Is that Skype for Business (Lync) Number Free?

Get-CsAdPrincipal is a tragically underused cmdlet. Absent a fully generic Get-CsEndpointObject, it’s the next best thing to Get-ADObject, and is killer when you have no idea what you’re looking for – a User, a Common Area Phone, Conference Dialin Number, Response Group or some crazy custom endpoint used in a Skype-enabled application, especially if all you care about is seeing if a number is available. If you see “485 Ambiguous” in a SIP trace, this will help you figure out who (and/or what) all has this number, and why Skype isn’t quite sure which one the caller wanted to reach.

There are several scripts for testing each of the Skype for Business object types one by one, and I give some of my favorites at the end of the post; the Get-CsAdPrincipal approach is faster in automation if you’re mostly interested in whether a number is consumed at all, and aren’t concerned with *what* exactly is consuming it.

Get-CsAdPrincipal -LDAPFilter '|(msrtcsip-line=tel:+499112224000*)(msrtcsip-privateline=tel:+499112224000*)'

The LDAP query is checking both the MsRTCSIP-Line and MsRTCSIP-PrivateLine attributes, and there is an asterisk at the end in case the extension was specified separately: tel:+499112224000 and tel:+499112224000;ext=4000 are functionally the same number, but do not look the same to Skype for Business! This is common in places where each line can be directly dialed from outside – that is, much of Europe. I used the attribute names in all lowercase because the mixed-case versions did not work.

If all you wanted was a quick way to check if a number is free or not, you can quit reading now and get back to writing your provisioning script 🙂 If you want to know a bit more about Skype for Business objects, as well as see some really nice stuff for viewing your number pool, stay with me…

Continue reading


ActiveRoles Performance Tip: Use Distinguished Name instead of Canonical Name in OrganizationalUnit Parameters

When making over 100 accounts today for some hard core Skype for Business monitoring, I (re-)discovered that the form of New-QADUser‘s -ParentContainer parameter makes a huge performance difference. I didn’t time it, but noticed that it took about as long to make five accounts using the Canonical Name ( as it did to make the rest of the batch using DN, or Distinguished Name (OU=Purpose,OU=City,OU=State,OU=Region,DC=mandie,DC=net).

This was with Quest ActiveRoles Management Shell for AD 1.7, which goes with ARS 6.9. It was an issue back in the QARMS 1.6/ARS 6.8 days, so hopefully Dell has fixed it for recently-released ARS 7.0. I say “hopefully,” because I can’t find QARMS 1.8(?) anywhere in the ARS 7.0 installation download, much less the Release Notes. Anyhow, it is something to do with how ActiveRoles checks your permissions on the Organizational Unit you are attempting to write to.

You might leave the team responsible for ActiveRoles Server at your company, but ActiveRoles Server never really leaves you…