I am hoping to make some videos about SFB, but I am still low on time. In the mean time, I hope these articles are helpful to some. My Friend called me with an interesting problem. His move-Csuser command failed from the command line. The GUI move succeeded. I provide below a few things to check and set to repair the issue.
There are a couple reasons for the failure you are having. I will list below, along with the most plausible solutions:
I. The difference between the Command line and GUI is permissions related. When you open the command line, you need to be a member of the following groups :
- 1. RTCUniversalUserAdmins (not CSUserAdministrators
- 2. CsAdministrator
- 3. I know you think you have proper permissions but please check- This is often gotten wrong
- a. You will check and see you have two permissions – CSAdministrator and RTCUniversalServerAdmins
- b. You also need to add – you need to be a member of CsAdministrator and RTCUniversalUserAdmins
II. The other side of this issue is the User. The user may have been one of many users who had their default user created without inheritable permissions. Lync move command will fail!! Fix it before making the move command!
III. User is legacy OCS user? Your error contains the text OCSADUser. Without the full text of the error, there is some guesswork here but, perhaps try this out:
- a. Port 135 is blocked between pools. (not sure how the GUI gets around that)
- b. Run get-CsManagementStoreReplicationStatus on all Servers. Correct failures
- c. Check any SBAs they need the right ports etc..
- d. Did you try the –Force yet? Try it out. If it succeeds, then likely we have a data issue.
- e. Run Get-CsFabricPoolState and Get-CsBackupServiceStatus if either fail, then we know this needs to be fixed first.
- f. Move-CsLegacyUser -Identity “sip:firstname.lastname@example.org”-Target “lync-se.domain.net“
IV. Are the users potentially legacy OCS users? They could be. Try Move-CsLegacyUser
V. Weather legacy or not, the database may have a problem. Try to check the database for clarity below
- a. The error in this link may not match, but it contains the how to check for Database corruption DBANALYZE
- b. If the user database is not right, and you cant repair then you may have to homogenize the data by completing the CMS move or moving the CMS to another machine.
- Or you want to Export and Import the User data, after running a –force on the move command. see roman num. 8 below
VI. User or pool Attributes are wrong or corrupt, or not changeable in AD. Note the following attributes. You can even change manually if you know the values for the desired state. For the Pool:
- a. msRTCSIP-PoolDomainFQDN
- b. msRTCSIP-PoolDisplayName
- c. msRTCSIP-BackEndServer
2. For the User
- a. msRTCSIP-UserRoutingGroupId
- b. msRTCSIP-UserEnabled
- c. msRTCSIP-PrimaryHomeServer
VII. Lync Server Move-CsUser and Move-CsLegacyUser commands fail with error –like SetMoveResourceData failed because the user is not provisioned.
VIII. This is a perfect little process if Force works. So the commands are restated below. Thanks FlinchBot:
- a. Export-CsUserData -UserFilter “email@example.com” -Poolfqdn pool.flinchbot.com -filename “e:\tempuser.zip
- b. Move-CsUser “firstname.lastname@example.org” -Target pool.flinchbot.com –force
- c. Update-CsUserData -UserFilter “email@example.com” -FileName “e:\tempuser.zip” –verbose
IX. If you Move back in version, it will automatically fail without a force. Here is a long time disclaimer:
“WARNING: Moving a user from the current version to an earlier version (or to a service version) can cause data loss”
X. I just had to get to 10. Now I know My Roman numerals. Ok I am leaving you with a more complex example, which includes two of my fixes from above, in combination. I think I have captured a good number of the reasons why Move-CsUser may fail.
- a. Lync and Dcom Role back Movaway Failures
- b. Poolconflictcorrector tool
- c. If your moving to lync online and the User attributes are messed up. This tool will fix.
Bonus #11 – Issue with Move command and AD Connect
I hope this has been fun and informative. This is a summary article about the many reasons you may not be able to run move-CsUser in the command line. I will leave you with a couple last articles which have to do with getting all the user objects that may be causing things to fail. You can manually parse the list to see if there are any that show up with a problem.