byt3
asked on
Enable Exchange Remote Powershell access for non-admin
My goal is to set up a limited domain user with access to create RemoteMailbox objects from a remote computer using powershell.
Steps I've taken:
The command to create the powershell session (
Steps I've taken:
- I gave a limited domain user the "Recipient Management" role to create RemoteMailbox objects.
- I added this user to the "Remote Management" local group on the Exchange Server.
The command to create the powershell session (
New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://$ExchangeServerDns/PowerShell/"
) produces an access denied error. How do I resolve this?
Probably is because you're not using the correct authentication:
Try it like this
Source: https://docs.microsoft.com/en-us/powershell/exchange/exchange-server/connect-to-exchange-servers-using-remote-powershell?view=exchange-ps
Try it like this
Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$ExchangeServerDns/PowerShell/ -Authentication Kerberos -Credential $UserCredential
Import-PSSession $Session -DisableNameChecking
Source: https://docs.microsoft.com/en-us/powershell/exchange/exchange-server/connect-to-exchange-servers-using-remote-powershell?view=exchange-ps
ASKER
The remote computer is domain joined, so Kerberos should be fine. I don't need to specify authentication type when using an administrative account. Is that not the case with non-admin users?
I am doing this as part of a script and would prefer not to put credentials in the script if I can avoid it.
I am doing this as part of a script and would prefer not to put credentials in the script if I can avoid it.
ASKER
Resorted to providing the Credentials to the Cmdlet, but I still get an access denied error.
New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://$ExchangeServerDns/PowerShell/" -Credential $ExOnPremCreds -Authentication Kerberos -ErrorAction Stop;
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Well, it's solved! :) glad you could figure it out :)
RemoteExchange.ps1 is that file available in all Exchange server or custom file you've created?
ASKER
It is on all computers with the Exchange management tools installed. If you look at the properties of the Exchange Shell shortcut, you will see that the Exchange Shell shortcut calls that script to load Exchange Cmdlets.
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://Exchangeserver_FQDN/powershell -Credential (Get-Credential)
Import-PSSession $session