In some versions of Exchange, some cmdlets such as Test-OutlookWebServices can generate a 401 error when run from the Exchange server itself. Microsoft released a KB article (896861) that details disabling via the reqistry the loopback check. Other applications such as Lync, SharePoint, or  Symantec’s Enterprise Vault sometimes require this change as well to resolve issues. While it’s pretty easy to just create the registry entry in regedit (see the aforementioned KB article), if you’re putting together server-build scripts, or just like to use PowerShell to do the work, this method might be easier.

This little tidbit is broken down into two parts. The first part looks to see if the registry key exists, and if so, if it’s not set to the correct value (1). If it meets this criteria, we set the dword’s value to 1. The second part of the script determines if the dword exists at all, and if not, creates it and sets it to 1. If we make it all the way through, we know the dword exists and has the right value.

if ((Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Control\Lsa -name DisableLoopbackCheck -ErrorAction SilentlyContinue) -and (((Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Control\Lsa -name DisableLoopbackCheck -ErrorAction SilentlyContinue).DisableLoopbackCheck)-ne 1)){
    Set-ItemProperty -Path HKLM:\System\CurrentControlSet\Control\Lsa -name DisableLoopbackCheck -value 1
}elseif (!(Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Control\Lsa -name DisableLoopbackCheck -ErrorAction SilentlyContinue)){
    New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -Value "1" -PropertyType dword
}

Tracy A. Cerise and Mahmoud Badran came up with a script to show Lync connections, and the users connected. This was quite informative as it could be used to show load balance distribution, client versions being used, and more.

I took the script and updated it a little, including:

1. Removed the help function and the header block and inserted comment based help. So a user can run get-help Get-CsConnections.ps1 and get the help, just like any other script and cmdlet.
2. Added a parameter to display the user list. My needs didn’t require the user list – just the statistics at the beginning. So I added the feature to show the user list by running Get-CsConnections.ps1 -IncludeUsers.
3. Added a couple of functions, including one that cleans up some variables when exiting.
4. Adjusted some of the formatting. I noticed things didn’t always line up when the server FQDNs were really long, like those in child domains.
5. Did a prereq check to verify the Lync module is loaded. If not, it gets loaded. That way, the script will still run fine if it’s run from an ordinary PowerShell console.
6. Accounted for the pool parameter being just a NetBIOS name by adding the $env:userdnsdomain to the NetBIOS name to create the FQDN. This appears to work fine if the Lync servers and user running the script are both in the same domain. If not, then an FQDN would be required.
7. Renamed the script to Get-CsConnections.ps1 and some of the functions to the normal verb-noun format.
8. Added a feature to show just a specific client version number, and the users connected with that client version. This can help you determine who is connecting with what versions, which is helpful when looking into licensing, upgrades, etc.
9. Added support for Lync Server 2013, which uses a different query than Lync Server 2010.
10. Tons more info in updates and releases following that. See the changelog for more info.

Syntax

Get-CsConnections.ps1 [[-Pool] ] [[-SIPAddress] ] [[-FilePath] ] [-IncludeUsers] [-IncludeHighUsers] [-IncludeSystem] [[-UserHighConnectionFlag] ] [[-ClientVersion] ] [-ShowFullClient] [ShowTotal] [[-Server] ] [-WhatIf] [-Confirm] []

Run the script specifying the front end pool or server to target:

Get-CsConnections.ps1 -Pool [pool FQDN]

or

Get-CsConnections.ps1 -Server [server FQDN]

The script automatically determines the version (2010 or 2013) of the pool, and uses the correct query.

If I can find an auto-detect method for server versions, I’ll include that in a later build.

Will show you unique client versions, their user agent, and the number of connections for each:

Distribution of connections across frontend servers (load balancing):

The number of unique users and clients connected:

And, adding the -IncludeUsers switch, such as:

Get-CsConnections.ps1 -Pool [pool FQDN] -IncludeUsers

will also show the users who are connected, and the number of connections they each have:

Using -IncludeHighUsers instead of -IncludeUsers will only list those users who meet the UserHighConnectionFlag (shown in white) or exceed the UserHighConnectionFlag (shown in red).

