subheader-2.jpg

How To Enable Exchange 2013 Remote PowerShell

Feb 26 2015

Enabling remote PowerShell for Exchange

Proceed with caution as this procedure can be very insecure for your Exchange Organization if improperly configured. I am covering the basic concepts of enabling and using the feature. This article doesn’t cover the architecture of a secure PowerShell reverse proxy/ gateway or any pre-authentication architecture that you may want to implement to further secure the feature.

We are assuming that you have setup external/ Public Access to this CAS server via port 443 IE: https://webmail.domain.com

Readying the Exchange CAS server

Login to the Exchange CAS server and open the IIS management console

ps1

Open up authentication and enable Basic Authentication

Go to SSL Settings and ensure that accept certificates is enabled. (We do not want to require SSL as it will break the Exchange Management Shell). This is where a proxy solution would help if you were to go full production with this function it would accept the https connections and then off load the authentication for your CAS server. For more information on Reverse Proxies see this article on using IIS ARR as a Reverse Proxy.

After these types of settings we want to restart the IIS services
Open elevated CMD prompt and type

IISRESET

Ensure that your account you will be authenticating with has remote PowerShell access enabled

Open Exchange Management shell

Set-User USERNAME -RemotePowerShellEnabled:$true

Dialing in

From a remote computer open an elevated PowerShell session

We need to adjust the execution policy

Set-ExecutionPolicy RemoteSigned

Create a variable and store the credentials

$Cred = Get-Credential

Enter in your credentials IE: domainusername

Now we create another variable for the session and embed the credentials

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://webmail.domain.com/powershell" -Credential $Cred -Authentication Basic -AllowRedirection

The this next step we will be importing the session which will also import the exchange management cmdlets

Import-PSSession $Session

How do I know I did this correctly?

Run a simple command against the Exchange Server

Get-Mailbox USERNAME

ps2

Congrats! You have successfully connected to your Exchange 2013 Organization remotely via PowerShell

P.S.

After you complete your maintenance the proper way to disconnect is to remove your PowerShell session. This is important so you don’t use up all of the available PowerShell sessions. To do this simply type the command below

 Remove-PSSession $Session
Brandon Nolan

Written by Brandon Nolan