Lync Front Pool Pre-Decommission Report

One of the tasks which I have to very oftenly perform is decommissioning old Lync pools (Lync 2010/2013) when moving to newer versions/pools. The whole Lync migration from Lync 2010/2013 to Lync 2013 is well documented and pretty straightforward. There are number of steps though which should be completed in order for a smooth migration. Before you decommission the pool it is a good idea to get a quick overview of how many objects (Users, UM objects, Common Area Phones, SBA’s, etc) are associated with the pool. In order to facilitate the decommission process I have created a Lync-PreDecom script. The script provides you information around all the Lync objects which are associated with the Lync pool you are going to decommission. You can run the script over and over again at any stage of migration to see what has been migrated and what remains. The screen shot below shows the kind of output you will see: In order to run the script all you have to provide is the Lync Front Pool name you want to decommission and new Lync Front Pool Read More →

Backup Sonus SBC (UX) 1000/2000 using PowerShell & REST API’s

As discussed in previous article the REST API license is provided free of charge to all Sonus SBC (UX) 1000/2000 customers with a valid support contract when upgrading to Release 3.0.This has opened whole lot of possibilities to manage Sonus devices programmatically which wasn’t available until now.

One area which has been very tedious was backing up Sonus devices on regular basis. As with other Lync components you do want some automated way to backup the Sonus configuration as well e.g.: once a day. Until now the backups (until you already had REST API license) were manual but with REST API’s licenses all that changes. Now you can quite easily include the backup of the Sonus SBC’s as part of the overall Lync infrastructure.

We will use cURL to backup Sonus SBC’s. Make sure you have gone through my previous article which shows how to setup and login to UX using cURL. To backup the Sonus device all you have to do is issue the following command:

.\curl.exe -s -k -i https://HOSTNAME/rest/system?action=backup –data “” –cookie COOKIE -o BACKUPFOLDER\BACKUPFILE –insecure’

Make sure you replace values in RED appropriately.

Well, using cURL is all well Read More →

Accessing Sonus UX with REST API’s

With the release of version 3.0 firmware for Sonus UX1000/2000 several new features have been added. As part of 3.0 upgrade REST license has become part of the Base license hence it is available free of charge. This is one of the feature I have been most excited about. REST API support has been there in the UX’s for some time license fee was required until R3.0.

REST certainly has opened lot of possibilities to manage Sonus UX’s esp. if you have few of them to manage. I would go as far as saying REST API license probably is compelling enough reason to move to R3.0.

UX REST API and PowerShell

With Poweshell v3 we now have cmdlets which supports REST API. That means we can easily access the UX using REST API by leveraging PowerShell…Right….well…almost.

In order to access the UX login credentials are required. This is something which should be specified when a REST call is made. PowerShell fully supports parameters to add the authentication information. Once the client is authenticated the UX provides the REST client (in this case PowerShell) a session token in a cookie. All subsequent requests to access any resources on the UX are authenticated using the cookie. Now this is where it all breaks down if you are using PowerShell. I couldn’t figure out a way in PowerShell v3 to use cookie authentication with UX.

Alternatives to PowerShell

I am sure Sonus will soon release the required documentation to connect to UX using REST but with PowerShell out of question (for now) what other options we have? Well cURL is another extremely powerful client which can be used to connect to REST services. cURL is a command line tool for getting or sending files using URL syntax.


  • To get started ensure your UX is on R3.0 at minimum and you have got REST license applied (Its part of the Base license)
  • Irrespective of what REST client you use a REST Account will need to be created on the UX. This can be done by logging on to the UX web console and navigating to Settings>Security>users > Local User Management


Run Lync cmdlets Offline

Being a consultant it is often required to produce detailed design and implementation documents for customers. For various reasons it is not always possible to have access to customers network whilst completing this documentation. The script below addresses this issue. It essentially allows you to grab an offline copy of the Lync environment and invoke Get-cs* cmdlets.


The script allows you to execute Lync Shell (Get-cs*) cmdlets on your local machine (which may or may not have Lync Management Shell). This is achieved by using XML files which are exported using export-clixml from Live Lync environment. The script can be downloaded here

Script Pre-requisite

The script requires access to Lync XML files generated using Lync Management Shell. The files can be generated in couple of different ways. The generated filename should have the cmdlets name prefixed to it (eg: get-csuser cmdlets filename should be get-csuser.xml).

Below are the some of the example to output necessary XML files. These cmdlets should be run on Lync Server within Lync Server Management Shell:

Export only specific Read More →

Load Testing Gateways(SBC’S)

 There are number of tools you can use to load test SBC’s for Voice- some paid and few Open source. Lync also provides “Lync and stress testing” toolkit which can be used for testing although requires bit of work for the initial setup. SiPP is another Open source alternative which can be used for Voice deployments. The advantage of using SiPP is how quickly you can set it up.

In this article I will go through the complete process of installing & configuring SiPP to perform load testing on Sonus SBC 1000/2000. Although I will only discuss Sonus SBC’s the same process can be applied to any Gateway.

SiPP can run in different ways. Either you can run two SiPP endpoints- one acting as the server and the other as a client. You can make calls between the SiPP server endpoint and the SiPP client endpoint which go through gateway/SBC, or you can just use SiPP to make calls to a non-SiPP endpoints like a Lync client, PSTN, etc. We will be using SiPP to make calls to non-SiPP endpoints only in this article.

