Wednesday 2 March 2011

Managing Exchange 2010 with Remote PowerShell

Managing Exchange 2010 with Remote PowerShell


by Mukesh Kumar Singh on February 6, 2011
One of the major changes in Exchange 2010 is that all of the Exchange Management Shell administration is done through PowerShell remoting. Even when you run the Exchange Management Shell from an Exchange Server, or a workstation with the Exchange tools installed, you are establishing a remote PowerShell session to Exchange.
When you double click the Exchange Management Shell icon on an Exchange 2010 server or workstation with the management tools installed, the following takes place:
  • The Microsoft.Exchange.Management.PowerShell.E2010 snap-in gets loaded.
  • The RemoteExchange.ps1 script get's dot sourced into the PowerShell session - this initializes some variables and imports several Exchange specific functions.
  • The Connect-ExchangeServer function gets executed - this will attempt to create a remote PowerShell session on the local server, if a connection cannot be made locally it will attempt to connect to a another server in the same site, starting with servers running the CAS role, then on to servers running the mailbox, hub transport and UM roles.
  • Once you are connected to an Exchange server, all of the Exchange cmdlets are imported into the PowerShell session using implicit remoting.
You can run the Connect-ExchangeServer function manually. Use the -auto parameter to connect using autodiscover:
Connect-ExchangeServer -auto

You can use the Connect-ExchangeServer function with the -ServerFQDN parameter to manually connect to a specific server:
Connect-ExchangeServer -ServerFqdn phx-ex01.exchangelab.com

Manually Configuring Implicit Remoting

We can manually configure implicit remoting to import commands into our local PowerShell session. This means that we do not need to have the Exchange tools installed in order to work with Exchange Management Shell commands.
The first step is to create a session using the New-PSSession cmdlet:
$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://phx-ex01.exchangelab.com/PowerShell/ -Authentication Kerberos

If you need to connect with alternate credentials, you can use the credential parameter with New-PSSession. For example, you can pass the Get-Credential cmdlet to the credential parameter, this would prompt you for your credentials when creating your PSSession.
$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://phx-ex01.exchangelab.com/PowerShell/ -Authentication Kerberos -Credential (Get-Credential)
Once you have a PSSession object created, import the session using the Import-PSSession cmdlet:
Import-PSSession $s

As you can see here, the Exchange Management Shell commands are imported into our local PowerShell session and listed in under the exported commands column.

Managing Exchange Servers using Fan-Out Remoting

Fan-out remoting is used to issue PowerShell commands to many systems at once. For example, say you need to reboot several servers for maintenance, you could use the Invoke-Command cmdlet to invoke the Restart-Computer cmdlet on each server at the same time:
$srv = "EX01","EX02","EX03"
Invoke-Command -ScriptBlock {Restart-Computer -Force} -ComputerName $srv

Fan-out remoting is useful for mass server management, when the Exchange cmdlets are not required. For example, restarting services or making a registry change on many servers at once, or rebooting multiple servers at the same time as we saw in this example.

Adding Exchange Management Shell to your Standard PowerShell Profile

I like to have all my tools loaded in my standard PowerShell profile. For example, I have several snap-ins and other tools loading when I start PowerShell. I use a single PowerShell instance to manage AD with the RSAT AD PowerShell module, PowerCLI for VMware, and also the Exchange Management Shell tools.
If you do not have a profile setup, you can create one using the following command:
New-Item -Itemtype file -path $profile -force

Once your profile is created, you can edit it in notepad by typing notepad $profile and hitting enter.
There are two ways to add the Exchange Management Shell tools to your standard PowerShell profile.

1. Using Implicit Remoting

We already looked at the commands for performing implicit remoting with Exchange. You can simply add that code to your PowerShell profile. Every time you start PowerShell, you will have the Exchange Management Shell commands imported into your session.

2. Using the Exchange Snap-in

Technically, you'd want to use implicit remoting even if the tools are installed, since that's the supported way and what makes RBAC possible. But, you can also setup a PowerShell profile using the Exchange snap-in if you so choose; add the following code to your profile:
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
. $env:ExchangeInstallPath\bin\RemoteExchange.ps1
Connect-ExchangeServer -auto

This will add the snap-in, dot source the RemoteExchange.ps1 to load the helper functions and gloabal variables, and then connect to an Exchange server using autodiscover. Keep in mind that adding the snap-in like this isn't actually supported. It will work but you'll need the appropriate AD permissions since you are essentially bypassing RBAC by not using remoting.
There are a lot of changes in Exchange 2010, and as you can see the PowerShell management is no exception. I hope this information has been helpful.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)