Microsoft Teams QoS PowerShell script to create Group Policy Objects !

Finally!! I have been waiting quite a while to post this! Teams no longer uses the Ephemeral port range for its Source Ports. We now have defined Source Port ranges for media traffic and they match up with Skype for Business Online!!

Documentation available here

So lets get QoS’ing!!!

You might see a common theme from my posts around QoS in terms of SfB and now Teams. This is true and it mainly derives from being overlooked quite often! So lets go ahead and tackle how to mark it at the Operating System level, it only takes a few minutes I promise.

Again – I am giving Pat Richard @PatRichard  lots of credit as I used his Lync/Skype4B QoS Calculator Tool as a reference.

The commands leverage the Active Directory and Group Policy Management PowerShell modules, so make sure you have them installed prior.

#Retrieve the list of all the installed PowerShell Modules
Get-Module -ListAvailable

The commands configure the following items:

  • A new Active Directory Group Policy Object called “Teams Client – QoS” is created in the default Group Policy Objects location
    • The name of this GPO is completely customizable to fit your naming conventions
  • Enables QoS for the computer’s TCP/IP network stack
  • Creates QoS entries for the following Teams communication types
    • Audio
      • Ports 50,000-50,019 (Source)
      • DSCP marking of 46
    • Video
      • Ports 50,020-50,039 (Source)
      • DSCP marking of 34
    • File Transfer
      • Ports 50,040-50,059 (Source)
      • DSCP marking of 24
    • Application Sharing
      • Ports 50,040-50,059 (Source)
      • DSCP marking of 24

#Import the Powershell Module for Active Directory and Group Policy
Import-Module ActiveDirectory,GroupPolicy

#Create a new Group Policy Object (GPO) that will be applied to the Organizational Units (OU's) that contain the computer objects that will be used by Teams users.
#The value "Teams client - QoS" can be modified to fit your needs or naming standards
New-GPO -Name "Teams Client - QoS" -Comment "QoS/DSCP markings for Teams media traffic. That contain the computer objects that will be used by the Teams users."

#Create Registry Value to enable TCP/IP QoS on the computer
Set-GPPrefRegistryValue -Name "Teams Client - QoS" -Context Computer -Key "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\QoS" -ValueName "Do not use NLA" -Value "1" -Type String -Action Update

#Create Registry Value for Teams client Audio QoS in the "Teams Client - QoS" GPO
Set-GPRegistryValue -Name "Teams Client - QoS" -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\QoS\Teams Audio QoS - Teams.exe" -ValueName "Version", "Application Name", "Protocol", "Local Port", "Local IP", "Local IP Prefix Length", "Remote Port", "Remote IP", "Remote IP Prefix Length", "DSCP Value", "Throttle Rate" -Type String -Value "1.0", "Teams.exe", "*", "50000:50019", "*", "*", "*", "*", "*", "46", "-1"

#Create Registry Value for Teams client Video QoS in the "Teams Client - QoS" GPO
Set-GPRegistryValue -Name "Teams Client - Qos" -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\QoS\Teams Video QoS - Teams.exe" -ValueName "Version", "Application Name", "Protocol", "Local Port", "Local IP", "Local IP Prefix Length", "Remote Port", "Remote IP", "Remote IP Prefix Length", "DSCP Value", "Throttle Rate" -Type String -Value "1.0", "Teams.exe", "*", "50020:50039", "*", "*", "*", "*", "*", "34", "-1"

#Create Registry Value for Teams client Application Sharing QoS in the "Teams Client - QoS" GPO
Set-GPRegistryValue -Name "Teams Client - Qos" -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\QoS\Teams App Sharing QoS - Teams.exe" -ValueName "Version", "Application Name", "Protocol", "Local Port", "Local IP", "Local IP Prefix Length", "Remote Port", "Remote IP", "Remote IP Prefix Length", "DSCP Value", "Throttle Rate" -Type String -Value "1.0", "Teams.exe", "*", "50040:50059", "*", "*", "*", "*", "*", "24", "-1"

#Create Registry Value for Teams client File Transfer QoS in the "Teams Client - QoS" GPO
Set-GPRegistryValue -Name "Teams Client - Qos" -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\QoS\Teams File Transfer QoS - Teams.exe" -ValueName "Version", "Application Name", "Protocol", "Local Port", "Local IP", "Local IP Prefix Length", "Remote Port", "Remote IP", "Remote IP Prefix Length", "DSCP Value", "Throttle Rate" -Type String -Value "1.0", "Teams.exe", "*", "50040:50059", "*", "*", "*", "*", "*", "24", "-1"

Some of you may ask “Why split out File Transfer and Application Sharing into two QoS policies since they share the same port range?” – which is a very valid point. I am planning/hoping that, in the future, Microsoft splits these two communication types into two different port ranges to give us greater control over the specific modality individually.

UPDATE – If you are having trouble with Windows 10 not marking packets even though all the registry keys are configured properly. There is an additional setting in the GPO that needs to be selected to allow the you to control the DSCP marking. 

  • Go to the GPO Editor and navigate to Computer Configuration > Policies > Windows Settings
  • Right-click Policy-Based QoS > choose Advanced QoS Settings …
  • Go to the DSCP Marking Override tab
  • Check Control DSCP Marking requests from applications and services
  • Select Allowed

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.