[This is pre-release documentation and subject to change in future releases. This topic's current status is: Milestone-Ready]

Topic Last Modified: 2010-07-18

Although Microsoft Communications Server 2010 provides a way for you to list all the Role-Based Access Control (RBAC) currently in use in your organization, the software does not currently provide a way for you to list the users who hold those roles. The following sample script will return the Active Directory distinguished name for each user who holds the specified RBAC role. To use the script, copy the code, paste it into a text editor such as Windows Notepad, and then save the file using a .ps1 file extension (for example, C:\Scripts\RbacRoleUsers.Ps1). From within the Communications Server Management Shell you can then run the script by typing in the full path to the script file followed by the Identity of the RBAC role of interest:

Copy Code
C:\Scripts\RbacRoleUsers.ps1 CsRoleAdministrator

This script will work both with the built-in RBAC roles created when you install Communications Server as well as with any custom RBAC roles you create yourself.

Copy Code
$strFilter = "(&(objectCategory=Group)(SamAccountName=" + $args[0] +"))"

$objDomain = New-Object System.DirectoryServices.DirectoryEntry

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Subtree"

$colProplist = "member"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}

$colResults = $objSearcher.FindAll()

foreach ($objResult in $colResults)
	{$objItem = $objResult.Properties; $objItem.member}