Get-CsConnections.ps1 -SipAddress [sip address] -Pool [pool FQDN]

Will show you the information for a single user:

Get-CsConnections.ps1 -Pool [pool FQDN] -ClientVersion [version number]

Will show the connection data for just that version number, including listing the users connected with that client version. This is helpful if the first method lists some version numbers you’d like to track down. Here, I used a client version of 13.1. MC/13.1.x is the OCS client on the Mac.

Using the -ShowFullClient option will show extended info for client name/version. However, the previous ‘Client Version’ column is not shown due to formatting restrictions. Here we can see more info, especially about mobile devices, Lync Phone Edition, and Mac clients.

Using -ShowTotal will also add additional info to the bottom section, including total number of users who are Lync enabled, total who are voice enabled, and percentage of total Lync enabled users who are connected.

You can export the info to a .csv file for viewing/manipulation in Excel using:

Get-CsConnections.ps1 -Pool [pool FQDN] -FilePath [path to csv file]

Installation

Execution Policy: Third-party PowerShell scripts may require that the PowerShell Execution Policy be set to either AllSigned, RemoteSigned, or Unrestricted. The default is Restricted, which prevents scripts – even code signed scripts – from running. For more information about setting your Execution Policy, see Using the Set-ExecutionPolicy Cmdlet.

NOTE: In order to gain remote access to each Front End server’s RTCLOCAL database where connection information is found, you need to open two local firewall ports; one static UDP port (1434), and one dynamic TCP port. We can use netsh to open the two required ports. First, open an elevated command prompt, and paste the following line. You should get “Ok.” in return:

netsh advfirewall firewall add rule name="SQL Browser (UDP 1434)" dir=in action=allow protocol=UDP localport=1434 profile=domain description="Created for Get-CsConnections.ps1. For more information, see https://www.ucunleashed.com/269"

Next, find the dynamically assigned port used by the Named Instance (RTCLOCAL):

• On the Front End server, open SQL Server Configuration Manager.
• Expand SQL Server Network Configuration.
• Click on Protocols for RTCLOCAL.
• On the right side, right click on TCP/IP, and choose Properties.
• Click on the IP Addresses tab.
• Scroll to the last section, called IPAll.
• Note the TCP Dynamic Ports value

Replace [dynamic port] in the code below with the dynamic port number, and run the entire following command:

netsh advfirewall firewall add rule name="SQL RTCLOCAL Dynamic Port (tcp-in)" dir=in action=allow protocol=TCP localport=[dynamic port] profile=domain description="Created for Get-CsConnections.ps1. For more information, see https://www.ucunleashed.com/269"

If you look at the inbound rules for the firewall, you’ll now see the two new rules:

Repeat the process for both ports on each Front End server.

Note: The dynamically assigned port is unique to each Front End server, not the pool. So you’ll need find the value on each server. Once the two ports are open on each Front End server in the pool, the script should work fine.

Thanks to James Cussen for explaining what config is needed for SQL access through the firewall.

