January 16, 2017 by One of the most common questions asked when working among the array of available Skype for Business (SfB) audio and video endpoints is regarding what type of Lync or Skype for Business account can or should be used? The short answer here is that there typically is not only one right answer. Most of the phones and conferencing devices can work with either available types and generally do not have a single recommended approach due to potential behavioral differences. This article will go into detail on what those differences are as a way to help the reader understand which approach may be ideal, if not a mixture of both in the same environment. While the detailed instructions shown later in the article focus on configuring meeting room accounts for Skype for Business Online be aware that most of the concepts explained throughout are also applicable to on-premises Lync and Skype for Business deployments. The only major difference is how the accounts are initially provisioned as the administrative process differs slightly between on-premises and online environments.
Please make Skype mac version work more like the windows version. Actually keep me in conversations instead of constantly disconnected Voice calls. Skype Business App on iPhone is useless, took important call, app made me exit call every 3-5 mins!! Not professional. Microsoft Skype for Business with an Office 365 subscription is the latest version of Skype for Business. Previous versions include Skype for Business 2016, Lync 2013 and Lync 2010. Skype for Business is compatible with Windows 10, Windows 8.1, and Windows 7.
Once configured though the behavior of these accounts are the same whether they are homed on-premises or online. The steps for configuring these types of accounts for on-premises environments have been covered by multiple sources as well as on so they do not need to be revisited in this article. Also another covered setting up remote PowerShell for Lync Online but those steps have been updated for Skype for Business Online as well as expanded upon for additional functionality in this article. (For repeat visits there is quick reference on creating and configuring Skype for Business Online Meeting Room accounts using PowerShell in the last section of this article.) Background The two methodologies mentioned above are simply referring to the use of standard user accounts or special meeting room accounts. Much of the foundation of these two account types are identical; they are just handled and treated differently within the various products that leverage them. Active Directory – At the primary directory services level there is no difference between the two accounts models. They both utilize a standard Active Directory (AD) User Account object, meaning any and all of the attributes available to these object types are available to both.
Whether this is a traditional on-premises deployment in Windows Server Active Directory, Azure Active Directory in Office 365, or a Hybrid of both leveraging some directory synchronization services then a standard user account object is always the core component. Exchange Server – Within Exchange Server there exists different mailbox types which for regular users and bookable resource accounts, the latter being meant for things like conference room equipment which can be fixed or mobile. Exchange treats a User Mailbox differently from a Resource Mailbox in terms of how mail is stored in those mailboxes and even what portions of the messages are retained or stripped. Mailboxes of either type will allow devices the same level of access to their calendar of scheduled meetings. A key distinction though is that while resource mailboxes still use the same type of standard user account in AD by default the account cannot actually be used for authentication as no password is defined and the account is disabled. This is because in the traditional workflow of booking meeting rooms in Outlook which leverage Auto Accept agents no one would typically need to login as the mailbox itself. This has changed with the addition of the Communications Server platform to this workflow though.
When configuring room mailboxes as part of a Lync or Skype for Business workflow these meeting room mailboxes are enabled specifically to allow authentication using the account’s own credentials. Skype for Business – An AD account is created which allows for user authentication. That account is then mailbox-enabled within Exchange primarily to provide it an email address and calendar to accept and store meeting invitations. The final piece in the puzzle now is to SIP-enable the same account to provide all the desired capabilities of adding Lync or Skype for Business to the workflow. Just like in Exchange there are also two different types of Skype for Business accounts. A standard User which can be enabled using either the Control Panel or the Management Shell, or a newer Meeting Room which was first introduced in Lync Server 2013 with the advent of the original Lync Room System product.
The meeting room account can only be enabled and managed from the Management Shell and is treated differently by Lync/SfB. Either approach can be used by devices to sign-in and interact with the SfB services and use the previous calendar access to perform actions like joining the scheduled Skype for Business meetings.
