Surface Hub용 PowerShell(v1)
참고
이 페이지에는 원래 Surface Hub(v1)를 위한 PowerShell 스크립트가 포함되어 있습니다. Surface Hub 2S의 경우 디바이스 계정 만들기 및 테스트를 참조하세요.
필수 구성 요소
이러한 PowerShell 스크립트를 성공적으로 실행하려면 다음 필수 구성 요소를 설치해야 합니다.
- IT 전문가용 Microsoft Online Services 로그인 도우미 RTW
- Windows PowerShell Microsoft Azure Active Directory 모듈(64비트 버전)
- 비즈니스용 Skype Online을 위한 Windows PowerShell 모듈
Surface Hub 관리자용 PowerShell 스크립트
스크립트란 무엇인가요?
- 온-프레미스(Microsoft Exchange 및 Skype 2013 이상만 해당) 또는 온라인(Microsoft Office 365)에서 순수 단일 포리스트를 사용하여 Surface Hub용으로 올바르게 구성된 설치에 대한 장치 계정을 만듭니다.
- 임의 설치(온-프레미스 또는 온라인)에 대한 기존 장치 계정의 유효성을 검사하여 Surface Hub와 호환되는지 확인합니다.
- 고유한 장치 계정 만들기 또는 유효성 검사 스크립트를 만들려는 사용자를 위해 기본 템플릿을 제공합니다.
스크립트를 실행하려면 무엇이 필요한가요?
- 조직의 도메인 또는 테넌트, Exchange 서버 및 비즈니스용 Skype 서버에 대한 원격 PowerShell 액세스
- 조직의 도메인 또는 테넌트, Exchange 서버 및 비즈니스용 Skype 서버에 대한 관리자 자격 증명
참고
새 계정을 만들거나 기존 계정을 수정하든 유효성 검사 스크립트는 디바이스 계정이 올바르게 구성되어 있는지 확인합니다. Surface Hub에 장치 계정을 추가하기 전에 항상 유효성 검사 스크립트를 실행해야 합니다.
스크립트 실행
계정 만들기 스크립트는 다음 작업을 수행합니다.
- 관리자 자격 증명을 요청합니다.
- 도메인/테넌트에서 디바이스 계정을 만듭니다.
- Surface Hub 호환 ActiveSync 정책을 만들거나 디바이스 계정에 할당합니다.
- Exchange 및 비즈니스용 Skype 만든 계정에 대한 다양한 특성을 설정합니다.
- 만든 계정에 라이선스 및 권한을 할당합니다.
이러한 특성은 스크립트에서 설정하는 특성입니다.
Cmdlet | 특성 | 값 |
---|---|---|
Set-Mailbox | RoomMailboxPassword | 사용자 제공 |
EnableRoomMailboxAccount | True | |
유형 | Room | |
Set-CalendarProcessing | AutomateProcessing | AutoAccept |
RemovePrivateProperty | False | |
DeleteSubject | False | |
DeleteComments | False | |
AddOrganizerToSubject | False | |
AddAdditionalResponse | True | |
AdditionalResponse | "이것은 Surface Hub 방입니다!" | |
New-MobileDeviceMailboxPolicy | PasswordEnabled | False |
AllowNonProvisionableDevices | True | |
Enable-CSMeetingRoom | RegistrarPool | 사용자 제공 |
SipAddress | 장치 계정의 UPN(사용자 계정 이름)으로 설정 | |
Set-MsolUserLicense(O365만 해당) | AddLicenses | 사용자 제공 |
Set-MsolUser(O365만 해당) | PasswordNeverExpires | True |
Set-AdUser(온-프레미스에만 해당) | Enabled | True |
Set-AdUser(온-프레미스에만 해당) | PasswordNeverExpires | True |
참고
Azure AD 및 MSOnline PowerShell 모듈은 2024년 3월 30일부터 더 이상 사용되지 않습니다. 자세한 내용은 사용 중단 업데이트를 참조하세요. 이 날짜 이후에는 이러한 모듈에 대한 지원이 Microsoft Graph PowerShell SDK 및 보안 수정에 대한 마이그레이션 지원으로 제한됩니다. 사용되지 않는 모듈은 2025년 3월 30일까지 계속 작동합니다.
Microsoft Entra ID(이전의 Azure AD)와 상호 작용하려면 Microsoft Graph PowerShell로 마이그레이션하는 것이 좋습니다. 일반적인 마이그레이션 질문은 마이그레이션 FAQ를 참조하세요.
버전 1.0에 유의하세요. MSOnline x는 2024년 6월 30일 이후에 중단이 발생할 수 있습니다.
계정 생성 스크립트
이러한 스크립트는 사용자에 대한 디바이스 계정을 만듭니다. 계정 확인 스크립트를 사용하여 올바르게 실행되었는지 확인할 수 있습니다.
계정 생성 스크립트는 기존 계정을 수정할 수 없지만 기존 계정을 올바르게 구성하기 위해 실행해야 하는 cmdlet의 이해를 돕는 데 사용할 수 있습니다.
온-프레미스 계정 만들기
# SHAccountCreateOnPrem.ps1
$Error.Clear()
$ErrorActionPreference = "Stop"
$status = @{}
# Cleans up set state such as remote powershell sessions
function Cleanup()
{
if ($sessExchange)
{
Remove-PSSession $sessExchange
}
if ($sessCS)
{
Remove-PSSession $sessCS
}
}
function PrintError($strMsg)
{
Write-Host $strMsg -foregroundcolor Red
}
function PrintSuccess($strMsg)
{
Write-Host $strMsg -foregroundcolor Green
}
function PrintAction($strMsg)
{
Write-Host $strMsg -ForegroundColor Cyan
}
# Cleans up and prints an error message
function CleanupAndFail($strMsg)
{
if ($strMsg)
{
PrintError($strMsg);
}
Cleanup
exit 1
}
# Exits if there is an error set and prints the given message
function ExitIfError($strMsg)
{
if ($Error)
{
CleanupAndFail($strMsg);
}
}
## Collect account data ##
$credNewAccount = (Get-Credential -Message "Enter the desired UPN and password for this new account")
$strUpn = $credNewAccount.UserName
$strDisplayName = Read-Host "Please enter the display name you would like to use for $strUpn"
if (!$credNewAccount -Or [System.String]::IsNullOrEmpty($strDisplayName) -Or [System.String]::IsNullOrEmpty($credNewAccount.UserName) -Or $credNewAccount.Password.Length -le 0)
{
CleanupAndFail "Please enter all of the requested data to continue."
