Adaxes

Managing Exchange Server Features

0 votes

Hello,
We are running Adaxes v. 2013.1. We have created a custom command that does the following:
Modify mailbox settings for the User: enable Exchange ActiveSync, enable Outlook Mobile Access, enable User Initiated Synchronization, enable Up-to-date Notifications

It throws the following error in the event log:

Failed to create a remote PowerShell session on the following Exchange servers:
<Mail Server Name>: Connecting to remote server failed with the following error message : The server certificate on the destination computer (<MAILSERVER>.<DOMAIN>:443) has the following errors: 
The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable. For more information, see the about_Remote_Troubleshooting Help topic.

When looking at this topic in the Microsoft Knowledge base, it is recommended that we skip the revocation check:
http://support.microsoft.com/kb/2792168

Is there any way to change how Adaxes authenticates with a mail server running running that PS command?

by (70 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Currently, you cannot change the way how Adaxes authenticates on Exchange servers. In our next release, we will change the way how Adaxes connects to Exchange Servers, and the certificate revocation check will be skipped by default.

Until the fix is available, you can perform the necessary Exchange management operations with the help of PowerShell scripts. If you need assistance with the scripts, we can help you.

Alternatively, if you need this functionality urgently, we can make a custom build for you that will fix the issue.

0

Thank you.

I do have a question about running the remote PS script. I have successfully tested the below script in PS

$cred = Get-Credential
$sessionOption = New-PSSessionOption -SkipRevocationCheck -SkipCACheck
Enter-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<mailserver>.<domain>/PowerShell/ -Authentication Kerberos -Credential $cred -SessionOption $sessionOption
Set-CASMailbox <user ID> -ActiveSyncEnabled $true
Exit-PSSession

In Adaxes, I would replace <user ID> with %userPrincipalName%
However, how do I supply a username and password using the Adaxes service account without revealing it in the PS script? Also, the Adaxes server and the mail server are on separate domains.

by (70 points)
0

Hello,

In Adaxes 2013.1, the ExecuteScriptContext class has been extended with the RunAs property that allows to get the credentials of the user account under which the script is executed. In scripts, you can access this property via the built-in $Context variable.

So, what we can suggest is that you specify the credentials necessary for connecting to the Exchange Server in the Run As section of the Run a program or PowerShell script action that is used to launch the script. Then, you can access the credentials in the script using the $Context.RunAs property. To create a Custom Command that launches your script and uses the credentials stored in the RunAs property to connect to your Exchange Server:

  1. Create a new Custom Command.

  2. On the 2nd step of the Create Custom Command wizard, select the User object type.

  3. On the 3rd step, add the Run a program or PowerShell script action.

  4. In the Run as section, switch the radio button to This account and click Specify.

  5. In the dialog box that appears, provide the credentials that will be used to connect to your Exchange Server and click OK.

  6. Now, you need to supply a script that will be executed by the action. For this purpose, paste the following script in the Script field.

    It is the same version as in your previous post, but takes credentials to connect to the Exchange server from the $Context.RunAs property. Also, we replaced Enter-PSSession/Exit-PSSession with Import-PSSession/Remove-PSSession, as the cmdlets used by you won't work in scripts executed by Business Rules, Custom Commands, and Scheduled Tasks. 

     $password = ConvertTo-SecureString $Context.RunAs.Password -AsPlainText -Force
 $cred = New-Object -TypeName System.Management.Automation.PSCredential($Context.RunAs.UserName, $password)

 $sessionOption = New-PSSessionOption -SkipRevocationCheck -SkipCACheck
 $session = New-PSSession -connectionURI "http://<mailserver>.<domain>/PowerShell/" -ConfigurationName Microsoft.Exchange -Authentication Kerberos -Credential $cred -SessionOption $sessionOption

 Import-PSSession $session

 Set-CASMailbox %userPrincipalName% -ActiveSyncEnabled $true

 Remove-PSSession -Session $session

  7. Finish creation of the Custom Command.

by (216k points)
0

Hi,
I just wanted to say that this worked perfectly. Thank you!!

by (70 points)
0

Hello,

Adaxes 2013.2 is finally available. In the new version, Adaxes does not check server SSL certificates for revocation when connecting to Exchange servers, and you can use Adaxes built-in functionality for Exchange management. You can download Adaxes 2013.2 here.

Upgrade Instructions.

For a complete list of new features and improvements, see What's New.

by (216k points)

Related questions

0 votes
1 answer
How can I force Adaxes to use locally installed EMT instead of Exchange server?

Hi, we have replaced our local Exchange server with installation of Exchange Management Tools (EMT) installed directly on Adaxes server. And my question is: How can I force ... this is how 'Set External Senders' option looks in Adaxes config Thanks in advance

asked Apr 1, 2023 by KIT (910 points)
0 votes
1 answer
Is there anything special to do, when removing last exchange server and replacing it with EMT?

We want to get rid off our exchange server and replace it with just Exchange Management Tools (EMT). More details at https://learn.microsoft.com/en-gb/Exchange/ ... account to new "Recipient Management EMT" group to preserve its permissions. Anything else?

asked Mar 30, 2023 by KIT (910 points)
0 votes
1 answer
Can Adaxes manage the OnPrem Exchange AD Attributes after the last Exchange 2010 server is removed?

We have Exchange 2010 OnPrem and Office 365 Exchange Online in a full Hybrid environment. Using AD Active Sync. We have now moved all of our mailboxes to Exchange ... manage the OnPrem Exchange AD Attributes after the last Exchange 2010 server is removed?

asked Jun 1, 2020 by StevePogue (20 points)
0 votes
0 answers
Multiple forests with exchange server on each.

I have a network with 2 forests, the Main forest we have no issues with AD and Exchange. how ever the second forest AD is good we see exchange properties in Adaxes ... able to have two forests with an exchange server for each forest operational in Adaxes? Tony

asked Feb 20, 2015 by babbeaw (320 points)
0 votes
1 answer
Powershell: Managing groups between on-premises and M365

For all our shared mailbox in Exchange we create security groups to manage the sendas, send on behalf and full access permissions. Users go via the web interface and select the ... should I now use? Unless there is a better approach I am open to ideas.

asked Dec 22, 2023 by MikeBeattie (90 points)
3,358 questions
3,057 answers
7,805 comments
545,177 users