Differences & Guidance As mentioned above Active Directory itself does not really know, nor care if the core user account object has been used by Exchange to provide either a user or resource mailbox, nor if SfB has enabled a standard SIP user or a meeting room. (Technically it can be aware of the Exchange Server and SfB Server configuration because much of that configuration is stored among various AD attributes defined on the AD account, but that point it moot as AD does not ‘act’ upon that information in anyway that makes a difference as to which approach to chose.) Because Active Directory does not have different account types for this scenario and the AD account is automatically created during either the Exchange or SfB provisioning step then there is no decision to make here, hence no guidance. Basically, this is irrelevant.
Exchange Server will treat user and resource mailboxes differently. There are various additional customizations available to control the behavior of a room mailbox by using the cmdlet in on-premises and online Exchange environments. There a several parameters available to adjust the default behavior of actions related to acceptance responses, handling time conflicts, meeting duration, or even the allowed reoccurrence scheduling window to name a few.
Another critical difference between user and resource mailboxes is related to licensing. Whether dealing with traditional Microsoft licenses or modern Office 365 licenses a standard mailbox user will consume one of these licenses, but a room mailbox will not. This is easy to see in Office 365 as license-consuming Users are sorted and managed separately from Resources like Rooms and Equipment which are not assigned any licenses. When it comes down to the vast level of customization offered with a resource mailbox paired with no user-level licenses required then there is virtually no reason to opt to use a regular user mailbox over a resource mailbox. In short, always use a room mailbox. Up to this point nothing new has really been covered as that is the way it has been for years across various releases of the Windows Server and Exchange Server products. As pointed out earlier it was not until Lync Room System created the need for new functionality in Lync Server 2013 that there was really any decision to be made here.
Using a Room Mailbox by itself for just calendaring in Office 365 does not require any licenses be assigned, but when that same room mailbox is also configured.as a Skype for Business Meeting Room then a license must be assigned. So there is no advantage to using a regular user versus a meeting room as both require SIP registration and authentication to function on a device.
This need for a license also overrides the fact that the Exchange account does not need one as these are one in the same. For example the configuration shown in the second half of this article for creating a Room Account in Office 365 could be assigned an E1, E3, or E5 license, depending on the device type it was being used for. There are two important distinctions regarding Meeting Rooms in Skype for Business which relate to the user experience.
Audio Behavior Meeting Room accounts trigger special behavior when other participants are joining Lync and Skype for Business meetings. When any device or client registered with a Meeting Room account is already connected to a SfB meeting (ad-hoc or scheduled) then the server is aware of this and triggers a prompt to appear on any other Lync or Skype for Business clients registered as normal user accounts which then join the same conference. Basically when a Skype for Business or Lync client joins a meeting if there is already at least one participant using a meeting room account in that meeting then the client prompts them to answer the question “ Are you in the Skype Room?” before connecting to the meeting. If the new participant is connecting from their desk or home office they simply answer ‘No’ and are connected to the meeting using the selected default behavior for each modality. If they happen to actually be in the same physical room as the already connected conferencing system then they would select ‘Yes’ and their client will connect automatically on mute. This helps to prevent any audio feedback loops which can occur with multiple systems in the same vicinity connected to the same conference. This scenario can be common when in-room participants want to join the same meeting from their own device to share or control content in ways that may not be available directly via the in-room system controls.
Obviously if using a regular SfB user account on these conference room systems would then prevent the above prompt from appearing and force users to learn to immediately mute their clients as they join meetings in the same room with their own clients. Lobby Behavior Meeting Room accounts are treated differently than other user accounts when joining a meeting in another important way. A scheduled Skype for Business meeting that uses the default lobby option of “ Anyone (no restrictions)” will allow all participants to immediately connect to the meeting and bypass the lobby. Thus devices using either a user or meeting room account will behave the same and connect directly to the meeting like any standard participant.