exit 1
}
## Sign in to remote powershell for exchange and lync online ##
$credExchange = $null
$credExchange=Get-Credential -Message "Enter credentials of an Exchange user with mailbox creation rights"
if (!$credExchange)
{
CleanupAndFail("Valid credentials are required to create and prepare the account.");
}
$strExchangeServer = Read-Host "Please enter the FQDN of your exchange server (e.g. exch.contoso.com)"
# Lync info
$credLync = Get-Credential -Message "Enter credentials of a Skype for Business admin (or cancel if they are the same as Exchange)"
if (!$credLync)
{
$credLync = $credExchange
}
$strLyncFQDN = Read-Host "Please enter the FQDN of your Lync server (e.g. lync.contoso.com) or enter to use [$strExchangeServer]"
if ([System.String]::IsNullOrEmpty($strLyncFQDN))
{
$strLyncFQDN = $strExchangeServer
}
PrintAction "Connecting to remote sessions. This can occasionally take a while - please do not enter input..."
try
{
$sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $credExchange -AllowRedirection -Authentication Kerberos -ConnectionUri "http://$strExchangeServer/powershell" -WarningAction SilentlyContinue
}
catch
{
CleanupAndFail("Failed to connect to exchange. Please check your credentials and try again. If this continues to fail, you may not have permission for remote powershell - if not, please perform the setup manually. Error message: $_")
}
PrintSuccess "Connected to Remote Exchange Shell"
try
{
$sessLync = New-PSSession -Credential $credLync -ConnectionURI "https://$strLyncFQDN/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue
}
catch
{
CleanupAndFail("Failed to connect to Lync. Please check your credentials and try again. Error message: $_")
}
PrintSuccess "Connected to Lync Server Remote PowerShell"
Import-PSSession $sessExchange -AllowClobber -WarningAction SilentlyContinue
Import-PSSession $sessLync -AllowClobber -WarningAction SilentlyContinue
## Create the Exchange mailbox ##
> [!Note]
> These exchange commandlets do not always throw their errors as exceptions
# Because Get-Mailbox throws an error if the mailbox isn't found
$Error.Clear()
PrintAction "Creating a new account..."
try
{
$mailbox = $null
$mailbox = (New-Mailbox -UserPrincipalName $credNewAccount.UserName -Alias $credNewAccount.UserName.substring(0,$credNewAccount.UserName.indexOf('@')) -room -Name $strDisplayName -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true)
} catch { }
ExitIfError "Failed to create a new mailbox on exchange.";
$status["Mailbox Setup"] = "Successfully created a mailbox for the new account"
$strEmail = $mailbox.WindowsEmailAddress
PrintSuccess "The following mailbox has been created for this room: $strEmail"
## Create or retrieve a policy to be applied to surface hub devices ##
# The policy disables requiring a device password so that the SurfaceHub does not need to be lockable to use Active Sync
$strPolicy = Read-Host 'Please enter the name for a new Surface Hub ActiveSync policy to be created and applied to this account.
We will configure that policy to be compatible with Surface Hub devices.
If this script has been used before, please enter the name of the existing policy.'
$easpolicy = $null
try {
$easpolicy = Get-MobileDeviceMailboxPolicy $strPolicy
}
catch {}
if ($easpolicy)
{
if (!$easpolicy.PasswordEnabled -and ($easpolicy.AllowNonProvisionableDevices -eq $null -or $easpolicy.AllowNonProvisionableDevices ))
{
PrintSuccess "An existing policy has been found and will be applied to this account."
}
else
{
PrintError "The policy you provided is incompatible with the surface hub."
$easpolicy = $null
$status["Device Password Policy"] = "Failed to apply the EAS policy to the account because the policy was invalid."
}
}
else
{
$Error.Clear()
PrintAction "Creating policy..."
$easpolicy = New-MobileDeviceMailboxPolicy -Name $strPolicy -PasswordEnabled $false -AllowNonProvisionableDevices $true
if ($easpolicy)
{
PrintSuccess "A new device policy has been created; you can use this same policy for all future Surface Hub device accounts."
}
else
{
PrintError "Could not create $strPolicy"
}
}
if ($easpolicy)
{
# Convert mailbox to user type so we can apply the policy (necessary)
# Sometimes it takes a while for this change to take affect so we have some nasty retry loops
$Error.Clear();
try
{
Set-Mailbox $credNewAccount.UserName -Type Regular
} catch {}
if ($Error)
{
$Error.Clear()
$status["Device Password Policy"] = "Failed to apply the EAS policy to the account."
}
else
{
# Loop until resource type goes away, up to 5 times
for ($i = 0; $i -lt 5 -And (Get-Mailbox $credNewAccount.UserName).ResourceType; $i++)
{
Start-Sleep -s 5
}
# If the mailbox is still a Room we cannot apply the policy
if (!((Get-Mailbox $credNewAccount.UserName).ResourceType))
{
$Error.Clear()
# Set policy for account
Set-CASMailbox $credNewAccount.UserName -ActiveSyncMailboxPolicy $strPolicy
if (!$Error)
{
$status["ActiveSync Policy"] = "Successfully applied $strPolicy to the account"
}
else
{
$status["ActiveSync Policy"] = "Failed to apply the EAS policy to the account."
}
$Error.Clear()
# Convert back to room mailbox
Set-Mailbox $credNewAccount.UserName -Type Room
# Loop until resource type goes back to room
for ($i = 0; ($i -lt 5) -And ((Get-Mailbox $credNewAccount.UserName).ResourceType -ne "Room"); $i++)
{
Start-Sleep -s 5
}
if ((Get-Mailbox $credNewAccount.UserName).ResourceType -ne "Room")
{
# A failure to convert the mailbox back to a room is unfortunate but means the mailbox is unusable.
$status["Mailbox Setup"] = "A mailbox was created but we could not set it to a room resource type."
}
else
{
try
{
Set-Mailbox $credNewAccount.UserName -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
} catch { }
if ($Error)
{
$status["Mailbox Setup"] = "A room mailbox was created but we could not set its password."
}
$Error.Clear()
}
}
}
}
PrintSuccess "Account creation completed."
PrintAction "Setting calendar processing rules..."
$Error.Clear();
## Prepare the calendar for automatic meeting responses ##
try {
Set-CalendarProcessing -Identity $credNewAccount.UserName -AutomateProcessing AutoAccept
} catch { }
if ($Error)
{
$status["Calendar Acceptance"] = "Failed to configure the account to automatically accept/decline meeting requests"
}
else
{
$status["Calendar Acceptance"] = "Successfully configured the account to automatically accept/decline meeting requests"
}
$Error.Clear()
try {
Set-CalendarProcessing -Identity $credNewAccount.UserName -RemovePrivateProperty $false -AddOrganizerToSubject $false -AddAdditionalResponse $true -DeleteSubject $false -DeleteComments $false -AdditionalResponse "This is a Surface Hub room!"
} catch { }
if ($Error)
{
$status["Calendar Response Configuration"] = "Failed to configure the account's response properties"
}
else
{
$status["Calendar Response Configuration"] = "Successfully configured the account's response properties"
}
$Error.Clear()
## Configure the Account to not expire ##
PrintAction "Configuring password not to expire..."
Start-Sleep -s 20
try
{
Set-AdUser $mailbox.UserPrincipalName -PasswordNeverExpires $true -Enabled $true
}
catch
{
}
if ($Error)
{
$status["Password Expiration Policy"] = "Failed to set the password to never expire"
}
else
{
$status["Password Expiration Policy"] = "Successfully set the password to never expire"
}
PrintSuccess "Completed Exchange configuration"
## Setup Skype for Business. This is somewhat optional and if it fails we SfbEnable can be used later ##
PrintAction "Configuring account for Skype for Business."
# Getting registrar pool
$strRegPool = $strLyncFQDN
$Error.Clear()
$strRegPoolEntry = Read-Host "Enter a Skype for Business Registrar Pool, or leave blank to use [$strRegPool]"
if (![System.String]::IsNullOrEmpty($strRegPoolEntry))
{
$strRegPool = $strRegPoolEntry
}
# Try to SfB-enable the account. Note that it may not work right away as the account needs to propagate to active directory
PrintAction "Enabling Skype for Business..."
Start-Sleep -s 10
$Error.Clear()
try {
Enable-CsMeetingRoom -Identity $credNewAccount.UserName -RegistrarPool $strRegPool -SipAddressType EmailAddress
}
catch { }
if ($Error)
{
$status["Skype for Business Account Setup"] = "Failed to setup the Skype for Business meeting room - you can run EnableSfb.ps1 to try again."
$Error.Clear();
}
else
{
$status["Skype for Business Account Setup"] = "Successfully enabled account as a Skype for Business meeting room"
}
Write-Host
## Cleanup and print results ##
Cleanup
$strDisplay = $mailbox.DisplayName
$strUsr = $credNewAccount.UserName
PrintAction "Summary for creation of $strUsr ($strDisplay)"
if ($status.Count -gt 0)
{
ForEach($k in $status.Keys)
{
$v = $status[$k]
$color = "yellow"
if ($v[0] -eq "S") { $color = "green" }
elseif ($v[0] -eq "F")
{
$color = "red"
$v += " Go to https://aka.ms/shubtshoot"
}
Write-Host -NoNewline $k -ForegroundColor $color
Write-Host -NoNewline ": "
Write-Host $v
}
}
else
{
PrintError "The account could not be created"
}
Office 365를 사용하여 디바이스 계정 만들기
Office 365 사용하여 디바이스 계정 만들기에 설명된 대로 계정을 만듭니다.
# SHAccountCreateO365.ps1
$Error.Clear()
$ErrorActionPreference = "Stop"
$status = @{}
# Cleans up set state such as remote powershell sessions
function Cleanup()
{
if ($sessExchange)
{
Remove-PSSession $sessExchange
}
if ($sessCS)
{
Remove-PSSession $sessCS
}
}
function PrintError($strMsg)
{
Write-Host $strMsg -foregroundcolor Red
}
function PrintSuccess($strMsg)
{
Write-Host $strMsg -foregroundcolor Green
}
function PrintAction($strMsg)
{
Write-Host $strMsg -ForegroundColor Cyan
}
# Cleans up and prints an error message
function CleanupAndFail($strMsg)
{
if ($strMsg)
{
PrintError($strMsg);
}
Cleanup
exit 1
}
# Exits if there is an error set and prints the given message
function ExitIfError($strMsg)
{
if ($Error)
{
CleanupAndFail($strMsg);
}
}
## Check dependencies ##
try {
Import-Module SkypeOnlineConnector
Import-Module MSOnline
}
catch
{
PrintError "Some dependencies are missing"
PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to https://www.microsoft.com/download/details.aspx?id=39366"
PrintError "Please install the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297"
CleanupAndFail
}
## Collect account data ##
$credNewAccount = (Get-Credential -Message "Enter the desired UPN and password for this new account")
$strUpn = $credNewAccount.UserName
$strDisplayName = Read-Host "Please enter the display name you would like to use for $strUpn"
if (!$credNewAccount -Or [System.String]::IsNullOrEmpty($strDisplayName) -Or [System.String]::IsNullOrEmpty($credNewAccount.UserName) -Or $credNewAccount.Password.Length -le 0)
{
CleanupAndFail "Please enter all of the requested data to continue."
exit 1
}
## Sign in to remote powershell for exchange and lync online ##
$credAdmin = $null
$credAdmin=Get-Credential -Message "Enter credentials of an Exchange and Skype for Business admin"
if (!$credadmin)
{
CleanupAndFail "Valid admin credentials are required to create and prepare the account."
}
PrintAction "Connecting to remote sessions. This can occasionally take a while - please do not enter input..."
try
{
$sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $credAdmin -AllowRedirection -Authentication basic -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -WarningAction SilentlyContinue
}
catch
{
CleanupAndFail "Failed to connect to exchange. Please check your credentials and try again. Error message: $_"
}
try
{
$sessCS = New-CsOnlineSession -Credential $credAdmin
}
catch
{
CleanupAndFail "Failed to connect to Skype for Business Online Datacenter. Please check your credentials and try again. Error message: $_"
}
try
{
Connect-MsolService -Credential $credAdmin
}
catch
{
CleanupAndFail "Failed to connect to Azure Active Directory. Please check your credentials and try again. Error message: $_"
}
Import-PSSession $sessExchange -AllowClobber -WarningAction SilentlyContinue
Import-PSSession $sessCS -AllowClobber -WarningAction SilentlyContinue
## Create the Exchange mailbox ##
> [!Note]
> These exchange commandlets do not always throw their errors as exceptions
# Because Get-Mailbox throws an error if the mailbox isn't found
$Error.Clear()
PrintAction "Creating a new account..."
try
{
$mailbox = $null
$mailbox = (New-Mailbox -MicrosoftOnlineServicesID $credNewAccount.UserName -room -Name $strDisplayName -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true)
} catch { }
ExitIfError "Failed to create a new mailbox on exchange.";
$status["Mailbox Setup"] = "Successfully created a mailbox for the new account"
$strEmail = $mailbox.WindowsEmailAddress
PrintSuccess "The following mailbox has been created for this room: $strEmail"
## Create or retrieve a policy to be be applied to surface hub devices ##
# The policy disables requiring a device password so that the SurfaceHub does not need to be lockable to use Active Sync
$strPolicy = Read-Host 'Please enter the name for a new Surface Hub ActiveSync policy to be be created and applied to this account.
