Topic Last Modified: 2013-02-22

Determines whether or not a user can log on to Lync Server by using a certificate downloaded from the certificate provisioning service. This cmdlet was introduced in Lync Server 2013. It replaces the Test-CSClientAuth cmdlet used in Lync Server 2010.

Syntax

Test-CsClientAuthentication -UserCredential <PSCredential> -UserSipAddress <String> [-Force <SwitchParameter>] [-LiveIdAuthentication <SwitchParameter>] [-OutLoggerVariable <String>] [-OutVerboseVariable <String>] [-RegistrarPort <Int32>] [-TargetFqdn <String>] [-TargetUri <String>]

Examples

EXAMPLE 1

The commands shown in Example 1 test the ability of the user litwareinc\kenmyer to log on to the Registrar pool atl-cs-001.litwareinc.com by using a client certificate. To carry out this task, the first command in the example uses the Get-Credential cmdlet to create credential object for the user in question. The resulting credential object (which requires you to enter the password for the user) is stored in a variable named $cred1.

The second command then calls the Test-CsClientAuthentication cmdlet, specifying the FQDN of the Registrar pool (TargetFqdn), the user’s SIP address (UserSipAddress) and the credential object created in the initial command (UserCredential).

Copy Code
$cred1 = Get-Credential "litwareinc\kenmyer"

Test-CsClientAuthentication -TargetFqdn atl-cs-001.litwareinc.com -UserSipAddress "sip:kenmyer@litwareinc.com" -UserCredential $cred1

Detailed Description

Client certificates provide an alternate way for users to be authenticated by Lync Server. In order to determine whether or not a user can log on to the system by using a client certificate, you can run the Test-CsClientAuthentication cmdlet. When you run the Test-CsClientAuthentication cmdlet you must specify the Registrar pool and SIP address of the user account being tested; you must also be able to supply the user’s logon name and password. After calling the Test-CsClientAuthentication cmdlet, the cmdlet will contact the certificate provisioning service and download a copy of any client certificates for the specified user. If a client certificate can be found and downloaded, the Test-CsClientAuthentication cmdlet will then attempt to log on using that certificate. If logon succeeds, the Test-CsClientAuthentication cmdlet will log off and report that the test succeeded.

If a certificate cannot be found or downloaded, or if the cmdlet is unable to logon using that certificate, then the Test-CsClientAuthentication cmdlet will report that the test failed.

Who can run this cmdlet: To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Test-CsClientAuthentication"}

Parameters

Parameter Required Type Description

UserCredential

Required

System.Management.Automation.PSCredential

User credential object for the user account to be used in the test. The value passed to UserCredential should be an object reference obtained by using the Get-Credential cmdlet. For example, this code returns a credentials object for the user litwareinc\kenmyer and stores that object in a variable named $x:

$x = Get-Credential "litwareinc\kenmyer"

You need to supply the user password when running this command.

UserSipAddress

Required

System.String

SIP address of the user to be used in the test. For example: -UserSipAddress sip:kenmyer@litwareinc.com.

Force

Optional

System.Management.Automation.SwitchParameter

Suppresses the display of any non-fatal error message that might occur when running the command.

LiveIdAuthentication

Optional

System.Management.Automation.SwitchParameter

Verifies the ability of the test user to log on using their OrgId (Business LiveId) credentials.

OutLoggerVariable

Optional

System.String

When present, detailed output from running the cmdlet will be stored in the specified variable. This variable includes a pair of methods – ToHTML and ToXML – that can then be used to save that output to either an HTML or an XML file.

To store output in a logger variable named $TestOutput use the following syntax:

-OutLoggerVariable TestOutput

Note: Do not use prepend a $ character when specifying the variable name.To save the information stored in the logger variable to an HTML file, use a command similar to this:

$TestOutput.ToHTML() > C:\Logs\TestOutput.html

To save the information stored in the logger variable to an XML file, use a command similar to this:

$TestOutput.ToXML() > C:\Logs\TestOutput.xml

OutVerboseVariable

Optional

System.String

When present, detailed output from running the cmdlet will be stored in the specified variable. For example, to store output in a variable named $TestOutput use the following syntax:

-OutVerboseVariable TestOutput

Do not prepend a $ character when specifying the variable name.

RegistrarPort

Optional

System.Int32

SIP port used by the Registrar service. This parameter is not required if the Registrar uses the default port 5061.

TargetFqdn

Optional

System.String

Fully qualified domain name (FQDN) of the Registrar pool where client authentication is to be tested. For example: -TargetFqdn "atl-cs-001.litwareinc.com".

TargetUri

Optional

System.String

URL of the certificate provisioning service. If this parameter is not included then the Test-CsClientAuthentication cmdlet will use the certificate provisioning service configured for the Registrar pool.

Input Types

None.

Return Types

The Test-CsClientAuthentication cmdlet returns an instance of the Microsoft.Rtc.SyntheticTransactions.TaskOutput object.

See Also