Avatar of byt3
byt3
 asked on

Enable Exchange Remote Powershell access for non-admin

My goal is to set up a limited domain user with access to create RemoteMailbox objects from a remote computer using powershell.

Steps I've taken:
  • I gave a limited domain user the "Recipient Management" role to create RemoteMailbox objects.
  • I added this user to the "Remote Management" local group on the Exchange Server.

The command to create the powershell session (
New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://$ExchangeServerDns/PowerShell/"

Open in new window

) produces an access denied error. How do I resolve this?
PowershellExchange

Avatar of undefined
Last Comment
byt3

8/22/2022 - Mon
timgreen7077

Try the following:

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://Exchangeserver_FQDN/powershell -Credential (Get-Credential)

Import-PSSession $session
Jose Gabriel Ortega Castro

Probably is because you're not using the correct authentication:

Try it like this

Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$ExchangeServerDns/PowerShell/ -Authentication Kerberos -Credential $UserCredential
Import-PSSession $Session -DisableNameChecking

Open in new window




Source: https://docs.microsoft.com/en-us/powershell/exchange/exchange-server/connect-to-exchange-servers-using-remote-powershell?view=exchange-ps
byt3

ASKER
The remote computer is domain joined, so Kerberos should be fine. I don't need to specify authentication type when using an administrative account. Is that not the case with non-admin users?

I am doing this as part of a script and would prefer not to put credentials in the script if I can avoid it.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
byt3

ASKER
Resorted to providing the Credentials to the Cmdlet, but I still get an access denied error.

New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://$ExchangeServerDns/PowerShell/" -Credential $ExOnPremCreds -Authentication Kerberos -ErrorAction Stop;

Open in new window

ASKER CERTIFIED SOLUTION
byt3

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Jose Gabriel Ortega Castro

Well, it's solved! :) glad you could figure it out :)
Albert Widjaja

RemoteExchange.ps1 is that file available in all Exchange server or custom file you've created?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
byt3

ASKER
It is on all computers with the Exchange management tools installed. If you look at the properties of the Exchange Shell shortcut, you will see that the Exchange Shell shortcut calls that script to load Exchange Cmdlets.