No schedule Skype Meeting option

Howdy Folks,

As Office 365 becomes increasingly powerful and the functionality becomes closer to what expect from an on premise configuration on Skype for Business, you need to be able to take advantage of the solutions you find online.

I have read the Lync Server Cookbook by Alessio Giombini, Antonio Vargas, Fabrizio Volpe, and Lasse Nordvik Wedo which has a section on this but it is a bit difficult to pull the text from the book to the PowerShell window.  Kudos to the team for the fantastic book.  In addition, a shout out to Paul Lange who has recently completed this and provided some update feedback.

After completion of the following procedure, you should be able to use Exchange Online, utilise OWA— OOTW as it’s known now—to be able to use and sign-in to the on premise Skype for Business server.

In addition, you will be able to use the Exchange Online Calendar application to provide a Skype for Business meeting with the on premise Skype for Business servers.


You need a few things – an export of the OAuth certificate.

PowerShell to simplify the task is found below

From a Front End server load Certificate Add In on the Microsoft Management Console.

Right Click and select All Tasks, then click Export.  The OAuth certificate should be the only certificate on the Server that appears with just the domain name in its Issued To field.

Press Next

The OAuth does not have a Private Key that needs to be exported, so click No and Next

The certificate needs to be in a Base-64 encoded, select and press Next

Export the .cer to a convenient location and press Next

The certificate will be exported to the location, complete by pressing Finish

PowerShell to export certificate:

$CertPath = "C:\_Install\oauth.cer"

$Thumbprint = (Get-CsCertificate -Type OAuthTokenIssuer).Thumbprint

$OAuthCert = Get-ChildItem -Path Cert:\LocalMachine\My\$Thumbprint

Export-Certificate -Cert $OAuthCert -FilePath $CertPath -Type CERT


From Skype for Business Online Topology Builder, obtain the External Web services FQDN.

Enable OAuth on Tenant

From the Skype for Business Server launch the Skype for Business Management Shell.

Import-Module LyncOnlineConnector

$cred = Get-Credential
$sess = New-CsOnlineSession -Credential $cred

Import-PSSession $sess -AllowClobber

Verify the connection is correct by typing


Validate that you get the expected tenant information returned.

The important information you are looking for is the Tenant ID.

Mark and paste the information in the following table between the “   ”

$tenantID = "a2345678-1238-43cd-a144-e45678c55dc6"

New-CsOAuthServer microsoft.sts -MetadataUrl$tenantID/metadata/json/1

This is the same for all tenants – paste the following:

New-CsPartnerApplication -Identity -ApplicationIdentifier 00000002-0000-0ff1-ce00-000000000000 -ApplicationTrustLevel Full –UseOAuthServer


Installation of O365 AD Module

Next step you need to install a few things.

First installation is First is the Microsoft Online Services Sign-in assistant setup wizard – this is straight forward, so it seems. Download can be obtained from:

Second is the Azure Active Directory Module setup wizard – this isn’t so straight forward.  – this will kick off the download of the Windows Azure Active Directory Module  – you may need follow the post installation of the MOSS below.

Kick off the installation of Microsoft Online Services Sign-in Assistant Setup

Accept the EULA and press Install.

Press Finish upon completion


To install the Azure Active directory module I’ve made the following registry edit.  There seems to be a bug with the RTW version and the allowing the installation of the AADM.  You can modify the installed versioning by completing a regedit.


Windows Registry Editor Version 5.00





Installation of the Azure Active Directory Module for Windows PowerShell

Launch the installer, and press Next

Accept the EULA and press Next

Ensure the installation location is correct and press Next


If the information is correct press Confirm

 Once the install is complete press Finish

If this doesn’t install properly, you might need to install the beta version:

Configuring Office 365

Now that you’ve installed the Azure module, you’re going to launch it.


Paste the following:

Import-Module MSOnlineExtended



You are going to Import our exported Oauth certificate:

Paste the following – assuming you’ve exported the cert to the same location:

$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate


$binaryValue = $certificate.GetRawCertData()

$credentialsValue = [System.Convert]::ToBase64String($binaryValue)

new-MsolServicePrincipalCredential -AppPrincipalId 00000004-0000-0ff1-ce00-000000000000 -Type Asymmetric -Usage Verify -Value $credentialsValue

Validate the cert has been installed properly.

Get-MsolServicePrincipalCredential -AppPrincipalId 00000004-0000-0ff1-ce00-000000000000 -ReturnKeyValues $true

Under the Value portion you should see the key information of the certificate.


You are going to do the same thing again however rather than doing it to Skype Online- which is 00000004,  If you also have a hybrid Exchange you are going to do it to Exchange Online, which is 00000002


 Important note: I have had a few really strange issues on this. The first time I imported the certificate fine, but when I ran a Get-MsolServicePrincipalCredential I would get a blank value back for the certificate, so I would have to Remove-MsolServicePrincipalCredential – AppPrincipalId ***  -KeyID **

To resolve this I closed the Azure Active Directory Module and launched it again.

Paste this to import the OAuth to Exchange Online

$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate


$binaryValue = $certificate.GetRawCertData()

$credentialsValue = [System.Convert]::ToBase64String($binaryValue)

New-MsolServicePrincipalCredential -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 -Type Asymmetric -Usage Verify -Value $credentialsValue

Set-MSOLServicePrincipal -AppPrincipalID 00000002-0000-0ff1-ce00-000000000000 -AccountEnabled $true

Paring the hybrid

Once this is complete the certificate import on the Skype Online and Exchange Online we need to configure the trust to the external web services on premise.

Run the following – make sure you grab that external web service you obtained earlier

$lyncSP = Get-MSOLServicePrincipal -AppPrincipalID 00000004-0000-0ff1-ce00-000000000000


Set-MSOLServicePrincipal -AppPrincipalID 00000004-0000-0ff1-ce00-000000000000 -ServicePrincipalNames $lyncSP.ServicePrincipalNames



One thing I’ve noticed is that not all Skype for Business online configurations have all the expected trusted providers.

From the Skype for Business Management shell Run:


Make sure you see both Lync Online or Skype for Business Online and Exchange Online

On several occasions I have had to add Exchange Online as a Hosting Provider at different hybrid environments

New-CsHostingProvider -Identity "Exchange Online" -Enabled $True –EnabledSharedAddressSpace $True -HostsOCSUsers $False -ProxyFQDN "" -IsLocal $False -VerificationLevel UseSourceVerification


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.