The high level steps are:

  • Install Cygwin – Provides necessary API’s to run some Linux apps on Windows e.g. SiPP
  • Install SiPP – The actual software which performs load testing
  • Perform load testing with SiPP

Cygwin Installation

1. Download Cygwin from

2. Start the installation by clicking Setup.exe

3. Keep clicking Next using the default settings until you reach the window below


4. In the search box Read More →

Configure SQL Mirroring for Lync CMS database

Towards the end of your Lync 2010 to Lync 2013 migration you would be migrating your CMS databases to Lync 2013 environment.

The actual migration of CMS from Lync 2010 to Lync 2013 is pretty straightforward and is documented at

One key point to bear in mind here is if you have SQL Mirroring configured for your backend SQL databases in Lync 2013 when you migrate your CMS (xds & lis databases) it will not be automatically replicated/mirrored. This needs to be manually configured.

To configure mirroring for the CMS databases use the following cmdlet: Install-CsMirrorDatabase -SqlServerFqdn “SQLSERVERFQDN” -DatabaseType “CentralMgmt” -fileshare \\SERVERNAME\FOLDERSHARE

Import custom contacts into all Lync Users Contact List

On number of occasions I was asked if there is  a way to add certain contact/s to everyone’s Contact List in Lync.Well there isn’t any native Lync cmdlet which can do it. Jeff Guillet has written a script which can do this and works really well.

Here is the alternative script to import the contacts into Lync.The script uses PowerShell & DBIMPEXP .


1)Download the script from here

2)Copy DBIMPEXP into the same folder from where the script is launched. DBIMPEXP can be copied from .\Program Files\Common Files\Microsoft Lync Server 2010\Support”.

3) A template XML file exists in the folder.This is the XML file which contains the contacts you want to import.To generate this file use DBIMPEXP tool. Justin’s blog provides a good overview on this.

4)A TXT file which contains the SIP addresses of the users into whose Lync contact list you want to import new contacts (from the template).

5)For reference you can also download the XML & TXT

6)Make sure to populate variables correctly in the script

7)Have write access to Backend Lync database

Script Workflow:

1) The script grabs the TXT file to enumerates SIP addresses

2) For each SIP address the script will grab the template file and create a XML file for it.So essentially for each user in the TXT file you will have a XML file generated.The script does not automatically delete the XML file.

3) The generated XML file is imported into users Contacts list.The new contacts are appended to users existing Contacts list.

4)A single log file is generated which will log any success/failure of the import process.

I wouldn’t quite recommend to run this very often as this will impact your SQL especially if you have thousands of users but will work quite well if run on ad-hoc basis.

Filter VPN debug messages on Cisco ASA

One of the key feature for troubleshooting VPN’s on ASA’s are debugging commands:

  • debug crypto isakmp 10
  • debug crypto ipsec 10

Though the above commands are very useful but the amount of information generated can be overwhelming. If you have 100’s of L2L and remote access VPN tunnels it is very difficult to look for messages specifically from the one you want to troubleshoot.

Couple of options exists though to narrow the specific messages you are interested in- 2 of them being, logging your session to a file and searching through it or may be to external syslog server and filter. Since v8.0 Cisco has added a new feature to filter the vpn debug logs to certain IP. This I think is an excellent feature to quickly monitor/troubleshoot the VPN tunnel without resorting to external methods.

To use this first create a debug condition:

debug crypto condition peer

where “” is the ip address you need to filter the debug logs on.

After this command just issue the debug commands as normal:

  • debug crypto isakmp 10
  • debug crypto ipsec 10

The subsequent output will only display information from the specified peer.

This command can also be used on a Cisco router:

debug crypto condition peer ipv4

You can see which “condition” is currently active by:

sh crypto debug-condition

Check AD Group Membership using PowerShell

Here is a function which allows you to quickly check the group membership of a particular user.
Click here to download the script file.

< #Function to check group membership of the user when “samaccountname” and “groupname” is provided.Returns “True” or “False”
Function IsMemberOf ($user, $adgroup) {
    Import-Module ActiveDirectory
    $groupusers = Get-ADGroupMember $adgroup| Select-Object –ExpandProperty` SamAccountName
    If ($groupusers -contains $user) {
    Else { $false
IsMemberOf “vik” “PowerUsersGroup”

Enable/Disable Exchange Activesync using Powershell script

The script below enables or disables the Exchange Activesync based on specified Security group.
I have tested this with Exchange 2007.

There is lot of room for improvement in the script but for now it does the job!!!
Make sure to change the values to your requirements before deploying.
To run this as a scheduled task refer to

Click here to download the script.

Set-PSDebug -Off
#Import Active directory module
Import-module activedirectory
$arrusers = @(Get-ADUser -Filter * -SearchBase “DC=fabrikam,DC=COM“)

foreach ($arruser in $arrusers){
$arrusers1 = Get-ADUser -Filter { (samaccountname -eq $arruser.samaccountname) -and (memberOf -RecursiveMatch “CN=Enable ActiveSync,OU=Groups,DC=uk,DC=fabrikam,DC=COM“) } -SearchBase “DC=fabrikam,DC=COM
#Write-host $arrusers1.DistinguishedName

#If user is member of a group enables Activesync, allows to sync any Activesync device and assign a Activesync policy
If ($arrusers1) {
#Write-Host “Enabling activesync for $arrusers1”
set-CASMailbox -Identity $arrusers1.DistinguishedName -ActiveSyncEnabled:$True -ActiveSyncAllowedDeviceID:$null -ActiveSyncMailboxPolicy “fabrikam ActiveSync Policy” }

Else { #Write-host “disabling activesync for $arruser”
set-CASMailbox -Identity $arruser.DistinguishedName -ActiveSyncEnabled:$False -ErrorAction SilentlyContinue }