diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md
index 3c1ef3bcb3..a08087ffa9 100644
--- a/devices/surface-hub/TOC.md
+++ b/devices/surface-hub/TOC.md
@@ -5,7 +5,8 @@
 #### [Physically install Microsoft Surface Hub](physically-install-your-surface-hub-device.md)
 #### [Create and test a device account](create-and-test-a-device-account-surface-hub.md)
 ##### [Online deployment](online-deployment-surface-hub-device-accounts.md)
-##### [On-premises deployment](on-premises-deployment-surface-hub-device-accounts.md)
+##### [On-premises deployment (single forest)](on-premises-deployment-surface-hub-device-accounts.md)
+##### [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md)
 ##### [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md)
 ##### [Create a device account using UI](create-a-device-account-using-office-365.md)
 ##### [Microsoft Exchange properties](exchange-properties-for-surface-hub-device-accounts.md)
diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index dbf6b92769..a58c51ec66 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -19,6 +19,7 @@ This topic lists new and updated topics in the [Surface Hub Admin Guide]( surfac
 | New or changed topic | Description |
 | --- | --- |
 | [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | New |
+| [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) | New |
 | [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md) | Added graphics cards verified to work with 84" Surface Hubs and added information about the lengths of cables. |
 | [Online deployment](online-deployment-surface-hub-device-accounts.md) | Updated procedures for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment. |
 
diff --git a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
index ec7e16757b..9930a748e3 100644
--- a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
+++ b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
@@ -46,7 +46,8 @@ For detailed steps using PowerShell to provision a device account, choose an opt
 | Organization deployment             |  Description                  |
 |---------------------------------|--------------------------------------|
 | [Online deployment (Office 365)](online-deployment-surface-hub-device-accounts.md) | Your organization's environment is deployed entirely on Office 365. |
-| [On-premises deployment](on-premises-deployment-surface-hub-device-accounts.md) | Your organization has servers that it controls and uses to host Active Directory, Exchange, and Skype for Business (or Lync). |
+| [On-premises deployment (single-forest)](on-premises-deployment-surface-hub-device-accounts.md) | Your organization has servers that it controls and uses to host Active Directory, Exchange, and Skype for Business (or Lync) in a single-forest environment. |
+| [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) | Your organization has servers that it controls and uses to host Active Directory, Exchange, and Skype for Business (or Lync) in a multi-forest environment. |
 | [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Your organization has a mix of services, with some hosted on-premises and some hosted online through Office 365. |
 
 If you prefer to use a graphical user interface, some steps can be done using UI instead of PowerShell. 
diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
index cb9d732585..8914899056 100644
--- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
@@ -1,5 +1,5 @@
 ---
-title: On-premises deployment (Surface Hub)
+title: On-premises deployment single forest (Surface Hub)
 description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment.
 ms.assetid: 80E12195-A65B-42D1-8B84-ECC3FCBAAFC6
 keywords: single forest deployment, on prem deployment, device account, Surface Hub
@@ -11,12 +11,12 @@ author: TrudyHa
 localizationpriority: medium
 ---
 
-# On-premises deployment (Surface Hub)
+# On-premises deployment for Surface Hub in a single-forest environment
 
 
 This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment.
 
-If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If you’re using a multi-forest deployment, you can use equivalent cmdlets that will produce the same results. Those cmdlets are described in this section.
+If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If you’re using a multi-forest deployment, see [On-premises deployment for Surface Hub in a multi-forest environment](on-premises-deployment-surface-hub-multi-forest.md).
 
 1.  Start a remote PowerShell session from a PC and connect to Exchange.
 
diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md
new file mode 100644
index 0000000000..08688230d6
--- /dev/null
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md
@@ -0,0 +1,105 @@
+---
+title: On-premises deployment multi-forest (Surface Hub)
+description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a multi-forest, on-premises deployment.
+ms.assetid: 80E12195-A65B-42D1-8B84-ECC3FCBAAFC6
+keywords: multi forest deployment, on prem deployment, device account, Surface Hub
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: surfacehub
+author: jdeckerMS
+localizationpriority: medium
+---
+
+# On-premises deployment for Surface Hub in a multi-forest environment
+
+
+This topic explains how you add a device account for your Microsoft Surface Hub when you have a multi-forest, on-premises deployment.
+
+If you have a multi-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If you’re using a single-forest deployment, see [On-premises deployment for Surface Hub in a single-forest environment](on-premises-deployment-surface-hub-device-accounts.md).
+
+1.  Start a remote PowerShell session from a PC and connect to Exchange.
+
+    Be sure you have the right permissions set to run the associated cmdlets.
+
+    Note here that `$strExchangeServer` is the fully qualified domain name (FQDN) of your Exchange server, and `$strLyncFQDN` is the FQDN of your Skype for Business server.
+
+    ```PowerShell
+    Set-ExecutionPolicy Unrestricted
+    $org='contoso.microsoft.com'
+    $cred=Get-Credential $admin@$org
+    $sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $cred -AllowRedirection -Authentication Kerberos -ConnectionUri "http://$strExchangeServer/powershell" -WarningAction SilentlyContinue
+    $sessLync = New-PSSession -Credential $cred -ConnectionURI "https://$strLyncFQDN/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue
+    Import-PSSession $sessExchange
+    Import-PSSession $sessLync
+    ```
+
+2.  After establishing a session, create a new mailbox in the Resource Forest. This will allow the account to authenticate into the Surface Hub.
+
+    If you're changing an existing resource mailbox:
+
+    ```PowerShell
+    New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01"
+    ```
+
+3.  After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
+
+    Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to **False**. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
+
+    If you haven’t created a compatible policy yet, use the following cmdlet-—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
+
+    ```PowerShell
+    $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
+    ```
+
+    Once you have a compatible policy, then you will need to apply the policy to the device account. 
+
+    ```PowerShell
+    Set-CASMailbox $acctUpn -ActiveSyncMailboxPolicy $easPolicy -ActiveSyncEnabled $true
+    Set-Mailbox $acctUpn -Type Room
+    ```
+
+4.  Various Exchange properties can be set on the device account to improve the meeting experience for people. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
+
+    ```PowerShell
+    Set-CalendarProcessing -Identity $acctUpn -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
+    Set-CalendarProcessing -Identity $acctUpn -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
+    ```
+
+5.  If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information. This should be set in the User Forest.
+
+    ```PowerShell
+    Set-AdUser $acctUpn -PasswordNeverExpires $true
+    ```
+
+6.  Enable the account in Active Directory so it will authenticate to the Surface Hub. This should be set in the User Forest.
+
+    ```PowerShell
+    Set-AdUser $acctUpn -Enabled $true
+    ```
+
+6. You now need to change the room mailbox to a linked mailbox:
+
+    ```PowerShell
+    $cred=Get-Credential AuthForest\LinkedRoomTest1
+    Set-mailbox -Alias LinkedRoomTest1 -LinkedMasterAccount AuthForest\LinkedRoomTest1 -LinkedDomainController AuthForest-4939.AuthForest.extest.contoso.com -Name LinkedRoomTest1 -LinkedCredential $cred -Identity LinkedRoomTest1
+    ```
+
+7.  Enable the device account with Skype for Business by enabling your Surface Hub AD account on a Skype for Business Server pool:
+
+    ```PowerShell
+    Enable-CsMeetingRoom -SipAddress "sip:HUB01@contoso.com"
+     -DomainController DC-ND-001.contoso.com -RegistrarPool LYNCPool15.contoso.com
+     -Identity HUB01
+    ```
+
+    You'll need to use the Session Initiation Protocol (SIP) address and domain controller for the Surface Hub, along with your own Skype for Business Server pool identifier and user identity.
+
+
+
+ 
+
+
+
+
+