Background
Most of you already know what a Surface Hub is since Microsoft have pushed really hard for these devices. If you for some unknown reason doesn’t know what it is, or how it looks like. Then take a look at the following link: https://www.microsoft.com/microsoft-surface-hub/en-us
As you may know (or don’t, doesn’t matter..) I’m responsible to the technical solution of Office 365 and being a bit more specific; Skype for Business is the main one for me.
However, it took me a while to actually figure out what kind of accounts that was needed for the Surface Hub device to be honest. You can read about this at TechNet of course but they are just talking about device account (and what the heck is that? computer or user?)..
So what that said I wanted to share the knowledge I got so far from creation of the “device” accounts, which is a ROOM MAILBOX and nothing else (a customized room mailbox).
So to the steps that was taken:
Step 1:
- Create one CSV file including the accounts we want to get created
In general the CSV file looks similar to the formatting of the text below
alias;upn;name;password
edu.surfacehub_55;edu.surfacehub_55@testlabstrial.onmicrosoft.com;Surface Hub 55;Welcome2016!!
edu.surfacehub_84;edu.surfacehub_84@testlabstrial.onmicrosoft.com;Surface Hub 84;Welcome2016!!
Note: an example of the CSV file can be found below:
Step 2:
For automating the creation of the listed accounts in the file, we can easily utilize PowerShell
Start:
$accounts = Import-Csv ".\surfacehubacct.csv" -Delimiter ";"
# Prereq's
$countrycode = (Get-CsTenant).CountryAbbreviation
$regpool = (Get-CsTenant).TenantPoolExtension
$regpool = $regpool.Substring($regpool[0].IndexOf(':') + 1)
$skuid = (Get-MsolAccountSku | Where-Object {$_.AccountSkuID.Contains("ENTERPRISEPACK"); })
$easpolicys = Get-MobileDeviceMailboxPolicy
if ($easpolicys.Count -gt 1)
{
foreach ($easpolicy in $easpolicys)
{
if (($easpolicy.PasswordEnabled -eq $False) -and ($easpolicy.AllowNonProvisionableDevices -eq $null -or $easpolicy.AllowNonProvisionableDevices -eq $True))
{
$easpolicy = $easpolicy
}
else
{
Write-Host "The policy is incompatible with the surface hub." -ForegroundColor Red
$easpolicy = $null
New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $False -AllowNonProvisionableDevices $True
Write-Host "A new Mobile Device Mailbox Policy has been created" -ForegroundColor Green
$easpolicy = Get-MobileDeviceMailboxPolicy
}
}
}
if ($easpolicys.Count -eq $null)
{
if (($easpolicys.PasswordEnabled -eq $False) -and ($easpolicys.AllowNonProvisionableDevices -eq $null -or $easpolicys.AllowNonProvisionableDevices -eq $True))
{
$easpolicy = $easpolicys
}
else
{
Write-Host "The policy is incompatible with the surface hub." -ForegroundColor Red
$easpolicy = $null
New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $False -AllowNonProvisionableDevices $True
Write-Host "A new Mobile Device Mailbox Policy has been created" -ForegroundColor Green
$easpolicy = "SurfaceHubs"
}
}
if (!$easpolicys)
{
Write-Host "No policy can be found." -ForegroundColor Red
$easpolicy = $null
New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $False -AllowNonProvisionableDevices $True
Write-Host "A new Mobile Device Mailbox Policy has been created" -ForegroundColor Green
$easpolicy = Get-MobileDeviceMailboxPolicy
}
foreach ($account in $accounts)
{
New-Mailbox -MicrosoftOnlineServicesID $account.upn -Alias $account.alias -Name $account.name -Room -EnableRoomMailboxAccount $True -RoomMailboxPassword (ConvertTo-SecureString -String $account.password -AsPlainText -Force)
Set-Mailbox -Identity $account.upn -Type Regular
Set-CASMailbox -Identity $account.upn -ActiveSyncMailboxPolicy SurfaceHubs
Set-Mailbox -Identity $account.upn -Type Room
Set-Mailbox -Identity $account.upn -RoomMailboxPassword (ConvertTo-SecureString -String $account.password -AsPlainText -Force) -EnableRoomMailboxAccount $True
Set-CalendarProcessing -Identity $account.upn -AutomateProcessing AutoAccept -AddOrganizerToSubject $False –AllowConflicts $False –DeleteComments $False -DeleteSubject $False -RemovePrivateProperty $False -AddAdditionalResponse $True -AdditionalResponse "This is a Surface Hub room!"
Set-CalendarProcessing -Identity $account.upn -ProcessExternalMeetingMessages $True
Set-MsolUser -UserPrincipalName $account.upn -PasswordNeverExpires $True
Set-MsolUserLicense -UserPrincipalName $account.upn -AddLicenses $skus.AccountSkuId
Set-MsolUser -UserPrincipalName $account.upn -UsageLocation $countrycode
Enable-CsMeetingRoom -Identity $account.upn -RegistrarPool $regpool -SipAddressType UserPrincipalName
}
This post has been published mostly for remembering myself on how the accounts should be created (if possible), when having a scenario where they cannot be created in the on-premises Active Directory and being synchronized.
A follow up post will come later on regarding the accounts of Surface Hub
Great collaboration with Daniel Blunda regarding these accounts!
I have been struggling to connect Surface Hub to Exchange 2010.
This scrip does not work in 2010, but for the most part the room account I created and the ActiveSync policy we have similar properties. Yet it refuses to connect to Exchange… Do you have any tricks for Exchange 2010?
Hi Jonas
Can I pick your brain quickly? I have a single forest on prem, Looking to setup Surface hubs. The environment is Exchange 2010 and lync 2010 (I know Microsoft doesn’t support this anymore) Do you have any article that might help with setting up the accounts and configure these devices ?