[This is pre-release documentation and subject to change in future releases. This topic's current status is: Milestone-Ready]

Topic Last Modified: 2010-07-18

At the present time, Microsoft Communications Server 2010 does not provide a way for you to identify all the Role-Based Access Control (RBAC) roles held by a given user. However, the following Windows PowerShell script can return that information for you. To use the script, copy the code, paste it into a text editor such as Windows Notepad, and then save the file using a .ps1 file extension (for example, C:\Scripts\RbacRoles.Ps1). From within the Communications Server Management Shell you can then run the script by typing in the full path to the script file followed by the Identity of the user whose RBAC roles should be enumerated:

Copy Code
C:\Scripts\RbacRoles.ps1 "Ken Myer"

In this example, "Ken Myer" represents the Active Directory display name for the user in question. Alternatively you could use the user’s SIP address or UserPrincipal, or specify the identity by using his or her domain name and logon name (for example, litwareinc\kenmyer).

Copy Code
$x = (Get-CsAdUser $args[0]).DistinguishedName
$y = "LDAP://" + $x
$z = [adsi] $y

$groups = $z.memberOf
$groupNames = @()

$roles = (Get-CsAdminRole | Select-Object Identity)
$roleNames = $()

foreach ($b in $roles)
	{$roleNames += ($b.Identity + "`n")}

foreach ($b in $groups)
	{$name = $b.Split(",")
	 $groupName = $name[0]
	 $groupName = $groupName -replace("CN=","")
	 $groupNames += $groupName}

foreach ($b in $groupNames)
	{foreach ($c in $roleNames) 
		{if ($c -match $b) {$b}}}