Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Enable Exchange Remote Powershell access for non-admin
My goal is to set up a limited domain user with access to create RemoteMailbox objects from a remote computer using powershell.
Steps I've taken:
The command to create the powershell session (
Steps I've taken:
- I gave a limited domain user the "Recipient Management" role to create RemoteMailbox objects.
- I added this user to the "Remote Management" local group on the Exchange Server.
The command to create the powershell session (
New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://$ExchangeServerDns/PowerShell/"
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Try the following:
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://Exchangeserver_FQDN/powershell -Credential (Get-Credential)
Import-PSSession $session
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://Exchangeserver_FQDN/powershell -Credential (Get-Credential)
Import-PSSession $session
Probably is because you're not using the correct authentication:
Try it like this
Source: https://docs.microsoft.com/en-us/powershell/exchange/exchange-server/connect-to-exchange-servers-using-remote-powershell?view=exchange-ps
Try it like this
Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$ExchangeServerDns/PowerShell/ -Authentication Kerberos -Credential $UserCredential
Import-PSSession $Session -DisableNameChecking
Source: https://docs.microsoft.com/en-us/powershell/exchange/exchange-server/connect-to-exchange-servers-using-remote-powershell?view=exchange-ps
The remote computer is domain joined, so Kerberos should be fine. I don't need to specify authentication type when using an administrative account. Is that not the case with non-admin users?
I am doing this as part of a script and would prefer not to put credentials in the script if I can avoid it.
I am doing this as part of a script and would prefer not to put credentials in the script if I can avoid it.
Resorted to providing the Credentials to the Cmdlet, but I still get an access denied error.
New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://$ExchangeServerDns/PowerShell/" -Credential $ExOnPremCreds -Authentication Kerberos -ErrorAction Stop;
I went the route of connecting to the Exchange server using CredSSP then I ran the RemoteExchange.ps1 script (which requires that I provide credentials though).
$PSExOnPrem = New-PSSession -Computer $ExOnPremServer -Credential $ExOnPremCreds -Authentication CredSSP -ErrorAction Stop;
Invoke-Command -Session $PSExOnPrem -ErrorAction Stop -ScriptBlock {
$ExVersion = (Get-ChildItem -Path 'HKLM:\SOFTWARE\Microsoft\ExchangeServer' | Sort-Object -Property Name -Descending | Select-Object -First 1).Name -replace '.*(v[0-9]+)$','$1';
$ExBinPath = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\ExchangeServer\$ExVersion\Setup").MsiInstallPath + 'Bin';
. "$ExBinPath\RemoteExchange.ps1";
Connect-ExchangeServer -Auto;
}
Premium Content
You need an Expert Office subscription to comment.Start Free Trial