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Download

v3.5 – 08-14-2019 – Get-CsConnections.v3.5.zip

v3.4 – 03-27-2018 – Get-CsConnections.v3.4.zip

v3.3 – 01-0-2017 – Get-CsConnections.v3.3.zip

v3.2 – 11-17-2016 – Get-CsConnections.v3.2.zip

v3.1 – 04-07-2016 – Get-CsConnections.v3.1.zip

v3.0 – 09-09-2015 – Get-CsConnections.v3.0.zip

v2.9 – 10-28-2014 – Get-CsConnections.v2.9.zip

v2.8 – 06-10-2014 – Get-CsConnections.v2.8.zip

v2.7 – 05-24-2014 – Get-CsConnections.v2.7.zip

v2.6 – 02-08-2014 – Get-CsConnections.v2.6.zip

v2.5 – 11-26-2013 – Get-CsConnections.v2.5.zip

v2.4 – 09-13-2013 – Get-CsConnections.v2.4.zip

v2.3 – 08-01-2013 – Get-CsConnections.v2.3.zip

v2.2 – 05-10-2013 – Get-CsConnections.v2.2.zip

v2.1 – 12-13-2012 – Get-CsConnections.v2.1.zip

v2.0 – 10-16-2012 – Get-CsConnections.v2.0.zip

v1.9 – 09-21-2012 – Get-CsConnections.v1.9.zip

v1.8 – 09-14-2012 – Get-CsConnections.v1.8.zip

v1.7 – Get-CsConnections.v1.7.zip

v1.6 – Get-CsConnections.v1.6.zip

v1.4 – Get-CsConnections.v1.4.zip

v1.3 – Get-CsConnections.zip

v1.0 – Get-CsConnections.zip

Changelog

See the changelog for a complete list of features added in each release

Fellow MVP Jeff Guillet wrote an article about the fact that disabling a user’s Active Directory account doesn’t mean they can’t log into Lync/Skype for Business. This is due to the way Lync uses certificates and authentication based on them. I highly recommend you read the article.

I recently was writing some documentation for a customer and wanted to include this important information, including methods for resolving the problem after the fact.

If you’ve not been disabling users in Lync while disabling them in AD, here’s a one liner to find those users:

Get-CsAdUser -ResultSize Unlimited | Where-Object {$_.UserAccountControl -match "AccountDisabled" -and $_.Enabled -eq $true} | Format-Table Name,Enabled,SipAddress -auto

You can shorten it somewhat by not checking if $_.Enabled is $true, but just that it exists. You can get a count of the users using:

Get-CsAdUser -ResultSize Unlimited | Where-Object {$_.UserAccountControl -match "AccountDisabled" -and $_.Enabled} | Measure-Object

and, if you want, can disable them in one line using

Get-CsAdUser -ResultSize Unlimited | Where-Object {$_.UserAccountControl -match "AccountDisabled" -and $_.Enabled} | Disable-CsUser

Update 09-14-2012: Be careful using that last option if you’ve configured test accounts for synthetic testing using the New-CsHealthMonitoringConfiguration cmdlet as I mention in Lync Synthetic Tests: What They are and When They Don’t Work – Part I.

Update 04-12-2014: Replaced aliases with full cmdlet per best practices.

Update 09-19-2014: Added -ResultSize Unlimited

Using a hardware load balancer is very common to spread workload across multiple servers, as well as direct traffic to surviving servers when one goes down or is being patched. When using an HLB, there are several methods that can be used. The more conventional SNAT is quite popular, but another method, Direct Server Return, or DSR, provides for substantially increased performance. This can be key in environments where a lot of traffic from Exchange and/or Lync is going through the HLBs, or where the same HLBs are being used for many apps. Update: Tom Pacyk and John Cook pointed out that I neglected to mention that DSR based HLB is not supported on Lync Edge servers (and it won’t even work based on my testing). See Microsoft’s support statement at the bottom of http://technet.microsoft.com/en-us/library/gg425779.aspx. Sorry about the omission, guys!

The difference from a server side perspective, is that to use the DSR method, extra configuration is required when building the server. To configure a server for DSR based load balancing a loopback adapter is added and configured with the IP address of the load balancer VIP. This allows the server to accept packets targeted for the VIP address. Without it, the server would ignore them.

• Add the Microsoft Loopback adapter
• Unbind all services and protocols except IPv4
• Rename the loopback adapter to “loopback” and rename the regular NIC to “net”
• Assign an IP address and subnet mask (but no gateway)
• Configure the adapter to not register its address in DNS
• Set the adapter’s metric to 254
• Adjust the adapter bindings so that it is lower than the normal NIC in the server
• Set WeakHostSend and WeakHostReceive settings on both adapters

While adding and configuring the loopback adapter is simple enough, it’s a list of steps that is ideally suited for PowerShell – especially if you build a fair number of servers. Unfortunately, there is no straightforward methods to accomplish all of the required tasks. In order to configure the adapter bindings, a separate file must be downloaded. In order to even add the loopback adapter, yet another file needs to be downloaded. It’s almost more grief to try it through PowerShell than to just manually do it, right? Not so fast!

PowerShell is quite powerful. We can download the required files, unzip them if needed, and then use them as required to fulfill our needs. Of course, this assumes that the server has Internet connectivity.

Run the script one of two ways. Run just the script itself by typing

.\New-LoopbackAdapter.ps1

and the script will prompt you for the VIP IP and subnet mask.

Or, type

.\New-LoopbackAdapter.ps1 -vipip [ip address] -vipsm [subnet mask]

for example

.\New-LoopbackAdapter.ps1 -vipip 10.1.0.100 -vipsm 255.255.255.0

As with most of my scripts, tab completion for the parameters works, and there is a full help section by typing:

Get-Help .\New-LoopbackAdapter.ps1

Once the script completes, Explorer will open to the network adapters section so that you can verify the various steps have completed:

No services or protocols other than IPv4 bound to the loopback adapter:

IP address and subnet mask configured:

Metric set to 254:

DNS registration unchecked:

Loopback adapter at the bottom of the adapter bindings:

The script also creates a full transcript in the same folder as the script.

Installation

Execution Policy: Third-party PowerShell scripts may require that the PowerShell Execution Policy be set to either AllSigned, RemoteSigned, or Unrestricted. The default is Restricted, which prevents scripts – even code signed scripts – from running. For more information about setting your Execution Policy, see Using the Set-ExecutionPolicy Cmdlet.

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Download

New-LoopbackAdapter.zip

If you’ve followed this blog for a while, you may remember one of the more popular posts, Automated prerequisite installation via PowerShell for Exchange Server 2010 on Windows Server 2008 R2. In that script, I used some simple techniques to help take some of the boring tasks out of installing Exchange 2010 servers. It was updated several times, and a new update is coming soon.

Well, Lync Server MVP Stale Hansen took that script and adapted it to installing the prerequisites for Lync Server 2010 and posted the results online. He did some neat things like installing the Best Practice Analyzer and the Resource Kit.

I took the script and added a bunch of functionality, including prerequisites for all Lync related roles, some added third-party tools such as the cool “Find Lync Versions” tool from Stephen Olsen, aka “Stumper”, was added as an option. Note: This automatically installs the .Net 4 framework.

I also added the ability to download some files that are needed – essentially automating some routine tasks. See the changelog file linked below for features added in each version.

For those of you doing Lync voice work, I haven’t done any deployments yet, so if there are tasks you’d like me to automate, please let me know and I can get them added when I have time.

Installation

Execution Policy: Third-party PowerShell scripts may require that the PowerShell Execution Policy be set to either AllSigned, RemoteSigned, or Unrestricted. The default is Restricted, which prevents scripts – even code signed scripts – from running. For more information about setting your Execution Policy, see Using the Set-ExecutionPolicy Cmdlet.

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Download

v5.3: Set-Lync2010Features.v5.3.zip

v5.2: Set-Lync2010Features.v5.2.zip

v5.1: Set-Lync2010Features.v5.1.zip

v5.0: Set-Lync2010Features.zip.

Changelog

See the changelog for this script for all version information

This is the changelog page for Get-CsConnections.ps1. You will find a complete list of released versions, their dates, and the features and issues addressed in each. Please refer to the script’s main page for more information including download links, installation details, and more.

v3.5 – 08-14-2019

1. Added some cleanup for the VVX and Trio device agent strings. Thanks to @UcMadScientist. See https://www.ucmadscientist.com/quick-post-pat-richards-get-csconnections-and-polycom-devices/

v3.4 – 03-27-2018

1. Added more bugs to fix later. 🙂
2. Fixed -SkipUpdateCheck. Thanks to Mike for pointing it out.
3. Fixed issue where preferred connection order would not display for Skype for Business users when using -SipAddress option
4. Minor tweaks per PsScriptAnalyzer and PSSharper
5. Updated Remove-Variable function to v1.2
6. Get-UpdateInfo updated function to v1.5
7. Set-ModuleStatus updated function to v1.6
8. Write-Log updated function to v3.2

