Sunday, January 7, 2018

SFB Bulk Set External Access Policy To Users With Specific Conferencing Policy

My Skype For Business environment is shared by our US and Europe divisions of the company, which means we have many different policies for each side. This also means, I need to set policies on clients based on Organizational Unit (OU) and sometimes by client policies themselves.

For instance, our US side has stricter regulations because of the type of business we do, so our Conferencing Polices don't allow as many options as the EU side.
But, for those users who are enabled for conferencing, I needed to allow them to connect uninhibited from and to the outside world.

So, I came up with a PowerShell cmdlet to grab all users in a specific OU, with a specific Conferencing Policy assigned, and set a External Access Policy on them, all in one shot.

First, we'll need see what External Access Policies we have, so we'll run:


Depending on how many you have, scroll down the list; I'm looking for this one:


**Note** Yours will be named differently, but I want the one which we created that allows public access, federation, and external access.

Now, we'll find the Conferencing Policies, by running:


I need this one here:


**Note** Again, yours will be named differently, but I want the policy that allows conferencing, but has recording turned off.

Now, we can get a list of all users in an OU, with the above Conferencing Policy, and we'll output that to a TXT file...just to make sure it grabs the correct users:

(Get-CsUser -Filter {ConferencingPolicy -eq "ConferencingClient_No_Recording"} -OU "OU=US,DC=users,DC=com") | select name, conferencingpolicy, ExternalAccessPolicy | out-file C:\Temp\confclient.txt

We have our list and checked it twice...

Now, we'll Grant the External Access Policy from our first cmdlet, on those users in our list:

(Get-CsUser -Filter {ConferencingPolicy -eq "ConferencingClient_No_Recording"} -OU "OU=US,DC=users,DC=com") | Grant-CsExternalAccessPolicy -PolicyName "Allow_Federation_Public_Outside_Access"

Give it a bit for replication (depending on the size of your environment it can take a bit) and we'll check our list again, by running:

(Get-CsUser -Filter {ConferencingPolicy -eq "ConferencingClient_No_Recording"} -OU "OU=US,DC=users,DC=com") | select name, conferencingpolicy, ExternalAccessPolicy | out-file C:\Temp\confclient_extaccess.txt

**Note** I've changed the TXT file name, in case we want to cross-reference with our original list.

This new list should now show that all those users in the US Organizational Unit who have the "ConferencingClient_No_Recording policy assigned", now have the "Allow_Federation_Public_Outside_Access" policy assigned as well.

Now, those users can schedule outside meetings and make those sales or whatever they need to do!

No comments:

Post a Comment