Creating Skype for Business Online QoS Group Policy Objects with Powershell

*UPDATE*  9/12/2017 – found an issue with Windows 10 that requires an additional GPO setting for the QoS Policy. This info has been added to the end of the article.

Now that PSTN voice capabilities have made its way to Office 365’s Skype for Business Online product in the form of Cloud PBX, the topic of Quality of Service (QoS) is even more crucial than before.

I have blogged about the importance of QoS before, so I will not cover it a second time other than to reiterate that real-time communication traffic should be prioritized on a managed network.

In a previous in-depth blog, I went through configuring the necessary Group Policy Objects manually – which takes a bit of time to complete but it gives you a bit of background on the Group Policy QoS settings.

I know time is precious in the IT world, so I figured I would put together the commands necessary to configure all these GPO settings in one fell swoop. I am giving Pat Richard lots of credit as I used his Lync/Skype4B QoS Calculator Tool as a reference. (Note: his QoS calculator is an absolute life saver for on-prem server installs!)

The commands leverage the Active Directory and Group Policy Management PowerShell modules, so make sure you have them installed prior.

#Retrieve the list of all the installed PowerShell Modules
Get-Module -ListAvailable

The commands configure the following items:

• A new Active Directory Group Policy Object called “S4B Online Client – QoS” is created in the default Group Policy Objects location
  • The name of this GPO is completely customizable to fit your naming conventions
• Enables QoS for the computer’s TCP/IP network stack
• Creates QoS entries for the following S4B communication types
  • Audio
    • Ports 50,000-50,019 (Source)
    • DSCP marking of 46
  • Video
    • Ports 50,020-50,039 (Source)
    • DSCP marking of 34
  • File Transfer
    • Ports 50,040-50,059 (Source)
    • DSCP marking of 24
  • Application Sharing
    • Ports 50,040-50,059 (Source)
    • DSCP marking of 24

*UPDATE* –   The PowerShell code below has been fixed to address WordPress’s improper formatting of quotations

---

#Import the Powershell Module for Active Directory and Group Policy
Import-Module ActiveDirectory,GroupPolicy

#Create a new Group Policy Object (GPO) that will be applied to the Organizational Units (OU's) that contain the computer objects that will be used by the Skype4B users.
#The value "S4B Online client - QoS" can be modified to fit your needs or naming standards
New-GPO -Name "S4B Online Client - QoS" -Comment "QoS/DSCP markings for Skype4B media traffic. That contain the computer objects that will be used by the Skype4B users."

#Create Registry Value to enable TCP/IP QoS on the computer
Set-GPPrefRegistryValue -Name "S4B Online Client - QoS" -Context Computer -Key "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\QoS" -ValueName "Do not use NLA" -Value "1" -Type String -Action Update

#Create Registry Value for Skype4B client Audio QoS in the "Skype4B Client - QoS" GPO
Set-GPRegistryValue -Name "S4B Online Client - QoS" -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\QoS\Skype4B Online Audio QoS - lync.exe" -ValueName "Version", "Application Name", "Protocol", "Local Port", "Local IP", "Local IP Prefix Length", "Remote Port", "Remote IP", "Remote IP Prefix Length", "DSCP Value", "Throttle Rate" -Type String -Value "1.0", "lync.exe", "*", "50000:50019", "*", "*", "*", "*", "*", "46", "-1"

#Create Registry Value for Skype4B client Video QoS in the "Skype4B Client - QoS" GPO
Set-GPRegistryValue -Name "S4B Online Client - Qos" -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\QoS\Skype4B Online Video QoS - lync.exe" -ValueName "Version", "Application Name", "Protocol", "Local Port", "Local IP", "Local IP Prefix Length", "Remote Port", "Remote IP", "Remote IP Prefix Length", "DSCP Value", "Throttle Rate" -Type String -Value "1.0", "lync.exe", "*", "50020:50039", "*", "*", "*", "*", "*", "34", "-1"

#Create Registry Value for Skype4B client Application Sharing QoS in the "Skype4B Client - QoS" GPO
Set-GPRegistryValue -Name "S4B Online Client - Qos" -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\QoS\Skype4B Online App Sharing QoS - lync.exe" -ValueName "Version", "Application Name", "Protocol", "Local Port", "Local IP", "Local IP Prefix Length", "Remote Port", "Remote IP", "Remote IP Prefix Length", "DSCP Value", "Throttle Rate" -Type String -Value "1.0", "lync.exe", "*", "50040:50059", "*", "*", "*", "*", "*", "24", "-1"

#Create Registry Value for Skype4B client File Transfer QoS in the "Skype4B Client - QoS" GPO
Set-GPRegistryValue -Name "S4B Online Client - Qos" -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\QoS\Skype4B Online File Transfer QoS - lync.exe" -ValueName "Version", "Application Name", "Protocol", "Local Port", "Local IP", "Local IP Prefix Length", "Remote Port", "Remote IP", "Remote IP Prefix Length", "DSCP Value", "Throttle Rate" -Type String -Value "1.0", "lync.exe", "*", "50040:50059", "*", "*", "*", "*", "*", "24", "-1"

Some of you may ask “Why split out File Transfer and Application Sharing into two QoS policies since they share the same port range?” – which is a very valid point. I am planning/hoping that, in the future, Microsoft splits these two communication types into two different port ranges to give us greater control over the specific modality individually.

UPDATE – If you are having trouble with Windows 10 not marking packets even though all the registry keys are configured properly. There is an additional setting in the GPO that needs to be selected to allow the you to control the DSCP marking. 

• Go to the GPO Editor and navigate to Computer Configuration > Policies > Windows Settings
• Right-click Policy-Based QoS > choose Advanced QoS Settings …
• Go to the DSCP Marking Override tab
• Check Control DSCP Marking requests from applications and services
• Select Allowed