One of Microsoft’s goals for Exchange 2010 is to provide administrators with the ability to manage servers from workstations without requiring the installation of the Exchange 2010 management components. Obviously some pre-requisites exist in that PowerShell 2.0 and Windows Remote Management must be installed on the workstation before you can even think about installing the Exchange 2010 management components, so that’s the first step to take care of. Assuming all the prerequisites are in place, you should be able to install the Exchange 2010 management components and then fire up the Exchange Management Shell (EMS) to connect to an Exchange 2010 in your local site.
If the Exchange 2010 management components are not installed on a workstation, then the EMS initialization script is not available and you have to perform the tasks that the initialization script performs to create the remote session, identify your account to Exchange with the necessary credentials to log onto the account, and import the set of cmdlets permitted for your role.
The first step in a do-it-yourself EMS session is to start PowerShell and use the Get-Credential cmdlet to input the username and password that we need to connect to the target Exchange organization. These credentials should be for a privileged account as otherwise you won’t be able to do very much.
$Credentials = Get-Credential
PowerShell displays a dialog to allow you to put in the username and password that we will use to connect. We then create a new remote PowerShell session and connect to the remote Exchange organization. Note that Kerberos is specified as the authentication method.
$ExSession = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri ‘http://ExServer1.contoso.com/PowerShell/?SerializationLevel=Full’ -Credential $Credentials –Authentication Kerberos
After we establish a session, we can import the set of Exchange cmdlets that our account is allowed to access. As shown in the screen shot below, EMS responds with an acknowledgement that it has imported the specified command set into the session.
After the cmdlets are loaded into your session, you can work remotely in exactly the same manner as if you were logged onto the server. The Get-Command cmdlet will list the cmdlets loaded into the session and the Get-Help cmdlet can be run to show the help that is available for any of the cmdlets that are loaded into the session. Unfortunately, even though the EMS startup screen indicates that you can use wildcards with the Get-Help cmdlet, due to some issues with the operating system, the advent of Remote PowerShell has removed this ability that exists in Exchange 2007.
Once your session is established and you’re connected to Exchange 2010, all transactions flow across HTTP via IIS to be executed on the target server. When you are finished, you can terminate the session with the Remove-PSSession cmdlet.
Why would you create such a connection to Exchange? Well, you might want to use the PowerShell Integrated Scripting Environment (ISE) as your preferred tool to write and test scripts to automate aspects of your Exchange deployment. When you start ISE, it won’t connect to Exchange 2010 unless you instruct it to, so if you want to use any of the Exchange cmdlets in code, you have to connect to Exchange by running the commands described above (with the exception of retrieving your credentials as ISE will use the credentials of your logged-on session). You could do this by running a script (perhaps one that defines variables that you find useful) or you could create a custom menu option for ISE that runs the commands to connect to Exchange. The easiest way to do this is to edit your ISE profile to include the commands. See http://technet.microsoft.com/en-us/library/dd819492.aspx for details about how to credit and edit ISE profiles.
Most administrators probably do the simple thing and click on the EMS icon in the menu on a workstation where the Exchange 2010 management components are installed. Invoking EMS causes Windows to run this command:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noexit -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto"
The initialization script is RemoteExchange.ps1, which does what’s indicated by its name and creates a remote PowerShell connection to Exchange 2010. Interestingly, the Connect-ExchangeServer command immediately afterwards is the one that connects EMS to an Exchange 2010 server in the site. Note that it uses the -Auto parameter, meaning that EMS will attempt to connect to the local system (if it is a server running Exchange 2010) followed by other servers running in the local site (CAS servers first, then mailbox servers).
You can run the Connect-ExchangeServer cmdlet in an EMS session to force EMS to connect to a specific server. This is a useful thing to do if you want to connect to a specific server such as one in another Active Directory site. For example:
Connect-ExchangeServer -Server exserver1.contoso.com
In the screen shot you see that EMS initializes and connects as normal – in this case to server ExServer1. We then run Connect-ExchangeServer and specify exserver2.contoso.com as the target server. EMS connects to this Exchange 2010 server and loads in the cmdlets permitted by the RBAC roles held by the user. As you can see, any cmdlet that is already available for the session is skipped. After connecting to server exserver2, all future cmdlets run in the session are executed on that server. This won’t matter if you are working with organization-wide configuration data but it does if you run cmdlets that do things like change OWA virtual directory settings and don’t specify a target server.
It’s worth saying that remote PowerShell is one of the more fragile components of Exchange 2010 because it depends on so many moving parts to work together before you can connect. IIS must be configured correctly with the right modules and setting; WinRM has to permit the HTTP requests to pass; WSMan must be able to communicate with the servers; and your mailbox has to be authorized to run PowerShell (the default setting). If you run into problems, you should consult the post on Troubleshooting Exchange 2010 management tools startup issues to provide a good starting point for where you need to look to make everything right.
Hope this helps!
Follow Tony @12Knocksinna
This is material that isn’t included in my Microsoft Exchange Server 2010 Inside Out book, mostly because I had to cut pages to fit the book into the prescribed limit of 1,300 pages set by Microsoft Press. If this is an example of stuff that’s been cut, you can imagine the value of the material that’s been retained! The book is also available from Amazon.co.uk.
*** Update December 7, 2010: Microsoft has released the Exchange Management Troubleshooter (EMT), a utility designed to look for common problems that might cause Remote PowerShell (and by design, all of the Exchange 2010 management tools) not to work properly on a server. You can read all about EMT on EHLO.