, for several of the users it takes one of their contacts and adds it to the Other contacts group. This user will be in both the other and the defined group. If they attempt to remove the contact from the other group, it will "remove" the contact, but immediately it shows up again under other and if you try to remove it again, it gives an error stating, Cannot view presence information, Contact not found.

Any ideas would be appreciated. Thanks again.

Anonymous said...

This is by far the best "blog" about OCS 2007 that i have come across yet...With that said, i don't think i'm running the script right. When i type the command: CScript LCSAddContacts.wsf /userfile:contact.txt /contactsfile:contact.txt the prompt just gives me this: Usage: LCSAddContacts.wsf /usersfile:value /contactsfile:value [/contactsgroup:v
alue] [/delete]

Options:

usersfile : Input file with the sip addresses of users, distinguished names
of Active Directory containers containing users or both.

I get the impression its not running the script, what am i doing wrong?
Thanks

Per Østergaard said...

Hi. I'm not 100% sure but it seems that you are using the contact.txt file twice, so maybe it is that simple? But most likely, you have a spelling mistake in the arguments, as the script will emit the help text in those cases.

Unknown said...

I think it's the spelling error in

LCSAddContacts.wsf /userfile:contact.txt /contactsfile:contact ...

Should be /usersfile:...

The idea behind using contacts.txt twice is that all contacts have all other contacts added to eachother ;-)

Anonymous said...

Hi Dennis

What happens if you have an Apostrophe in your name. I'm having issues with an o'suvillan. Adding the user to a group is fine. But when the user needs his contact list populated it totally ignores him!

Does anyone have a solution? I tried add "\\" before the Apostrophe.

regards

Adrian

Anonymous said...

Does anyone have a way to delete a group from all users of our OCS Server? I just divided up all our users by department and now I have a dead group with our company name that used to all house all of the users that I'd like to get rid of.

Anonymous said...

Hi .... Just stumbled upon this awesome blog.... we have Office Communicator 2005 - right now I am enabling everyone manually is there an easier way to do this? Is there a script that can be used to enter in ID#'s or names - or populate a security group and then have it enabled from that Thank You!!!!!

Anonymous said...

Echoing what Clymans said above, we too have created a group and pushed all contacts to all the users via the script into this group. But now, we need to either delete or rename this group. Has anyone figured out a way to do that via the script?

Thanks in advance.

Anonymous said...

Great blog, best i have found for OCS07. I also would like to know how to delete a group from the contact list. Is this possible?

Unknown said...

certainly is. create a file called lcsusers.txt and add the list of users you want to remove the item from. Create a text file called lcscontact.txt and add the user you want to remove. Then run this script.

cscript lcsaddcontacts.wsf /usersFile:lcsusers.txt /contactsFile:lcscontacts.txt /delete

Unknown said...

I think he means the group name, along with the individuals... I don't know of a way to do this, unless you disable all OCS users then re-enable them.

Unknown said...

right, the group. :)

unfortunately this is not possible with this script. others have done so using T-SQL.

thanks suchnsuch for pointing that out.

Anonymous said...

Thanks for the reply guys, v4nilla you dont happen to have some reference's for me to do it via T-SQL?

Cheers

Anonymous said...

I'm having a problem importing federated contacts & groups. I have a script which gets the contacts and groups then runs the LCSAddcontacts.wsf script. If I dont run the LCSAddcontacts.wsf with the /delete parameter first, it wont work. Is there a way to import without having to delete the users in OCS if they already exist?

Anonymous said...

Great info.
I work at a small school district (k12). We have about 200 employees.
All have Exchange accounts (2003 Enterprise). Many belong to various Distribution Groups (i.e., High School Teachers, Primary School Teachers, Elem Sch. Teachers, All Teachers (nested with the 3 groups).We also have about 150 enabled LCS 2005 accounts. It would be nice if I could mirror the LCS contact groups from the Exchange Dist. Groups, since they are already logically grouped, according to our communications needs.So that all members of the Exchange Dist. List High School Teachers, for example, will also be in the Office Communicators
High School Teachers Contact list. Any way to automatically create this "mirrored" group (from AD maybe)?

Unknown said...

When using this script (thank you very much by the way), I get:

C:\Documents and Settings\dcunningham>dsquery * "OU=Employees,OU=Users,OU=ohc-re
s,DC=corp,DC=local" -attr msRTCSIP-PrimaryUserAddress -filter (msRTCSIP-UserEnab
led=TRUE) -limit 10000 > contacts.txt

C:\Documents and Settings\dcunningham>cscript "C:\program Files\Microsoft LC 200
5\Reskit\WMI Samples\lcsaddcontacts.wsf" /usersfile:contacts.txt /contactsfile:c
ontacts.txt /contactsGroup:OHC
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

@------------------------------------------------------------
@ Text file with Users: contacts.txt
@ Text file with Contacts: contacts.txt
@ Contact Group for Contacts: OHC
@------------------------------------------------------------

C:\program Files\Microsoft LC 2005\Reskit\WMI Samples\lcsaddcontacts.wsf(104, 4)
SWbemObjectSet: Invalid class



SWbenOjectSet: Invalid class?

Is this normal output?

Thanks,
Dave

Anonymous said...

I had the same problem because i was running it on a laptop, not on the OCS server (in my case). you need to run this on the server and it will update communicator with these users.

Unknown said...

I had the same problem (invalid class error) because i was running it from a laptop instead of the server (OCS server in my case). You need to run this script on the server, once it runs it will update communicator with all the contacts that the script picked up.

HeavyMetalMachine said...

We've been having problems with contacts disappearing from users contact lists recently.

I've been testing a fix by simply removing a user from LCS and readding them and then running the WSF's mentioned in this blog.

Now I see two of every user on a search.

What would cause this behavior?

Blue Hat said...

Hi everyone,

Between another post comments. The post that is about deleting contacts with LCSAddContatcs.wsf script. I've commented with question about "How to do an automatic removal of contact if user is removed from the group." I hope someone can put me in the right direction.Because the script adds contacts well, but don't removes them if the user is removed from the goroup.

p.s. Here is the link to that other post:
http://msgoodies.blogspot.com/2006/05/how-to-delete-contact-for-several.html

Have a nice day!
Nikolai

Anonymous said...

As to having an apostrophe in the users name, simply place a single backslash before the apostrophe. It worked for me

Unknown said...

You may use (OCSCM) Microsoft Office Communications Server Contact Manager.It's an administration mmc tool that will integrate with Microsoft Office Communication Server 2007 and Active Directory to provide an easy way to provision OCS users’ contacts list. OCSCM is designed to show you how to manage the contacts and groups for individual ocs users by interacting with the Active Directory Domain Services and Microsoft Office Communication Server 2007/R2 and lcs 2005.

download from http://www.ocscm.com