Category: Real-time collaboration and UM

As we prepare for the migration from on-premises Skype for Business to Skype for Business Online, there are a few important considerations to bear in mind before you take the leap. I will be covering these in a series of posts (hopefully), today I want to share with you a common scenario we will face while preparing for migration.

We are well aware of the pre-requisite for Office 365 that demands an Active Directory synchronised user must have a publically routable User Principal Name (UPN). So critical is this requirement that it is now engrained in every consultant’s mind and increasingly customers are becoming more aware of this without us even mentioning it. However, this can often produce its own unique challenges.

Many organisations set their users up with an ambiguous username, something that does not immediately identify a user by name e.g. rather than This is to avoid name conflicts and was often used as an additional domain security measure. When a user is synchronised to Office 365 their UPN is used to provision the identity and service addresses for Exchange and Skype for Business. Often the case is that users UPNs do not match their publically available contact information such as their e-mail address. E-mail addresses are usually more personable to each users and contain their true identity e.g In order to integrate Skype for Business Online with Exchange properly it is important that the user’s SIP address matches their primary e-mail address i.e. and not

However, when you perform an AD Sync with Office 365 the user’s Skype for Business Online identity is provisioned using the UPN like so:

On-premises Identity (UPN =

Synchronised Identity in Office 365 Portal also

PowerShell output showing primary SIP Address in Skype for Business Online

In order to change this, the solution is to look and edit the on-premises identity, as this is the source of authority for this person’s cloud identity. Specifically, we need to modify an attribute on the user’s Active Directory account called msRTCSIP-PrimaryUserAddress. In order to find this attribute, your on-premises Active Directory domain is required to be prepared for Lync / Skype for Business On-premises. Therefore, you may need to download the on premises software and run AD schema preparation to have this property available. I say may read on.

First change find and change this attribute

Click on edit and enter the desired address in this format:

Perform directory synchronisation using AADSync and then check the SIP Address of the online identity. You should see that is has changed

Please note that this only works for synchronised identities. Cloud identities must be provisioned with the primary SIP address as the username.

If you have not prepared your Active Directory domain from on-premises Lync / Skype for Business and do not have the msRTCSIP-PriamryUserAddress attribute, there is an alternative method you can use. Instead we can use the ProxyAddresses attribute that is natively part of Active Directory. This attribute is the same on you use for provisioning e-mail addresses to get around the same issue as we have. Open the ProxyAddressess attribute and add a new Proxy Address into the list using the following format:

Perform a directory synchronisation and test the SIP address has been updated correctly




Main resources:

How to create and deploy a client certificate for MAC:

Transforming .cer to .pem or vice-versa:

using openssl to convert a certificate format to another format:

Exporting a private key:



Using Powershell:

Using SCOM:





Troubleshooting slow logons:

Logon process:

Tools for troubleshooting:

And powershell:

Analyze GPOs load time:


How to use Xperf, Xbootmgr, Procmon, WPA?

xperf;xbootmgr;xperfview comes from Windows ADK (Windows performance toolkit sub part). Procmon is a sysinternal tool.

Other interesting articles:


Windows Performance Analyzer (wpa.exe) youtube:

Xperf data collection tool:


For boot tracing:

xbootmgr -trace boot -traceFlags BASE+CSWITCH+POWER -resultPath C:\TEMP

with boot phases:
xbootmgr -trace boot -traceflags base+latency+dispatcher -stackwalk profile+cswitch+readythread 
       -notraceflagsinfilename -postbootdelay 120 -resultPath C:\TEMP

For shutdown tracing:

xbootmgr -trace shutdown -noPrepReboot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP

For Standby+Resume:

xbootmgr -trace standby -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP

For Hibernate+Resume:

xbootmgr -trace hibernate -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP

replace C:\TEMP with any temp directory on your machine as necessary to store the output files

Analyses of the boot trace:


To start create a summary xml file, run this command (replace the name with the name of your etl file)

xperf /tti -i boot_BASE+CSWITCH+POWER_1.etl -o summary_boot.xml -a boot

Analyses of the shutdown trace:

The shutdown is divided into this 3 parts:


To generate an XML summary of shutdown, use the -a shutdown action with Xperf:

xperf /tti -i shutdown_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_shutdown.xml -a shutdown


Finding remote session connected to your computer?
who is running a (hidden) remote PowerShell on your machine? Here’s a simple one-liner:
Get-WSManInstance -ConnectionURI (‘http://{0}:5985/wsman’ -f $env:computername) -ResourceURI shell -Enumerate
It will return anyone connecting via port 5985 to your machine. However, if you’re not running in a domain environment,
you first have to enable non-Kerberos connections
(remember that without Kerberos, you no longer know for sure that the target computer really is the computer it pretends
to be):
Set-Item WSMan:\localhost\Client\TrustedHosts * -Force





From event viewer eventvwr (GUI) you can export events in a log file. EventcombMT as well.

You can use eventwatchnt, eventsentry (GUI) from

How to store events on SQL table:

How to export forwarded events using get-winevent:

write-host “Dump Quest ARS Forwarded Events (only the last hour)”
$date = Get-Date -Format ddMMyyyy
$log = “.\logs\Dump-QARS-ForwardedEvents-” + $date + “.txt”

$xml = ‘<QueryList>
<Query Id=”0″ Path=”ForwardedEvents”>
<Select Path=”ForwardedEvents”>*[System[(Level=1  or Level=2 or Level=3 or Level=4 or Level=0 or Level=5) and TimeCreated[timediff(@SystemTime) &lt;= 3600000]]]</Select>

$events = Get-WinEvent -FilterXml $xml |  Select-Object ID, LevelDisplayName, LogName, MachineName, Message, ProviderName, RecordID, TaskDisplayName, TimeCreated

write-output $events >> $log

Write-host “”


To dump events from the command line you can use:

1) psloglist from

ex: psloglist -a 01/12/15 application -n 5    ; in this example I export the last 5 events from 12th Jan 2015 located on application event log.

ex: psloglist -a 01/12/15 -w -x security        ; in this example I export new security events coming with extended data

ex: psloglist -a 01/12/15 application -n 5 -s -t “\t” > c:\temp\output.txt  ; in this example I exported the last 5 application events on one line separated by tabulation and redirected to an output file. After that I can open the output.txt in Excel.

same example but using a specific event ID: psloglist -i 851 security -s -t “\t” > c:\temp\output.txt

other example:

@echo off

for /f “tokens=1,2,3,4* delims=/ ” %%i in (‘date /t’) do set TDDAY=%%i&set TDMM=%%j&set TDDD=%%k&set TDYY=%%l
for /f “tokens=1* delims=:” %%i in (‘time /t’) do set HH=%%i&set MM=%%j
echo Starting EDM server log dump (please wait it takes time)…
psloglist -accepteula \\server01,server02 -a %1 “EDM Server” -x -s -t “\t” >.\logs\Dump-Log_%TDDD%%TDMM%%TDYY%.txt


2) using wevtutil:

3) Using powershell:

4) using logparser: