[This is preliminary documentation and is subject to change. Blank topics are included as placeholders.]

Returns information about the external access policies that have been configured for use in your organization. External access policies determine whether or not your users can: 1) communicate with users who have SIP accounts with a federated organization; 2) communicate with users who have SIP accounts with a public instant messaging provider such as Windows Live; and, 3) access Microsoft Communications Server 2010 over the Internet, without having to log on to your internal network.

Syntax

Get-CsExternalAccessPolicy [-Identity <XdsIdentity>] [-LocalStore <SwitchParameter>]
Get-CsExternalAccessPolicy [-Filter <String>] [-LocalStore <SwitchParameter>]

Parameters

Parameter Required Type Description

Identity

Optional

XdsIdentity

Indicates the unique Identity assigned to the policy when it was created. External access policies can be assigned at the global, site, or per-user scope. To refer to the global instance use this syntax: -Identity global. To refer to a policy at the site scope use this syntax: -Identity site:Redmond. To refer to a policy at the per-user scope, use syntax similar to this: -Identity RedmondPolicy.

Note that wildcard characters such as the asterisk (*) cannot be used with the -Identity parameter. To do a wildcard search for policies, use the -Filter parameter instead.

If neither the -Identity or -Filter parameters are specified then Get-CsExternalAccessPolicy will bring back a collection of all the external access policies configured for use in the organization.

Filter

Optional

String

Enables you to do a wildcard search for external access policies. For example, to find all the policies configured at the site scope use this Filter: site:*. To find the site policies Seattle, Seville, and Saskatoon (all of which start with the letter "S") use this Filter: site:S*. Note that the -Filter parameter can only be applied to the policy Identity.

LocalStore

Optional

Switch Parameter

Detailed Description

When you install Communications Server 2010 your users are only allowed to exchange instant messages and presence information among themselves: by default, they can only communicate with other people who have SIP accounts in your Active Directory. In addition, users are not allowed to access Communications Server 2010 over the Internet; instead, they must be logged on to your internal network before they will be able to log on to Communications Server 2010.

That might be sufficient to meet your communication needs. If it doesn’t meet your needs you can use external access policies to extend the ability of your users to communicate and collaborate. External access policies can grant (or revoke) the ability of your users to do any or all of the following:

Communicate with people who have SIP accounts with a federated organization. Note that enabling federation alone will not provide users with this capability. Instead, you must enable federation and then assign users an external access policy that gives them the right to communicate with federated users.

Communicate with people who have SIP accounts with a public instant messaging service such as AOL or Yahoo!.

Access Communications Server 2010 over the Internet, without having to first log on to your internal network. This enables your users to use Microsoft Communicator "14" and log on to Communications Server 2010 from an Internet café or other remote location.

The Get-CsExternalAccessPolicy cmdlet provides a way for you to return information about all of the external access policies that have been configured for use in your organization.

Return Types

Returns instances of the Microsoft.Rtc.Management.WriteableConfig.Policy.ExternalAccess.ExternalAccessPolicy object.

Examples

-------------------------- Example 1 ------------------------

Copy Code
Get-CsExternalAccessPolicy

The preceding command returns a collection of all the external access policies configured for use in your organization. Calling Get-CsExternalAccessPolicy without any additional parameters always returns the complete collection of external access policies.

-------------------------- Example 2 ------------------------

Copy Code
Get-CsExternalAccessPolicy -Identity site:Redmond

Example 2 uses the -Identity parameter to return the external access policy that has the Identity site:Redmond. Because access policy Identities must be unique, this command will never return more than one item.

-------------------------- Example 3 ------------------------

Copy Code
Get-CsExternalAccessPolicy -Filter tag:*

The command shown in Example 3 uses the -Filter parameter to return all of the external access policies that have been configured at the per-user scope. The parameter value "tag:*" limits returned data to those policies that have an Identity that begins with the string value "tag:". By definition, any policy that has an Identity beginning with "tag:" is a policy that has been configured at the per-user scope. (Note that you don’t need the specify tag: prefix when using the Identity parameter to retrieve a single policy. However, this prefix is automatically attached to all per-user policies and can thus be used to filter for per-user policies.)

-------------------------- Example 4 ------------------------

Copy Code
Get-CsExternalAccessPolicy | Where-Object {$_.EnableFederationAcess -eq $True}

In Example 4, the Get-CsExternalAccessPolicy and the Where-Object cmdlets are used to return all of the external access policies that grant users federation access. To do this, Get-CsExternalAccessPolicy is first used to return a collection of all the external access policies currently in use in the organization. This collection is then piped to Where-Object, which selects only those policies where the EnableFederationAccess property is equal to (-eq) True ($True).

-------------------------- Example 5 ------------------------

Copy Code
Get-CsExternalAccessPolicy | Where-Object {$_.EnableFederationAcess -eq $True -and $_.EnablePublicCloudAccess -eq $True} 

The command shown in Example 5 returns the external access policies that meet two criteria: both federation access and public cloud access must be allowed. In order to perform this task, the command first uses Get-CsExternalAccessPolicy to return a collection of all the access policies in use in the organization. That collection is then piped to Where-Object, which picks out only those policies that meet two criteria: the EnableFederationAccess property must be equal to (-eq) True ($True) and the EnablePublicCloudAccess property must also be equal to True. Only policies in which both EnableFederationAccess and EnablePublicCloudAccess are True will be returned and displayed onscreen.