We will configure that policy to be compatible with Surface Hub devices.
If this script has been used before, please enter the name of the existing policy.'
$easpolicy = $null
try {
$easpolicy = Get-MobileDeviceMailboxPolicy $strPolicy
}
catch {}
if ($easpolicy)
{
if (!$easpolicy.PasswordEnabled -and ($easpolicy.AllowNonProvisionableDevices -eq $null -or $easpolicy.AllowNonProvisionableDevices ))
{
PrintSuccess "An existing policy has been found and will be applied to this account."
}
else
{
PrintError "The policy you provided is incompatible with the surface hub."
$easpolicy = $null
$status["ActiveSync Policy"] = "Failed to apply the EAS policy to the account because the policy was invalid."
}
}
else
{
$Error.Clear()
PrintAction "Creating policy..."
$easpolicy = New-MobileDeviceMailboxPolicy -Name $strPolicy -PasswordEnabled $false -AllowNonProvisionableDevices $true
if ($easpolicy)
{
PrintSuccess "A new device policy has been created; you can use this same policy for all future Surface Hub device accounts."
}
else
{
PrintError "Could not create $strPolicy"
}
}
if ($easpolicy)
{
# Convert mailbox to user type so we can apply the policy (necessary)
# Sometimes it takes a while for this change to take affect so we have some nasty retry loops
$Error.Clear();
try
{
Set-Mailbox $credNewAccount.UserName -Type Regular
} catch {}
if ($Error)
{
$Error.Clear()
$status["Device Password Policy"] = "Failed to apply the EAS policy to the account."
PrintError "Failed to convert to regular account"
}
else
{
# Loop until resource type goes away, up to 5 times
for ($i = 0; $i -lt 5 -And (Get-Mailbox $credNewAccount.UserName).ResourceType; $i++)
{
Start-Sleep -s 5
}
# If the mailbox is still a Room we cannot apply the policy
if (!((Get-Mailbox $credNewAccount.UserName).ResourceType))
{
$Error.Clear()
# Set policy for account
Set-CASMailbox $credNewAccount.UserName -ActiveSyncMailboxPolicy $strPolicy
if (!$Error)
{
$status["Device Password Policy"] = "Successfully applied $strPolicy to the account"
}
else
{
$status["Device Password Policy"] = "Failed to apply the EAS policy to the account."
PrintError "Failed to apply policy"
}
$Error.Clear()
# Convert back to room mailbox
Set-Mailbox $credNewAccount.UserName -Type Room
# Loop until resource type goes back to room
for ($i = 0; ($i -lt 5) -And ((Get-Mailbox $credNewAccount.UserName).ResourceType -ne "Room"); $i++)
{
Start-Sleep -s 5
}
if ((Get-Mailbox $credNewAccount.UserName).ResourceType -ne "Room")
{
# A failure to convert the mailbox back to a room is unfortunate but means the mailbox is unusable.
$status["Mailbox Setup"] = "A mailbox was created but we could not set it to a room resource type."
}
else
{
Set-Mailbox $credNewAccount.UserName -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
if ($Error)
{
$status["Mailbox Setup"] = "A room mailbox was created but we could not set its password."
}
$Error.Clear()
}
}
}
}
else
{
$status["Device Password Policy"] = "Failed to apply the EAS policy to the account."
PrintError "Failed to obtain policy"
}
PrintSuccess "Account creation completed."
PrintAction "Setting calendar processing rules..."
$Error.Clear();
## Prepare the calendar for automatic meeting responses ##
try {
Set-CalendarProcessing -Identity $credNewAccount.UserName -AutomateProcessing AutoAccept
} catch { }
if ($Error)
{
$status["Calendar Acceptance"] = "Failed to configure the account to automatically accept/decline meeting requests"
}
else
{
$status["Calendar Acceptance"] = "Successfully configured the account to automatically accept/decline meeting requests"
}
$Error.Clear()
try {
Set-CalendarProcessing -Identity $credNewAccount.UserName -RemovePrivateProperty $false -AddOrganizerToSubject $false -AddAdditionalResponse $true -DeleteSubject $false -DeleteComments $false -AdditionalResponse "This is a Surface Hub room!"
} catch { }
if ($Error)
{
$status["Calendar Response Configuration"] = "Failed to configure the account's response properties"
}
else
{
$status["Calendar Response Configuration"] = "Successfully configured the account's response properties"
}
$Error.Clear()
## Configure the Account to not expire ##
PrintAction "Configuring password not to expire..."
try
{
Set-MsolUser -UserPrincipalName $credNewAccount.UserName -PasswordNeverExpires $true
}
catch
{
}
if ($Error)
{
$status["Password Expiration Policy"] = "Failed to set the password to never expire"
}
else
{
$status["Password Expiration Policy"] = "Successfully set the password to never expire"
}
PrintSuccess "Completed Exchange configuration"
## Setup Skype for Business. This is somewhat optional and if it fails we SfbEnable can be used later ##
PrintAction "Configuring account for Skype for Business."
# Getting registrar pool
$strRegPool = $null
try {
$strRegPool = (Get-CsTenant).TenantPoolExtension
}
catch {}
$Error.Clear()
if (![System.String]::IsNullOrEmpty($strRegPool))
{
$strRegPool = $strRegPool.Substring($strRegPool[0].IndexOf(':') + 1)
}
<#
$strRegPoolEntry = Read-Host "Enter a Skype for Business Registrar Pool, or leave blank to use [$strRegPool]"
if (![System.String]::IsNullOrEmpty($strRegPoolEntry))
{
$strRegPool = $strRegPoolEntry
}
#>
# Try to SfB-enable the account. Note that it may not work right away as the account needs to propagate to active directory
PrintAction "Enabling Skype for Business on $strRegPool"
Start-Sleep -s 10
$Error.Clear()
try {
Enable-CsMeetingRoom -Identity $credNewAccount.UserName -RegistrarPool $strRegPool -SipAddressType EmailAddress
}
catch { }
if ($Error)
{
$status["Skype for Business Account Setup"] = "Failed to setup the Skype for Business meeting room - you can run EnableSfb.ps1 to try again."
