Topic Last Modified: 2010-07-18
When it comes time to assign policies, Microsoft Communications Server 2010 provides you with enormous flexibility: it’s very easy to assign a policy to an individual user, all the users in an OU, all the users in a department, and so on. What isn’t easy to do is to assign a policy to all the users in a specified Active Directory security group. There is no cmdlet or cmdlet parameter that enables you to do that.
But what if you need to assign a policy to all the users in an Active Directory security group? Fortunately that’s something than can be done using a Windows PowerShell script. To use the script, copy the code, paste it into a text editor such as Windows Notepad, and then save the file using a .ps1 file extension (for example, C:\Scripts\AssignPolicyToAGroup.Ps1). From within the Communications Server Management Shell you can then run the script by typing in the full path to the script file followed by the SamAccountName of the group whose members should be assigned the new policy:
 Copy Code |
|
|---|---|
C:\Scripts\AssignPolicyToAGroup.ps1 AccountingUsers |
|
This sample script assigns a client policy with the Identity NoPhotoPolicy to all the members of the specified security group:
| Copy Code |
|
|---|---|
$strFilter = "(&(objectCategory=Group)(SamAccountName=" + $args[0] +"))"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Subtree"
$colProplist = "member"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}
$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
{$objItem = $objResult.Properties; $group = $objItem.member}
foreach ($x in $group)
{
$user = [ADSI] "LDAP://$x"
$z = $user.displayName
$z = $z.ToString()
Grant-CsClientPolicy $z -PolicyName "NoPhotoPolicy"
}
|
|