Cleaning up Federation in Lync

I had a recent situation where I had to enable Federation for most of the company’s users because of an acquisition. It made perfect sense to enable Federation for them as they had the need to engage the newly acquired company’s staff on a very regular basis.

Now that the acquired company has been completely merged into the same Lync environment, it is time to clean up Federation. Actually, a month had passed before anyone realized that Federation should be cleaned up. I will take the blame for that. Smile

There are two steps to this process.

  • First, I needed to identify which users were still using Federation to collaborate with other companies. Then I took the list and vetted it to make sure that only those that needed Federation were still using it.
  • Second, I needed to remove Federation from all remaining users.

To meet the needs, I created a script to identify those that were still using Federation.

CLS

$SQLQuery = “Select

       S.User1Id,

       S.User2Id,

       S.IsUser1Internal,

       S.IsUser2Internal,

       U.UserUri ‘User1URI’,

       UU.UserUri ‘User2URI’,

       S.SessionIdTime

From SessionDetails S

Inner join Users U on S.User1Id = U.UserId

Inner join Users UU on S.User2Id = UU.UserId

WHERE S.IsUser1Internal = 0 OR S.IsUser2Internal = 0

Group by

       S.User1Id,

       S.User2Id,

       S.IsUser1Internal,

       S.IsUser2Internal,

       U.UserUri,

       UU.UserUri,

       S.SessionIdTime”

$connection = new-object system.data.sqlclient.sqlconnection

$Connection.connectionString=”Data Source=SQLServerName\InstanceName;Initial Catalog=LcsCDR;Integrated Security=SSPI”

$Connection.open()

$Command = $Connection.CreateCommand()

$Command.Commandtext = $SqlQuery

$DataAdapter = New-Object System.Data.SqlClient.SqlDataAdapter $Command

$Dataset = New-Object System.Data.Dataset

$DataAdapter.Fill($Dataset)

$Dataset.Tables[0] | Export-CSV FederationActivity.csv -notype

$connection.close()

$connection = $null

$File = Get-Content FederationActivity.csv

$Null | Out-File FederationActivity.csv

ForEach ($f in $File) {

                $f | Out-File FederationActivity.csv -append

}

$Results = Import-Csv FederationActivity.csv

ForEach ($r in $Results){

                $FU = Get-Content FederationUsers.txt

                $User1 = $r.User1URI

                $User2 = $r.User2URI

                If($User1 -imatch “DomainName.com”){

                                $Test = $FU -contains $User1

                                If($Test -eq $False){

                                                $User1 | Out-File FederationUsers.txt -Append

                                }

                }

                If($User2 -imatch “DomainName.com”){

                                $Test = $FU -contains $User2

                                # Write-Host $Test is the test value

                                If($Test -eq $False){

                                                $User2 | Out-File FederationUsers.txt -Append

                                }

                }

}

 

The first script creates a nice file of the users. You can run it multiple times, and it will just add the names to the existing file. The FederationUsers.txt file is used in the second script to test whether the person should have Federation removed.

CLS

$Users = Get-CsUser -resultsize unlimited

$FU = Get-Content FederationUsers.txt

$Null | Out-File FederationRemoval.txt

ForEach ($u in $Users){

               $u1 = $u.SamAccountName

                $u1 = $u1 + “@DomainName.com”

                $Test = $FU -contains $u1

                If($Test -eq $False){

                                $Test1 = $u.externalaccesspolicy.friendlyname

                                If ($Test1){

                                                Grant-CsExternalAccessPolicy $u1 -policyname $null

                                                $u1 | Out-File -append FederationRemoval.txt

                                }

                }

}

 

While others may not have the same needs, these scripts might help. Good luck.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

One Response to Cleaning up Federation in Lync

  1. Pingback: Weekly IT Newsletter – September 22-26, 2014 | Just a Lync Guy

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s