Skype for Business

Add Skype for Business Federation Partner/Domain

Hey again!

Have you been searching and looking around to find a way to automate or use PowerShell for adding federation partners to Skype for Business Online?

Then here’s a great example for you, feel free to use the script, edit and tweak it. If you do tweak and edit/improving it. Please go ahead and share it with the community and also link to my blog post.

In my case I’m using PowerShell version 5 together with Skype for Business module, which is a requirement for connecting to the cloud service(s).

The script in itself is pretty much straight forward, type in one or more domains and they get added into the alloweddomains list.
This can be handy if you’re not using open federation and have to add a couple of new domains every now and then..

 


<#
.SYNOPSIS
Filename: Add-CsFedDomain.psm1

Jonas Andersson
Jonas.Andersson@testlabs.se

THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE
ENTIRE RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS
WITH THE USER.

Version 1.0, September 25th, 2016

.DESCRIPTION
Used for adding new domain(s) for Skype for Business Online

.PREREQUISITES
Connect to Skype for Business Online using the PowerShell module

Revision History
--------------------------------------------------------------------------------
1.0     Initial release

.EXAMPLE
Add-CsFederationDomain -domainName domain1.com
Add-CsFederationDomain -domainName domain1.com,domain2.com,domain3.com

#>

function Add-CsFederationDomain (
[Parameter(Mandatory = $true)][array]$domainName
)
{
if ((Get-MsolDomain -ErrorAction 0) -eq $null)
{
Write-Host "Not connected to O365, use ConnectToO365-P*" -ForegroundColor Red
break
}

$tenant = Get-CsTenant
$domainName = $domainName.split(",")
$domainName = $domainName.split(";")
$domainName = $domainName.split(",")
$domainName = $domainName.Replace(" ","")

if ($domainName.Count -lt 2)
{
[string]$domainName = $domainName[0].ToString()
Write-Host "#########################################################################################" -ForegroundColor White
Write-Host "Domain: $domainName" -ForegroundColor DarkGreen

$x = Get-CsTenantFederationConfiguration –Tenant $tenant.TenantId
$domain = $x.AllowedDomains.AllowedDomain | ?{$_.Domain -eq $domainName}
if ($domain -eq $null)
{
$d1 = New-CsEdgeDomainPattern -Domain $domainName
$x.AllowedDomains.AllowedDomain.Add($d1)
Set-CsTenantFederationConfiguration -Tenant $tenant.tenantID  -AllowedDomains $x.AllowedDomains
Write-Host "Domain $domainName was added successfully" -ForegroundColor Green
}
else
{
Write-Host "ERROR: $domainName already in allowed list" -ForegroundColor Red
}
}

if ($domainName.Count -gt 1)
{
foreach ($newdomain in $domainName)
{
Write-Host "#########################################################################################" -ForegroundColor White
Write-Host "Domain: $newdomain" -ForegroundColor DarkGreen

$x = Get-CsTenantFederationConfiguration –Tenant $tenant.TenantId
$domain = $x.AllowedDomains.AllowedDomain | Where-Object {$_.Domain -eq $newdomain}
if ($domain -eq $null)
{
$d1 = New-CsEdgeDomainPattern -Domain $newdomain
$x.AllowedDomains.AllowedDomain.Add($d1)
Set-CsTenantFederationConfiguration -Tenant $tenant.tenantID -AllowedDomains $x.AllowedDomains
Write-Host "Domain $newdomain was added successfully" -ForegroundColor Green
}
else
{
Write-Host "ERROR: $newdomain already in allowed list" -ForegroundColor Red
}
}
}
}

Inspiration from this great blog post:

https://gotspeechguy.com/2012/06/21/setting-up-a-tenants-allowed-domains-for-federation/

Surface Hub – account creation

Background

Most of you already know what a Surface Hub is since Microsoft have pushed really hard for these devices. If you for some unknown reason doesn’t know what it is, or how it looks like. Then take a look at the following link: https://www.microsoft.com/microsoft-surface-hub/en-us

As you may know (or don’t, doesn’t matter..) I’m responsible to the technical solution of Office 365 and being a bit more specific; Skype for Business is the main one for me.

However, it took me a while to actually figure out what kind of accounts that was needed for the Surface Hub device to be honest. You can read about this at TechNet of course but they are just talking about device account (and what the heck is that? computer or user?)..

So what that said I wanted to share the knowledge I got so far from creation of the “device” accounts, which is a ROOM MAILBOX and nothing else (a customized room mailbox).

