HOWTO: Clear all AD Attributes from Former OCS/Lync Deployment

Imagine for a moment you have just deployed Office 365 in your environment using a cutover migration.  Everything is working well and you’ve now decided to grant access for your users to use Skype for Business.  (I so hate that name).

You find that some users are not appearing in the Skype For Business Users control panel.  You scratch your head and Google until you come across this excellent article:

http://blog.rickzeleznik.com/2014/07/29/issues-provisioning-lync-online-users-after-dirsync/

It basically tells you that at some point in the past, someone deployed either Office Communications Server or Lync server in your environment and the users that aren’t showing up have their msRTCSIP Active Directory attributes populated which is confusing Skype for Business.  The article goes on to show you how to clear the attributes.

Now imagine you test this process and it works and solves your problem.  But then you slink into your chair when you realize you may potentially have hundreds of users to update and each user has as many as 14 attributes each that need to be modified.

That’s the situation I found myself in.  If you’ve seen any other posts on this site, you already know how I solved this – PowerShell!

I figured I’d share my solution in the event anyone else is in this situation.  This is very rough code designed to solve the immediate problem and as a result I’d suggest that you have some comfort with PowerShell before attempting to use this code.

# Takes a list of AD user accounts and clears all of the legacy OCS attributes
# DMS; Active Directory; Attributes; Clear; OCS; Skype; Office 365

Function Get-AllOCSAttributes
{

    # Get a list of all attribute names from active Directory that belong to Office Communications Server / Lync
    $objuserclass=[adsi]”LDAP://schema/user”
    $AllAttributes = @()
    $AllAttributes += $objuserclass.mandatoryproperties
    $AllAttributes += $objuserclass.optionalproperties
    $OCSAttributes = $AllAttributes | where {$_ -match "msRTCSIP"}

    # Get a list of all Active Directory Users
    $AllUsers = Get-ADUser -Filter *

    # Create a custom object to store the attributes of all users, including the OCS attributes
    $Results = @()
    ForEach($User in $AllUsers)
    { 
        # Generate a list of all attributes for all users including all of the OCS attributes we found above
        $Temp = Get-ADUser $User -Properties $OCSAttributes | select *  
    
        # We need to create a custom object that ensures we get the OCS attributes included with every object row
        ForEach($Attr in $OCSAttributes)
            { $Temp | Add-Member -MemberType NoteProperty -Name $Attr -Value $Null -ErrorAction SilentlyContinue }
    
        $Results += $Temp

    }
    
    # Save the results to the clipboard
    $Results | convertto-csv -Delimiter "*" -NoTypeInformation | clip
}

Clear-AllOCSAttributes
{

# Add the users here you wish to clear the attributes for. Generate the $Users list however you'd like
$Users = @"
user1
user2
user3
"@ -split "`n" | % { $_.trim() }

    ForEach($User in $Users)
    {
        ForEach($Attr in $OCSAttributes)
            { Set-ADUser $User -clear $Attr -verbose }
    }
}

Update:

The second part of this fix involves disabling and re-enabling the Skype For Business License in Office 365. I was just going to do that part manually but that proved to take way too long. So here is the PowerShell way of resetting the Skype License for specified users:

$Users = @"
user1@domain.com
user2@domain.com
"@ -split "`n" | % { $_.trim() }

$AccountSkuName = "COMPANY:LICENSEPACK"
$PlanToDisable = "MCOSTANDARD" # Skype for Business

ForEach($User in $Users)
{
    # Create new object that includes the plan to disable and set the specified user to use the modified plan
    $LicenseOptions = New-MsolLicenseOptions -AccountSkuId $AccountSkuName -DisabledPlans $PlanToDisable
    Set-MsolUserLicense -UserPrincipalName $User –LicenseOptions $LicenseOptions -Verbose
    
    # Re-enable *ALL PLANS* (which is the default for me) including the plan we just disabled
    $LicenseOptions = New-MsolLicenseOptions -AccountSkuId $AccountSkuName
    Set-MsolUserLicense -UserPrincipalName $User –LicenseOptions $LicenseOptions -Verbose
}

6 comments

Skip to comment form

    • Gabril on September 13, 2016 at 4:33 pm
    • Reply

    Thank you very much. This helped me from waiting hours with support.

    1. I’m glad to hear you were able to skip the misery I went through trying to figure that out! 🙂

    • Boris Ganchev on January 30, 2017 at 3:42 pm
    • Reply

    Maybe I’m missing something obvious but I get:
    Clear-AllOCSAttributes : The term ‘Clear-AllOCSAttributes’ is not recognized as the name of a cmdlet, function, script
    file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
    and try again.

    I can confirm that my $users list is generated correctly. Maybe I need to declare the function Clear-AllOCSAttributes somehow?

    1. That’s correct, you need to load the Clear-AllOCSAttributes function into memory first. I’m assuming you’ve replaced the $Users code with something that gets you the list of users you want. Here is how I recommend running this:

      1) Open the PowerShell ISE with an Administrator account on a machine where the Remote Server Administration Tools (RSAT) are installed
      2) Copy and paste the script in the post into the ISE
      3) Replace the $Users variable section with code that generates the desired list of users
      4) In the Set-ADUser comlet, add a parameter called -whatif (ie “Set-ADUser $User -clear $Attr -verbose -whatif”). This way you can safely test the command without making changes
      5) Run the code by pressing F5 in the PowerShell ISE
      6) Monitor the output. If only the desired users are impacted, remove the -whatif and try it again.

        • Admin Andy on June 6, 2017 at 6:53 pm
        • Reply

        You’re not defining “Clear-AllOCSAttributes” as a function in your script (at least how it’s posted to the site, your version might run fine)… you just have the line “Clear-AllOCSAttributes” and not “function Clear-AllOCSAttributes”. You also don’t imply that someone needs to call whichever function in order to use it… it’s not bad for experienced users, but you’ll likely lose a beginner.

    • NG on August 23, 2022 at 8:15 am
    • Reply

    A shorter version
    (backup your data first)

    $objuserclass=[adsi]”LDAP://schema/user”
    $AllAttributes = @()
    $AllAttributes += $objuserclass.mandatoryproperties
    $AllAttributes += $objuserclass.optionalproperties
    $OCSAttributes = $AllAttributes | where {$_ -match “msRTCSIP”}

    $Users =Get-ADUser -Filter * -SearchBase “______fill your ou DN here______”

    ForEach($User in $Users)
    {
    ForEach($Attr in $OCSAttributes)
    { Set-ADUser $User -clear $Attr -verbose}
    }

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.