Skip to main content
CallTower Solutions Center

Microsoft Surface Hub Setup Using Office 365 with DirSync

  1. Last updated
  2. Save as PDF

Prerequisites

  • DirSync
  • Windows PowerShell
  • Windows Azure Active Directory Module for Windows PowerShell
  • Resource Mailbox on Exchange (Office 365)
  • Lync/Skype Account (Created in CallTower Connect)

 

Steps

1.      Open Windows PowerShell run as Administrator Login to Office 365 and create the mailbox as shown below

2.      The commands are below. The text in bold italics are the variables that need to be changed.

 

 

New-Mailbox -PrimarySmtpAddress username@domain.com -Alias username -Name "Display Name" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String password -AsPlainText -Force)

Create the same user with the same username, Display Name, and password in your AD. (Be sure to set the password to never expire)

Open Windows Azure Active Directory Module for Windows PowerShell and run as Administrator

Run additional commands below. The text in bold italics are the variables that need to be changed.

Connect-MsolService -Credential $cred

(enter Office 365 admin credentials when you see the pop up window)

Get-ADUser

cmdlet Get-ADUser at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Filter: userprincipalname -eq username@domain.com

 

You will see information below like this

 

DistinguishedName : CN=Display Name,OU=USERS,OU=Company=domain.com
Enabled           : True
GivenName         : First
Name              : Display Name
ObjectClass       : user
ObjectGUID        : 97cc9db9-c6e2-47a4-819f-d3d863eff864
SamAccountName    : username
SID               : S-1-5-21-586247644-145949375-1846952604-89815
Surname           : Last
UserPrincipalName : username@domain.com

 

copy the objectGUID

 

 $guid = (Get-ADUser -identity 97cc9db9-c6e2-47a4-819f-d3d863eff864).ObjectGuid
$immutableID = [System.Convert]::ToBase64String($guid.tobytearray())
Set-MSOLuser -UserPrincipalName username@domain.onmicrosoft.com -ImmutableID $immutableID

Run DirSync to sync the account to Office 365 and make sure the status shows "Synced with Active Directory" on the active users list in Office 365

Run additional commands below. The text in bold italics are the variables that need to be changed.

$easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false (Skip this command if this is an additional resource mailbox that is being created for a Surface Hub)

Set-CASMailbox "Display Name" -ActiveSyncMailboxPolicy "surfacehubs"

Set-CalendarProcessing -Identity username@domain.com -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false

Set-CalendarProcessing -Identity username@domain.com -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"

 

3.  Only complete this step if you have a password policy that expires in Office 365

Windows Azure Active Directory Module for Windows PowerShell and run as Administrator

Run additional commands below. The text in bold italics are the variables that need to be changed.

Connect-MsolService -Credential $cred

(enter Office 365 admin credentials when you see the pop up window)

get-msoluser -title "Display Name" | Set-MsolUser -PasswordNeverExpires $true

 

4.      In Connect - create the Lync/Skype account as Enterprise Plus Voice with the same username, display name, and password as the mailbox.

5.     Click the link below to download the certificate package and move it to a thumb drive and then install it on the Surface Hub

 MSHub2.ppkg

 

Deploy a provisioning package to a Surface Hub

The following two methods for deploying provisioning packages apply to any kind of provisioning package that is being deployed to a Surface Hub. There is no difference in the way cert provisioning packages and app provisioning packages are installed. You may see different description text in the UI depending on what the package is for, but the process is still the same.

Deploy a provisioning package using first run

  1. When you turn on the Surface Hub for the first time, the first run process will display the page titled Hi there. Make sure the settings on this page are correct before you proceed. (See Hi there page for details.) Once you've deployed your provisioning package, the first run process will not return here. It will continue to the next screen.
  2. Insert the USB drive into the Surface Hub.
  3. Press the Windows key on the separate keyboard five times. You’ll see a dialog box asking whether you want to set up your device. Click Set Up.

2017-02-23_8-58-51.jpg

 4. Click on Removable Media in the Provision From dropdown list, then click Next.

2017-02-23_8-59-31.jpg

 5. The available packages in the root directory of the USB drive will be listed. Note that you can only install one package during first run. Select the package you want to install and then click Next.

2017-02-23_9-00-04.jpg

6. You’ll then see a dialog asking if it’s from a source you trust. Click Yes, add it. The certificate will be installed, and you’ll be taken to the next page of first run.

2017-02-23_9-00-37.jpg

Deploy a provisioning package using Settings

  1. Insert the USB drive into the Surface Hub you want to deploy to.
  2. On the Surface Hub, open Settings and enter in the admin credentials.
  3. Navigate to System > Work Access. Under the header Related settings, click on Add or remove a management package.
  4. Here, click the button for Add a package.

2017-02-23_9-01-08.jpg

5. Click Removable media from the dropdown list. You will see a list of available provisioning packages on the Settings page.

2017-02-23_9-01-42.jpg

6. Choose your package and click Add.

2017-02-23_9-02-13.jpg

7. You may have to re-enter the admin credentials if User Access Control (UAC) asks for them.

8. You’ll see a confirmation dialog box. Click Yes, add it. The certificate will be installed.

Add FQDN to Surface Hub

You use the Settings app on Surface Hub to add FQDN information. You can add multiple entries, if needed.

To add Skype for Business Server FQDN

  1. On Surface Hub open the Settings app.
  2. Navigate to SystemMicrosoft Surface Hub.
  3. Under Skype for Business, click Add FQDN.
  4. Type the FQDN for the Skype for Business certificate. Skype for Business 2015 is ct950.com ; Lync 2013 Hosters Pack Version 2 is ct650.com

2017-02-23_9-02-52.jpg

Reference Articles

https://technet.microsoft.com/itpro/surface-hub/online-deployment-surface-hub-device-accounts

https://blogs.msdn.microsoft.com/surfacehub/2016/06/07/download-and-deploy-skype-for-business-certificates-using-powershell/

https://technet.microsoft.com/en-us/itpro/surface-hub/use-fully-qualified-domain-name-surface-hub

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Reference
  2. Tags
    This page has no tags.