We help IT Professionals succeed at work.

Enable Exchange Remote Powershell access for non-admin

byt3
byt3 asked
on
8 Comments
1 Solution
76 Views
1 Endorsement
Last Modified: 2019-03-15
My goal is to set up a limited domain user with access to create RemoteMailbox objects from a remote computer using powershell.

Steps I've taken:
  • I gave a limited domain user the "Recipient Management" role to create RemoteMailbox objects.
  • I added this user to the "Remote Management" local group on the Exchange Server.

The command to create the powershell session ( 
New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://$ExchangeServerDns/PowerShell/"

Open in new window

) produces an access denied error. How do I resolve this?
Comment
Watch Question

View Solution Only

timgreen7077Exchange Engineer
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Try the following:

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://Exchangeserver_FQDN/powershell -Credential (Get-Credential)

Import-PSSession $session
Jose Gabriel Ortega CastroCEO Faru Bonon IT&Agency /Top-Rated Freelancer (Upwork)/Photographer
CERTIFIED EXPERT
Awarded 2018
Distinguished Expert 2018

Commented:
Probably is because you're not using the correct authentication:

Try it like this 

Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$ExchangeServerDns/PowerShell/ -Authentication Kerberos -Credential $UserCredential
Import-PSSession $Session -DisableNameChecking

Open in new window




Source: https://docs.microsoft.com/en-us/powershell/exchange/exchange-server/connect-to-exchange-servers-using-remote-powershell?view=exchange-ps
byt3

Author

Commented:
The remote computer is domain joined, so Kerberos should be fine. I don't need to specify authentication type when using an administrative account. Is that not the case with non-admin users?

I am doing this as part of a script and would prefer not to put credentials in the script if I can avoid it.
byt3

Author

Commented:
Resorted to providing the Credentials to the Cmdlet, but I still get an access denied error.

New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://$ExchangeServerDns/PowerShell/" -Credential $ExOnPremCreds -Authentication Kerberos -ErrorAction Stop;

Open in new window

Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Jose Gabriel Ortega CastroCEO Faru Bonon IT&Agency /Top-Rated Freelancer (Upwork)/Photographer
CERTIFIED EXPERT
Awarded 2018
Distinguished Expert 2018

Commented:
Well, it's solved! :) glad you could figure it out :)
Senior IT System EngineerSenior Systems Engineer
CERTIFIED EXPERT

Commented:
RemoteExchange.ps1 is that file available in all Exchange server or custom file you've created?
byt3

Author

Commented:
It is on all computers with the Exchange management tools installed. If you look at the properties of the Exchange Shell shortcut, you will see that the Exchange Shell shortcut calls that script to load Exchange Cmdlets.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.

View Solution