Enabling remote PowerShell for Exchange
Proceed with caution as this procedure can be very insecure for your Exchange Organization if improperly configured. I am covering the basic concepts of enabling and using the feature. This article doesn’t cover the architecture of a secure PowerShell reverse proxy/ gateway or any pre-authentication architecture that you may want to implement to further secure the feature.
We are assuming that you have setup external/ Public Access to this CAS server via port 443 IE: https://webmail.domain.com
Readying the Exchange CAS server
Login to the Exchange CAS server and open the IIS management console
Open up authentication and enable Basic Authentication
Go to SSL Settings and ensure that accept certificates is enabled. (We do not want to require SSL as it will break the Exchange Management Shell). This is where a proxy solution would help if you were to go full production with this function it would accept the https connections and then off load the authentication for your CAS server. For more information on Reverse Proxies see this article on using IIS ARR as a Reverse Proxy.
After these types of settings we want to restart the IIS services
Open elevated CMD prompt and type
Ensure that your account you will be authenticating with has remote PowerShell access enabled
Open Exchange Management shell
Set-User USERNAME -RemotePowerShellEnabled:$true
From a remote computer open an elevated PowerShell session
We need to adjust the execution policy
Create a variable and store the credentials
$Cred = Get-Credential
Enter in your credentials IE: domainusername
Now we create another variable for the session and embed the credentials
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://webmail.domain.com/powershell" -Credential $Cred -Authentication Basic -AllowRedirection
The this next step we will be importing the session which will also import the exchange management cmdlets
How do I know I did this correctly?
Run a simple command against the Exchange Server
Congrats! You have successfully connected to your Exchange 2013 Organization remotely via PowerShell
After you complete your maintenance the proper way to disconnect is to remove your PowerShell session. This is important so you don’t use up all of the available PowerShell sessions. To do this simply type the command below