Sunday, April 24, 2011

Attempting to enable a user for Microsoft Lync Server 2010 throws the error: “Enable-CsUser : Cannot move legacy user in enable operation. Use the Move user cmdlet instead.”

Problem

I recently deployed Microsoft Lync Server 2010 in a small environment and was told that Microsoft LCS and OCS was never deployed so I went ahead and treated the environment as a greenfield but as soon as I began to enable users for Lync, I noticed that some users would throw the following error when I try to enable them in PowerShell:

PS C:\Users\tluk-admin> enable-csuser -identity domain.local\dtrott -registrarpool ly
ncpool01.domain.local -sipaddresstype samaccountname -sipdomain domain.com
Enable-CsUser : Cannot move legacy user in enable operation. Use the Move user
cmdlet instead.
At line:1 char:14
+ enable-csuser <<<<  -identity domain.local\dtrott -registrarpool lyncpool01.ccs.in
t -sipaddresstype samaccountname -sipdomain domain.com
    + CategoryInfo          : InvalidOperation: (:) [Enable-CsUser], InvalidOp
   erationException
    + FullyQualifiedErrorId : ProcessRecord,Microsoft.Rtc.Management.AD.Cmdlet
   s.EnableOcsUserCmdlet

PS C:\Users\tluk-admin>

image

As some of you have already guessed, the reason why I am getting this error is because the user I was trying to enable for Lync was at one point enabled for Microsoft OCS and therefore the Enable-CsUser cmdlet is recommending that I try using the cmdlet to move a legacy user instead.  It would have been easy to get these users over if the old OCS environment still existed but that wasn’t the case for this organization.

Solution

What I ended up doing was to open up adsiedit.msc, navigate to the user’s object, open the properties, and removing or setting the following attributes to “<not set>” and “0”:

    1. msRTCSIP-ArchivingEnabled
    2. msRTCSIP-FederationEnabled
    3. msRTCSIP-InternetAccessEnabled
    4. msRTCSIP-OptionFlags
    5. msRTCSIP-PrimaryHomeServer
    6. msRTCSIP-PrimaryUserAddress
    7. msRTCSIP-UserEnabled

Here’s an example of a user who still had legacy OCS attributes populated for their account:

image

Here’s an example of a user account that had the legacy OCS attributes removed:

image

I’d have to say that while this solution works, it properly doesn’t scale well if you had more than 50 users in the organization so if you fall into that situation, I would suggest that you make an attempt to script the procedure for everyone in Active Directory (make sure you run the script before you enable anyone for Lync).

4 comments:

Anonymous said...

Thanks. It works exactly as described.

Anonymous said...

Thanks, you save my weekend!

Anonymous said...

Thanks for the fix, worked perfectly and saved me hours.

Trev Codner-Armstrong said...

Thanks for the Info Terrance, I then ran this to clear out the attributes for each of the effected users:

Get-ADUser Test99 | Set-ADUser -Clear msRTCSIP-ApplicationOptions,msRTCSIP-DeploymentLocator,msRTCSIP-Line,msRTCSIP-OwnerUrn,msRTCSIP-PrimaryUserAddress,msRTCSIP-UserEnabled,msRTCSIP-OptionFlags,msRTCSIP-PrimaryHomeServer

Obviously take great care and make sure the above is suitable for your environment.