I’m writing a quick post after a discovery I made while trying to answer someone’s question on my other post.
What permissions do you need to manage Common Area Phones?
You need RTCUniversalUserAdministrators membership if you want to manage them via normal Powershell (remote or local) or CsUserAdministrator if you want to manage them through a Powershell connection to the web management service (connecting to the ocs-powershell URI).
But depending on the OU which these objects will live in, you may also need to run the Grant-CsOUPermission command on the OU so that you can modify, create, and delete objects.
In order to run the cmdlet you need to specify the object type that you are granting this permissions to. The weird this is that it’s not immediately clear which SfB entities correspond to which object classes.
The options for object types with this cmdlet are Computer, Contact, AppContact, Device, and InetOrgPerson. I was interested specifically in common area phones, so I wasn’t sure if the object would be device or contact.
For some reason I chose to skip reading the Technet article in full detail (which explicitly says CAPs are ‘Devices’) and instead went straight to AD.
I looked in ADUC and saw that they were ‘Contacts”
And then just to double-check I looked at the class type in Powershell
And that pretty much confirmed for me that these are contact objects.
So I ran the Grant-CsOUPermission and specified the contact object type and I still could not create phone objects (I could modify them). After slamming my head on the keyboard for a while, I ran the same command but specified device and then it worked.
Then I read the Technet article and found out the you do indeed need to specify device for CAPs.