Background

Most of you already know what a Surface Hub is since Microsoft have pushed really hard for these devices. If you for some unknown reason doesn’t know what it is, or how it looks like. Then take a look at the following link: https://www.microsoft.com/microsoft-surface-hub/en-us

As you may know (or don’t, doesn’t matter..) I’m responsible to the technical solution of Office 365 and being a bit more specific; Skype for Business is the main one for me.

However, it took me a while to actually figure out what kind of accounts that was needed for the Surface Hub device to be honest. You can read about this at TechNet of course but they are just talking about device account (and what the heck is that? computer or user?)..

So what that said I wanted to share the knowledge I got so far from creation of the “device” accounts, which is a ROOM MAILBOX and nothing else (a customized room mailbox).

So to the steps that was taken:

Step 1:

  • Create one CSV file including the accounts we want to get created

In general the CSV file looks similar to the formatting of the text below

alias;upn;name;password
edu.surfacehub_55;edu.surfacehub_55@testlabstrial.onmicrosoft.com;Surface Hub 55;Welcome2016!!
edu.surfacehub_84;edu.surfacehub_84@testlabstrial.onmicrosoft.com;Surface Hub 84;Welcome2016!!

Note: an example of the CSV file can be found below:

Step 2:

For automating the creation of the listed accounts in the file, we can easily utilize PowerShell

Start:


$accounts = Import-Csv ".\surfacehubacct.csv" -Delimiter ";"

# Prereq's
$countrycode = (Get-CsTenant).CountryAbbreviation
$regpool = (Get-CsTenant).TenantPoolExtension
$regpool = $regpool.Substring($regpool[0].IndexOf(':') + 1)
$skuid = (Get-MsolAccountSku | Where-Object {$_.AccountSkuID.Contains("ENTERPRISEPACK"); })
$easpolicys = Get-MobileDeviceMailboxPolicy

if ($easpolicys.Count -gt 1)
{
foreach ($easpolicy in $easpolicys)
{
if (($easpolicy.PasswordEnabled -eq $False) -and ($easpolicy.AllowNonProvisionableDevices -eq $null -or $easpolicy.AllowNonProvisionableDevices -eq $True))
{
$easpolicy = $easpolicy
}

else
{
Write-Host "The policy is incompatible with the surface hub." -ForegroundColor Red
$easpolicy = $null
New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $False -AllowNonProvisionableDevices $True
Write-Host "A new Mobile Device Mailbox Policy has been created" -ForegroundColor Green
$easpolicy = Get-MobileDeviceMailboxPolicy
}
}
}

if ($easpolicys.Count -eq $null)
{
if (($easpolicys.PasswordEnabled -eq $False) -and ($easpolicys.AllowNonProvisionableDevices -eq $null -or $easpolicys.AllowNonProvisionableDevices -eq $True))
{
$easpolicy = $easpolicys
}

else
{
Write-Host "The policy is incompatible with the surface hub." -ForegroundColor Red
$easpolicy = $null
New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $False -AllowNonProvisionableDevices $True
Write-Host "A new Mobile Device Mailbox Policy has been created" -ForegroundColor Green
$easpolicy = "SurfaceHubs"
}
}

if (!$easpolicys)
{
Write-Host "No policy can be found." -ForegroundColor Red
$easpolicy = $null
New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $False -AllowNonProvisionableDevices $True
Write-Host "A new Mobile Device Mailbox Policy has been created" -ForegroundColor Green
$easpolicy = Get-MobileDeviceMailboxPolicy
}

foreach ($account in $accounts)
{
New-Mailbox -MicrosoftOnlineServicesID $account.upn -Alias $account.alias -Name $account.name -Room -EnableRoomMailboxAccount $True -RoomMailboxPassword (ConvertTo-SecureString -String $account.password -AsPlainText -Force)
Set-Mailbox -Identity $account.upn -Type Regular
Set-CASMailbox -Identity $account.upn -ActiveSyncMailboxPolicy SurfaceHubs
Set-Mailbox -Identity $account.upn -Type Room
Set-Mailbox -Identity $account.upn -RoomMailboxPassword (ConvertTo-SecureString -String $account.password -AsPlainText -Force) -EnableRoomMailboxAccount $True
Set-CalendarProcessing -Identity $account.upn -AutomateProcessing AutoAccept -AddOrganizerToSubject $False –AllowConflicts $False –DeleteComments $False -DeleteSubject $False -RemovePrivateProperty $False -AddAdditionalResponse $True -AdditionalResponse "This is a Surface Hub room!"
Set-CalendarProcessing -Identity $account.upn -ProcessExternalMeetingMessages $True
Set-MsolUser -UserPrincipalName $account.upn -PasswordNeverExpires $True
Set-MsolUserLicense -UserPrincipalName $account.upn -AddLicenses $skus.AccountSkuId
Set-MsolUser -UserPrincipalName $account.upn -UsageLocation $countrycode
Enable-CsMeetingRoom -Identity $account.upn -RegistrarPool $regpool -SipAddressType UserPrincipalName
}

This post has been published mostly for remembering myself on how the accounts should be created (if possible), when having a scenario where they cannot be created in the on-premises Active Directory and being synchronized.

A follow up post will come later on regarding the accounts of Surface Hub

Great collaboration with Daniel Blunda regarding these accounts!