Topic Last Modified: 2013-02-22
Modifies the Active Directory account of the specified user or users; this modification prevents users from using Lync Server clients such as Lync 2013. The Disable-CsUser cmdlet only restricts activity related to Lync Server; it does not disable or remove a user’s Active Directory account. This cmdlet was introduced in Lync Server 2010.
Syntax
Disable-CsUser -Identity <UserIdParameter>
[-Confirm [<SwitchParameter>]] [-DomainController
<Fqdn>] [-PassThru <SwitchParameter>] [-WhatIf
[<SwitchParameter>]]
|
Examples
EXAMPLE 1
Example 1 disables the Lync Server account for the user Ken Myer. In this example, the user's display name is used to indicate his Identity.
Copy Code | |
---|---|
Disable-CsUser -Identity "Ken Myer" |
EXAMPLE 2
In Example 2, all the users in the Finance department have their Lync Server accounts disabled. To carry out this task, the command first uses the Get-CsUser cmdlet and the LdapFilter parameter to return a collection of all the users who belong to the Finance department. That collection is then piped to the Disable-CsUser cmdlet, which disables each account in the collection.
Copy Code | |
---|---|
Get-CsUser -LdapFilter "Department=Finance" | Disable-CsUser |
EXAMPLE 3
In this example, all the user accounts not currently assigned to a Registrar pool are disabled. To do this, the Get-CsUser cmdlet is called, along with the UnassignedUser parameter. This parameter restricts the returned data to users who have valid user accounts but are not assigned to a Registrar pool. That collection is then piped to the Disable-CsUser cmdlet, which disables each account in the collection.
Copy Code | |
---|---|
Get-CsUser -UnassignedUser | Disable-CsUser |
Detailed Description
The Disable-CsUser cmdlet deletes all the attribute information related to Lync Server from an Active Directory user account; this prevents the user from logging on to Lync Server. When you run the Disable-CsUser cmdlet all the Lync Server-related attributes are removed from an account, including the Identities of any per-user policies that have been assigned to that account. You can later re-enable the account by using the Enable-CsUser cmdlet. However, all the Lync Server-related information (such as policy assignments) previously associated with that account will have to be re-created. If you want to prevent a user from logging on to Lync Server, but do not want to lose all of their account information, use the Set-CsUser cmdlet instead. For details, see the Set-CsUser cmdlet help topic.
After an account has been disabled with the Disable-CsUser cmdlet, the affected user will no longer be returned by the Get-CsUser cmdlet; that’s because that user no longer has a valid Lync Server account. To retrieve information for the disabled user account, use the Get-CsAdUser cmdlet.
In addition, user data belonging to the deleted user account will be removed from the backend databases; for example, the user will be removed from Contacts lists in the organization, and any conferences scheduled by that user will be deleted.
Who can run this cmdlet: By default, members of the following groups are authorized to run the Disable-CsUser cmdlet locally: RTCUniversalUserAdmins. To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt:
Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Disable-CsUser"}
Parameters
Parameter | Required | Type | Description |
---|---|---|---|
Identity |
Required |
Microsoft.Rtc.Management.AD.UserIdParameter |
Indicates the Identity of the user account to be disabled. User Identities can be specified by using one of four formats: 1) the user's SIP address; 2) the user's user principal name (UPN); 3) the user's domain name and logon name, in the form domain\logon (for example, litwareinc\kenmyer); and, 4) the user's Active Directory display name (for example, Ken Myer). You can also reference a user account by using the Active Directory distinguished name. You can use the asterisk (*) wildcard character when using the Display Name as the user Identity. For example, the Identity "* Smith" returns all the users who have a display name that ends with the string value " Smith". |
Confirm |
Optional |
System.Management.Automation.SwitchParameter |
Prompts you for confirmation before executing the command. |
DomainController |
Optional |
Microsoft.Rtc.Management.Deploy.Fqdn |
Enables you to connect to the specified domain controller in order to disable a user account. To connect to a particular domain controller, include the DomainController parameter followed by the computer name (for example, atl-cs-001) or its fully qualified domain name (FQDN) (for example, atl-cs-001.litwareinc.com). |
PassThru |
Optional |
System.Management.Automation.SwitchParameter |
Enables you to pass a user object through the pipeline that represents the user account being disabled. By default, the Disable-CsUser cmdlet does not pass objects through the pipeline. |
WhatIf |
Optional |
System.Management.Automation.SwitchParameter |
Describes what would happen if you executed the command without actually executing the command. |
Input Types
String or Microsoft.Rtc.Management.ADConnect.Schema.ADUser object. The Disable-CsUser cmdlet accepts a pipelined string value representing the Identity of a user account that has been enabled for Lync Server. The cmdlet also accepts pipelined instances of the Active Directory user object.
Return Types
The Disable-CsUser cmdlet does not return a value or object. Instead, the cmdlet configures instances of the Microsoft.Rtc.Management.ADConnect.Schema.ADUser object.