You would like to use your desktop/laptop to administer your Lync 2013 environment, or you need to supply some RBAC access to a specific administrative group – i.e., voice admins. Additionally, you don’t want to give remote server access to everyone. In this article, we will take a look at what is needed to accomplish this. But, before you begin, read this, which is a TechNet blog on how to do this with Lync 2010. Then read MVP Curtis Johnstone’s blog on this, and then this other blog from TechNet. Maybe I am a bit dense, but it took me all three to put this together. If you are looking to do this for Lync Online, read this. and then this.
Lync 2013 is 64-bit. No getting around this. What this means is that you cannot deploy the Lync 2013 Administrative tools to an x86 machine. If you have a squeaky new Windows 8 x64 machine, you are all set. But if you have an x86 or x64 Windows 7 machine (probably the vast majority) – you will need to do some preparation.
At any rate, you need to ensure that your Win7 is at SP1. Then you need to install .Net 4.0 – the entire thing, not just the client side. You can get the .net 4.0 here. You may also attempt to use .net 4.5; but for this exercise, I used the 4.0. After you get done with these installs, you will of course want to think about re-running Windows Update to pick up the myriad patches that will ensue. Next, you are going to need PowerShell V3. You can get that here. In my little world, I had a heck of a time getting PowerShell v3 to install on my Win7 x86 VM. I ended up having to throw it (the VM) away and start from a fresh install. YMMV.
Once we have that in place, you can proceed with setting up for one of two scenarios: x64 or x86.
If you have x64, then you can simply open the Lync 2013 Deployment wizard (in my lab the Lync setup is located on a mounted ISO: d:\setup\amd64\setup.exe ) and install the admin tools.
If you have x86, you are going to be limited to running just PowerShell in remote mode. Which is the whole point to this article, eh? Let’s take a look at what needs to be done so that you can bask in the goodness that is remote PowerShell and Lync 2013 administration. Remember that using credentials that equate to a RBAC role of, say, CSUserAdministrator, will result in only those cmdlets that support that functionality. You can read up on Lync RBAC here.
If your servers are on your network, fine. If you are really remote, you will need a VPN of some sort so that you can connect yourself to the network subnet in question. Once you have the network connection part figured out (and no, I cannot help you with that), you are ready for this:
# get creds for remote environment
$credential = get-credential "domain\johnw"
# set session options to bypass the PKI checks - I trust the far side
$sessionoption = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
#create new session
$session = New-PSSession -ConnectionUri https://somelyncfrontendserverFQDN.domain.com/ocspowershell -Credential $credential -SessionOption $sessionOption
# assuming the above line worked, import the cmdlets needed for Lync
A few notes: You are going to have to have some credentials – no getting around that. I also tend to go straight at an FE, not to the Load Balancer. The $sessionoption line causes the Front End server IIS internal services certificate to be basically ignored, so if you connect to a domain server from a non-domain workstation, you should be OK. The actual script line for my connection was:
$session = New-PSSession -ConnectionUri https://ls2013e2.tsoorad.net/ocspowershell -Credential $credential -SessionOption $sessionOption
Don’t overlook the “https” - http will not work.
Here is the script in action on an non-domain member, x86, Windows 7 SP1 workstation:
Asking for credentials
Credentials accepted, session established, and fetching the Lync cmdlets from the server
Just to show we have what we really want, here is the CS* cmdlets…
Remember that from your reading through the references I give you up above, not ALL of the Lync cmdlets will work. Synthetic transactions, for instance, need to run directly on the server. For a refresher on that information, see this.
But, to prove that we can control Lync Server remotely, a quick list of my lab CS users: