Managing Lync Server 2013 with Windows PowerShell—Part 4

Doctor Scripto

Summary: Have a rollback plan for disabling a user in Lync.

Hey, Scripting Guy! Question Hey, Scripting Guy! Before I shut down all of these Lync accounts on our environment, my boss would like to see what my rollback plan is. Other than restoring from backup, is there a quicker “undo” I can leverage by using Windows PowerShell?


Hey, Scripting Guy! Answer Hello again LN!

Honorary Scripting Guy, Sean Kearney, is here to show you how Windows PowerShell can give you a rollback in Lync (well sort of)!

     Note This is the fourth part in a series. You might also enjoy reading:

One of the interesting things I had to deal with on my last job was implementing a rollback plan—as many IT professionals do. It didn’t matter if we are touching an attribute, powering down a dead Hyper-V box, or rolling out a new cluster. We have to plan for when things go bad.

In the case of disabling users in Lync, you are dealing with a system that isn’t just a simple chat window (although it does get used for that a lot too). You’re dealing with collaboration, front-facing client meetings, and telephony.

Interfering with any of these could find a job change from working in IT to suddenly and permanently working with the co-op students. Due to our last session, apparently the co-op students don’t even have Lync, so it would be a pretty boring job.

So before we do anything that might cause problems, we want a rollback plan—something other than, “I’m going to restore the SQL Server database for Lync.” To me, that sounds a little closer to “disaster recovery” than rollback.

We can get a lot of this information by using the Get-CSUser cmdlet and storing it away as an XML file.

If you run Get-CSUser on Mr. Arthur Dent, we can visually see most of his settings:

GET-CSUser –identity ‘Arthur Dent’

Image of command output

If we were to export this information as an XML file, we could access it later, even if the original object was no longer in Lync:

GET-CSUser –identity ‘Arthur Dent’ | EXPORT-CliXml HavingAVeryBadDay.xml

So if we captured Mr. Dent’s information and then oh-so-casually deleted him from Lync like this:

DISABLE-CSUser –identity ‘Arthur Dent’

…we could immediately re-create him in Lync with this captured information:

$CSUser=IMPORT-CLIXML HavingAVeryBadDay.xml

The Windows PowerShell object $CSUser will now have the equivalent to a photocopy of Mr. Dent’s informaiont before we scrubbed him from Lync existence.  With this information, we can rebuild Mr. Dent better, faster, and stronger than before…the 6-million dollar towel man!

First we identify the properties that we need to start. In our case, we only need to trap for the very details we used to create the user initially:

  • Identity
  • RegistrarPool

We don’t actually have to trap for the SIP address type because we already have the full SIP address. We can grab that from the $CSUser object we just imported:




Now to recreate the user we can just re-run the ENABLE-CSuser Cmdlet in this format

ENABLE-CSUser –identity $Identity –RegistrarPool $RegistrarPool –SIPAddress $SIPAddress

Are we done? Of course not.

This simply creates a new Lync user who can sign in. We have to add some additional things to trap for. In our environment, which is quite simple, we only need to trap if the user’s Lync address was previously disabled:

SET-CSUser –identity $Identity –Enabled $CSuser.enabled

To prevent a disaster, we could capture all of the data before removing the users. In the case of our poor, hapless, Lyncless co-op students, we would have previously run this:

Get-Aduser –filter * -searchbase ‘CN=CoopStudents,CN=Staff,DC=Contoso,DC=Local’ | Foreach { GET-CSUser –identity $_.Name } | EXPORT-CLIXML Rollback.xml

Then as part of our rollback, we could do an Import-CLIXML like this:

$Rollbackinfo=IMPORT-CLIXML Rollback.xml

Then step through the information and re-enable the users with their previous status:

$Rollbackinfo | Foreach {





ENABLE-CSUser –identity $Identity –RegistrarPool $RegistrarPool –SIPAddress $SIPAddress

SET-CSUser –identity $Identity –Enabled $CSuser.enabled


In a larger environment (for example, one with Telephony enabled and different features controlled per user), you would write your rollback script to parse through this object on a more detailed level. But the process is almost identical!

Pop back in tomorrow and we’ll finish up some basic management tasks. Then on the weekend, we’ll discuss how to automate a little of the backup of this environment!

I invite you to follow The Scripting Guys on Twitter and Facebook. If you have any questions, send an email to The Scripting Guys at, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then remember to eat your cmdlets each and every day with a dash of creativity.

Sean Kearney, Windows PowerShell MVP and Honorary Scripting Guy


Discussion is closed.

Feedback usabilla icon