HOWTO: Clear all AD Attributes from Former OCS/Lync Deployment

Imagine for a moment you have just deployed Office 365 in your environment using a cutover migration.  Everything is working well and you’ve now decided to grant access for your users to use Skype for Business.  (I so hate that name).

You find that some users are not appearing in the Skype For Business Users control panel.  You scratch your head and Google until you come across this excellent article:

http://blog.rickzeleznik.com/2014/07/29/issues-provisioning-lync-online-users-after-dirsync/

It basically tells you that at some point in the past, someone deployed either Office Communications Server or Lync server in your environment and the users that aren’t showing up have their msRTCSIP Active Directory attributes populated which is confusing Skype for Business.  The article goes on to show you how to clear the attributes.

Now imagine you test this process and it works and solves your problem.  But then you slink into your chair when you realize you may potentially have hundreds of users to update and each user has as many as 14 attributes each that need to be modified.

That’s the situation I found myself in.  If you’ve seen any other posts on this site, you already know how I solved this – PowerShell!

I figured I’d share my solution in the event anyone else is in this situation.  This is very rough code designed to solve the immediate problem and as a result I’d suggest that you have some comfort with PowerShell before attempting to use this code.

# Takes a list of AD user accounts and clears all of the legacy OCS attributes
# DMS; Active Directory; Attributes; Clear; OCS; Skype; Office 365

Function Get-AllOCSAttributes
{

    # Get a list of all attribute names from active Directory that belong to Office Communications Server / Lync
    $objuserclass=[adsi]”LDAP://schema/user”
    $AllAttributes = @()
    $AllAttributes += $objuserclass.mandatoryproperties
    $AllAttributes += $objuserclass.optionalproperties
    $OCSAttributes = $AllAttributes | where {$_ -match "msRTCSIP"}

    # Get a list of all Active Directory Users
    $AllUsers = Get-ADUser -Filter *

    # Create a custom object to store the attributes of all users, including the OCS attributes
    $Results = @()
    ForEach($User in $AllUsers)
    { 
        # Generate a list of all attributes for all users including all of the OCS attributes we found above
        $Temp = Get-ADUser $User -Properties $OCSAttributes | select *  
    
        # We need to create a custom object that ensures we get the OCS attributes included with every object row
        ForEach($Attr in $OCSAttributes)
            { $Temp | Add-Member -MemberType NoteProperty -Name $Attr -Value $Null -ErrorAction SilentlyContinue }
    
        $Results += $Temp

    }
    
    # Save the results to the clipboard
    $Results | convertto-csv -Delimiter "*" -NoTypeInformation | clip
}

Clear-AllOCSAttributes
{

# Add the users here you wish to clear the attributes for. Generate the $Users list however you'd like
$Users = @"
user1
user2
user3
"@ -split "`n" | % { $_.trim() }

    ForEach($User in $Users)
    {
        ForEach($Attr in $OCSAttributes)
            { Set-ADUser $User -clear $Attr -verbose }
    }
}

Update:

The second part of this fix involves disabling and re-enabling the Skype For Business License in Office 365. I was just going to do that part manually but that proved to take way too long. So here is the PowerShell way of resetting the Skype License for specified users:

$Users = @"
user1@domain.com
user2@domain.com
"@ -split "`n" | % { $_.trim() }

$AccountSkuName = "COMPANY:LICENSEPACK"
$PlanToDisable = "MCOSTANDARD" # Skype for Business

ForEach($User in $Users)
{
    # Create new object that includes the plan to disable and set the specified user to use the modified plan
    $LicenseOptions = New-MsolLicenseOptions -AccountSkuId $AccountSkuName -DisabledPlans $PlanToDisable
    Set-MsolUserLicense -UserPrincipalName $User –LicenseOptions $LicenseOptions -Verbose
    
    # Re-enable *ALL PLANS* (which is the default for me) including the plan we just disabled
    $LicenseOptions = New-MsolLicenseOptions -AccountSkuId $AccountSkuName
    Set-MsolUserLicense -UserPrincipalName $User –LicenseOptions $LicenseOptions -Verbose
}

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.