Skip to main content


Lync 2010 / 2013 disabled from AD Deny Groups

Here is the scenario – you have AD security groups specifically to DENY services to users that are added to this AD group.
For example – a naughty user could be placed on probation in your organization,  and then added to this group –  in turn this membership would be automatically disabled in Lync.

Some organization use Deny groups to control access to resources and services.  Using this method even if the user was added back into Lync by a Lync administrator, they would be removed again when this command is run – as a scheduled task is best.
Here is an example of PowerShell script to read users within a specific AD Deny group, and then remove those users from Lync membership:
Get-ADGroupMember -Identity YOUR_AD_GROUP| %{   If ($_.objectclass -eq “user”)      {Disable-CsUser -Identity $} }
Replace “YOUR_AD_GROUP” with the one you have for your denied users.
You may need to import the AD or Lync module (Import-Module …..) into the PowerShell depending on which server you are logged into running this script.
This can also be used for other services, not just Lync – just modify accordingly.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Steve Andrews

For over 20 years, Steve Andrews has been passionately working on the Microsoft infrastructure side in Information Technology. Working with versatile, agile companies to strategically deploy cutting edge technologies, streamlining, and consolidating to drive their business focus, profitability, and always stay ahead of their competitors. Experience includes deep Microsoft collaboration/communications and back end solutions for medium/large sized corporations within Financial, Entertainment, Manufacturing, Biotech, Government, and Administration. More recently assisting organizations to focus on private cloud creating/management/monitoring systems and specializing in System Center 2012 products. Steve is on product development panels for many Microsoft Server products (and Microsoft VTSP) and enables a true vision of simplicity through clean clear infrastructure. Before Perficient, Steve worked for a large European Cable/Communications company, an international retailer with the biggest POS network, and a high demand 24/7 manufacturing company.

More from this Author

Follow Us