Wednesday 2 April 2014

Rolling back the Unified Contact Store

The first blog of April '14. Rather than get down at not being at MEC I thought I would do something positive and push this out. Enjoy.

Exchange 2013 and Lync 2013 work better together. Microsoft have made strong ground in ensuring these premium server products are a strong coupling when deploying both together – better together is the terminology that we hear here, and indeed that is true. In fact there's a strong coupling of a range of server products; Exchange, Lync and Sharepoint and the assumption can only be this will continue to improve in the next waves.

Lync and Exchange require a few different setup configurations for all elements to work correctly. We have the entire Trusted Application Pool setup for Exchange IM integration into OWA (I blogged it here), and we have the oAuth intergration to provide the Unified Contact Store, or UCS, as well as other features like Online meeting creation in OWA and allowing Lync IM archiving into Exchange.

Today I don't want to go into detail on covering oAuth integration between Exchange and Lync , this has been covered many times in blogs in the last few months. However I wanted to concentrate rolling back the Unified Contact Store to users, or at least a subset of users and this hasn't been covered before.

The Unified Contact Store instructs Lync to place all contacts for Lync enabled users into Exchange, or specifically the users Exchange mailbox, providing they have a policy that allows it.

Let's take a look in Outlook Web App to see what I'm talking about:

So it's a great feature and it makes a lot of sense. Why would you want to revoke it? Well that's a good question, so here's a few examples.

You might be in a hybrid configuration with Office365 where UCS with Lync on-premise is not supported
The user might not have a mailbox at all, or be on a legacy version of Exchange (different but means you must have UCS and non UCS policies in place and know when to use them)
The user might have corruption in their mailbox causing multiple Lync contacts or similiar, so you might want to roll it back for the user whilst you fix their mailbox

So taking that on board, let's take a look at my user, Test1. (I am looking at 'configuration information' by holding ctrl and right clicking the lync icon in the system tray)

We can see the UCS is enabled. It explicitly states under 'UCS Connectivity State' that 'Exchange connection Active', and the Contact List Provider is 'UCS'. Fantastic.

So what do we have to do to revoke UCS for my Test1 user? Read on.

   1. First of all we need to create, if one doesn't exist already, a policy that does not allow UCS.

       Check to see what your policies are Get-CsUserServicesPolicy

I     I only have a Global one here and you can see UCS is allowed. So let's create a new one that does not have UCS enabled.

   2. Create a new policy with New-CsUserServicesPolicy –Identity UCSdisable –UcsAllowed $false Call it whatever you want but you will likely want to clarify it has UCS disabled.

   3. We now need to push our UCSdisable policy to our test user Grant-CsUserServicesPolicy –Identity –PolicyName UCSdisable

   4. Let us confirm they have the policy that denies UCS Get-CsOnlineUser |select SipAddress, UserServicesPolicy

   5. Finally we roll back UCS on the user. This takes the Lync contacts from the Exchange mailbox and places them back into Lync. Invoke-CsUcsRollback –Identity

   6. It may take a good 10 minutes (or longer if you have hundreds of Lync contacts) before this process completes. But when checking the Lync client of the user you should then be able to confirm UCS is disabled

And that's the process completed. You can then define in certain scenarios who can have UCS enabled and who has to continue to use Lync Server as their Contact List Provider dependant on your needs, or just document the steps for your DR plans.

One thing to note is that if you invoke the rollback from UCS to Lync but you do not give the user a disabled policy for UCS, after 7 days Lync will then start pushing all contacts back into Exchange.

Take care,
Oliver Moazzezi - MVP Exchange Server

1 comment:

Unknown said...

Any idea why I would get this:

PS C:\Users\cdicomosysmgr> Invoke-CsUcsRollback -Identity -

The cmdlet was called with the Force option. Because you used the Force option,
the user's contact list will not be exported from Exchange before roll back.
As a result, the user will lose the contact list.
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is "Y"):
WARNING: Failed to configure the roll back bit on Exchange. You can run the
roll back cmdlet again to configure the roll back bit on Exchange. Configuring
roll back bit on exchange failed with auto discover exception: Unable to aquire
EWS proxy for user, cannot continue

PS C:\Users\cdicomosysmgr>