What to do if users are enabled for LCS?

I just had a Lync installation where it turned out that about 5 years ago they had tried installing LCS 2005 in AD, an installation that had failed and the servers had been taken down without being disabled.

The users that had been enabled that time was therefore still enabled for LCS in AD, and first of all did not appear when trying to search for them in the “enable users” UI. Searching for them with “Legacy users” filter on showed them, but failed when trying to move them with the “Move users” script in BigFin. It is also not supported to move LCS enabled users to Lync. Disabling them in BigFin will also not work. The error message will say something about users not enabled for rich presence, which was added in 2007 R2.

What will work though is the cmdlet Disable-CsUser. Run the cmdlet on the affected users, and then enable them as a normal non-enabled user again after that. I guess that old buddy lists and settings from LCS will be removed by this as well, so it is not a recommended migration path though. In my case this was not important.

Script – New-CiscoTelepresenceIntegration.ps1

Script to enable routes from Lync to VCS Control: —- Edit: After the VCS X7 release, the integration is done a bit differently. I’ll try to get an update to the script out in the near future.

######################################################################################################################################################################################
# New-CiscoTelepresenceIntegration.ps1
#
# Adds config in Lync 2010 for integration with Cisco Telepresence (Tandberg)
#
# Can optionally write logs to file or screen using -verbose and/or -logFile inputs
#
# eg.
# Clean Lync installation
# .New-CiscoTelepresenceIntegration.ps1 -vcscfqdn vcsc011.contoso.com -lsfepool lspool01.contoso.com -CTPSipDomain video.contoso.com -logFile "c:logfile.txt"
#
# Coexisting with OCS 2007 R2
# .New-CiscoTelepresenceIntegration.ps1 -coexistence $true -r2pool r2pool01.contoso.com -lsfepool lspool01.contoso.com -CTPSipDomain video.contoso.com -logFile "c:logfile.txt"
#
# Migration from OCS 2007 R2 to Lync
# .New-CiscoTelepresenceIntegration.ps1 -hascoexisted $true -vcscfqdn vcsc011.contoso.com -lsfepool lspool01.contoso.com -CTPSipDomain video.contoso.com -logFile "c:logfile.txt"
#
# Important:
# This will delete any existing static routes created ! Do not run the script with hascoexisted = $true if you have added manual routes other than OCS/Lync/CTP integration
#
# Written by Tom-Inge Larsen (<a href="http://www.codesalot.com">www.codesalot.com</a>), Peder Saether and Trond Egil Gjelsvik-Bakke
# Based on config made by Marjus Sirvinsks (marjuss.wordpress.cm)
#
#######################################################################################################################################################################################
param($logFile,$coexistence=$false,$hascoexisted,$CTPSipDomain,$lsfepool,$r2pool,$vcscfqdn)</pre>
if ($logFile -ne $null) {
$a = "Steps made to enable integration with Cisco Telepresence: `n"
Out-File -FilePath $logfile -InputObject $a
}

if ($lsfepool -eq $null) {
$lsfepool = Read-Host "Please enter Lync Front End pool FQDN."
}

if ($CTPSipDomain -eq $null) {
$CTPSipDomain = Read-Host "Please enter the SIP domain in the Cisco Telepresence environment."
}

if ($coexistence -eq $false) {
#Change encryption level if SRTP option is not available for VCS
$mediaconfiguration = get-csmediaconfiguration
$requireencryption = ($mediaconfiguration.EncryptionLevel -eq "RequireEncryption")
if ($requireencryption) {
write-warning "This will set the media encryption level to Support Encryption. Are you sure you want to do this? (y/n)"
$confirmation = Read-Host

} else {
$confirmation = 'y'
}
switch ($confirmation) {
'y' {
set-CsMediaConfiguration -EncryptionLevel supportencryption

$registrarid = "service:registrar:"+$lsfepool
$trustedappregistrar = "Registrar:"+$lsfepool

if ($hascoexisted -eq $true) {
Remove-CsStaticRoutingConfiguration -Identity $registrarid
}

if ($vcscfqdn -eq $null) {
$vcscfqdn = Read-Host "Please enter the FQDN for the VCS Control"
}

#Establish trust
$applicationpooladded = $true
New-CsTrustedApplicationPool -Identity $vcscfqdn -Registrar $trustedappregistrar -site 1 -RequiresReplication $false -ThrottleAsServer $true -TreatAsAuthenticated $true -force

New-CsTrustedApplication -ApplicationID "CiscoTelepresenceDirectSIP" -TrustedApplicationPoolFqdn $vcscfqdn -Port 5061

#Create static routes if needed

if ($hascoexisted -eq $true) {
New-CsRegistrarConfiguration -Identity $registrarid
}

New-CsStaticRoutingConfiguration -identity $registrarid

$route = New-CsStaticRoute -TLSRoute -destination $vcscfqdn -port 5061 -matchuri $CTPSipDomain -usedefaultcertificate $true

Set-CsStaticRoutingConfiguration -identity $registrarid -route @{Add=$route}

Enable-CsTopology
}
'n' {
Write-Warning "No change was made to the topology. Media Encryption Level must be set to Support Encryption"
if ($logFile -ne $null) {
$a = "No change has been made. `n"
Out-File -FilePath $logfile -InputObject $a -Append
}
}
}
}

else {

# If we coexist with R2, we might want to route all traffic via R2 FE, to possibly avoid
# compromising security with deployments using TCP or if Lync is only intended as a
# pilot.

if ($r2pool -eq $null) {
$r2pool = Read-Host "Please enter OCS 2007 R2 Front End pool FQDN."
}

$registrarid = "service:registrar:"+$lsfepool

New-CsRegistrarConfiguration -Identity $registrarid
New-CsStaticRoutingConfiguration -identity $registrarid

$route = New-CsStaticRoute -TLSRoute -destination $r2pool -port 5061 -matchuri $CTPSipDomain -usedefaultcertificate $true
Set-CsStaticRoutingConfiguration -identity $registrarid -route @{Add=$route}

Enable-CsTopology
}

if ($logFile -ne $null) {

$a = "Route added: `n"
Out-File -FilePath $logfile -InputObject $a -Append
Get-CsStaticRoutingConfiguration $registrarid | Select-Object -ExpandProperty Route | Where-Object {$_.MatchUri -eq $CTPSipDomain} | Out-File -FilePath $logfile -Append
if ($applicationpooladded -eq $true){
$a = "`nTrusted Application Pool added:`n"
Out-File -FilePath $logfile -InputObject $a -Append
Get-CsTrustedApplicationPool $vcscfqdn | Out-File $logfile -append
}
$a = "`nRegistrar added:`n"
Out-File -FilePath $logfile -InputObject $a -Append
Get-CsStaticRoutingConfiguration $registrarid | Out-File $logFile -append

if ($confirmation -eq 'y') {
$a = "`nMedia encryption level was already set to or was set to Support Encryption.`n"
Out-File -FilePath $logfile -InputObject $a -Append
}

Write-Host "Logfile: " $logFile "is written."
}