EWS - How can I share IM Contact between mulitple Users in a UCS store ? RRS feed

  • Question

  • HI to all, I'm using EWS with impersonation to create contacts for a specific user. I need these contact to be shared by other users (a sort of Global Directory).

    I have to create same contacts  for all users or there is a way to share the same contact between users ?

    Thanks for your help.

    Friday, September 23, 2016 10:57 AM

All replies

  • Is there a reason you aren't putting these into the actual directory?

    Assuming there is a reason, the best way I've seen for sharing contacts in to use a shared mailbox, not a normal user's mailbox.  The reason for this is that if that user leaves, these contacts are lost to the remaining users - who may still need access to them.  The shared mailbox sticks around - and you can determine if it's no longer needed by whether there are still mailboxes with full control of it.

    Will Martin ...
    -join ('77696c6c406d617274696e2d66616d696c6965732e6f7267' -split '(?<=\G.{2})' | ? { $_ } | % { [char][int]"0x$_" })

    Friday, September 23, 2016 12:39 PM
  • Thank you for your response. I need to make an external global directory accessible from S4B client but some contacts are not visible form all users and I have to categorize them. I didn't want apply security permission on AD OU to do this so, I was searcing for alternative methods. But if AD is the only way I'll proceed with this.

    Stefania Oliviero.

    Friday, September 23, 2016 1:07 PM
  • Stefania,

    It makes the most sense to use the directory - and you can build a separate address book for them so they aren't in the normal global address list.  From this, you can grant rights for w2ho can see it (rather than at the OU level in AD).  A little bit cleaner, and all done within the Exchange interface.

    Will Martin ...
    -join ('77696c6c406d617274696e2d66616d696c6965732e6f7267' -split '(?<=\G.{2})' | ? { $_ } | % { [char][int]"0x$_" })

    Monday, September 26, 2016 11:44 AM
  • Thank you Will, I have to do this work by a scheduled job not  by Exchange Interface, so i have to investigate if I could access AD  and give privileges to users (I know with other LDAP server I can do).

    Is there e way to categorize them, in order to see on Skype 4 Business divided in groups ? 


    Friday, September 30, 2016 10:14 AM
  • Stefania, you can run scheduled jobs that use the Exchange modules - you just load the modules at the start of the script and run it with an account with the correct rights.  And since you need to run any job with a level of rights to do the type of work you mention, you might as well do it with one that will be audited for what work it performs.  For running a scheduled job with the Exchange modules, see the following Exchange Wiki: https://social.technet.microsoft.com/wiki/contents/articles/23150.how-to-use-task-scheduler-for-exchange-scripts.aspx

    Will Martin ...
    -join ('77696c6c406d617274696e2d66616d696c6965732e6f7267' -split '(?<=\G.{2})' | ? { $_ } | % { [char][int]"0x$_" })

    Friday, September 30, 2016 1:13 PM
  • Sorry, I'm not explaining myself, I have  a synchronization tool I developed that access data sources (such as enterprise CRM via WebServices, or SQL DB) and centralize data to create Entreprise Directories. With such tool I can create jobs, make data manipulation such as telephone number normalization and then write to some destination.

    My tool keep updated enterprise directories.

    I don't have predefined script I can run and I think I can't build such that scripts. My tool have connectors to most of LDAP server  which inckudes Active Directories but what I don't have is the user security management code to be able to assign rights to users.

    Friday, September 30, 2016 3:49 PM
  • Ah, so you need to do all these things at the AD level, without Exchange being involved.  Well, Microsoft's Active Directory is just another LDAP directory you can access the same way you access any others - you just need to know what you are writing, and where you are adding permissions. If you wish to create mail contacts or mail-enabled accounts in the directory, you just need to add an external email address to the objects you create.  Not much hard work to doing that.  As for placing permissions on them, you can also create organizational units and place permissions on them in the AD if you get inventive.  For more info about managing or manipulating the Microsoft Active Directory through LDAP, see the following: 

    Will Martin ...
    -join ('77696c6c406d617274696e2d66616d696c6965732e6f7267' -split '(?<=\G.{2})' | ? { $_ } | % { [char][int]"0x$_" })

    Friday, September 30, 2016 5:15 PM
  • Thanks, is there a way to do so with Exchange involved ?
    Monday, October 3, 2016 7:56 AM
  • Yes, as I said before - open your PowerShell session, create an Exchange connection to one of your Exchange server (see https://technet.microsoft.com/en-us/library/dd297932(v=exchg.141).aspx for details - and keep in mind that the account the script is run under needs Exchange RBAC rights to do the work or your script will fail), and use the Exchange commands.

    Will Martin ...
    -join ('77696c6c406d617274696e2d66616d696c6965732e6f7267' -split '(?<=\G.{2})' | ? { $_ } | % { [char][int]"0x$_" })

    Tuesday, October 4, 2016 11:25 AM