v3.3 – 01-04-2017

1. Now requires at least PowerShell 3.0
2. minor code cleanup
3. updated Get-UpdateInfo to 1.1

v3.2 – 11-17-2016

1. Added new update routine
2. Signed with new certificate

v3.1 – 04-07-2016

1. added -SkipUpdateCheck to skip update check

v3.0 – 09-09-2015

1. clarified some examples in the help section
2. added detection for Skype for Business Server 2015

v2.9 – 10-28-2014

1. Fixed an issue where PowerShell v2.0 machines would choke on one line. Thanks to Thierry for pointing it out.
2. New code-signing certificate to replace expired cert

v2.8 – 06-10-2014

1. Clarified ShowTotal output per Nate’s comment
2. Fixed an issue where LRS clients would show a leading space for the agent string
3. changed FE server info to be lower case to that it’s consistent
4. the -pool parameter is now -PoolFqdn to align with other scripts and cmdlets
5. fine tuned some of the code used when specifying -SipAddress

v2.7 – 05-24-2014

1. fixed check for updates dialog border
2. defined OverallRecords as an array to avoid an issue. Thanks to Tristan for that info.
3. fixed verbose output not showing server names. Thanks to Greig for pointing it out.

v2.6 – 02-08-2014

1. tweaked the MaxEndpointsPerUser section to always use the global configuration. This only matters in environments where multiple configurations exist (Get-CsRegistrarConfiguration). Thanks to Matt for pointing this out.
2. swaped in new version of Set-ModuleStatus function
3. cleanup of param block per best practices
4. cleanup of comment help per best practices
5. swaped in new verion of Test-ScriptUpdates

v2.5 – 11-26-2013

1. tweaked SQL query for case insensitivity per Jean-Luc
2. comment help updated to include info on Windows firewall config
3. tweaked code when getting info for a single user to fix missing data for pool connection order

v2.4 – 09-13-2013

1. Fixed output for unique users/clients
2. Now validates if UserHighConnectionFlag is specified, and does not exceed MaxEndPointsPerUser

v2.3 – 08-01-2013

1. intro code for script update check
2. better pool version detection. When using the -Pool option, you no longer need to specify -Is2013 if it’s a 2013 pool
3. Added code to restart script in an elevated session if the current session isn’t elevated (previously the script just threw an error and exited)

v2.2 – 05-10-2013

1. Added support for Lync Server 2013 by using the -Is2013 switch. If I can find a better way of automatically detecting the version, I’ll incorporate that in a later build.
2. Some code optimization
3. Bug fix for an issue where the names of servers in a pool wouldn’t display if the script was run in PowerShell v3.

v2.1 – 12-13-2012

1. Minor formatting tweaks for better handling long client names, such as the Lync RT client.
2. Minor bug fixes

v2.0 – 10.16.2012

1. Added -IncludeHighUsers option. Similar to -IncludeUsers, but only shows those users who meet the UserHighConnectionFlag value (shown in white), or exceeds it (shown in red).
2. Added -ShowTotal option. When finished, shows statistics for the org, including total number of Lync enabled users, the total number of voice enabled users, and the percentage of enabled users that are currently connected.
3. Updated the code the assembles FQDNs when just a pool or server netbios name are specified.
4. If -SipAddress option is used, additional information showing the preferred connection order for the user is now also included. This adds the functionality of one liners: Finding out which Lync pool servers a user is associated with, and the preferred connection order.

v1.9 – 09-21-2012

1. Finally resolved the issue where some front end servers would have a different number for PrimaryRegistrarClusterId in SQL Express than others, causing some servers to not return data (and not throw an error). Special thanks to Dave Howe @ Microsoft for helping me identify a work around, and also to Bart, a SQL Engineer at a client site who helped me tweak the related SQL query.
2. A little code optimization
3. -Server option added that now allows you to target a specific server instead of an entire pool.
4. This version is code signed. You no longer are required to have a PowerShell Execution Policy of unrestricted or RemoteSigned. However, the script cannot be edited at all, or the code signature breaks.
5. -SipAddr now supports specifying just the left part of the SIP address, but only in organizations with ONE SIP domain. For example, -SipAddr bill.gates instead of -SipAddr bill.gates@microsoft.com.
6. -Server supports specifying the netbios domain. The script will “guess” at the FQDN by using the domain name of the machine the script is running on and appending it to the netbios name.

v1.8 – 09-14-2012

1. Tons of formatting changes, mostly subtle
   1. Server names in the pool list are sorted
   2. Server names in the ‘Frontend Server’ list are now sorted
   3. Connections are now sorted by client
2. Added -ShowFullClient switch to show extended client info.
3. If -pool is not specified, and only one registrar pool exists, the script will automatically use that pool.
4. Some additional verbose output added for troubleshooting

v1.7 – 09-07-2012

1. Minor display sorting cleanup
2. Streamlined some code
3. Removed -IncludeUsers from automatically being set when using -ClientVersion

v1.6 – 07-02-2012

1. Added feature to show just specific client versions and the connected users with that client

v1.4 – 04-19-2012

1. cleaned up some of the param() block and added some validation
2. streamlined some of the code
3. tweaked the displayed results a little to better handle longer agent strings

v1.3 – 12-27-2011

1. tweaked the formatting a little to account for longer agent strings due to mobile clients
2. ignore the RtcApplication-[guid] account when calculating users and displaying userlist
3. added error if pool doesn’t have any servers
4. added UserHighConnectionFlag in parameter block to support pipeline entry

v1.1 – 08-09-2011

1. added comment based help
2. added option to display user list
3. updated formatting
4. added code so it will run in a normal PowerShell session

v1.0 – 07-01-2011

1. original version

A customer asked for some documentation as to the various Lync cmdlets, what they do, and who can do them. Knowing that there are hundreds of cmdlets for Lync, this was a daunting task. Thank goodness for PowerShell, copy & paste, and some macros!

I used the script by Cezar Ungureanasu at http://blogs.technet.com/b/csps/archive/2010/06/10/scriptlistrbacrolesandcmdlets.aspx which shows you how to find out what cmdlets are available to specific default RBAC roles. I ran that in a virgin environment and captured the data to a .tsv file. I found a page from Microsoft at http://blogs.technet.com/b/csps/archive/2010/07/16/refallcmdlets.aspx which includes all 546 of the Lync cmdlets, a link to their associated Technet page, and a brief description. I merged that data into the .tsv file, and then added a formula that can be used to confirm what RBAC roles each cmdlet can be used by (in case an environment has been changed from the default settings). All of that was rolled into an Excel spreadsheet that can now be downloaded at the link below. This was perfect for the customer.

Recent updates include cmdlets added in Cumulative Update 4, as well as a new column indicating when the cmdlets were added to Lync. I’ll update that as I get more information.

Let me know if there are any issues, or if you can think of something I should add.

Download

v1.1 DefaultCmdletsByRBACRolev1.1.zip (11-20-2011)

v1.0 DefaultCmdletsByRBACRole.zip (06-01-2011)

Update: A newer version of this script has been released, and is available at Set-Lync2010Features.ps1 v5.0 – automated prereq PowerShell script for Lync Server 2010 released

If you’ve followed this blog for a while, you may remember one of the more popular posts, Automated prerequisite installation via PowerShell for Exchange Server 2010 on Windows Server 2008 R2. In that script, I used some simple techniques to help take some of the boring tasks out of installing Exchange 2010 servers. It was updated several times, and a new update is coming soon.

Well, Lync Server MVP Stale Hansen took that script and adapted it to installing the prerequisites for Lync Server 2010 and posted the results online. He did some neat things like installing the Best Practice Analyzer and the Resource Kit.

I got tasked with Lync responsibilities on my current project, so I took a closer look at the Stale’s version of the script, and decided to add some more code. Here are some of the changes:

1. The script now prompts you about installing the telnet client. The telnet client isn’t REQUIRED, but is often recommended. Since my current project is in a high security environment, installing anything that isn’t absolutely required is generally frowned upon. So I made it optional.
2. I added the option to disable IPv6. Lync Server 2010 doesn’t make use of IPv6 at all, so this option might prove handy.
3. I added the option to install the Lync Server 2010 Stress and Performance Tool, the Visual C++ 2008 Redistributable that the Lync installer complains about, and options to install the recently released IM and Expert feature as well as starting Windows Update. Note that the IM an Expert piece is still early in testing. Note also that the Visual C++ install should be done after rebooting the server, otherwise it throws errors.
4. Behind the scenes, I cleaned up a LOT of code – something I’ve been meaning to do to the Exchange prereq script as well. The script now looks to see if something is installed before trying to install it. The Resource Kit and BPA both have documentation that is MS Word based, so the script will ask you if you want to automatically install the free MS Word viewer and related filters.
5. The OS detection method was cleaned up, and now supports any version of 2008 R2, including RTM and various service packs.

I’ve built 6 production servers and haven’t noticed any issues yet. But, as always, use at your own risk.

The code can be downloaded at Set-Lync2010Windows2008R2Features.zip. Rights required are local server admin. Also, set your execution policy to unrestricted in order to be able to run this unsigned script.

I welcome any comments, suggestions, concerns.

Microsoft has released Service Pack 1 (SP1) for Exchange Server 2010. See the Release Notes for Exchange 2010 SP1 for more information, including a list of known issues.

The 522MB download is just like RTM – a full install package. Existing installations can be upgraded, as new installs can be completed with the Service Pack integrated.

What’s New in Exchange 2010 SP1 has a comprehensive list of the changes and enhancements, including:

New Deployment Functionality

1. During an Exchange 2010 SP1 installation, you can now select a new option to install the required Windows roles and features for each selected Exchange 2010 SP1 server role. For more information, see New Deployment Functionality in Exchange 2010 SP1.

Client Access Server Role Improvements

1. Federation Certificates
2. Exchange ActiveSync
3. SMS Sync
4. Server-Side Information Rights Management Support
5. Outlook Web App Improvements
6. Reset Virtual Directory
7. Client Throttling Policies

Improvements in Transport Functionality

1. MailTips access control over organizational relationships
2. Enhanced monitoring and troubleshooting features for MailTips
3. Enhanced monitoring and troubleshooting features for message tracking
4. Message throttling enhancements
5. Shadow redundancy promotion
6. SMTP failover and load balancing improvements
7. Support for extended protection on SMTP connections
8. Send connector changes to reduce NDRs over well-defined connections

Permissions Functionality

1. Database scope support
2. Active Directory split permissions
3. Improved user interface

Exchange Store and Mailbox Database Functionality

1. With the New-MailboxRepairRequest cmdlet, you can detect and repair mailbox and database corruption issues.
2. Store limits were increased for administrative access.
3. The Database Log Growth Troubleshooter (Troubleshoot-DatabaseSpace.ps1) is a new script that allows you to control excessive log growth of mailbox databases.
4. Public Folders client permissions support was added to the Exchange Management Console (EMC).

Mailbox and Recipients Functionality

1. Calendar Repair Assistant supports more scenarios than were available in Exchange 2010 RTM.
2. Mailbox Assistants are now all throttle-based (changed from time-based in Exchange 2010 RTM).
3. Internet calendar publishing allows users in your Exchange organization to share their Outlook calendars with a broad Internet audience.
4. Importing and exporting .pst files now uses the Mailbox Replication service and doesn’t require Outlook.
5. Hierarchical address book support allows you to create and configure your address lists and offline address books in a hierarchical view.
6. Distribution group naming policies allow you to configure string text that will be appended or prepended to a distribution group’s name when it’s created.
7. Soft-delete of mailboxes after move completion.

High Availability and Site Resilience Functionality

1. Continuous replication – block mode
2. Active mailbox database redistribution
3. Enhanced datacenter activation coordination mode support
4. New and enhanced management and monitoring scripts
5. Exchange Management Console user interface enhancements
6. Improvements in failover performance

Messaging Policy and Compliance Functionality

1. Provision personal archive on a different mailbox database
2. Import historical mailbox data to personal archive
3. Delegate access to personal archive
4. New retention policy user interface
5. Support for creating retention policy tags for Calendar and Tasks default folders
6. Opt-in personal tags
7. Multi-Mailbox Search preview
8. Annotations in Multi-Mailbox Search
9. Multi-Mailbox Search data de-duplication
10. WebReady Document Viewing of IRM-protected messages in Outlook Web App
11. IRM in Exchange ActiveSync for protocol-level IRM
12. IRM logging
13. Mailbox audit logging

Unified Messaging Server Role Improvements

1. UM reporting
2. UM management in the Exchange Control Panel
3. Cross-Forest UM-enabled mailbox migration
4. Outlook Voice Access improvements
5. Caller Name Display support
6. Test-ExchangeUMCallFlow cmdlet
7. New UM Dial Plan wizard
8. Office Communications Server “14” Support
9. Secondary UM dial plan support
10. UM language packs added
11. Call answering rules improvements
12. Unified Communications Managed API/speech platform improvements
13. UM auto attendant update

Audit Logging Improvements

1. Improvements in administrator audit logging
2. New mailbox audit logging

Support for Coexistence with Exchange Online

1. Migration of UM-enabled mailboxes
2. IRM support for coexistence
3. Remote Mailboxes
4. Transport

Support for Multi-Tenancy

Upgrade from Exchange 2010 RTM to Exchange 2010 SP1 includes details you should know before upgrading, as well as how to upgrade including upgrading DAG members.

Equally important is Exchange 2010 Prerequisites, which details which hotfixes you need to install before doing a clean install of Exchange 2010 SP1, or when upgrading an RTM installation. Be prepared, as several of the 2008 R2 hotfixes require a reboot.

Download the Service Pack here.

This is the changelog page for Set-Lync2010Features.ps1. You will find a complete list of released versions, their dates, and the features and issues addressed in each. Please refer to the script’s main page for more information including download links, installation details, and more.

v5.3 – 12-23-2011

1. Added requirements for Front End and Director servers to support Mobility. This includes the Dynamic Compression Windows 2008 feature.

v5.2 – 08-17-2011

1. Added option (& related Get-Webpage function) to download trial version of Lync (just opens a browser to the site)
2. Added option to restrict feature availability to Standard CAL

v5.1 – 07-26-2011

1. Detect if Lync is installed before installing some utilities and tools
2. DSR loopback adapter option added
3. Lync Server Updates option was updated to represent the 07-25-2011 release per KB 2493736
4. Menu was split into pre/post install tasks, with post install tasks only visible if Lync Server is detected on the box

v5.0 – 07-25-2011

1. added “Find Lync Versions” and related .Net 4 installer
2. added functions for creating shortcuts and unzipping files
3. added function for “Windows Media Format Runtime” (per http://support.microsoft.com/kb/2522454)
4. some variable cleanup
5. some error checking
6. added function to run installation routines. This makes it easier to do consistent screen output (menu)
7. cleaned up variable removal when exiting
8. Installation of Silverlight
9. Updated installation of Visual C++ Redistributable to latest version (per MS11-025)
10. added option to enable federation with Office365

v4.2 – 05-26-2011

1. updated function to allow downloading files to different folders and different names
2. added OWA / Lync integration feature

v4.1 – 05-01-2011

1. added group membership check (checks for local admin, CSAdmin* and RTCUniv* only)
2. added 04-20-2011 “Lync Server update download”
3. added chm file download and install & shortcut
4. added standalone AV server prereq option
5. added PowerShell transcript
6. added backup current config

v4.0 – 04-06-2011

1. added Visual C++ option
2. added Stress and Performance Tool
3. added Disable IPv6
4. added “IM an Expert”
5. added Windows Update
6. lots of code cleanup

v3.0 Р02-2011 by St̴le Hansen (http://msunified.net)

v1.0 – 11/27/2009

1. initial version