Where things get interesting though is when the individual meeting options have been customized to control specifically which participants are forced into the lobby. A scheduled Skype for Business meeting that is configured to allow either “ Anyone from my organization” or “ People I invite from my company” to bypass the lobby will behave differently between user and meeting room accounts. The following table shows which account types will bypass the lobby and which will be forced into the lobby across the 4 different lobby settings. Lobby Configuration User Account Meeting Room Account Only me, the meeting organizer Forced into Lobby Forced into Lobby People I invite from my company Allowed Directly into Meeting Forced into Lobby Anyone from my organization Allowed Directly into Meeting Forced into Lobby Anyone (no restrictions) Allowed Directly into Meeting Allowed Directly into Meeting Clients or devices registered with a meeting room account are forced into the lobby when invited directly to the meeting in the two middle options above, even though it is registered as a corporate account from the same organization. This is because a Skype for Business Meeting Room account is not treated as someone from the organization or someone that was invited directly.
This behavior is by design as one can imagine that anyone could walk into a conference room or up to a common area device and join a meeting on the calendar; employee or guest. This behavior allows actual authenticated users who are granted presenter rights to ability to curate the lobby list and only allow (or allow and then promptly remove) possibly unknown participants joining from shared endpoints. Obviously if this behavior is not desirable for specific devices then choosing to use a regular SfB user configuration instead of a meeting room configuration for that device will address this by always allowing the room to bypass the lobby (unless the meeting was configured for only the meeting organizer to be allowed).
But as covered in the previous section registering a room system with a user account will omit the “ Are you in the Skype Room?” prompt from appearing in those meetings. Given the potential trade-off between audio and lobby behaviors described above there is no single right answer for selecting account types for all devices. Generally it would be best to use the vendor-preferred approach which is typically a Meeting Room account for most devices. But the desired lobby behavior could be one of the most critical items in making this decision. Solutions like Skype Room Systems and Group Series video conferencing systems are best suited using the meeting room approach, but work equally as well (when properly configured) with a regular SfB user.
Remember that in either scenario an Exchange room mailbox is always recommended so the calendaring functionality is no different between them. Also Audio conferencing phones can leverage Common Area Accounts which do not support Exchange and thus have no calendaring and do not really apply here. Audio conferencing phones can also leverage Common Area Accounts which do not support Exchange and thus have no calendaring Given that the overall guidance is to leverage Meeting Room accounts then the remainder of this article will cover exactly how to configure these in Skype for Business Online. Office 365 PowerShell Setup As mentioned earlier it is not possible to create Meeting Room accounts using the Skype for Business Online Admin Center so this configuration must be performed using PowerShell cmdlets. In order to leverage PowerShell for Online services the following workstation configuration must be addressed first. Software Installation In order to use Windows PowerShell to connect to Office 365 and manage any of the various online services a few software packages must be installed. The current Microsoft TechNet documentation covers but the required steps are also included here in this section.
These steps only need to be performed once per workstation and can be skipped if this prerequisite software is already installed. Additional steps may be required depending on the Windows and PowerShell version so if there are any problems getting these packages installed and working make sure to reference the official TechNet guide above as well as which covers this as well as modifying the workstation’s Execution Policy if needed.
If the older Lync Online PowerShell module is installed then it is highly recommended (although not mandatory) to uninstall that package from the workstation and reinstall the newer Skype for Business module covered below. Download and install the 64-bit version ( msoidcli64.msi) of the. Download and install the. Download and install the. Now that the required software has been installed the next step is to create a simple PowerShell script to leverage all of these new components in a single command instance. Management Script The following basic script file can be used to initiate and authenticate multiple sessions into Office 365 for the purposes of leveraging any Azure Active Directory, Exchange Online, and Skype for Business Online PowerShell cmdlets. Note that the Skype for Business Online module must be installed on the local workstation first but this is not the case for Exchange Online.
The Exchange session is created manually using the New-PSSession cmdlet and thus does not need any local installation files. Follow the steps below to create a new script file. Make sure to pay attention to spacing and dashes in the cmdlets as the formatting on various browsers and display resolutions can change where the longer commands are wrapped to a new line in this article. Using either a simple text editor like Notepad or a more advanced tool like Windows PowerShell ISE create a new script file and select any desired name (e.g. Hi, We have purchased some Polycom Trio phones with the visual+ devices.
