Using SEFautil to manage users delegates
I wrote this blog when my customer asked me to handle the
following issue.
UserA had made UserB a delegate. However, now UserA is
archived and I wasn’t allowed to remove them from Lync. UserB was tired of
getting Lync calls for UserA. Apparently UserA was quite popular.
The SEFAutil resource kit utility was not easy to use.
However once you get the syntax down it does the job nicely.
Using the SEFAutil Resource Kit tool
Before you can use the SEFAutil tool to manage delegates and
calling features for users you need to configure the Lync environment to trust
the tool.
Environment:
Domain: Mackzilla.com
SIPDomain: Songcha.com
Site = Site1
PoolFQDN = Lyncpool.MackZilla.com
FrontEnd Servers: HQ-LYFE-401, HQ-LYFE-402,
HQ-LYFE-403
Create variable for site:
$site=Get-CsSite –Identity “<sitename>”
Create Trusted Application Pool
New-CsTrustedApplicationPool –Identity
<LyncPoolnameFQDN> -Registrar <LyncPoolFQDN> -Site $site.SiteID
–ComputerFQDN <LyncFrontEndFQDN>
Create Trusted Application
New-CsTrustedApplication –ApplicationID sefautil
–TrustedApplicationPoolFQDN <TrustedApplicationPoolName> -Port 7489
<can be any unused Port Number>
Enable the Topology
Enable-CsTopology
Note: Allow the port through the firewall of the server your
running the SEFAutil command. In my case TCP:7489
Example
$site=Get-CsSite –Identity “site1”
New-CsTrustedApplicationPool –Identity Lyncpool.MackZilla.com
–Registrar LyncPool.MackZilla.com –Site $site.SiteID –ComputerFQDN HQ-LYFE-401
New-CsTrustedApplication –ApplicationID sefautil
–TrustedApplicationPoolFQDN Lyncpool.MackZilla.com –Port 7489
Enable-CsTopology
To add additional Computers to the pool:
New-CsTrustedApplicationComputer -Identity <LyncFrontEndFQDN> -Pool
<TrustedApplicationPoolFQDN>
Example:
New-CsTrustedApplicationComputer –Identity
HQ-LYFE-402.MackZilla.com –Pool Lyncpool.MackZilla.com
Using SEFAutil
The Lync Resource Kit needs to be installed on the server.
In my case HQ-LYFE-401, HQ-LYFE-402 and HQ-LYFE-403.
Open a command prompt and navigate to the ResKit folder:
In my environment C:\Program Files\Microsoft Lync Server
2010\ResKit\
Remove a delegate from a user
Type: sefautil.exe /server:<fqdnofserverrunningsefautil>
<sipuriofuser> /RemoveDelegate:<SIPURIofdelegate>
Example: sefautil.exe /server:hq-lyfe-401.MackZilla.com userAlpha@songcha.com /RemoveDelegate:USERBRAVO@songcha.com
Note: Leave SIP: off of the user’s sipuri.
Note: The delegates sip name is case sensitive. Looking in
the Lync Management Console showed that the users sip name was capitalized. If you
don’t match the case the command will not work. Oddly enough the case of the
actual user you are removing the delegate from does not matter. This command does not provide any errors so
you have to verify that it worked by looking at the final output of the
command:
If the command works the delegate name will not show:
User Aor: sip:userAlpha@songch.com
Display Name: User C.
Alpha
UM Enabled: True (Could
also say false)
Simulring enabled:
false (Could also say true)
CallForwarding Enbaled:
false (Could also say true)
The command did not work if it says:
User Aor: sip:userAlpha@songch.com
Display Name: User C. Alpha
UM Enabled: True (Could
also say false)
Simulring enabled:
false (Could also say true)
Simultaneously Ringing
Delegates: sip:USERBRAVO@songcha.com
If the delegate is
still listed then the command did not perform the task.
Note: This was written for the 2010 version of the tool.
There is a 2013 version as well. I will verify that the syntax is the same and
update this blog.
Kudos to Jens Trier Rasmussen: https://blogs.technet.com/b/jenstr/archive/2010/12/07/how-to-get-sefautil-running.aspx
Kudos to Frederik Lefevre https://www.ucprofessional.com/2011/05/sefautil.html