Lync 2010 Disabled Users – Enabled them on Lync 2010

Posted by robd on September 07, 2012
Lync 2010

Hi All,

We use linked mailboxes within the company I work in as we’re too lazy to finish a AD/Exchange migration.  Now as you’ll know linked mailboxes need to have a disabled mailbox in AD to work….

Well a while ago we needed to install Lync 2010 and being proactive we installed the Lync sever on the new domain…then we realised that Lync 2010 cant natively work with disabled accounts.

So having a butchers about on the Internet we found this script to enable disabled users in a certain OU to use Lync 2010.  The script uses SIDMAP.WSF to synchronize the msExchMasterAccountSid attibute to the msRTCSIP-OriginatorSid attribute on the  SIP-enabled disabled user account.

So just for clarity, SIP enable the account through the Lync 2010 control panel, then run this batch script:

cd "c:\Program Files\Microsoft Lync Server 2010\ResKit\LcsSync"
wscript //h:cscript
sidmap.wsf /OU:OU="SIDTEST,OU=Users,OU=Linked Mailboxes,OU=Exchange Users,OU=Users,OU=Newport,OU=Sites,DC=targetgroup,DC=corp,DC=local" /logfile:c:\sipmap.txt

Tags: , , , ,

5 Comments to Lync 2010 Disabled Users – Enabled them on Lync 2010

  • i thought the Object SID property needed to be copied from userA in the user forest to the msRTPOriginatorSID? not the msExchMasterAccountSid

    • The script in quesiton assumes you already have linked mailboxes. This means the msExchMasterAccountSid is already populated with the correct SID info. All the script does is copy that to the msRTPOrigionatorSID.

      You can do just as well using powershell to map the Object SID from the user Forest, but copying from one Ad attribute on one account to the same account is a lot easier from a security standpoint since you only need permissions in one forest.

      • if i move my current users from a domain ( that has lync and exhange to a new domain ( that does not have lync or exchange would your script work?
        once users are moved to domain they will use domain for lync and exchange for a time period. they will disabled users in

        • It should as linked mailboxes are simply mail enabled disabled mailboxes, make sure you have a full trust in place between the domains.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.