Currently testing on the firmware version 5.4.4.7609. The information here has been very useful, thank you. We are running Lync 2013 and Exchange 2013, exchange is Hybrid but the room mailboxes are onprem.
I have created a Lync Room system account and I am able to login to the Trio, connect to the calendar and view the meetings. Hi Jeff, Could you please point me to the site or licensing guide that covers your statement about Skype Meeting Room licensing? I had a different interpretation from the Lync licensing guides and didn’t know that there was a more current definition with O365.
But when that same room mailbox is also configured.as a Skype for Business Meeting Room then a license must be assigned. So there is no advantage to using a regular user versus a meeting room as both require SIP registration and authentication to function on a device. This need for a license also overrides the fact that the Exchange account does not need one as these are one in the same. For example the configuration shown in the second half of this article for creating a Room Account in Office 365 could be assigned an E1, E3, or E5 license.
Hi Jeff, I would like to understand the differences, and if possible have your opinion, with a particular scenario. The matters are related principally to licensing needs when I have: – SFB OnPrem – Trio as “Conferencing Room Device” that must be always connected and logged in OnPrem SfB env. – Exchange Online AFAIK the Exchange recipients like Rooms or Equipment don’t need license (correct?) Can I use a CSMeetingRoom OnPremise and mapping it to a Resource/Room mailbox OnLine? What about licensing in this case? Thanks in advance, A.C. Do you know the minimum Office 365 Skype for Business license required to allow a TRIO to join meetings that were created by other licensed users? You show using E1 in your example, but will “Office 365 Business Essentials” level work?
For instance we have many E3 users that have the PSTN Conf bridge Add-On. Would like the E3 users to plan the meeting and invite the conference room (and the TRIO logged in as Room) to be able to join the SFB meeting at the touch of Join Meeting button on the TRIO base unit. Hi, I have one issue about room account with Lync client SDK. When organizer create one SfB online meeting which the permission is “Anyone in the user’s organization can enter”, the room account using SfB 2016 application can join the meeting room with organizer’s admittance. But the room account using Lync SDK in UI suppression mode can’t join the meeting room, even if the organizer already admit. Why room account always stay at meeting lobby, is there any settings I have to modify?
Any reply will be greatly appreciated. Jeff, we are trying to determine the best practice for deploying a conference room which (in most cases) would include a Polycom Trio device. Should we be creating two resources?
One resource for the room, and the other being the polycom unit if they would like to book a Skype meeting or should this all be one resource? One issue that we do have is that we already have many conference rooms created and in use. We are actually in the process of deploying these Skype enabled devices to the rooms. (replacing old analog devices) Your input would be appreciated. Hey Jeff, Great article!! I’m setting up a few conference rooms with PCs with Polycom 8800 Trios and wanted your thoughts as it relates to user experience and room licensing.
I am having trouble separating the “user interface” with the PC (being able to use Office with rights to only their files) with utilizing Skype as the Conference Room user. I think the conference room user equipped with the Polycom must be licensed with Cloud PBX, PSTN and conferencing to be completely effective, as well as E1 or similar to allow the whole thing to work. Okay, with that, assuming the conference room user is logged into the PC, how can the user then log in as themselves to access their own files? Thanks in advance. Hello Jeff, Thanks for these detailled description. It opened my mind and made me understand a lot about Surface Hub that I deploy. I wondered if there would be the same behavior in scheduled meeting, as lobby, for Presenters option.
As from my test, I would select who would be presenters during my meeting but selecting a Surface Hub does not pop up on the top of the screen the Present button to share my screen. I need from my SfB client to give Presentation rights to the Surface hub during the meeting.
So the option in outlook does not seem to be properly used. Thanks, Cecile. Hi Jeff, Thanks for all your help throughout the years.
I have (2) 8800 Polycoms and cannot find the setting/config to allow the meeting organizer to remove a participant from a meeting via Skype For Business Conferencing. For example, the organizer books the conference room (Polycom phone) and joins the meeting from the phone UI in the physical room. They can see all the participants, etc. When they try to remove someone, a message is shown “cannot remove the participant from the call”. Aside from granting them full access to the resource (which I do not want to do), how can I grant the meeting organizer the access to do this?
I’ve gone through the Skype setup for several of the Logitech Skype Room Systems now and I have an oddity with one of them. In the top right corner of the SRS, the room name and phone number are displayed. The issue is that the most recently configured SRS only displays the 4 digit dial extension rather than the full phone number like the others I’ve configured previously. I’ve check the AD object/attributes, Skype meeting room config, O365 room account, mailbox settings etc. And cant seem to find anywhere where the phone number is listed as only 4 digits. Any idea where/what controls the display number?
Thanks in advance! Jeff, this is an awesome post and very helpful, however I am trying to find a solution and Im sure I’m not the only one who has had this issue. The company I work for has several conference rooms and in every room we have a PC and a Polycom Conference Phone, we have been moving away from Go2Meeting and are now using Skype Audio Conferencing. The issue that I am experiencing is when I setup room resource mailboxes for scheduling meetings I need to be able have those resources respond back to the attendants with the Dial in Conference phone number and conference ID. Currently all of out AA’s have to setup the Skype Meetings using their assigned information. Any help would be appreciated.
Hi Jeff, I have some basic questions. We just wanted to equip our small office and test the meeting room functionality. So we thought it should be possible to setup a dedicated PC with a Jabra SPEAK 510 UC desk device. So I configured our meeting room according to your manual, but how should the room connect to a meeting? For sure we are inviting the room to a meeting, but it does not join automatically. Isn’t it possible with our POC solution?
Is Enterprise Voice necessary? SfB is OnPrem btw.
Kind regards, Christian. Running Enable-CsMeetingRoom gives me an error; Object reference not set to an instance of an object. + CategoryInfo: NotSpecified: (:) Enable-CsMeetingRoom, NullReferenceException + FullyQualifiedErrorId: System.NullReferenceException,Microsoft.Rtc.Management.AD.Cmdlets.EnableOcsMeetingRoomCm dlet + PSComputerName: admin0a.online.lync.com Tried over multiple days. Followed your instructions above in order as well.
![Skype For Business Keeps Coming Up As My Default Call App Instead Of My Iphone On Mac Skype For Business Keeps Coming Up As My Default Call App Instead Of My Iphone On Mac](/uploads/1/2/5/5/125503164/444000526.png)
Only difference is that all Global Admins have multifactor authentication and therefore when connecting to powershell you can’t use some of the “msol” type commands. You have to use the alternatives. I figured out the problem. We require users to provide account recovery information before their accounts can be logged into (email and phone #).
This is an Azure setting. The accounts weren’t being fully provisioned (ie. Didn’t exist in Skype) until you attempted to login via a web browser and provided that information. An hour later the rooms showed up in Skype (Get-CsOnlineUser) and the Enable-CsMeetingRoom command worked. Might be worth noting that information. I spent days trying to figure out why it wasn’t working. We are considering adding some conference room phones to O365 with SfB Online.
Everything is online. I’ve read many blog pages but still have some general questions about how this actually works. I would really appreciate your help. Is a Meeting Room account the same thing as a Room Systems account? I understand that when adding a conference phone to a room, you need to create both a Room resource account for calendar functionality/scheduling, but because these accounts don’t have login credentials or a SIP URI, you also need to create either a User account or Meeting Room account for the device itself.
You can’t simply use a User account or Meeting Room account by itself because they can’t automatically accept calendar invites like a Room resource account can. Do I understand this correctly? When you schedule a meeting do you have to invite both the room and device account to the meeting? How do you start the meeting unless the device is the organizer? Or how does the device join the meeting so it can be used by the organizer? Depends on the context, but really just different terminology for the same concept.
A special account configuration that is not the same behavior/configuration as the standard user configuration. There is only ONE account for all of this.
