New User Provisioning App for AD, Lync and Exchange

Z-Hire makes user provisioning easy

This is a guest post from my friend, Zeya Oo. You can reach him and ask questions about Z-Hire at

When an administrator is in the final stages of a Lync deployment, he must enable the entire organization for Lync. Presumably, he will bulk enable current Lync users by piping get-CSaduser PowerShell command into the enable-CSuser command. But what about the new hires? Currently, there are only two ways he would approach this: either manually enable Lync users from the Lync control panel or enable Lync users via PowerShell. The problem with these two methods is the likeliness of inconsistency in accounts created. For example, in an organization with several administrators, if Admin X chooses to enable voice chat for users, while Admin Y does not, the lack of a standard can cause maintenance or troubleshooting nightmares when user problems occur and an administrator discovers that each user has varying enabled features.

It is essential that an organization conform to standards to ensure that each and every account is consistent. With many attributes available for a Lync user, this section can be easily overlooked during the process of creating new accounts. At the very least, an administrator should keep the following consistent: Conferencing policy, External access policy, and Registrar pool.

The idea came upon me on a typical Friday night, working as usual, but this time with help-desk team, when it occurred to me that there must be a simpler and quicker way to create IT system accounts for our 10 new hires starting on Monday. As a systems administrator, I understand the frustration of help-desk personnel. One of the responsibilities of help-desk is to create accounts for new hires as a part of the onboarding process. Creating each individual account for every IT system, such as Exchange, Lync, and WebEx, for each person is a lengthy process and the quality of work often lacks consistency. Having worked for various small and large organizations, even some of the most well-established large organizations do not have this process automated. Yes, the process can be automated via VBscript or PowerShell, but not all help-desk personnel are familiar with command line and may find it too complicated. Therefore, would it not be great to have one application that will create an account for every IT system, including Active Directory, Lync, Exchange, WebEx, ShoreTel VoIP, and Cisco Call Manager. Unfortunately, this miracle of an application is not yet available. In the meantime, I have generated an application that will automate the creation of accounts for the following IT systems: Active Directory, Exchange, and Lync.

With just one click of a button, the accounts for Active Directory, Exchange, and Lync will be created. For Active Directory accounts, an OU can be specified to dictate new user’s location. When specifying the sAMAccountName format, the Z-Hire app will automatically generate a sAMAccountName using the user’s first and last name. Other common active directory attributes such as title, department, or company can also be set from this app.

 In Exchange 2007, which runs on PowerShell 1.0, you must locally install Exchange 2007 management shell if you want to create Exchange 2007 mailboxes using this application. Remember though, that this app simply runs enable-mailbox PowerShell cmdlet in the background, which means that all parameters such as mailbox database, managed folder policy, and ActiveSync policy is configurable. The awesome part of Exchange 2010 is PowerShell’s remoting feature of PowerShell 2.0, which allows the application to connect to it remotely and execute remote commands. For Exchange 2010, it supports Archive database, retention policy, managed folder policy and ActiveSync policy. Lastly, this app allows configuration of parameters associated with enable-csuser and set-csuser command, including conferencing policy, external access policy, registrar pool, sip domain, and peer-to-peer AV feature. 

A process that normally lasts for minutes can now be accomplished in mere seconds with the Z-Hire App. In short, this app works by initiating a remote PowerShell session to both Exchange and Lync servers and then executes PowerShell commands. It is as simple and basic as that, but the fact that all three accounts can be simultaneously created with just one click is pretty awesome. The only requirement for this application is that you must enable PS remoting on the servers it is connecting to. This feature is enabled by default. However, this can also be done by running "Enable-Psremoting" PowerShell command on the Exchange and Lync servers you wish to connect to.

The Z-Hire App is currently available for download on TechNet Gallery via the following URL: .

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2011 IDG Communications, Inc.

IT Salary Survey: The results are in