Link to home
Start Free TrialLog in
Avatar of byt3
byt3

asked on

Enable Exchange Remote Powershell access for non-admin

My goal is to set up a limited domain user with access to create RemoteMailbox objects from a remote computer using powershell.

Steps I've taken:
  • I gave a limited domain user the "Recipient Management" role to create RemoteMailbox objects.
  • I added this user to the "Remote Management" local group on the Exchange Server.

The command to create the powershell session ( 
New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://$ExchangeServerDns/PowerShell/"

Open in new window

) produces an access denied error. How do I resolve this?
Avatar of timgreen7077
timgreen7077
Try the following:

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://Exchangeserver_FQDN/powershell -Credential (Get-Credential)

Import-PSSession $session
Avatar of J0rtIT
J0rtIT
Flag of Venezuela, Bolivarian Republic of image
Probably is because you're not using the correct authentication:

Try it like this 

Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$ExchangeServerDns/PowerShell/ -Authentication Kerberos -Credential $UserCredential
Import-PSSession $Session -DisableNameChecking

Open in new window




Source: https://docs.microsoft.com/en-us/powershell/exchange/exchange-server/connect-to-exchange-servers-using-remote-powershell?view=exchange-ps
Avatar of byt3
byt3

ASKER

The remote computer is domain joined, so Kerberos should be fine. I don't need to specify authentication type when using an administrative account. Is that not the case with non-admin users?

I am doing this as part of a script and would prefer not to put credentials in the script if I can avoid it.
Avatar of byt3
byt3

ASKER

Resorted to providing the Credentials to the Cmdlet, but I still get an access denied error.

New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://$ExchangeServerDns/PowerShell/" -Credential $ExOnPremCreds -Authentication Kerberos -ErrorAction Stop;

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of byt3
byt3
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of J0rtIT
J0rtIT
Flag of Venezuela, Bolivarian Republic of image
Well, it's solved! :) glad you could figure it out :)
Avatar of Albert Widjaja
Albert Widjaja
Flag of Australia image
RemoteExchange.ps1 is that file available in all Exchange server or custom file you've created?
Avatar of byt3
byt3

ASKER

It is on all computers with the Exchange management tools installed. If you look at the properties of the Exchange Shell shortcut, you will see that the Exchange Shell shortcut calls that script to load Exchange Cmdlets.