Skype for Business Online PowerShell Throttling Limits

As many ITPro’s have found out through remote PowerShell scripting against Exchange Online, there are limits. 

The same holds true for Skype for Business Online when using the Skype for Business Online Windows PowerShell Module. These are often an issue when scripting across thousands of objects.  For example, applying a SfBO policy to 15,000 user objects.

The throttling limits are very similar to that in Exchange Online. From experience, here are the hard limits:

  1. 3 concurrent sessions per credential used to connect
  2. 10 concurrent sessions per tenant
  3. Throttle Limits for Resources and Types of Resources
    • A resource is an object, or a type of object such as a Policy, a User, etc….
    • If your PowerShell script is repeatedly taking an action on a specific resource (read/write), or the same type of resource, you will be throttled
    • First, you will get a Warning Message like this one:  “WARNING: Micro delay applied. Actual delayed: 21956 msecs, Enforced: True, Capped delay: 21956 msecs, Required: False, Additional info: ….”
    • Secondly, if your script does not slow down, it will get slower responses to cmdlet’s, etc…
    • Thirdly, if you are really bad, you will be denied access in the form or just no response, or a hard denial depending on the resource and cmdlet.
    • Note: the throttle per resource or resource type happens across all concurrent sessions under the same credential.  Each credential seems to have a resource budget that is consumed regardless of the session.

Special thanks to Gary Hu for his contributions on this blog article.

    Installing on the new Skype for Business Online PowerShell Module on Windows 10

    A new Skype for Business Online PowerShell Module was released on April 19, 2017.

    Recently I commissioned a new Windows 10 desktop client and downloaded and installed this new module. When I went to use it, I received an error while trying to acquire an authentication token (e.g. Get-CsAccessToken) because of a missing Microsoft.IdentityModel.Clients.ActiveDirectory assembly.

    I was somewhat surprised to see Windows 10 not officially listed as a “Supported Operating System” as shown below.

    However, after resolving the missing assembly error, I have been able to use it without any issues. This blog article describes how to resolve this issue.

    Installation of the Skype for Business Online (SfBO) module should go fine, but you will likely get this error when trying to use the SkypeOnlineConnector (e.g. via Import-Module):

    • SkypeOnlineConnector Get-CsAccessToken : Could not load file or assembly ‘Microsoft.IdentityModel.Clients.ActiveDirectory, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35′ or one of its dependencies. The system cannot find the file specified.

    Human translation: either Microsoft.IdentityModel.Clients.ActiveDirectory is missing, or one of its dependencies.

    The Microsoft.IdentityModel.Clients.ActiveDirectory assembly is the Azure Active Directory Authentication Library (ADAL). The SfBO module uses it to authenticate the credentials used in the script against Azure AD. It is installed with the SkypeOnlineConnector Module. The SfBO Connector ships with Version 2.19 of the Microsoft.IdentityModel.Clients.ActiveDirectory.dll as shown below, but the there are other dependencies in this library that need to be installed.

    The ADAL library can be downloaded here:

    The client-side SfBO module running on Windows 10 will use the .NET Client version (either V2 or V3 will work; I would use V3 since it’s the latest).

    For some reason the built-in Install-Package cmdlet of the Microsoft PowerShell Package Management cannot find the ADAL library as shown here:

    There is probably an easy fix to that, but instead I just downloaded and used the NuGet Command Line Interface (CLI). It is built into Visual Studio 2017, or you can download it here: Download the “nuget.exe” and call it from the command line as shown here:

    You now need to exit and restart your PowerShell console or ISE session for it to take effect.

    Enabling PSTN Calling for an Office 365 E3 User in 5 Easy Steps

    I frequently encounter the situation where a company (or individual) has an Office 365 tenant with all E3 licenses but they want to enable some users for Skype for Business Online PSTN Calling (the ability to dial-out and receive calls to phone numbers in a geo-region where Skype for Business Online (SfBO) PSTN calling is currently available).

    This article discusses the most basic direct way to accomplish this so that people can understand the basic process and requirements.

    One of the first questions people have is whether they can  purchase a handful of E5 licenses in an “E3 tenant” (an O365 tenant that currently has nothing but E3 licensed users).  The answer is ‘Yes’ – you can purchase one or more E5 licenses and apply those licenses to one or more existing E3 users (upgrade their licenses). The PSTN Calling functionality can also be enabled by purchasing add-on licenses to the E3 license, but in most cases it is just as cost effective (or more cost effective) to use the full E5 license – this is situation I describe here.

    Here are the steps to fully enable PSTN Dial-In / Dial-Out for an existing Office 365 E3 user.

    1.  Purchase and Assign the Necessary Licenses

    For an existing E3 licensed user, there are basically have two licensing options to enable PSTN Calling:

    1. Purchase and assign an E5 license.  Then purchase and assign a PSTN calling add-on license for the user.
    2. Purchase and assign a Cloud PBX add-on license. Then purchase and assign a PSTN calling add-on license for the user.

    As you can see, the significant difference between these two options is that the E5 license includes the Cloud PBX license which provides the ability to then purchase a PSTN calling plan so that the user can make and receive phone calls in regions that have PSTN Calling enabled (in May 2017 this includes the US, France, UK, Spain, and Puerto Rico). The E3 license does not contain the Cloud PBX add-on license, and you must separately purchase it.