So to the steps that was taken:

Step 1:

  • Create one CSV file including the accounts we want to get created

In general the CSV file looks similar to the formatting of the text below

alias;upn;name;password
edu.surfacehub_55;edu.surfacehub_55@testlabstrial.onmicrosoft.com;Surface Hub 55;Welcome2016!!
edu.surfacehub_84;edu.surfacehub_84@testlabstrial.onmicrosoft.com;Surface Hub 84;Welcome2016!!

Note: an example of the CSV file can be found below:

Step 2:

For automating the creation of the listed accounts in the file, we can easily utilize PowerShell

Start:


$accounts = Import-Csv ".\surfacehubacct.csv" -Delimiter ";"

# Prereq's
$countrycode = (Get-CsTenant).CountryAbbreviation
$regpool = (Get-CsTenant).TenantPoolExtension
$regpool = $regpool.Substring($regpool[0].IndexOf(':') + 1)
$skuid = (Get-MsolAccountSku | Where-Object {$_.AccountSkuID.Contains("ENTERPRISEPACK"); })
$easpolicys = Get-MobileDeviceMailboxPolicy

if ($easpolicys.Count -gt 1)
{
foreach ($easpolicy in $easpolicys)
{
if (($easpolicy.PasswordEnabled -eq $False) -and ($easpolicy.AllowNonProvisionableDevices -eq $null -or $easpolicy.AllowNonProvisionableDevices -eq $True))
{
$easpolicy = $easpolicy
}

else
{
Write-Host "The policy is incompatible with the surface hub." -ForegroundColor Red
$easpolicy = $null
New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $False -AllowNonProvisionableDevices $True
Write-Host "A new Mobile Device Mailbox Policy has been created" -ForegroundColor Green
$easpolicy = Get-MobileDeviceMailboxPolicy
}
}
}

if ($easpolicys.Count -eq $null)
{
if (($easpolicys.PasswordEnabled -eq $False) -and ($easpolicys.AllowNonProvisionableDevices -eq $null -or $easpolicys.AllowNonProvisionableDevices -eq $True))
{
$easpolicy = $easpolicys
}

else
{
Write-Host "The policy is incompatible with the surface hub." -ForegroundColor Red
$easpolicy = $null
New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $False -AllowNonProvisionableDevices $True
Write-Host "A new Mobile Device Mailbox Policy has been created" -ForegroundColor Green
$easpolicy = "SurfaceHubs"
}
}

if (!$easpolicys)
{
Write-Host "No policy can be found." -ForegroundColor Red
$easpolicy = $null
New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $False -AllowNonProvisionableDevices $True
Write-Host "A new Mobile Device Mailbox Policy has been created" -ForegroundColor Green
$easpolicy = Get-MobileDeviceMailboxPolicy
}

foreach ($account in $accounts)
{
New-Mailbox -MicrosoftOnlineServicesID $account.upn -Alias $account.alias -Name $account.name -Room -EnableRoomMailboxAccount $True -RoomMailboxPassword (ConvertTo-SecureString -String $account.password -AsPlainText -Force)
Set-Mailbox -Identity $account.upn -Type Regular
Set-CASMailbox -Identity $account.upn -ActiveSyncMailboxPolicy SurfaceHubs
Set-Mailbox -Identity $account.upn -Type Room
Set-Mailbox -Identity $account.upn -RoomMailboxPassword (ConvertTo-SecureString -String $account.password -AsPlainText -Force) -EnableRoomMailboxAccount $True
Set-CalendarProcessing -Identity $account.upn -AutomateProcessing AutoAccept -AddOrganizerToSubject $False –AllowConflicts $False –DeleteComments $False -DeleteSubject $False -RemovePrivateProperty $False -AddAdditionalResponse $True -AdditionalResponse "This is a Surface Hub room!"
Set-CalendarProcessing -Identity $account.upn -ProcessExternalMeetingMessages $True
Set-MsolUser -UserPrincipalName $account.upn -PasswordNeverExpires $True
Set-MsolUserLicense -UserPrincipalName $account.upn -AddLicenses $skus.AccountSkuId
Set-MsolUser -UserPrincipalName $account.upn -UsageLocation $countrycode
Enable-CsMeetingRoom -Identity $account.upn -RegistrarPool $regpool -SipAddressType UserPrincipalName
}

This post has been published mostly for remembering myself on how the accounts should be created (if possible), when having a scenario where they cannot be created in the on-premises Active Directory and being synchronized.

A follow up post will come later on regarding the accounts of Surface Hub

Great collaboration with Daniel Blunda regarding these accounts!