$Error.Clear();
}
else
{
$status["Skype for Business Account Setup"] = "Successfully enabled account as a Skype for Business meeting room"
}
## Now we need to assign a Skype for Business license to the account ##
# Assign a license to thes
$countryCode = (Get-CsTenant).CountryAbbreviation
$loc = Read-Host "Please enter the usage location for this device account (where the account is being used). This is a 2-character code that is used to assign licenses (e.g. $countryCode)"
try {
$Error.Clear()
Set-MsolUser -UserPrincipalName $credNewAccount.UserName -UsageLocation $loc
}
catch{}
if ($Error)
{
$status["Office 365 License"] = "Failed to assign an Office 365 license to the account"
$Error.Clear()
}
else
{
PrintAction "We found the following licenses available for your tenant:"
$skus = (Get-MsolAccountSku | Where-Object { !$_.AccountSkuID.Contains("INTUNE"); })
$i = 1
$skus | % {
Write-Host -NoNewline $i
Write-Host -NoNewLine ": AccountSKUID: "
Write-Host -NoNewLine $_.AccountSkuid
Write-Host -NoNewLine " Active Units: "
Write-Host -NoNewLine $_.ActiveUnits
Write-Host -NoNewLine " Consumed Units: "
Write-Host $_.ConsumedUnits
$i++
}
$iLicenseIndex = 0;
do
{
$iLicenseIndex = Read-Host 'Choose the number for the SKU you want to pick'
} while ($iLicenseIndex -lt 1 -or $iLicenseIndex -gt $skus.Length)
$strLicenses = $skus[$iLicenseIndex - 1].AccountSkuId
if (![System.String]::IsNullOrEmpty($strLicenses))
{
try
{
$Error.Clear()
Set-MsolUserLicense -UserPrincipalName $credNewAccount.UserName -AddLicenses $strLicenses
}
catch
{
}
if ($Error)
{
$Error.Clear()
$status["Office 365 License"] = "Failed to add a license to the account. Make sure you have remaining licenses."
}
else
{
$status["Office 365 License"] = "Successfully added license to the account"
}
}
else
{
$status["Office 365 License"] = "You opted not to install a license on this account"
}
}
Write-Host
## Cleanup and print results ##
Cleanup
$strDisplay = $mailbox.DisplayName
$strUsr = $credNewAccount.UserName
PrintAction "Summary for creation of $strUsr ($strDisplay)"
if ($status.Count -gt 0)
{
ForEach($k in $status.Keys)
{
$v = $status[$k]
$color = "yellow"
if ($v[0] -eq "S") { $color = "green" }
elseif ($v[0] -eq "F")
{
$color = "red"
$v += " Go to https://aka.ms/shubtshoot for help"
}
Write-Host -NoNewline $k -ForegroundColor $color
Write-Host -NoNewline ": "
Write-Host $v
}
}
else
{
PrintError "The account could not be created"
}
계정 확인 스크립트
이 통과/실패 스크립트는 Surface Hub 및 Surface Hub 2S에서 이전에 만든 디바이스 계정의 유효성을 검사하고 요약 보고서 또는 자세한 오류 메시지를 생성합니다. 예시:
15 tests executed
0 failures
2 warnings
15 passed
특정 설정에 대한 세부 정보는 표시되지 않습니다.
# SHAccountValidate.ps1
$Error.Clear()
$ErrorActionPreference = "Stop"
# Cleans up set state such as remote powershell sessions
function Cleanup()
{
if ($sessEx)
{
Remove-PSSession $sessEx
}
if ($sessSfb)
{
Remove-PSSession $sessSfb
}
}
function PrintError($strMsg)
{
Write-Host $strMsg -foregroundcolor "red"
}
function PrintSuccess($strMsg)
{
Write-Host $strMsg -foregroundcolor "green"
}
function PrintAction($strMsg)
{
Write-Host $strMsg -ForegroundColor Cyan
}
# Cleans up and prints an error message
function CleanupAndFail($strMsg)
{
if ($strMsg)
{
PrintError($strMsg);
}
Cleanup
exit 1
}
# Exits if there is an error set and prints the given message
function ExitIfError($strMsg)
{
if ($Error)
{
CleanupAndFail($strMsg);
}
}
$strUpn = Read-Host "What is the email address of the account you wish to validate?"
if (!$strUpn.Contains('@'))
{
CleanupAndFail "$strUpn isn't a valid email address"
}
$strExServer = Read-Host "What is your exchange server? (leave blank for online tenants)"
if ($strExServer.Equals(""))
{
$fExIsOnline = $true
}
else
{
$fExIsOnline = $false
}
$credEx = Get-Credential -Message "Please provide exchange user credentials"
$strRegistrarPool = Read-Host ("What is the Skype for Business registrar pool for $strUpn" + "? (leave blank for online tenants)")
$fSfbIsOnline = $strRegistrarPool.Equals("")
$fHasOnPrem = $true
if ($fSfbIsOnline -and $fExIsOnline)
{
do
{
$strHasOnPrem = (Read-Host "Do you have an on-premises Active Directory (Y/N) (No if your domain services are hosted entirely online)").ToUpper()
} while ($strHasOnPrem -ne "Y" -and $strHasOnPrem -ne "N")
$fHasOnPrem = $strHasOnPrem.Equals("Y")
}
$fHasOnline = $false
if ($fSfbIsOnline -or $fExIsOnline)
{
$fHasOnline = $true
}
if ($fSfbIsOnline)
{
try {
Import-Module SkypeOnlineConnector
}
catch
{
CleanupAndFail "To verify Skype for Business in online tenants you need the Lync Online Connector module from https://www.microsoft.com/download/details.aspx?id=39366"
}
}
else
{
$credSfb = (Get-Credential -Message "Please enter Skype for Business admin credentials")
}
if ($fHasOnline)
{
$credSfb = $credEx
try {
Import-Module MSOnline
}
catch
{
CleanupAndFail "To verify accounts in online tenants you need the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297"
}
}
PrintAction "Connecting to Exchange Powershell Session..."
[System.Management.Automation.Runspaces.AuthenticationMechanism] $authType = [System.Management.Automation.Runspaces.AuthenticationMechanism]::Kerberos
if ($fExIsOnline)
{
$authType = [System.Management.Automation.Runspaces.AuthenticationMechanism]::Basic
}
try
{
$sessEx = $null
if ($fExIsOnline)
{
$sessEx = New-PSSession -ConfigurationName microsoft.exchange -Credential $credEx -AllowRedirection -Authentication $authType -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -WarningAction SilentlyContinue
}
else
{
$sessEx = New-PSSession -ConfigurationName microsoft.exchange -Credential $credEx -AllowRedirection -Authentication $authType -ConnectionUri https://$strExServer/powershell -WarningAction SilentlyContinue
}
}
catch
{
}
if (!$sessEx)
{
CleanupAndFail "Connecting to Exchange Powershell failed, please validate your server is accessible and credentials are correct"
}
PrintSuccess "Connected to Exchange Powershell Session"
PrintAction "Connecting to Skype for Business Powershell Session..."
if ($fSfbIsOnline)
{
$sessSfb = New-CsOnlineSession -Credential $credSfb
}
else
{
$sessSfb = New-PSSession -Credential $credSfb -ConnectionURI "https://$strRegistrarPool/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue
}
if (!$sessSfb)
{
CleanupAndFail "Connecting to Skype for Business Powershell failed, please validate your server is accessible and credentials are correct"
}
PrintSuccess "Connected to Skype for Business Powershell"
if ($fHasOnline)
{
$credMsol = $null
if ($fExIsOnline)
{
$credMsol = $credEx
}
elseif ($fSfbIsOnline)
{
$credMsol = $credSfb
}
else
{
CleanupAndFail "Internal error - could not determine MS Online credentials"
}
try
{
PrintAction "Connecting to Azure Active Directory Services..."
Connect-MsolService -Credential $credMsol
PrintSuccess "Connected to Azure Active Directory Services"
}
catch
{
# This really shouldn't happen unless there is a network error
CleanupAndFail "Failed to connect to MSOnline"
}
}
PrintAction "Importing remote sessions into the local session..."
try
{
$importEx = Import-PSSession $sessEx -AllowClobber -WarningAction SilentlyContinue -DisableNameChecking
$importSfb = Import-PSSession $sessSfb -AllowClobber -WarningAction SilentlyContinue -DisableNameChecking
}
catch
{
}
if (!$importEx -or !$importSfb)
{
CleanupAndFail "Import failed"
}
PrintSuccess "Import successful"
$mailbox = $null
try
{
$mailbox = Get-Mailbox -Identity $strUpn
}
catch
{
}
if (!$mailbox)
{
CleanupAndFail "Account exists check failed. Unable to find the mailbox for $strUpn - please make sure the Exchange account exists on $strExServer"
}
$exchange = $null
if (!$fExIsOnline)
{
$exchange = Get-ExchangeServer
if (!$exchange -or !$exchange.IsE14OrLater)
{
CleanupAndFail "A compatible exchange server version was not found. Please use at least exchange 2010."
}
}
$strAlias = $mailbox.UserPrincipalName
$strDisplayName = $mailbox.DisplayName
$strLinkedAccount = $strLinkedDomain = $strLinkedUser = $strLinkedServer = $null
$credLinkedDomain = $Null
if (!$fExIsOnline -and ![System.String]::IsNullOrEmpty($mailbox.LinkedMasterAccount) -and !$mailbox.LinkedMasterAccount.EndsWith("\SELF"))
{
$strLinkedAccount = $mailbox.LinkedMasterAccount
$strLinkedDomain = $strLinkedAccount.substring(0,$strLinkedAccount.IndexOf('\'))
$strLinkedUser = $strLinkedAccount.substring($strLinkedAccount.IndexOf('\') + 1)
$strLinkedServer = Read-Host "What is the domain controller for the $strLinkedDomain"
$credLinkedDomain = (Get-Credential -Message "Please provide credentials for $strLinkedDomain")
}
Write-Host
Write-Host
Write-Host
PrintAction "Performing verification checks on $strDisplayName..."
$Global:iTotalFailures = 0
$global:iTotalWarnings = 0
$Global:iTotalPasses = 0
function Validate()
{
Param(
[string]$Test,
[bool] $Condition,
[string]$FailureMsg,
[switch]$WarningOnly
)
Write-Host -NoNewline -ForegroundColor White $Test.PadRight(100,'.')
if ($Condition)
{
Write-Host -ForegroundColor Green "Passed"
$global:iTotalPasses++
}
else
{
if ($WarningOnly)
{
Write-Host -ForegroundColor Yellow ("Warning: "+$FailureMsg)
$global:iTotalWarnings++
}
else
{
Write-Host -ForegroundColor Red ("Failed: "+$FailureMsg)
$global:iTotalFailures++
}
}
}
## Exchange ##
Validate -WarningOnly -Test "The mailbox $strUpn is enabled as a room account" -Condition ($mailbox.RoomMailboxAccountEnabled -eq $True) -FailureMsg "RoomMailboxEnabled - without a device account, the Surface Hub won't be able to use various key features."
$calendarProcessing = Get-CalendarProcessing -Identity $strUpn -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
Validate -Test "The mailbox $strUpn is configured to accept meeting requests" -Condition ($calendarProcessing -ne $null -and $calendarProcessing.AutomateProcessing -eq 'AutoAccept') -FailureMsg "AutomateProcessing - the Surface Hub won't be able to send mail or sync its calendar."
Validate -WarningOnly -Test "The mailbox $strUpn won't delete meeting comments" -Condition ($calendarProcessing -ne $null -and !$calendarProcessing.DeleteComments) -FailureMsg "DeleteComments - the Surface Hub may be missing some meeting information on the welcome screen and Skype."
Validate -WarningOnly -Test "The mailbox $strUpn keeps private meetings private" -Condition ($calendarProcessing -ne $null -and !$calendarProcessing.RemovePrivateProperty) -FailureMsg "RemovePrivateProperty - the Surface Hub will make show private meetings."
Validate -Test "The mailbox $strUpn keeps meeting subjects" -Condition ($calendarProcessing -ne $null -and !$calendarProcessing.DeleteSubject) -FailureMsg "DeleteSubject - the Surface Hub won't keep meeting subject information."
Validate -WarningOnly -Test "The mailbox $strUpn does not prepend meeting organizers to subjects" -Condition ($calendarProcessing -ne $null -and !$calendarProcessing.AddOrganizerToSubject) -FailureMsg "AddOrganizerToSubject - the Surface Hub won't display meeting subjects as intended."
if ($fExIsOnline)
{
#No online specifics
}
else
{
#No onprem specifics
}
#ActiveSync
$casMailbox = Get-Casmailbox $strUpn -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
Validate -Test "The mailbox $strUpn has a mailbox policy" -Condition ($casMailbox -ne $null) -FailureMsg "PasswordEnabled - unable to find policy - the Surface Hub won't be able to send mail or sync its calendar."
if ($casMailbox)
{
$policy = $null
if ($fExIsOnline -or $exchange.IsE15OrLater)
{
$strPolicy = $casMailbox.ActiveSyncMailboxPolicy
$policy = Get-MobileDeviceMailboxPolicy -Identity $strPolicy -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
Validate -Test "The policy $strPolicy does not require a device password" -Condition ($policy.PasswordEnabled -ne $True) -FailureMsg "PasswordEnabled - policy requires a device password - the Surface Hub won't be able to send mail or sync its calendar."
}
else
{
$strPolicy = $casMailbox.ActiveSyncMailboxPolicy
$policy = Get-ActiveSyncMailboxPolicy -Identity $strPolicy -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
Validate -Test "The policy $strPolicy does not require a device password" -Condition ($policy.PasswordEnabled -ne $True) -FailureMsg "PasswordEnabled - policy requires a device password - the Surface Hub won't be able to send mail or sync its calendar."
}
if ($policy -ne $null)
{
Validate -Test "The policy $strPolicy allows non-provisionable devices" -Condition ($policy.AllowNonProvisionableDevices -eq $null -or $policy.AllowNonProvisionableDevices -eq $true) -FailureMsg "AllowNonProvisionableDevices - policy won't allow the SurfaceHub to sync"
}
}
# Check the default access level
$orgSettings = Get-ActiveSyncOrganizationSettings
$strDefaultAccessLevel = $orgSettings.DefaultAccessLevel
Validate -Test "ActiveSync devices are allowed" -Condition ($strDefaultAccessLevel -eq 'Allow') -FailureMsg "DeviceType Windows Mail is accessible - devices are not allowed by default - the surface hub won't be able to send mail or sync its calendar."
# Check if there exists a device access rule that bans the device type Windows Mail
$blockingRules = Get-ActiveSyncDeviceAccessRule | where {($_.AccessLevel -eq 'Block' -or $_.AccessLevel -eq 'Quarantine') -and $_.Characteristic -eq 'DeviceType'-and $_.QueryString -eq 'WindowsMail'}
Validate -Test "Windows mail devices are not blocked or quarantined" -Condition ($blockingRules -eq $null -or $blockingRules.Length -eq 0) -FailureMsg "DeviceType Windows Mail is accessible - devices are blocked or quarantined - the surface hub won't be able to send mail or sync its calendar."
## End Exchange ##
## SfB ##
$strLyncIdentity = $null
if ($fSfbIsOnline)
{
$strLyncIdentity = $strUpn
}
else
{
$strLyncIdentity = $strAlias
}
$lyncAccount = $null
try {
$lyncAccount = Get-CsMeetingRoom -Identity $strLyncIdentity -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
} catch {
try {
$lyncAccount = Get-CsUser -Identity $strLyncIdentity -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
} catch { }
}
Validate -Test "There is a Lync or Skype for Business account for $strLyncIdentity" -Condition ($lyncAccount -ne $null -and $lyncAccount.Enabled) -FailureMsg "SfB Enabled - there is no Skype for Business account - meetings won't support Skype for Business"
if ($lyncAccount)
{
Validate -Test "The meeting room has a SIP address" -Condition (![System.String]::IsNullOrEmpty($lyncAccount.SipAddress)) -FailureMsg "SfB Enabled - there is no SIP Address - the device account cannot be used to sign into Skype for Business."
}
## End SFB ##
if ($fHasOnline)
{
#License validation and password expiry
$accountOnline = Get-MsolUser -UserPrincipalName $strUpn -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
Validate -Test "There is an online user account for $strUpn" -Condition ($accountOnline -ne $null) -FailureMsg "Could not find a Microsoft Online account for this user even though some services are online"
if ($accountOnline)
{
Validate -Test "The password for $strUpn won't expire" -Condition ($accountOnline.PasswordNeverExpires -eq $True) -FailureMsg "PasswordNeverExpires - the admin needs to update the device account's password on the Surface Hub when it expires."
if ($fIsSfbOnline -and !$fIsExOnline)
{
$strLicenseFailureMsg = "Has O365 license - The devices won't be able to use Skype for Business services."
}
elseif ($fIsExOnline -and !$fIsSfbOnline)
{
$strLicenseFailureMsg = "Has O365 license - The devices won't be able to use Exchange Online services."
}
else
{
$strLicenseFailureMsg = "Has O365 license - The devices won't be able to use Skype for Business or Exchange Online services."
}
Validate -Test "$strUpn is licensed" -Condition ($accountOnline.IsLicensed -eq $True) -FailureMsg $strLicenseFailureMsg
Validate -Test "$strUpn is allowed to sign in" -Condition ($accountOnline.BlockCredential -ne $True) -FailureMsg "BlockCredential - This user isn't allowed to sign in."
}
}
#If there is an on-premises component, we can get the authoritative AD user from mailbox
if ($fHasOnPrem)
{
$accountOnPrem = $null
if ($strLinkedAccount)
{
$accountOnPrem = Get-AdUser $strLinkedUser -server $strLinkedServer -credential $credLinkedDomain -properties PasswordNeverExpires -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
}
else
{
#AD User enabled validation
$accountOnPrem = Get-AdUser $mailbox.UserPrincipalName -properties PasswordNeverExpires -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
}
$strOnPremUpn = $accountOnPrem.UserPrincipalName
Validate -Test "There is a user account for $strOnPremUpn" -Condition ($accountOnprem -ne $null) -FailureMsg "Could not find an Active Directory account for this user"
if ($accountOnPrem)
{
Validate -WarningOnly -Test "The password for $strOnPremUpn won't expire" -Condition ($accountOnprem.PasswordNeverExpires -eq $True) -FailureMsg "PasswordNeverExpires - the admin needs to update the device account's password on the Surface Hub when it expires."
Validate -Test "$strOnPremUpn is enabled" -Condition $accountOnPrem.Enabled -FailureMsg "AccountEnabled - this device account won't sign in"
}
}
$global:iTotalTests = ($global:iTotalFailures + $global:iTotalPasses + $global:iTotalWarnings)
Write-Host -NoNewline $global:iTotalTests "tests executed: "
Write-Host -NoNewline -ForegroundColor Red $Global:iTotalFailures "failures "
Write-Host -NoNewline -ForegroundColor Yellow $Global:iTotalWarnings "warnings "
Write-Host -ForegroundColor Green $Global:iTotalPasses "passes "
Cleanup
비즈니스용 Skype 사용
이 스크립트를 사용하면 디바이스 계정에서 비즈니스용 Skype 수 있습니다. 이전에 계정을 만드는 동안 비즈니스용 Skype를 사용하도록 설정하지 않은 경우에만 사용합니다.
## This script performs only the Enable for Skype for Business step on an account. It should only be run if this step failed in SHAccountCreate and the other steps have been completed ##
# EnableSfb.ps1
$Error.Clear()
$ErrorActionPreference = "Stop"
# Cleans up set state such as remote powershell sessions
function Cleanup()
{
if ($sessCS)
{
Remove-PSSession $sessCS
}
}
function PrintError($strMsg)
{
Write-Host $strMsg -foregroundcolor "red"
}
function PrintSuccess($strMsg)
{
Write-Host $strMsg -foregroundcolor "green"
}
# Cleans up and prints an error message
function CleanupAndFail($strMsg)
{
if ($strMsg)
{
PrintError($strMsg);
}
Cleanup
exit 1
}
# Exits if there is an error set and prints the given message
function ExitIfError($strMsg)
{
if ($Error)
{
CleanupAndFail($strMsg);
}
}
## Check dependencies ##
$input = Read-Host "Is the account you wish to enable part of an online environment (enter O) or on-premises environment (enter P)"
if ($input -eq "P")
{
$online = $false
}
elseif ($input -eq "O")
{
$online = $true
}
else
{
CleanupAndFail "Invalid selection"
}
if ($online)
{
try {
Import-Module SkypeOnlineConnector
}
catch
{
PrintError "Some dependencies are missing"
PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to https://www.microsoft.com/download/details.aspx?id=39366"
PrintError "Please install the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297"
CleanupAndFail
}
}
else
{
$strRegPool = Read-Host "Enter the FQDN of your Skype for Business Registrar Pool"
}
## Collect account data ##
Write-Host "----------- Enter info for the account to enable -----------." -foregroundcolor "magenta"
$strRoomUri=Read-Host 'Please enter the UPN of the account you are enabling (e.g. confroom@surfacehub.microsoft.com)'
if ([System.String]::IsNullOrEmpty($strRoomUri))
{
CleanupAndFail "Please enter all of the requested data to continue."
exit 1
}
Write-Host "--------------------------------------------------------------." -foregroundcolor "magenta"
## Sign in to remote powershell for exchange and lync online ##
Write-Host "`n------------------ Establishing connection -----------------." -foregroundcolor "magenta"
$credAdmin=Get-Credential -Message "Enter credentials of a Skype for Business admin"
if (!$credadmin)
{
CleanupAndFail("Valid admin credentials are required to create and prepare the account.");
}
Write-Host "Connecting to remote sessions. This can occasionally take a while - please do not enter input..."
try
{
if ($online)
{
$sessCS = New-CsOnlineSession -Credential $credAdmin
}
else
{
$sessCS = New-PSSession -Credential $credAdmin -ConnectionURI "https://$strRegPool/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue
}
}
catch
{
CleanupAndFail("Failed to connect to Skype for Business server. Please check your credentials and try again. Error message: $_")
}
Import-PSSession $sessCS -AllowClobber
Write-Host "--------------------------------------------------------------." -foregroundcolor "magenta"
# Getting registrar pool
if ($online)
{
try {
$strRegPool = $null;
$strRegPool = (Get-CsTenant).RegistrarPool
} catch {}
if ($Error)
{
$Error.Clear();
$strRegPool = "";
Write-Host "We failed to lookup your Skype for Business Registrar Pool, but you can still enter it manually"
}
else
{
$strRegPool = $strRegPool[0].Substring($strRegPool[0].IndexOf(':') + 1)
}
}
$Error.Clear()
try {
Enable-CsMeetingRoom -Identity $strRoomUri -RegistrarPool $strRegPool -SipAddressType EmailAddress
}
catch {}
ExitIfError("Failed to setup Skype for Business meeting room")
PrintSuccess "Successfully enabled $strRoomUri as a Skype for Business meeting room"
Cleanup
유용한 cmdlet
Surface Hub 호환 ActiveSync 정책 만들기
Surface Hub에서 Exchange 서비스를 사용하려면 호환되는 ActiveSync 정책으로 구성된 장치 계정이 장치에 프로비전되어 있어야 합니다. 이 정책에는 다음과 같은 요구 사항이 있습니다.
PasswordEnabled == 0
다음 cmdlet에서 $strPolicy
는 ActiveSync 정책의 이름이고 $strRoomUpn
은 정책을 적용하려는 장치 계정의 UPN입니다.
cmdlet을 실행하려면 원격 PowerShell 세션을 설정하고 다음을 수행해야 합니다.
- 관리자 계정에서 원격 PowerShell를 사용할 수 있어야 합니다. 이 설정을 사용하면 관리자가 스크립트에 필요한 PowerShell cmdlet을 사용할 수 있습니다. 이 사용 권한은
set-user $admin -RemotePowerShellEnabled $true
를 사용하여 설정할 수 있습니다. - 생성 스크립트를 실행하려는 경우 관리자 계정에 '암호 재설정' 역할이 있어야 합니다. 이 역할을 사용하면 관리자가 스크립트에 필요한 계정의 암호를 변경할 수 있습니다. 암호 재설정 역할은 Exchange 관리 센터를 통해 사용하도록 설정할 수 있습니다.
정책을 만듭니다.
# Create new policy with PasswordEnabled == false
New-MobileDeviceMailboxPolicy -Name $strPolicy -PasswordEnabled $false –AllowNonProvisionableDevices $true
정책을 적용하려면 사서함이 방 유형일 수 없으므로 먼저 사용자로 변환해야 합니다.
# Convert user to regular type
Set-Mailbox $strRoomUpn -Type Regular
# Set policy for account
Set-CASMailbox $strRoomUpn -ActiveSyncMailboxPolicy $strPolicy
이제 장치 계정을 다시 방 유형으로 변환하면 됩니다.
# Convert back to room mailbox
Set-Mailbox $strRoomUpn -Type Room
ActiveSync에 장치 ID 허용
계정 $strRoomUpn
을 허용하려면 다음 명령을 실행합니다.
Set-CASMailbox –Identity $strRoomUpn –ActiveSyncAllowedDeviceIDs “<ID>”
장치의 ID를 찾으려면 다음을 실행합니다.
Get-ActiveSyncDevice -Mailbox $strRoomUpn
이 명령은 속성을 포함하여 계정이 프로비전된 모든 디바이스에 대한 디바이스 정보를 검색합니다 DeviceId
.
모임 요청 자동 수락 및 거부
장치 계정이 가용성에 따라 모임 요청을 자동으로 승인하거나 거부하려면 AutomateProcessing 특성을 AutoAccept로 설정해야 합니다. 이 특성은 겹치는 모임을 방지하기 위해 로 권장됩니다.
Set-CalendarProcessing $strRoomUpn -AutomateProcessing AutoAccept
외부 모임 요청 수락
장치 계정이 외부 모임 요청(동일한 테넌트/도메인에 없는 계정의 모임 요청)을 수락하려면 외부 모임 요청 처리를 허용하도록 장치 계정을 설정해야 합니다. 설정되면 디바이스 계정은 외부 계정 및 로컬 계정의 모임 요청을 자동으로 수락하거나 거부합니다.
참고
AutomateProcessing 특성이 AutoAccept로 설정되지 않은 경우 이 값을 설정해도 효과가 없습니다.
Set-CalendarProcessing $strRoomUpn -ProcessExternalMeetingMessages $true