    Tip – think of the Cloud PBX license as providing PBX-like call control capabilities, but not the PSTN calling plan (or connectivity) on-top. The PSTN Calling Plans and Cloud PBX licenses go together – the Cloud BPX license is required to have the ability to add a voice calling plan.

    The cost of an E3 license with the Cloud PBX add-on in USD as of May 2017 is:

    • Office 365 E3: $20 / user / month
    • Skype for Business Cloud PBX :  $8.00 / user / month
    • TOTAL:  $28 / user / month

    The cost of an E5 license as of May 2017 is $35 / user / month (USD) which also includes PSTN Conferencing capabilities, MyAnalytics, Advanced Treat Protection, Advanced Information Protection (DLP and encryption), and more features, so it is worth considering for the extra $7 / user / month.

    FYI, as of May 2017, the Skype for Business PSTN Domestic Calling add-on license in the US is $12.00 / user / month.

    Once you have purchased an E5 license (or the equivalent add-on Cloud PBX and PSTN Calling licenses for E3), go into the Office 365 Admin Portal and assign the E5 license to a user.  This is straightforward process (see here if you have any questions: Assign or remove licenses for Office 365 for business).

    Tip – you need to turn off the existing E3 or E1 license before assigning the E5 license or the Office 365 Admin Portal will give you an error about “conflicting plans” – e.g.  Skype for Business Online Plan 1 conflicting with Skype for Business Online Plan 2.

    After assigning the E5 license, it is normal to see this warning:


    In fact, before we can assign the user a phone number, you need to ensure the user has a PSTN Calling Add-On License as described in Step #3.

    Tip – in my experience there is always a delay, and it’s not just a fSkype for Business PSTN Domestic Calling ew minutes.  I’ve typically had to wait many hours. In fact, as stated in the Microsoft Support Article  Assign Skype for Business licenses :

    Latency after assigning licenses: Because of the latency between Office 365 and Skype for Business Online, it can possibly take up to 24 hours for a user to be enabled for PSTN Calling after you assign a license. If after 24 hours, the user isn’t enabled for PSTN Calling please call us.

    2. Acquire and Assign a Skype for Business Online PSTN Calling Add-On License

    The ability for a user to make and receive calls through the phone system is an add-on license on top of the E5 license.  You can purchase this option through the “Billing | Purchase Services” options in the O365 Admin Portal.  There are a couple of options for PSTN Calling based on your region as shown below for the United States:


    For all the various PSTN Calling add-on license plans see PSTN Calling plans for Skype for Business.

    Tip – If you haven’t assigned a CloudPBX or PSTN Calling add-on License to a user, you will see this in the Voice tab of the SfBO Admin Portal


    Once you have obtained a PSTN Calling Add-On License (or CloudPBX license), you should see it in the available licenses in the Office 365 Admin Portal when  you edit a user (under Active Users) to apply it as shown here:


    Once the add-on license is successfully applied to a user and the change replicates to SfBO, you will see the user enabled for Voice in the SfBO Admin Portal as shown here:


    Tip – many times I need to re-launch the SfBO Admin portal from the O365 Admin portal to see this change.  You might get the same result by refreshing the browser.

    Now that a user is licensed for E5 and PSTN calling, you just need to configure an emergency location, and acquire and assign the user a phone number.

    Step 3.  Configure an Emergency Location for the User

    A this point, if you try to assign the a phone number to the user, you will quickly find out that you need to add an Emergency Location for the user before you can assign a number as shown here with this warning:


    This location represents a real physical address where the user consuming PSTN will likely reside and is used in the case the user dials an emergency number (e.g. “911” in North America).

    Configuring Emergency Locations is a straightforward process you can configure under in the “emergency locations” in the SfBO voice settings.  A real example is shown here:


    Tip – this needs to be a real physical address and it is validated against a database of real addresses before you can save and continue.

    Step 4.  Acquire a Phone Number

    Before you can assign a phone number to a user, you need to acquire one. You can do that in the SfBO Admin Portal under “voice” and “phone numbers” and select the “+” sign the Add a New Number. You will be able to select a new DID from the regions where PSTN calling is supported for the location of your Office 365 tenant as shown here:


    You should see the newly acquired DID in the available phone number list.

    Step 5.  Assign a Phone Number

    After successfully configuring an Emergency Location for the user, and acquiring a phone number, we can now assign a phone number to a user.  Go into “Voice | Voice Users” in the SfBO portal as shown here:


    And finally, after selecting the previously acquired phone number and emergency location, you can enable this user for PSTN Calling!


    Tip – all of the above steps showed how to do this in the Office 365 and SfBO Admin Portal but it can all be accomplished through PowerShell (e.g. for configuring many users).

    More Information

    The following Microsoft articles provide more information on PSTN Calling:

    Set Custom Policies in Skype for Business Online

    For those who have worked with Skype for Business Online (SfBO) policies, you know that the policies which govern user behavior and features are pre-configured with a set of default policies for the Office 365 SfBO tenant.

    This was somewhat painful for a couple of reasons:

    • Policies which had a large number of settings (e.g. Conferencing), had to have a huge number of default policies to cover all the combination of features enabled/disabled
    • Organizations could not set a custom specific set of features to create policies which matched their business needs.

    Skype for Business Server 2015 On-premises of course allows the creation of custom policies. Recently Microsoft brought this custom policy capability to Skype for Business Online!

    Recently the ability to create custom policies for these 4 policy types was added to Skype for Business Online:

    1. Conferencing
    2. Client
    3. Mobility
    4. Caller-ID (** not sure if this policy is used yet in SfBO, but the cmdlet’s exist to Set and Get policies of this type)

    This introduces new cmdlet’s to create, grant, remove custom policies, and change settings on existing policies of these types. These are reflected in the traditional associated New & Set cmdlets (see below).

    Key Notes:

    • When a custom policy is created, it is only visible in the tenant it is created it.
    • ** Once a custom policy is created in the tenant, the behavior of the associated ‘Get’ cmdlets for that policy type will only returns the custom policies for that tenant instead of all policies (including the default ones that ship with a new SfBO tenant).   The parameter “-Include SubscriptionDefaults” needs to be included with the Get cmlet to return all of the policies after the creation of at least one custom policies.
    • You cannot use the corresponding ‘Set’ cmdlet’s to change the existing default policies of these types – i.e. that policies that come default with your Office 365 tenant.

    The rest of this article details the default policy for each policy type, and the PowerShell cmdlets to create and configure them. Recently a Microsoft Tech Community article was written which also explains the new custom policies: Custom Policies for Skype for Business Online.

    Note: the cmdlet name is a hyperlink to the TechNet documentation.


    Default Policy Given to a new user: BposSAllModality


    Returns information about the conferencing policies that have been configured for use in your organization. Conferencing policies determine the features and capabilities that can be used in a conference; this includes everything from whether or not the conference can include IP audio and video to the maximum number of people who can attend a meeting.


    Modifies an existing conferencing policy. Conferencing policies determine the features and capabilities that can be used in a conference; this includes everything from whether or not the conference can include IP audio and video to the maximum number of people who can attend a meeting.

    Cmdlet to assign to a user : Grant-CsConferencingPolicy (link to on-premises documentation)


    Default Policy Given to a new user: ClientPolicyDefault

    Returns information about the client policies configured for use in your organization. Among other things, client policies help determine the features of Skype for Business Server 2015 that are available to users; for example, you might give some users the right to transfer files while denying this right to other users.

    Modifies the property values of an existing client policy. Client policies govern certain user features such as the right to transfer files while denying this right to other users.

    Cmdlet to assign to a user : Grant-CsClientPolicy


    Default Policy Given to a new user: MobilityEnableOutsideVoiced


    Retrieves information about the mobility policies currently in use in an organization. Mobility policies determine whether or not a user can use Skype for Business Mobile. These policies also manage a user’s ability to employ Call via Work, a feature that enables users to make and receive phone calls on their mobile phone by using their work phone number instead of their mobile phone number. Mobility policies can also be used to require Wi-Fi connections when making or receiving calls


    Modifies an existing mobility policy. Mobility policies determine whether or not a user can use Skype for Business Mobile. These policies also manage a user’s ability to employ Call via Work, a feature that enables users to make and receive phone calls on their mobile phone by using their work phone number instead of their mobile phone number. Mobility policies can also be used to require Wi-Fi connections when making or receiving calls

    Cmdlet to assign to a user: Grant-CsMobilityPolicy


    The caller-id policies are very new and govern the caller-id feature for users such as whether another another number can be shown as the outbound caller-id. There is no help available (for either the on-premises or online versions), so the command line syntax is shown for each cmdlet.

    Default Policy Given to a new user: <None>


    Get-CsCallerIdPolicy [-Identity <XdsIdentity>] [-BypassDualWrite <$true | $false>] [-LocalStore <SwitchParameter>] [-Tenant <Guid>] [<CommonParameters>]

    Get-CsCallerIdPolicy [-Filter <String>] [-BypassDualWrite <$true | $false>] [-LocalStore <SwitchParameter>] [-Tenant <Guid>] [<CommonParameters>]


    Set-CsCallerIdPolicy [-Identity <XdsIdentity>] [-BypassDualWrite <$true | $false>] [-CallerIDSubstitute <Anonymous | Service | LineUri>] [-Confirm <SwitchParameter>]
    [-Description <String>] [-EnableUserOverride <$true | $false>] [-Force <SwitchParameter>] [-Name <String>] [-ServiceNumber <String>] [-Tenant <Guid>] [-WhatIf
    <SwitchParameter>] [<CommonParameters>]

    Set-CsCallerIdPolicy [-Instance <PSObject>] [-BypassDualWrite <$true | $false>] [-CallerIDSubstitute <Anonymous | Service | LineUri>] [-Confirm <SwitchParameter>]
    [-Description <String>] [-EnableUserOverride <$true | $false>] [-Force <SwitchParameter>] [-Name <String>] [-ServiceNumber <String>] [-Tenant <Guid>] [-WhatIf
    <SwitchParameter>] [<CommonParameters>]

    Cmdlet to assign to a user: Grant-CsClientPolicy

    Generating a List of Available Skype for Business Online PowerShell Cmdlets with Documentation

    The Skype for Business Online (SfBO) PowerShell Module is the primary command line management tool for Administrators.

    New users of this module are often surprised to learn that the cmdlets exposed by this module are not defined in the Skype for Business Online PowerShell module itself. Instead, the SfBO PowerShell Module creates an implicit remote PowerShell session and imports the cmdlet definitions from the Online SfBO tenant. The cmdlet’s made available in this module therefore could vary by tenant (i.e. based on the type of licensed Office 365 tenant), and be changed online in the tenant (i.e. by Microsoft) without releasing a new PowerShell module (which is installed locally).

    Significant changes to the online cmdlet’s are usually well communicated, but as the SfB online service quickly evolves, changes can happen before they are well communicated. For this reason, and to learn what cmdlet’s are available for SfBO administration, I often enumerate the available cmdlet’s in several of my tenants.

    The available cmdlet’s in any SfBO tenant can be easily retrieved using PowerShell by finding the associated local temporary PowerShell module associated with any current SfBO PowerShell session and enumerating the cmdlet’s available in that module.  Displaying a list of cmdlet’s to the PowerShell console is not much use however – it is hard to get a handle on what cmdlet’s are available, what they do, and what differences might exist between tenants (since the last time the cmdlet’s were enumerated).

    Inspired by fellow MVP Pat Richard’s script for retrieving a convenient list of Skype for Business on-premises PowerShell cmdlet (see “All Skype for Business 2015 Cmdlets and the Default RBAC Roles That Can Use Them”) which includes help information such as the Synopsis and a link the online TechNet help for that cmdlet, I wrote a script which does the following:

    1. Retrieves all of the SfB online cmdlets available in the tenant – including the help descriptions and links to the online help for that cmdlet (if it exists).
    2. Optionally produces a nice HTML report of all the available SfBO cmdlet’s using a really useful PowerShell module named “ReportHTML” by Matthew Quickenden (See PowerShell module called Generate HTML Reports by Matthew Quickenden to get this module).
    3. Optionally saves it to a CSV file

    The script is below. By default both the HTML and CSV reports are produced but this can be easily changed with two boolean input parameters to the script representing each type of report.

    Some notes on using this script:

    1. It can take a long time (~10 minutes) to finish – why?  The script is calling Get-Help on every cmdlet it finds to get the description and links to online help. This can take awhile.
    2. Make sure the ReportHTML module installed to make the HTML reporting work.
    3. If you are in a SfB hybrid configuration, the OverrideAdminDomain parameter in the New-CSOnlineSession call will likely be required for the remote SfBO session to be established.  See the nodes in the script.
    4. Some cmdlet’s do not have TechNet documentation. Other cmdlet’s have a TechNet link but it is broken – nothing is posted at that link. Most do have links and they open a separate window with the help.

    An recent example of the HTML report – which represents all of the SfBO cmdlet’s available on an E3 tenant as of March 2017 - is here:




    The Script

    The script is published on the TechNet script gallery here: This is where I will keep it up-to-date.

        Get-SfBOCmdlets.ps1 – Get’s all the cmdlet’s availalble and their help informaiton for an Online Tenant.

        This powershell script retrieves all the cmdlet’s available in an SfBO tenants,
        including the help description, and link to online cmdlet help, and optionally
        produces a nicely formatted HTML report and CSV file with all the cmdlet information.


        Skype for Business Online Administrative Username/Password for the tenant (manual prompt), and
        optional parameters for the type of output reports desired.

        ProduceHTMLReport – Boolean to produce an HTML report (default = true)
        ProduceHTMLReport – Boolean to produce an HTML report (default = true)

        All the cmdlet’s and information about each one.

        ** Need to modify the New-CSOnlineSession session (see below) for a hybrid SfB domain

       .\Get-SfBOCmdlets.ps1 -ProduceHTMLReport $true -ProduceCSVReport $false

    Written by: Curtis Johnstone

    Special Thanks to Pat Richards for this script:

    param (
        [bool] $ProduceHTMLReport = $true,
        [bool] $ProduceCSVReport = $true

    Function GetSfBOCmdlets
        Write-Output "About to retrieve available online cmdlets and associated help information"

        Import-Module -Name SkypeOnlineConnector

        $Credential = Get-Credential

        # use the -OverrideAdminDomain parameter for a hybrid SfB domain; see
        $sfBOSession = New-CSOnlineSession -credential $Credential # -OverrideAdminDomain
        $implicit_PS = Import-PSSession $SFBOSession -AllowClobber

        if ($SFBOSession -eq $null)
            Write-Error "There was a problem establishing the remote session to the SfBO tenant. Aborting"

        $global:objectCollection = @()

        $all_cmdlets = Get-Command -Module $implicit_PS.Name | Sort-Object Name

        foreach ($cmdlet in $all_cmdlets)

            $cmdletHelp = $(Get-Help $cmdlet)
            [string] $synopsis = $cmdletHelp.Synopsis
            if ($synopsis -eq $null) { $synopsis = "" }
            if ($synopsis -eq "Provide the topic introduction here.")
                { $synopsis = "" }
            [string] $description = $cmdletHelp.Description
            if ($description -eq $null)
                { $description = "<blank>" }      

            [string] $onlineHelpURI = (($cmdletHelp.relatedLinks.navigationLink | Where-Object {$_.linkText -match "Online Version"}).uri) `
                -replace "EN-US/",""

            $onlineHelpURI = $onlineHelpURI.Trim();

            if ($onlineHelpURI -eq "")
                $hyperLink = "Not available";
                $hyperLinkName = $cmdlet.Name

                # these are magic keywords that the ReportHTML module uses to create hyuperlinks – use the Get-HTMLReportHelp cmdlet for more info
                [string] $hyperLink = "URL01NEW{0}URL02{1}URL03" -f $onlineHelpURI, $hyperLinkName

            $object = New-Object –Type PSObject
            $object | Add-Member –Type NoteProperty –Name CmdletName -Value $cmdlet.Name
            $object | Add-Member –Type NoteProperty –Name Synopsis -Value $synopsis
            $object | Add-Member –Type NoteProperty –Name "TechNet Documentation Link" -Value $hyperLink

            $global:objectCollection += $object

        # clean up remote powershell sessions and resources

        if ($implicit_PS -ne $null)
            { $implicit_PS = $null }

        if ($sfBOSession -ne $null)
            { Remove-PSSession $SFBOSession }
        Write-Output "Finished retrieving online cmdlets"


    Function ProduceHTMLReport
        # requires the ReportHTML module (
        Import-Module ReportHTML

        $htmlReportPath = $env:UserProfile + "\Documents"
        $htmlReportFile = $htmlReportPath + "\SfBO_Cmdlets.html"

        # $nc = $global:objectCollection | select CmdletName, Synopsis, "TechNet Documentation Link"

        $nc = $global:objectCollection

        $rpt = @()
        $rpt += Get-HtmlOpenPage -TitleText  ("Skype for Business Online Cmdlets") -LeftLogoName Blank -RightLogoName Blank

        $rpt += Get-HtmlContentOpen -HeaderText "Cmdlets"
        $rpt += Get-HtmlContentTable $nc
        $rpt += Get-HtmlContentClose
        $rpt += Get-HtmlClosePage

        Write-Output "Producing HTML report here: $htmlReportFile"

        $rpt > $htmlReportFile

        # display html report
        Invoke-Item $htmlReportFile
        Sleep 1

    Function ProduceCSVReport
        $csvReportPath = $env:UserProfile + "\Documents"
        $csvReportFile = $csvReportPath + "\SfBO_Cmdlets.csv"

        Write-Output "Producing csv report here: $csvReportFile"

        $global:objectCollection | Export-Csv -Path $csvReportFile -NoTypeInformation -Encoding UTF8

    Write-Output "Script is Starting"
    Write-Output "Produce HTML Report? $produceHTMLReport"
    Write-Output "Produce CSV Report? $produceCSVReport"

    # retrieve the cmdlet listing

    if ($produceHTMLReport)
        { ProduceHTMLReport }

    if ($produceCSVReport)
        { ProduceCSVReport }

    Write-Output "Script complete"


    References and More Information

    The Microsoft Skype for Business Online (SfBO) PowerShell Module

    The ReportHTML PowerShell Module in the PowerShell Gallery – by Matthew Quickenden

    Pat Richards All Skype for Business 2015 Cmdlets and the Default RBAC Roles That Can Use Them

    Getting the Distribution of Skype for Business Online Registrar Pools used in an Office 365 Tenant

    Much like Skype for Business on-premises users, each Skype for Business Online (SfBO) user has a home pool. This home pool consists of multiple SfB servers running in Office 365 data centers. On sign-in, the each SfBO user establishes a Skype for Business session with one of the SfB servers in that home pool.  It is also the users’ home pool for any conferences they host (organize), which determines where the media (audio, video, screen sharing) is broadcast from. These servers reside in different Office 365 data centers, and knowing which online SfB registrar pools are being used, and by which users, can help troubleshoot sign-in issues, configure firewalls, and understand underlying conferencing performance.

    Below is the PowerShell to get a distribution of which online SfBO registrar’s pools are in use for your tenant, and which are used by specific users.

    The PowerShell leverages the Skype for Business Online PowerShell module.  It uses the Get-CsOnlineUser cmdlet to retrieve the home registrar pool for each user, and does a simple grouping to figure out how many users are hosted on that online registrar.

    #  Retrieves the Skype for Business Online Registrar Pool Distribution

    Import-Module -Name SkypeOnlineConnector
    $Credential = Get-Credential
    $SFBOSession = New-CSOnlineSession -credential $Credential # -OverrideAdminDomain

    # supress the output of importing the PS Session (not needed; save in case we do need it)
    $output = Import-PSSession $SFBOSession -AllowClobber

    $fullUserListing = Get-CsOnlineUser

    $registrarPoolDist = @($fullUserListing | Where-Object {$_.RegistrarPool -ne $null} `
        | select RegistrarPool, SipAddress | Group-Object RegistrarPool)

    foreach ($regPool in $registrarPoolDist)
        Write-Output ($regPool.Name + " is hosting " + $regPool.Count + " Skype for Business Online Users.")
        foreach ($user in @($regPool.Group))
            Write-Output ("`t`t User: " + $user.SipAddress)

        Write-Output "`n"

    # clean up
    if ($SFBOSession -ne $null)
        Remove-PSSession $SFBOSession

    Here is the sample output from a small North American E3 tenant with 8 SfBO users:


    We can see the distribution of the number of users hosted in each online registrar pool, and which users are hosted on them.

    The script is published and updated on the TechNet Gallery here:

    Behind the Scenes look at the Skype for Business Online PowerShell Module

    As Skype for Business Online (SfBO) adoption on Office 365 continues to grow, more organizations are turning to PowerShell to manage the SfBO tenant and users.

    The Skype for Business PowerShell Module used to the connect to the tenant is interesting.  Knowing a little but about how this module works behind the scene’s can go a long way to understanding any issues that come up.

    There are 3 things you need to do to connect to your Skype for Business Online tenant with PowerShell using the SfBO PowerShell Module:

    Action PowerShell to Accomplish It Notes
    Import the SkypeOnlineConnector Import-Module -Name SkypeOnlineConnector  
    Establish a New Remote SfBO PowerShell Session $SFBOSession = New-CSOnlineSession -credential $Credential  $Credential holds the SfBO admin credentials to the tenant
    Import the remote session into your local PowerShell session Import-PSSession $SFBOSession –AllowClobber The –AllowClobber parameter will allow us to redefine any existing cmdlet’s with the same name in our local PowerShell session.

    This blog entry details what each of these 3 steps are doing behind the scene’s.


    Import the SkypeOnlineConnector

    This Import-Module cmdlet makes the SkypeOnlineConnector module available in the local PowerShell session (e.g. in the console or ISE).

    The module is usually installed locally here:

    C:\Program Files\Common Files\Skype for Business Online\Modules\SkypeOnlineConnector

    The interesting thing is this, unlike many other Microsoft modules, it is script module – meaning the whole module is defined in a PowerShell script that you can read for yourself.  It is located in this PowerShell file:


    When we open this script, we see the following 2 PowerShell function definitions which define the cmdlet’s which allow us to establish the remote PowerShell session, and import the cmdlet’s:

    1. New-CsOnlineSession
    2. Set-WinRMNetworkDelayMS


    Establish a New Remote SfBO PowerShell Session

    Next, let’s look at what these two cmdlet’s do exactly:

    $Credential = Get-Credential

    $SFBOSession = New-CSOnlineSession -credential $Credential

    As we noted above, the New-CsOnlineSession is a function defined in the PowerShell module. The function description inside the script describes perfectly what it does:

    Creates a remote session to Microsoft Lync Online DataCenter. In this session, tenant administrator can run Lync cmdlets to manage users, policies and configurations.


    If this completes successfully, the variable $SFBOSession now holds a remote Powershell session to the SfBO tenant. Looking at the properties of this online session reveals the online server the remote session is established with:

    $SFBOSession | select *



    ComputerName           :


    NOTE: for SfB Hybrid Deployments

    In SfB deployments that are hybrid, the DNS records used by remote PowerShell generally point on-premises, so you need to specify an –Override parameter to override the DNS name with the intial domain name of the Office 365 tenant (e.g. <domain>

    This issue is documented well here:


    Import the Remote Session into your Local PowerShell Session

    Finally the Import-PSSession cmdlet will import the cmdlets, functions, aliases in the remote PowerShell session into the current local sessions so that we can work use them.


    You’ll notice that this Import-PSSession cmdlet returns a temporary PowerShell module. This module holds the cmdlet’s that were imported from the remote session (it actually does not hold the cmdlet’s themselves but rather proxy definitions).

    There are 2 important things to realize here:

    1. The Skype for Business Online cmdlet’s are not defined in the Skype for Business Online PowerShell module. This means that the cmdlet’s made available could vary by tenant, and be changed by Microsoft without releasing a new PowerShell module (to install locally). The takeaway for IT organizations is that changes can (and do happen). It doesn’t happen often, and changes are usually well advertised in advance and are usually cmdlet additions; but there have been (and will be) changes to the online cmdlet’s. 

    This temporary PowerShell module get be seen with the Get-Module cmdlet, and like the SfBO PowerShell Module itself is a script module, so we can see all the definitions of the cmdlets it makes available.  It is available in the C:\Users\<user>\AppData\Local\Temp\ directory.

    2. All the online cmdlet definitions reside in this module.  You can see them by using the Get-Command cmdlet as follows:

    Get-Command –Module “tmp_chdu42yi.nev”| Sort-Object Name

    As of March 2017, there are about 178 cmdlet’s in an Office 365 E3 SfBO tenant with no Add-On plans.


    More Information

    Skype for Business Online, Windows PowerShell Module

    Using Windows PowerShell to manage Skype for Business Online


    Diagnosing and resolving connection problems with Skype for Business Online

    5 Tips to Improve Skype for Business Wi-Fi Performance

    This article offers 5 tips to increase overall performance for Skype for Business (Sfb) over Wi-Fi at home or a Public Hotspot. These tips were created from my own experiences at home and using Wi-Fi in different circumstances. 

    Delivering a good SfB Wi-Fi experience in the enterprise is a much larger topic with more infrastructure and configuration options and recommendations. A good start here is Microsoft’s Guide “Ensuring an Enterprise Class Wireless Skype for Business Experience” which provides end to end planning, best practices, and proactive maintenance and operations to deliver enterprise grade Wireless Skype for Business service.

    Here are the 5 tips I will discuss:

    1. Make Sure the Gas Tank Isn’t Empty
    2. Use a Dedicated 5 GHz Wireless Band if Possible
    3. Try a Different Wi-Fi Channel
    4. Consider Implementing Quality of Service (QoS)
    5. Still Having Issues … Ditch the Wi-Fi


    Tip 1 – Make Sure the Gas Tank Isn’t Empty

    Diagnosing and resolving Wi-Fi issues can be really challenging.  Ensuring these basic pre-requisites are met will greatly increase the chances of success:

    1. Keep Skype for Business Clients Up To Date.  This sounds like advice your mother would give you, but it really can help – especially with the SfB mobile clients. Update an Windows desktop clients in use to the latest-and-greatest via Windows Update.
    2. Ensure there is Adequate Network Connectivity from the Wireless Access Point (WAP) / Router to the Internet!  I’ve lost track on the number of times I was trying to diagnose a Wi-Fi issue, and it the real problem was a temporarily internet outage on the Internet Service Provider (ISP). The Windows Network Troubleshooting tool will usually identity whether it is a problem with the Internet connection, or to be sure, test connectivity from a wired device (pointing your browser to is an easy and convenient method to test the connectivity and download speed).
    3. Ensure you have Adequate Bandwidth. Support for real-time communications that use real-time media such as audio, video, conferencing require, above all, a consistent and reliable network stream to work well. Bandwidth is not the same as ‘stability’ (i.e. low latency and jitter), but when bandwidth is congested, network reliability will suffer.  The more bandwidth, the better. One often overlooked bandwidth requirement is upload (or uplink) bandwidth. It is often overlooked because many ISP’s offer a fraction of upload speed compared to download speed. Microsoft’s recommends a consistent 1.5 Mbps of consistent uplink bandwidth to support real time communications. In my experience, I can have good quality audio, video, & conferencing Skype sessions with as little as 800 Kbps but your mileage may vary.
    4. Use a Good Quality Network Interface Card (NIC) and Wi-Fi Router.
      • Most Wireless NIC’s shipped with desktops and laptops in the last 3-4 years have an adequate NIC. However performance and stability differ between.
        • If Wi-Fi issues occur on multiple Wi-Fi networks (e.g. your neighbourhood coffee shop, work, and your friends Wi-Fi network), take a look at your NIC, and make sure it has the latest drivers installed.
        • Performance – newer cards supporting the 802.11n with multiple antenna support typically offer the best performance (Intel has a good article here explaining this Multiple-Input Multiple-Output technology).
      • For your Wireless Access Point (WAP) / Router, I highly recommend newer models that support dual-band (2.4 GHz and 5 GHz).  They are engineered to support many devices connected at once.  If you add up all the Wi-Fi enabled devices in your home, you will likely be very surprised at just home many there are.  Using a router which supports the new 802.11n and 802.11ac standards will generally give much more network throughput than the older 802.11a and 802.11g.
    5. Consider Bluetooth Device Interference.  In theory Bluetooth devices can interfere with Wi-Fi communications. I have a wireless mouse and keyboard and have not really noticed a difference, but this is something to consider if you have many Bluetooth devices.


    Tip 2 – Use a Dedicated 5 GHz Wireless Band if Possible

    Many routers are multi-purpose devices (acting as wireless access points (WAP) for a variety of devices, DHCP servers, and firewalls).  Worse, as a WAP, most run with one ‘network’ (SSID) that all devices (smart phones, tablets, TV’s, etc..) connect to. In this scenario, the real-time voice and video traffic Skype for Business uses is competing with, and prioritized the same as, the Netflix cartoon your children are watching and the firmware your Smart TV is doing … among other things.

    If the router supports ‘dual band’, that means it can support essentially two separate wireless networks simultaneously on different Radio Frequency (RF) bands.  The two bands are 2.4 GHz and 5 GHz.

    To help real-time applications perform well, it can make a big difference to dedicate one wireless network (SSID) to devices running real-time applications and move all the other devices to the other 2.4 GHz wireless band.

    The 5 GHz band is preferred because it offers less interference with other consumer products such as cordless phones. The trade-off is the 5 GHz band usually has less range than the 2.4 GHz range. Your range however will depend greatly on the location of the router and the device connecting to it. Having a clear-line-of-site from the client to the WAP will increase the range.

    What about wireless range extenders?

    Many people consider adding a wireless range extender – especially if their work area typically does not have clear-line-of-sight to the WAP. Generally this will not help for real-time media because these extenders increase network latency and jitter. I have had good results with an extender that plug’s into a power wall socket and uses Ethernet over Power to get to the WAP / Router. Bottom line though, you are probably relocating your router, or investing in a better one with better antenna range.

    What about adding a second dedicate router?

    This might seem like overkill, but it seemed like a good idea to me!  With a growing number of Wi-Fi enabled devices in my house, I added a newer second Wi-Fi router capable of better handling simultaneous connections and the latest 802.11 standards to combat my intermittent poor voice performance and dropped connections – mostly on my laptop running Windows 10 and the Windows version of Skype for Business.  The result?  It did not help, and the performance actually got worse!

    This is when I started to learn about 802.11 channel congestion… which is the perfect segue into the next Tip.


    Tip 3 – Try a Different Wi-Fi Channel

    After my unexpected two router results, I had learned about the “802.11 Channel 6 Congestion” issue, and made some simple changes that helped my Wi-Fi experience.

    802.11 Router Basics

    As perviously discussed many home routers operate on one or two bands or frequencies – 2.4 GHz and 5 GHz. Each band is further segmented into channels – 11 narrow radio frequency channels.  When devices communicate with the router, they use whatever channel is set on the router.  If many devices (a close neighbours WiFI devices, cordless phones, etc…) use the same channel, this will likely result in congestion in that frequency – and that means trouble for your WiFi.

    Wi-Fi devices bought in North America ship with a default of Channel 6 – increasing the likelihood of congestion unless you change it.

    802.11 signals are designed to partially overlap – the spectrum of one channel will overlap a bit with another channel, but the further away your channel is from what is being used around you, the better throughput and performance you will have.

    If you are on channel 6, one simple change is to try channel 1 or 11 – these are far away from the de-facto channel 6 specturm. However many people have started to use 1 and 11, and some devices by default use this, so you should try a couple of different ones. The change is easy to make on your router (consult your router documentation).

    Another approach which is more involved is to scan the wireless environment around you using a third-party or open source application. This will show you exactly how congested each of the channels are.

    I settled on using channel 8 on a dedicated 5 GHz band and had much improved performance.

    Some WAPs / routers support automatic channel selection (ACS) which will in-theory auto-select a new channel when it detects RF interference. In my experience, enabling ACS has not made a difference, and I question the impact on real-time media sessions while my router attempts to switch channels.  I prefer a dedicated static channel.

    There are many third party Wi-Fi application (for Windows clients) which scan and analyze your Wi-Fi networks to show which channels are in use, and the interference levels. I’ll be updating this blog entry with some of them shortly.


    Tip 4 – Consider Implementing Custom QoS

    In a nutshell, Quality of Service (QoS), is a network tagging methods which allows certain types of traffic to me tagged and treated as priority on the network. In practice, real-time media requirements for more important applications (such as voice and video application like SfB) can be tagged a higher priority over entertainment applications such as NetFlix.

    Implementing QoS on a home router is likely beyond the expertise of many users, but highly recommended for those who use Skype for Business a lot from home (e.g. home workers).  It will make your life better!  Watch for a future blog article on how to do this.


    Tip 5 – Still Having Issues … Ditch the Wi-Fi

    Getting to the root cause of Wi-Fi issues can be frustrating and time-consuming. If you are still experiencing issues, and rely on good consistent networking for your daily activities, another option is to ditch the Wi-Fi at home all-together!  This might seem inconvenient and sliding down the evolutionary technology chain, but new wired options such as Ethernet over Power adapters make it very easy to add wired capabilities to almost anywhere in your home. I’ve had very good experiences with NETGEAR Powerline products.


    Got a Wi-Fi tip for Skype (or any voice and video application) you want to share?  Please do!


    Resources & More Information

    Easily check your Download Speed in any Browser with (Powered By NetFlix)

    Microsoft TechNet – Ensuring an Enterprise Class Wireless Skype for Business Experience

    Microsoft TechNet – Planning for Optimal Skype for Business Experience over Wi-Fi

    Microsoft Download – Delivering Lync 2013 Real-Time Communications over Wi-Fi

    Microsoft TechNet – Plan network requirements for Skype for Business 2015

    5 Tips & Reminders for End Users During a SIP Address Change

    SIP address changes inside organizations are usually challenging – for the IT team making the change and the end users experiencing the change. For those unfamiliar with the SIP address change, it involves a change to either:

    1. The format of the left-hand side (e.g. changing to
    2. The domain name on the right-hand side of the @ sign (e.g. changes to

    This blog entry contains key reminders to end users going through the SIP address change process.

    The impact to end users will depend somewhat on the Lync or Skype for Business (SfB) deployment and the clients used.

    In most environments however, end users need to take the following 5 actions to re-establish their Lync and SfB services:

    1. Change the sign-in address on all SfB clients; don’t forget any clients running on mobile and tablets. Sign-out, change the SIP address, and sign-in again. Older Lync clients will sign the user out after their SIP address is changed on the backend.
    2. Any scheduled Skype for Business meetings (e.g. scheduled through the Outlook “Skype for Business Online Meeting” option) need to be canceled and recreated.
    3. When searching the address book for the first 24 hours post SIP change, enter the contacts full new SIP address.
    4. Change the SIP sign-in address at the same time as the email address (if it’s changing at the same time). This will minimize problems with the SfB feature integration with Exchange such as free/busy integration.
    5. Notify external contacts of the new SIP address.  An external contact is any contact that either federated (in another Lync/SfB organization) or a Public IM contact (e.g.  This is by far one of the highest impact items for the end users since it can render communication with external contacts. Basically the user has two options in my experience:
      • Notify external contacts that their SIP address has changed, and that they need to add it as a new contact in their address books.
      • Re-add the external contacts after the SIP change. Re-adding the external contact generates a request to the external contact to have them add the user (and the new SIP address) to their contact list. If there are a lot of external contacts, fellow Office Servers and Services MVP Michael LaMontagne has developed a nifty PowerShell script that uses the Lync SDK to run on the Lync or SfB client that can export and import contacts. An advanced user, or IT administrator, can use this script to export the contacts, delete the external contacts in the client, and then re-import them after the SIP change.

    Lastly, if weird issues arise on older Lync clients (e.g. Lync 2010/2013) and/or older client operating systems such as Windows 7, try rebooting the computer is a good first step.

    More Information

    Anatomy of a SIP Domain Change

    Anatomy of a SIP Address Change – Part #2

    Effects of Changing a User’s SIP Address in Lync Server 2013

    Modify the SIP Address of an Enabled Lync Server User

    Invoke-SFBContacts on the TechNet Gallery