Unable to connect to Skype for Business Online Remote PowerShell in a hybrid environment

A Skype for Business Server 2015 hybrid environment is a deployment in which an administrator has the ability to home users on-premises within Skype for Business Server 2015 and other users to Skype for Business Online. Users in this configuration usually share the same SIP domain, such as user@ExampleCompany.com.

DNS and SRV records within this hybrid configuration deployment should typically be configured point to the on-premises infrastructure.

To Connect to Skype for Business PowerShell commonly the following steps are followed:

Import-Module SkypeOnlineConnector
$Credential = Get-Credential
$Session = New-CSOnlineSession -credential $Credential

However; Administrators who have a Skype for Business hybrid deployment may receive the following error message when they try to connect to Skype for Business Online Remote PowerShell:

Get-CsPowerShellEndpoint : The remote server returned an error: (503) Server Unavailable.
At C:\Program Files\Common Files\Skype for Business
Online\Modules\SkypeOnlineConnector\SkypeOnlineConnectorStartup.psm1:94 char:26

+ …      $targetUri = Get-CsPowerShellEndpoint -TargetDomain $adminDomain
+                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [Get-CsPowerShellEndpoint], WebException
+ FullyQualifiedErrorId : System.Net.WebException,Microsoft.Rtc.Management.OnlineConnector.GetPowerShellEndpointCm

This is expected behaviour for a Hybrid environment and the issue occurs when the DNS records for LyncDiscover are pointed to the on-premises Skype for Business environment.
Add the –Verbose variable to the New-CsOnlineSession command to show you clearly the steps taken before failure of the of the endpoint URI discovery.

To resolve this issue, run the cmdlet again, but instead specify the -OverrideAdminDomain parameter. Use the default domain that was included with your Office 365 subscription; for example, use ExampleCompany.onmicrosoft.com. The PowerShell cmdlet should resemble the following:

Import-Module SkypeOnlineConnector
$Credential = Get-Credential
$Session = New-CSOnlineSession -credential $Credential -OverrideAdminDomain “ExampleCompany.onmicrosoft.com”

These three easy steps have now provided remote PowerShell access to the connected Skype for Business Online.  To test connectivity simply try running one of the supported Skype for Business Online cmdlets, like Get-CsClientPolicy or Get-CsUser.

Error moving mailbox to Exchange online – Error: InvalidRecipientTypeException: Unsupported recipient type ‎’USERMailbox‎’ provided. Only ‎’Mailuser‎’ is supported for this migration type.

I had an issue on-site recently, after configuring Azure AD Connect and Exchange hybrid and successfully migrating some mailboxes I got the following error migrating a few mailboxes – “Error: InvalidRecipientTypeException: Unsupported recipient type ‎’Mailbox‎’ provided. Only ‎’Mailuser‎’ is supported for this migration type.”

On further inspection I realised that these users previously existed in Exchange online while the customer was “testing” Office 365..


When I assigned a license to user, it seemed to re-attach the mailbox therefore having the RecipientType UserMailbox and not the required MailUser.

I first removed the license and re-assigned it but the same result – UserMailbox, I then removed the user from the sync by moving it to an OU that was not included – forced the sync using Synchronisation Services Manager until disappeared from O365, then re-added it and forced the sync again..  When I had done all that and reassigned the license the result was the same UserMailbox… frustrating.. I needed to somehow purge the mailbox so it didn’t get re-connected..


I finally found the following solution to be the following:

  • Removed the license from the user
  • Remove the user from the Azure AD Connect sync
  • Force Synchronisation
  • Once the user has disappeared from Office 365 run the following command :- Remove-MsolUser –UserPrincipalName Desk1@domain.com –RemoveFromRecycleBin –Force
  • Re-add the user to Azure AD Connect sync
  • Re-assign licence
  • Run Get-User and confirm the user is still MailUser and not UserMailbox

You can now successfully move the users mailbox!