Home > Lync Server/Skype for Business Server > All Skype for Business 2015 Cmdlets and the Default RBAC Roles That Can Use Them

All Skype for Business 2015 Cmdlets and the Default RBAC Roles That Can Use Them

December 23rd, 2016 Leave a comment Go to comments

Description

In All Lync 2013 Cmdlets and the Default RBAC Roles That Can Use Them and the corresponding 2010 version, I show a table that lists every cmdlet available in a fully patched Lync server environment, and the default permissions for each of the default RBAC roles. Doing one for Skype for Business was always on my list, but I never really got around to it until a visitor recently noted that some of the RBAC permissions changed for existing cmdlets when compared to the Lync Server 2013 list. So I figured it was time to do a new one. The previous versions were all manually created – every row. That was extremely laborious, taking many hours. This time around I automated the info gathering using (what else), PowerShell. This gave me all of the data in a .csv file, and three minutes of styling in Excel, and presto!

One thing I did notice is that there is a small group of cmdlets that don’t yet have a description, synopsis, uri, etc. So you’ll see those blank cells highlighted in bright red for now. I’ve reached out to the Product Group for info on when that info will be available. As soon as I have an answer, I’ll get it posted here.

So the spreadsheet is available below, but what good would a blog article be without some PowerShell code? So here’s the code I came up with to create the spreadsheet.

$objectCollection = @()
foreach ($cmdlet in (Get-Command -Module SkypeForBusiness | Sort-Object -Property Name)){
  Write-Output -InputObject $cmdlet
  $cmdletHelp = $(Get-Help -Name $cmdlet)
  [string] $Synopsis = $cmdletHelp.Synopsis
  [string] $URI = (($cmdletHelp.relatedLinks.navigationLink | Where-Object {$_.linkText -match 'Online Version'}).uri) -replace 'EN-US/',''
  [string] $RBAC = "Get-CsAdminRole | Where-Object {`$`_.Cmdlets `-imatch `"$cmdlet`"}"
  $rbacroles = Get-CsAdminRole | Where-Object {$_.Cmdlets -imatch "$cmdlet"}

  [bool] $RbacCSAdministrator = $rbacroles.identity -icontains 'CSAdministrator'
  [bool] $RbacCSVoiceAdministrator = $rbacroles.identity -icontains 'CSVoiceAdministrator'
  [bool] $RbacCSUserAdministrator = $rbacroles.identity -icontains 'CSUserAdministrator'
  [bool] $RbacCSResponseGroupAdministrator = $rbacroles.identity -icontains 'CSResponseGroupAdministrator'
  [bool] $RbacCSLocationAdministrator = $rbacroles.identity -icontains 'CSLocationAdministrator'
  [bool] $RbacCSArchivingAdministrator = $rbacroles.identity -icontains 'CSArchivingAdministrator'
  [bool] $RbacCSViewOnlyAdministrator = $rbacroles.identity -icontains 'CSViewOnlyAdministrator'
  [bool] $RbacCSServerAdministrator = $rbacroles.identity -icontains 'CSServerAdministrator'
  [bool] $RbacCSHelpDesk = $rbacroles.identity -icontains 'CSHelpDesk'
  [bool] $RbacCSResponseGroupManager = $rbacroles.identity -icontains 'CSResponseGroupManager'
  [bool] $RbacCSPersistentChatAdministrator = $rbacroles.identity -icontains 'CSPersistentChatAdministrator'

  $object = [PSCustomObject]@{
    'Cmdlet' = $cmdlet
    'Description' = $Synopsis
    'Uri' = $Uri
    'Validate' = $rbac
    'CSAdministrator' = $RbacCSAdministrator
    'CSArchivingAdministrator' = $RbacCSArchivingAdministrator
    'CSHelpDesk' = $RbacCSHelpDesk
    'CSLocationAdministrator' = $RbacCSLocationAdministrator
    'CSPersistentChatAdministrator' = $RbacCSPersistentChatAdministrator
    'CSResponseGroupAdministrator' = $RbacCSResponseGroupAdministrator
    'CsResponseGroupManager' = $RbacCSResponseGroupManager
    'CSServerAdministrator' = $RbacCSServerAdministrator
    'CSUserAdministrator' = $RbacCSUserAdministrator
    'CSViewOnlyAdministrator' = $RbacCSViewOnlyAdministrator
    'CSVoiceAdministrator' = $RbacCSVoiceAdministrator
  } 
  $objectCollection += $object 
}
$objectCollection | Export-Csv -Path $env:UserProfile\desktop\SfB2015cmdlets.csv -NoTypeInformation -Encoding UTF8

 

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Download

v1.1 – 03-01-2018 (through CU5) – SfB2015cmdletsCU5.xlsx

v1.0 – 12-23-2016 – SkypeForBusiness2015cmdlets.xlsx

Categories: Lync Server/Skype for Business Server Tags: , , ,
  1. Tom
    March 1st, 2018 at 15:43 | #1
    Reply | Quote

    Pat,
    In the output XLS file, if you filter the CSAdministrator to see the cmdlets they don’t have access to, you will find that no CS role has access. Digging further this is because the CS roles are RBAC but you still depend on the RTC security groups.
    This article does a good job of walking through some of it – https://sysnetdevops.com/2017/05/04/rtc-vs-cs-groups-in-skype-for-business-and-some-issues/

    Thanks for the work on the script and sharing
    Tom

    • Pat Richard
      March 1st, 2018 at 15:46 | #2
      Reply | Quote

      Thanks for the info, Tom! I’m gonna update this soon to also include the latest cmdlets from recent cumulative updates.

  1. No trackbacks yet.