Grant-OuPermissons Lync 2013. Powershell Script

Good Afternoon
Below is a simple script for grant the Ou-permission what are required when deploying Lync 2013 in a restricted or locked down domain/AD.

The below link reference 6 of the attributes that have to have the permissions set. Like most Clients there is never just one container level, and many clients AD drills down through many container levels. Because of this setting the grant-oupermissions would be impossible to do manually, therefore below is a little noddy script which would read an csv. file and upload the contents based on the attributes.

So to confirm to run this script you need a .csv file format of all your OU’s and subOu’s (note: the firstline is the header information)



you need to have the rows for all the object attributes required in the grant-oupermission set

User, Contact, AppContact,Computer, InetOrgPerson, Device

Now copying the below powershell into notepad, then saving it as <name.ps1>, opening it up from the lync management shell you will be presented with a option to specify the <name.csv> file. (you need to save the .csv file into the same place as you’ve save the .ps1 file.)


param( [string] $importfile = $(Read-Host -prompt `

    “Please enter the csv file name”))

$NorthernLyncArry = Import-Csv $importfile

$transcriptname = “GrantOUPermissions” + (Get-Date `

    -Format s).Replace(“:”,”-“) +”.txt”

Start-Transcript $transcriptname

foreach ($NorthernLyncArry in $NorthernLyncArry)     { Grant-CsOuPermission –ObjectType “$NorthernLyncArry.object” –ou $NorthernLyncArry.ou –Domain “northernlync.local” -Verbose             }



Add the .csv file name to the prompt and sit back and watch the updating commence.



Iain Smith


Lync 2013 Cumulative Update 1 – Installation Guide


This is something that i get asked a lot. ‘How do you do the Cu updates to Lync 2010 or 2013’. I know some people find the wording from Microsoft on how to install a bit daunting, so therefore below ive created a mini guide on how to complete the install using basic english so it can be followed.

Firstly in this blog im going to go ahead and update my Lync2013 lab with the new CU1 update which was posted from Microsoft a week or so ago.

Link to the update can be found here.

The server involved in the update will be Lync 2013 Frontend x1Enterprise Edition , SQL Server for Lync 2013, Edge. (if you was needing to update a Director, Archiving/Monitoring, persistent chat servers the process and procedure is still the same)

So my lab is up and running and ive downloaded and copied the lyncinstallerupdate to the root of c:\Lync2013_update

***Its worth adding that you should always run your updates out of working hours. As there will be a reboot required!! (Only a reboot is required if you are running Standard Edition)


Now on the Frontend i will select the file by right clicking to running it as administrator

One execution of the .exe you will be presented with a dialog like the below. This dialog tells you which parts of your Lync system will be updated.


Now its a simply select of the Install Updates button.
Dependant on your server build/spec, the update can take a number of minutes to complete.

Once its finished you should see a green tick in the completed update components.


Now that is complete do the same as we have done above on all the other Lync Servers <front ends, Edge, ArchMon, Persistent chat, Director Servers>.


Now onto the less understanding piece from Microsoft.

‘Apply the backend Database Updates’ – Mocrosoft Blurb

<<After you install the update for the Core Components server role on a Lync Server 2013 Enterprise Edition front end server or on a Lync Server 2013 Standard Edition server, the updated SQL database files are dropped to the machine that has the Core Components server role installed. To apply the database changes, you have to run the applicable cmdlets below.

Note The Update parameter is not required when you run the Install-CsDatabase cmdlet to update the Lync Server 2013 databases.


So what does this actually mean.? Simply put for some reason unknown to me? When you run the update the Frontend server loose site/connection to the backend lync databases which is either collocated as you are a Standard Edition deployment OR located on a external SQL Server if you are Enterprise Edition.

In the case of our lab we are enterprise edition so we need to specify the external SQL Server to update.

From the Lync Management Shell on one of the Frontends (if you have multiple <Enterprise Edition>) run the following command

Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn <Backend>.FQDN -Verbose 

ALSO – Please check if you are mirroring your Lync2013 build, as the command is slightly different?!! and its a little more intensive to complete.


Once this is complete you should see the successful yellow verbose messages.


Now we also have another powershell command to run to update the monitoring database on the backend. (this will be the same for both Standard and Enterprise editions)

Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn <ArchMonBackenddatabase.FQDN> -Verbose


Again once this is complete we have the final command to run.

Microsoft Blurb

<<After the Lync Server 2013 Enterprise Edition front end server or the Lync Server 2013 Standard Edition server backends are updated, run the following cmdlet to update the Central Management Store:


Install-CsDatabase -CentralManagementDatabase -SqlServerFqdn CMS.FQDN -SqlInstanceName DBInstanceName-Verbose
So where is the CMS database?? this is a good question and one that is sometimes confusing to find out.
Using this simple powershell command you can see where your CMS database is located.
so the command im going to run is
Install-CsDatabase -CentralManagementDatabase -SqlServerFqdn lync2013sql01.northernlync.local -SqlInstanceName LyncCore -Verbose
you should see the below success verbose messages
now to complete the process and to add the Lync2013 elelments for Lync 2013 mobility you have to run the Enable-CsTopology command
This should take seconds to run.
Last step now is to run the bootstrapper.exe
run the following command
“%ProgramFiles%\Microsoft Lync Server 2013\Deployment\Bootstrapper.exe”
****NOTE: you run this from the command Prompt NOT Lync Management shell..!!
Thats it.. you are now updated in total. enjoy the new features what comes with CU1 on Lync 2013.
Iain Smith