When designing ActiveRoles policy scripts that involve execution of Exchange management tasks, you may not be able to use the cmdlets provided by a Windows PowerShell snap-in for Exchange. Instead, you need to have your policy script connect to a particular Exchange server, creating a remote session for the script to perform commands on that Exchange server. This article explains how you can make your policy script use the remote Exchange Management Shell rather than the locally installed Windows PowerShell snap-in for Exchange.
ActiveRoles no longer requires the Exchange management tools on the computer running the Administration Service. Beginning with ActiveRoles version 6.9, the Administration Service normally uses the remote Shell to administer recipients on Exchange Server 2013, and can use the remote Shell for Exchange 2010 as well.
To use the remote Shell in your policy script, you need to ensure the following conditions:
· The Active Directory domain of your Exchange servers should be registered with ActiveRoles using an override account (rather than the service account of the Administration Service). This is because your policy script will require the credentials of the user account to connect to a remote Exchange server. The use of an override account allows the script to retrieve the credentials in a secure fashion, without having to supply the password of the user account in the script code.
· The policy script must hold the Fully Qualified Domain Name (FQDN) of the Exchange server to connect to, along with the Distinguished Name (DN) of the Active Directory domain of that Exchange server. In the example that follows, the $exchangeServer variable stores the FQDN of the desired Exchange server and the $domainDN variable stores the DN of that Exchange server's domain.
The following example demonstrates how to perform the $mailbox = Get-Mailbox $identity command using the remote Shell in a policy script.
$domainDN= '<domain DN>' # for instance, 'DC=lab,DC=local'
$exchangeServer = '<server FQDN>' # for instance, 'e14-server.lab.local'
$connectionUri = 'https://' + $exchangeServer + '/PowerShell/'
$identity = '<mailbox name>' # For instance, 'John Smith'
$mailbox= Invoke-Command -scriptBlock {Get-mailbox $using:identity} `
-connectionuri $connectionUri `
-credential $DomainOverrideCredentials.get($domainDN) `
-configurationName Microsoft.Exchange
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy