Skype for PowerShell

you guys use skype yeah doors it’s great especially if you live far away from your family and friends its main way you even touch ring to my Garret range like great I really really want to talk to you okay how many of you use link not so many yeah it’s a great program um I’ve gotten to where I don’t even use a desk phone anymore I actually feel kind of rude calling someone up without looking to see if they’re busy them do not disturb but I don’t feel the same emotional that I do whenever I hear stay bringing so Microsoft renamed link back in November to skype for business I have my own theory as to why you probably have your own theory you so if I fall back to calling it link forgive me it’s just a lot easier to say all right first of all who’s Amanda deibler well I’m from Texas but I’ve been living in germany in the past 11 years I do unified communications administration which pretty much means stay for business for shape our technologies in Germany your n├╝rnberg I am NOT a master powershell Scripture I’m a pretty average user I like to ski I like to ride my bike going to like to cook and you can read my occasionally updated blog at Mandy net and you can look at what I keep okay so we’re going to talk about today is Microsoft’s unified communications past and present I’m going to show you how skype for business server and skype online fit into this ecosystem and we’re going to get started with the skype for business powershell modules so that you’re not just completely out to see when your unified communications team once held automating stuff and I’m also going to show you just a few of the tools that the communities already come up with so that you don’t duplicate effort plus you really want to do the gate effort and i’ll show you the foundations for a home lab so that you can practice with it however I must make it very clear that I am NOT going to begin to show you enough to start doing a real-world implementation if you do end up wanting to have skype for business in your office you probably need to get a consult from especially if you think you might want to use it as a PBX replacement okay a little history okay you want to remember this yeah you actually still can find it on the internet of course um last updated in 2007 it used to be a completely unavoidable part of the then completely unavoidable Internet Explorer and there was no central server for it believe they called it multi-point if you had a conversation with more than two people okay so the first thing that they did that did have central servers was msn messenger and the live messenger that was just a rebranding in there somewhere and after microsoft acquired consumer skype they combined people’s like messenger accounts with that and eventually phased out the product it lasted and china a little longer but i think it’s completely gone there now as well live meeting on the other hand it’s actually still around my husband works for siemens actually daughter company of siemens and they actually still use live messenger like meeting brother that they stopped marketing it a long time ago and it was a subscription-based people did

pay for it okay now finally we’re at what now skype for business server office communications server started out as live communication server microsoft loves to rename stuff one reason i mentioned this is that has a lot of the naming in lincoln spec for business originates from this period all the command lit names have a CS prefix than mine yeah it did not have powershell support even though office communications server came out after powershell v1 was released came out the same about the same time that exchange 2007 bin but anyway alright so late starter 2010 is when Microsoft introduced PowerShell support to their unified communications products coverage was complete from the beginning there was nothing that you could do in the web console that you couldn’t do an hour she’ll link summer 2013 restructured the back end of it added on to the command blood structure but if you have a server 2010 script it will most likely work with 2013 it might not be necessary anymore but the command let’s are backward compatible link online they tried doing a hybrid with on-prem it didn’t know well Microsoft gave people free help to back out of their hybrid infrastructures so that was primarily administered through the office 365 web console and it had a separate implicit promoting target from on-premises even when they were trying to do hybrid finally skype them set for business this guy everyone knows about was released well over 10 years ago went through several people several companies before Microsoft finally got it and it’s what replaced live messenger okay um step for business was announced six of them felt that’s close for a year ago was released four months ago and it was designed to be hybrid from the beginning and it uses power she’ll be four and one thing that we really had to stress to management when they flipped out over the name change was that no this does not mean that your employees will be skyping with their friends all day you have to set up skype to skype for business connectivity it’s not XML and it got some audio codecs like why does a skype call sound so very good even though it’s halfway around the world the silk codec and stack business server has gotten that and now the client also looks a lot more like consumer skype the front-end pool is the core of the skype for business infrastructure I’m just going to completely skips diaper business online with his frankly that I haven’t done that much with it okay so this is where users clients sign into it’s also where conferences are served out of Brendan pools have sequel Express on them where they cash data and use but they use the mirrored back-end servers to share data long-term data when you share a powerpoint or other office documents in a conference that and shared via the office web app server so don’t share your screen when you’re sharing a powerpoint presentation post the presentation into your conference and then users can come through it at their own pace they can collaborate with you on documents it’s pretty great and

you only have to have a windows license for that server you don’t have to have a separate web app server license as long as you’re using it with sketch for business okay if you want your voice users to have voice mail you have to have an exchange um server that’s separate from the cypher business server possibly for legacy reasons because exchange has had voicemail capabilities for quite a while and people’s voice mails are stored in their exchange mailboxes not on the skype server I mentioned phone users PSTN gateway is how site for business gets out to the public telephone network and this is either a sip trunk for an e 1 t 1 whatever connection to the phone company if you have an external conference external users connect on the conference URL via a reverse proxy um this was TMG until Microsoft discontinued it we use an f5 if you want to try it out Kemp offers a 30-day trial on a virtual machine load balancer and that’s really all the reverse proxy is is a load balancer configured to talk to outside as well the media traffic passes via the edge server pool that can either be a single server it can be a pool of servers and painter firewalls okay so this is a view of that topology in the topology builder this is the one place where you really can’t use PowerShell to administer skype for business you used to could publish an apology via the show but that is no longer supported so you put in their pools in the technology builder tool so you can just start with the central pool and then you can add that our components later and then you publish that topology and that’s what informs the rest of your infrastructure that’s already there about what’s been added and you finish the installation after you run the topology builder okay and there are two terms you need to keep in mind when working with Skype for business users common area phones and other endpoints sip aggress basically an email address but the domain has to be one of the domains that you have configured for site for business and of course it needs to be unique within your organization and therefore globally unique because you can’t use someone else’s registered domain name ok and then line URI is the skype for business term for phone number the phone number and e 164 format that means plus country code and no extraneous zeros I see a lot of this in a rapid referee phone book that is not an e 164 number because of that so you PowerShell guys will probably be called upon to help clean up the Active Directory phonebook entries excuse me ok so I mentioned the web

console again the communication server legacy lives on and it required you can access it from any client machine within your network depending on how you have your firewall setup it still requires Silverlight I was kind of surprised I was expecting them to gone over to html5 and JavaScript no they haven’t and I actually do use it if it’s voice stuff that frankly isn’t my job anymore the I’ve handed over to the 718 if I need to go in and fix the dialplan I use the web console it’s just a little easier but you can’t do everything in there the big one is creating and managing common area phones in fact we didn’t know that common area phones even existed until I started poking around the shell because there is absolutely no mention of them in the web console what is it okay so calm air your phone is how you configure an identity for a phone that doesn’t really belong to anyone so a conference room phone a lobby phone that sort of thing because it’s been a real conceptual leap for our end users to realize oh I can go sit down in the conference room and log in with my phone number and pin and now it’s my phone but I can have conferences on it so we got tasked with a assigning discreet phone number permanent phone numbers to these phones so that’s what the common area phone object is and also shocked room floors where the factory workers don’t have their own ad accounts because they don’t need them they never send emails so they just need a phone to be able to call internal services occasionally okay you also yep is the word policy they are referring to a group policy or as a second a special it’s a special it’s a special skype for business object yeah um there are several types what’s going to get to that later yeah well that’s fine okay yeah no it’s nothing to do through policy it is a yeah there are several object types around configuration yeah so client policy conferencing policy um yeah you can’t change the plant policy settings from the web console which is kind of weird yeah because that’s the main controller of client behavior you can only assign ones that you’ve already made to users and there are several fine tuning options on the conferencing policy that don’t accessible from the shelf some of the networking configuration is only available from the shell as well as defining holiday sets for response groups that’s kind of a glaring omission because response trip administration otherwise is a task you can delegate out to non-specialists you can set a response fruit manager who otherwise the department secretary and you normally wouldn’t expect to be able to start an implicit remoting to michelle and there’s some stuff that I even I still do in both managing response rates there are more options for the response creep object in the shelf but a lot of them require constructing a strange special skype for business object that is completely not obvious from the fan let help I did do a little get numbering to realize oh there is a special object for how you set up call forwarding options for response times and don’t get me started on call forwarding options for regular users because stack for business does not doing a very good job of that there’s something called stuffy you tillage it’s

horrible you can write a better Stephanie till you will be a star in this community but there are a lot of guys trying so what I do I vote create the response groups in PowerShell and then I or the voice administrators who aren’t hardcore stripper types that didn’t web console is needed they’ll set up the specific forwarding for numbers for each response group okay so you can install the tools locally on any modern windows server or even client OS and they just you have to have the whole skype for business install I so so yeah you have to go download a 1.5 gig I so in order to get skype for business show and really you only run a run those locally in reality if you’re a domain admin I’m not a domain admin the day that my account got taken out of domain admin was one of the best days of my life it’s like yes I don’t under have this responsibility on my shoulders so and a lot of boarding her remote based admin control is fairly similar to the way it is in exchange same general concepts but it only were really works with implicit remoting so like exchange it only imports the commands that the users role allows for example the cs user administrator if the users only in that group they wouldn’t even get the new CS PSTN usage or new CS voice policy command loads because those commands are only for the full CS administrator and the cs voice administrator so people who may can handle user objects are in the cs user administrator ad group but my telephone guys who make dial plans set of voice routes they’re in CS voice administrator and another nice thing about the way robles admin controls are the users don’t have direct access to the Skype related ad attributes or any other ad attributes via the role so they can’t accidentally set something the wrong way yeah the season administrator can make new CS common area phone objects and the related Active Directory properties will get updated but they don’t actually do that directly an Active Directory you don’t have to give them access and this is just how you connect I had the bright idea that oh we can have a Skype for business admin server and people can connect to that instead of the front end servers no it doesn’t work that way you can only start that he s session with a front end server or a director server you might still could have your admin server because director server does not require a Skype for business server license from an in server does so yeah you may or may not get buy-in from your management to set up a full front end pool just for managing so the core of my presentation halfway through okay um users in contacts so all the endpoint objects in stock for business server are anchored to something in Active Directory in the case of the cs user regular user with a desktop client maybe a mobile client that’s connected to an Active Directory user object of course um the cs meeting ring those really cool smart boards

those are CS meeting rooms and again Active Directory user object that you need to create before you can enable it as a CS meeting room on the other hand contacts the common area phone I’ve been babbling about that’s actually an Active Directory contact there’s no user object good thing because yeah an account that no one really owns is kind of dangerous yeah not just off in a case to skype for business it does not often get a cake to active directory and then there’s the analog device which represents a fax or a phone that for some reason you just cannot convert to an IP phone I work for a big auto parts manufacturer there some equipment that just has to have an analog phone line tell sec about it with analog device partner represents um if you for some reason need to be able to forward to it or for your IP gateway so you run your analog data through Pacific um yes usually what we we’ve done so far with the analog devices that connect um we’ve got Audiocodes gateways and they sell an extra module that you connect to the gateway and you connect your legacy devices too and then you can figure the routing in the Gateway and again I’ll reiterate we have help for that because yeah there’s no way we can set up gateways without external help because connecting to the PSTN or sip trunk is a little different in every country we learned that the hard way okay um some active directory attributes that are should be interesting to you if you’re going to be working with skype for business all of the attributes that link we respect for business add to active directory have msrtc sip as a prefix and it’s kind of nice for searching them for reading we use it on our gateways for routing help the gateway connects to just read zach and directory and chooses whether to wrap the call to skype or to our legacy pdx don’t write to those attributes theoretically you can enable someone for skype for business by filling those incorrectly in active directory it’s a very bad idea because stuff doesn’t get written to the backend database in the right order if you do that um proxy addresses is kind of important to watch out for as well because the users sip address needs to match an SMTP address that’s already in there or that you put in there when you make this if address skype for business does not take care of that for you um and if you miss match the case you’ll get all sorts of very strange errors on the server’s again it will work pretty much that you just get some strange errors whenever they try to change their own call forwarding also important to remind your helpdesk about is that you can’t change their sip and dress by just changing the SIP entry and their proxy addresses that drove us crazy trying to figure out what was going on with that turned out our helpdesk staffers were just trying to be helpful trying to take care of matters themselves whenever people were having name changes yeah don’t do that okay here’s how you can use the MSRTC sip line and private line to search for the

existence of a phone number so this would be particularly useful when you’re assigning a new phone number to check to make sure that phone numbers not already assigned to someone else it’s a little messy in Active Directory module because you have to also search the configuration container you can search Active Directory directly from the sky core business module with get CS ad principal and the reason we’re using ad principal and not 80 user is that we don’t know what kind of object that phone number might be assigned to okay and then here is a short list of all the endpoint types the major ones courser CS user CS common area phone is analog device and then our GS workflow is the response group or as the telephone guys used to call it hunt group or IVR dial-in conferencing number this binds to the exchange um phone number which you can figure in exchange not here at rest application endpoint is for your custom application that team can must have a sip address and can have a phone number and then finally CS meeting room those really cool smart boards most of them have an income and look filter pretty much like exchange response groups don’t so then you have to do a where clause filter which as you guys all know much slower most of them take domain controller so that you can know which domain controller you’re using that’s more important in a set and get but in our environment I found that picking a domain controller at the side of that means this runs in under a minute with 45,000 users and it runs in five minutes if I take one in Asia if I don’t specify the domain controller it’s kind of potluck even though we’ve got 80 sites and subnet set up but it will just randomly pick a domain controller if you don’t tell it one unfortunately common area phone does not have a domain controller parameter yes how do these things work in a multi-domain force because you can specifies your main controller can you specify credentials if I want to check something in a child domain or is linked that skype or whatever we’re calling it we’re calling it right now okay let me take the second because we’ve only been seriously using it since we consolidated to one domain um actually yeah it does work of Ross them because yeah maybe command yeah you can do cross domain right I just wondered if these Commandments have a similar way I think what a lot and is it will hit the global catalog and then it will just look for users I have linked properties on it so yeah can you specify an important catalog server for domain controller can you do the pork is in Detroit oh no I I’ll try though yeah I’ll Chad partial-birth filters um really i might as well def not not in the command ‘let’s no i don’t think that for the ones that you’re shelling there yeah and actually an even dash filter has its limit it’s not all and to know that that’s not nad attribute that’s a skype for business attribute on the side for business object and yeah actually that goes via the database because you can also for example i can filter on people who have maximum conferencing so I can do dash

filter conferencing policy eq maximum conferencing and that requires a trip to the database because it’s not stored like that in Active Directory an active directory it’s stored as a table of a hash table of policies and I camera which attribute that is but you can’t yeah so it yeah so I think that it’s making a trip to the link database anyway is any of this exposed to a pious drive or just acquaintances like an active directory when you solve on you p.s drive you know what I have no idea because i can’t remember us that I used to be yeah I was like I didn’t think I didn’t think so but yeah it’s been a weird I I never really got into using the PS drives as much I don’t know why that just looked over the way I rolled yeah I’m just looking at these but I’m get CS common areas on does have a domain controller perimeter it just doesn’t work is that the problem yeah it doesn’t it doesn’t really because when I do it at the command line it just doesn’t do anything like okay yeah it doesn’t agree yeah okay no file a connect bug or something like that because if there’s a parameter and it’s not functioning the way its intensive to that’s you know that’s not your problem that’s there yeah yeah okay okay um then that brings me to cuz that was from Paul violence script for get like numbers um and it’s a nice place to turn back to to see which one’s support filtering which ones don’t and then stole a Hanson built a very useful tool if you’re doing skype for business voice get dash sfb numbers and that takes paul script but it also combines it with guy boo car and you have bars ladies get link orphan users get linked orphaned users is a convenient way to read the backend database to see who hasn’t logged in to link within a certain amount of time and yet has a phone number or who has a link phone number assigned but is not currently enabled for enterprise voice or has a link phone number assigned and their active directory accounts disabled they’re obviously not using their phone number that sort of thing and also brings in some nice HTTP HTML reporting HTTP HTML pie charts on a GC feedbag charts sorry okay um yeah so there is no new CS user um you can kind of tell with the set for business in point objects whether you need to have an anchor and active directory before making it by seeing if there’s a new whatever um so yeah there’s no new CS user you have to have and act it you have to have an existing 80 user object that is currently enabled what that really means is you can’t take a shared mailbox that’s disabled and enable it for voice I know that’s that’s what I said subd you oh yeah and we actually tried temporarily enabling it in Active Directory enabling it and link giving it a phone number setting up voicemail for it in exchange and then disabling the user object again it worked for a little while but then within a few hours it stopped working one more dog exercise so they’re active any user partner is that the time equal voice phone so till we budge that you have used objects whiteboards okay yeah I’m actually the yeah the whiteboard account has to be an active has to be enabled in active directory because the whiteboard authenticates directly exacta directory yeah so yeah so you can’t take an existing shared mailbox and set it up

for voicemail yeah that was kind of painful we wasted a fair amount of a game figuring that one out because again it worked for a little while but then eventually stopped working yeah okay and there’s three things you absolutely have to have for that user you have to have his identity so that existing active directory object you need a sip address and one that you’re not already using in your environment skype for business will throw an error so you won’t accidentally create two accounts with the same sip address and then finally registrar pool that’s where you tell it which front end cool this user is going to be logging into and having his conferences in and if in your in a big enough environment that you have pools around the world users should be home in the pool nearest them and you can move users between pools so it’s not a big deal ok looks like I’m getting close okay um this is just how you enable one okay there’s a few things you can do with sets es user mostly around setting their line URI but there’s a lot of stuff you can’t do with that and that’s the policies so you assign already configured policy with grants es whatever policy identity and the user and then the policy name so maximum conferencing and then dash pass through if you want the object outputted because I can’t remember who mentioned that sometimes the sign of success with the azure module is that you don’t see anything and that’s also with branding policies we can skype for business so I like to put pass through on the end just as a confirmation um client policy controls client behavior do they download the address book and hash it or do they make web queries what’s their hot desking for being logged into a desk phone my version policy is how you can block out old OCS clients or for example if you don’t want people connecting with the iOS mobile client because it’s got a huge bug or something you can make a client virgin policy that blocks all the iOS clients just for example there’s not a huge bug with it currently but at one point there was um conferencing policy covers both things you would think of as conferencing like how many participants they allowed to have in a conference on whether they can dial out of the conference but also some peer-to-peer stuff things you would think of as peer-to-peer like individual desktop sharing that’s controlled and conferencing policy board policy defines what numbers people are allowed to call and what gateways they are allowed to use for calling those numbers and dial plan determines how short numbers they dial are interpreted in two longer a 164 numbers and finally you said a voice mail in exchange with enable um mailbox and you already need to have the user and skype for business in order to do that and get it to work right fifth your dots agribusiness in your environment ok I’m going to scoot along to the end okay so we’re going to skip sites and subnets okay finally yes move it okay i’m i’m finishing ok so anyway so i was warning you guys okay i’m not going to tell you enough to be able to deploy this for real get consulting help but there’s plenty of stuff that you can try on your own and will be useful for you if you eventually do end up with skype for business even if you’re not the one

who’s going to be primarily administering it so since i see a lot of MVPs and other people who probably have some as your credit may be sitting around you can build a full test lab in azure including edge because for a while you couldn’t do the edge role because it requires to nicks that are on separate subnets but now you can you can even get one of those free for 30 days kim load balancers i was talking about to do your reverse proxy um yeah and theoretically you could use it for real but that is really really not supported because we thought about trying to do edge in the cloud and guy from Microsoft consulting deutschland who was on a call with dos was like oh sure that sounds awesome I’ll help you get that set up and then we had our skype for business call with that team the next day and they said no you can’t absolutely not so anyway there with that bright idea okay and finally your minimum buy it why not two performances your or its performance yeah latency they can’t guarantee that I mean even if you have Express route they can’t guarantee that it’s going to be good enough for you to be happy with it but it’s perfectly fine for home lab it will work so okay bulge in skype online works fine so why shouldn’t a su a vm work fine oh yeah yeah you can yeah but say if you’re wanting to just use it in the cloud yeah do skype online don’t bother building your own environment but yeah if you want to build an environment in order to learn about it then it’s possible to do an azure and this is more or less my minimum test lab at work on a mid-sized server or midsize workstation really you just need the first to you needed a name controller and then you need a second windows 2012 r2 and the separatists asst 2015 iso is freed from down free for download from technet and you’re allowed to use it for 180 days in a lab so anyway and then if you want to work on the voice mail part you’ll need an exchange 2013 server and you want to play with the reporting a small sequel server but you can definitely do that all with the nakeds of RAM they’ll be very slow but you can ok so anyway does anyone have any questions nope ok