Enables an administrator to lock the PIN authentication number for the specified user. PIN authentication provides a way for users to access Microsoft Communications Server 2010 using a telephone that does not have an alphanumeric keyboard and thus cannot be used to enter the user name and password. If a user's PIN has been locked then he or she cannot use that number to access the system until the PIN has been unlocked.
Syntax
Lock-CsClientPin -Identity <UserIdParameter> [-Confirm [<SwitchParameter>]] [-Force <SwitchParameter>] [-WhatIf [<SwitchParameter>]] |
Parameters
| Parameter | Required | Type | Description |
|---|---|---|---|
|
Identity |
Required |
UserIdParameter |
Indicates the Identity of the user account whose PIN number should be locked. User Identities can be specified using one of four formats: 1) the user's SIP address; 2) the user's Universal Principal Name; 3) the user's domain name and logon name, in the form domain\logon (e.g., litwareinc\kenmyer); and, 4_ the user's Active Directory display name (for example, Ken Myer). Note that the SamAccountName cannot be used as an identity; that's because SamAccountNames are not necessarily unique in a forest. In addition, you can use the asterisk (*) wildcard character when using the Display Name as the user Identity. For example, the Identity "* Smith" returns all the users who have a display name that ends with the string value " Smith". |
|
Force |
Optional |
Switch Parameter |
Suppresses the display of any non-fatal error message that might arise when running the command. |
|
WhatIf |
Optional |
Switch Parameter |
Describes what would happen if you executed the command without actually executing the command. |
|
Confirm |
Optional |
Switch Parameter |
Prompts you for confirmation before executing the command. |
Detailed Description
Communications Server 2010 enables users to connect to the system, or to join PSTN (Public Switched Telephone Network) conferences via telephone. Typically, logging on to the system or joining a conference requires the user to enter a user name or password; unfortunately, entering a user name and password can be a problem if you are using a phone that does not have an alphanumeric keypad. Because of that, Communications Server enables you to supply users with numeric-only PIN numbers; when prompted, users can then log on to the system or join a conference by entering the PIN number instead of a user name and password.
As a security measure, Communications Server enables you to "lock" a user's PIN number. When a PIN is locked, the user will no longer be able to use that PIN to access the system or join a conference. (However, that user will still be able to access the system and join conferences by using an application such as Communicator and by supplying a user name and password.) After a PIN has been locked the only way to restore the PIN (and the user's access privileges) is for an administrator to unlock the PIN number. This can be done by using the Unlock-CsClientPin cmdlet.
Lock-CsClientPin enables administrators to temporarily disable the ability of a user to access the system using PIN authentication. Note that PINs can also be locked by the system: if a user repeatedly fails to logon to the system their PIN number will automatically be locked and, again, will require unlocking by an administrator. See Set-CsPinPolicy and the -MaximumLogonAttempts parameter for more information.
Return Types
Lock-CsClientPin does not return a value or object. Instead, the cmdlet configures one or more instances of the Microsoft.Rtc.Management.UserPinService.PinInfoDetails object.
Examples
-------------------------- Example 1 ------------------------
 Copy Code |
|
|---|---|
Lock-CsClientPin -Identity "kenmyer@litwareinc.com" |
|
In Example 1, Lock-CsClientPin is used to lock the PIN number belonging to the user kenmyer@litwareinc.com.
-------------------------- Example 2 ------------------------
| Copy Code |
|
|---|---|
Get-CsUser | Get-CsClientPinInfo | Where-Object {$_.IsPinSet -eq $True} | Lock-CsClientPin
|
|
The preceding command uses Lock-CsClientPin to lock the PIN numbers for all users who currently have a PIN assigned to them. This is done by using Get-CsUser to return a collection of all the users who have been enabled for Communications Server. That collection is piped to Get-CsClientPinInfo, which is used, in conjunction with the Where-Object cmdlet, to return a collection of users where the IsPinSet property is equal to (-eq) True ($True). That means that the command returns only those users who currently have a PIN number. That filtered collection is then piped to Lock-CsClientPin, which locks the PIN number for each user in the collection.
-------------------------- Example 3 ------------------------
| Copy Code |
|
|---|---|
Get-CsUser | Get-CsClientPinInfo | Where-Object {$_.PinExpirationTime -lt (Get-Date)} | Lock-CsClientPin
|
|
In Example 3, Lock-CsClientPin is used to lock the PIN numbers for all the users whose PIN numbers have expired. To carry out this task, Get-CsUser is first called in order to return a collection of all the users who have been enabled for Communications Server. This collection is then piped to Get-CsClientPinInfo, which is used, in conjunction with the Where-Object cmdlet, to limit the collection to users whose PIN numbers have expired. To determine which users have expired PIN numbers, Where-Objects checks for accounts where the PinExpirationTime property (which indicates the date that the PIN number expires) is less than (-lt) the current date. (The current date is retrieved using the Get-Date cmdlet.) If the expiration date (for example, September 1, 2010) is less than the current date (for example, September 2, 2010) that means that the PIN has expired. From there, Lock-CsClientPin is then used to lock each of these expired PIN numbers.