Create the management account
This chapter describes how to create the management account which allows a connection to the Exchange server remotely by using PowerShell, with access only to the given cmdlets.
Prerequisites
To be able to connect to the exchange server remotely by using PowerShell, the account must have:
-
Exchange 2010 / 2013
-
PowerShell 2.0 / 3.0 with Exchange Management Shellplugin
-
Some administrative rights in Exchange
To connect to Exchange online you should also install Windows Management Framework 3.0 or the Windows Management Framework 4.0.
Create and organize the management roles
The custom management roles are created with Role Based Access Control (RBAC) and the roles are organized in role groups. When a user is added to a role group made in this guide, the user can connect to the Exchange server using PowerShell.
-
To create a user:
-
Create a service account in ActiveDirectory.
noteIn this guide, the user is named “SnowUser”. Replace “SnowUser” with your preferred name.
-
To enable remote PowerShell logon for the user, start PowerShell and type:
Set-User SnowUser -RemotePowerShellEnabled $True
-
To set execution policy on the application server that runs Snow Cloud Extender and to enable scripts to be run on the application server, type:
Set-ExecutionPolicy RemoteSigned
-
-
To create a management role called "SnowMGMT", start the Exchange Management Shell and type New-ManagementRole SnowMGMT –Parent "User Options".
noteThe management role is based on the parent role “User Options”, which gives the role access to some of the “User Option” cmdlets.
-
To create a second management role, type:
New-ManagementRole SnowMGMT1 –Parent "Organization Client Access"
-
To group the management roles, type:
New-RoleGroup -Name RemoteSnow -Roles "SnowMGMT", "SnowMGMT1" -Members "SnowUser"
-
To verify the functionality of the account and the connection:
noteAuthentication and encryption methods may vary depending on configuration.
-
Open PowerShell from any computer that can connect to the Exchange server, and then type:
$so = New-PSSessionOption –SkipCNCheck –SkipCACheck –SkipRevocationCheck
-
To create the session,type:
$session = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri https://FQDN/powershell/ -Credential $UserCredential –Authentication Basic – AllowRedirection –SessionOption $so
noteReplace <FQDN> with the name of the Exchange server or virtual directory.
-
To import the created session, type:
Import-PSSession $session
-
To verify the connection, type for example:
Get-CASMailbox –ResultSize 10
You should now receive 10 users from the exchange server.
-