That single AD Account is enabled for Exchange (which can be as a user mailbox or resource mailbox) and then enabled for SfB (which can be the normal user process or the Meeting Room process). Because this is ONE account, then no. Only a single mailbox exists in the address book. The device’s calendar IS the room’s calendar. It’s the same mailbox. We are running SRSv2 3.1.104 on Surface 4 and Logitech dock.
Worked great until we had to disable Legacy Authentication on the Exchange Online and Azure AD. We are running On-prem Skype for Business. We can sign in and use the Room with all the Skype functionality, but it can not connect to the calendar. “Cannot fetch calendar”. If I sign into the Skype Room account on a standard PC-klient I can log in to SfB and get prompted for user and pw for the Exchange connection. Does the SRSv2 support Mordern Authentication against Exchange online?
If so, what has to be done on the Skype-server SRSv2-client? The logs read error on Autodiscover and EWS.(but works from the surface on a standard Skype-client.) Hope you got some tips here. Thank you Jeff for you post. I have one question. Who user can create meeting behind of meeting room with dial-in number and link from meeting room? User don’t have license for conference number in Skype for Business Online, but meeting room has all license.
When user create meeting and choose meeting room as location. He send personal dialing number and link for connect to meeting. So, Who user can create meeting behind of meeting room with dial-in number and link from meeting room? I’m not found way for issue. Wondering if you have ideas for SMR creation issue we’re having.
Great article, thanks for the details very helpful! We have Hybrid Skype environment (small on-prem TB retired, most on O365 S4B) and attempting to create a meeting room resource. Successful for all above commands except: ——————— Enable-CsMeetingRoom -Identity $newUser -RegistrarPool $pool -SipAddressType EmailAddress ——————— We are getting the following error: “Cannot move user in enable operation. Use the Move user cmdlet instead.” New resource created in O365.
Not really attempting any move action per se. Google searching turned up nothing of consequence, hoping you have ideas. Hi Jeff, I’m struggling with getting some Polycom Trio 8800’s working with our fully on-prem Exchange 2013 and SfB 2015. I can get them logged in as a simple room mailbox account, but once I add their account into SfB server and follow the steps to enable it as as LRS account the Trio will no longer login at all, and the account disappears from SfB server.
I have tried this by converting an existing room mailbox and with a fresh account created by using the PS commands in another of your blog posts. Can you please just confirm I’m right in thinking that: – 1. I need to have the Trio’s (or any other devices) configured as LRS accounts in order for them to show up under rooms when scheduling a SfB meeting (none of the ordinary room mailboxes currently do) 2. Is the Polycom Trio 8800 actually compatible with using as a LRS account resource?
When I search the MS lists it does not appear and lists devices which all have screens. We have the Trio kit which comes with Logitech webcams etc. Jeff, Created a room and calendar using a method above in 365.
1.When we dial into SfB meeting by using meeting Dial in number it doesn’t connect with Video and shows as a guest in Skype for Business with room name and audio only capabilities. When we click on Join meeting button on a Polycom joins correctly with video and audio. Is there an option needs to be triggered so Skype would recognize that Polycom Trio is joined when dialed via phone number, i have seen this working in on-premises scenarios before? Thanks, Serg. Hi Jeff: Your articles were sent to me via a PolyCom reseller.
I’d appreciate your advice on how to move forward. I am new to my org.
My org has 4 PolyCom Group Series devices. 2 in Washington and 2 in London. 310 and 500 series. They are setup in a closed loop via the native PolyCom interface to video call each other via saved favorites. No integration with Skype has been attempted. In fact, only one of the units has a Polycom / Skype interoperability license.
I want to upgrade one of the less frequently used Polycoms with a Touch Screen and Skype Interoperability license and see if I can get it to work with SFB. My question is this – if I enable the SFB interface on the unit – does that do away with the previously saved favorites in the native Polycom screen?
I don’t want to be in a position where I have to configure all 4 of the devices at the same time. While the existing system is quite closed – it works instantaneously. I don’t want to ruin that ease – by adding SFB capabilities. I’ll probably have lots more questions beyond this, but I’ll start here.