January 1, 2012 at 12:00 am #6461
by signalwarrant at 2012-08-16 17:26:01
I'm using a Win 7 32bit client connecting to an Exchange 2010 server via a pssession.
I'm trying to
Enter-pssession to the exchange server
Run the new-mailbox command
From the client I can run Enter-pssession -computername server and establish the connection and run whatever I need to so remoting is enabled. My problem comes when I try to do everything from the same script, I get an error that new-mailbox is not a recognized cmdlet then the PS window shows that I'm in the pssession.
It sounds to me like the new-mailbox portion of my script is executing before the pssession is completely established. Can I somehow use an if statement and check for the establishment of the pssession and only run the new-mailbox portion if the result is true?
I suppose I could insert a sleep timer between the enter-pssession and the new-mailbox portion but that seems like a bad practice, there has to be a cleaner way.
I would insert code but it's on my work computer. Any ideas?
by poshoholic at 2012-08-16 21:10:04
The command you should actually be using is Invoke-Command.
Enter-/Exit-PSSession are designed for when you want to interactively work with a remote system. When you use Enter-PSSession in your script, it opens a new session and then waits for you to do something. Once you close that session, the rest of the script will run. These two commands were not meant to be used as part of a script.
Invoke-Command on the other hand allows you to take a script and invoke it on a remote system. This invocation does not have any user interaction built into it, so it will allow you to invoke a command on a remote system as part of a script, which is what you are trying to do.
by MikePfeiffer at 2012-08-16 21:57:03
Just to add to what Kirk said, you can use invoke-command or implicit remoting. Make sure you specify the custom configuration name and connection uri since you will need to be connected to a constrained runspace hosted via the "PowerShell" IIS application. For example, this will import the Exchange cmdlets via implicit remoting (make sure to update with your own Exchange server fqdn):
$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://serverName.company.com/powershell
After that runs, you can then execute the Exchange cmdlets that have been assigned to your account via an RBAC role.
A few more details here:
http://www.mikepfeiffer.net/2010/02/man ... owershell/
by signalwarrant at 2012-08-17 02:41:38
Thanks for the replies guys.
So, from an Administrator perspective which method is "better"? The scenario would be a helpdesk person fills in the CSV file with new user info and runs the script from there desk and magically user accounts are created, no need to login directly to the Server.
I'm basically trying to 1. Simplify the process of creating accounts and 2. Reducing the risk of Helpdesk personnel or the script inadvertently messing something up my server.
Does pssession open up the server to potential issues security wise with having remoting enabled or will I have to have remoting enabled either way?
by poshoholic at 2012-08-17 09:19:39
You'll have remoting enabled either way. Both implicit remoting (importing modules from remote systems so that you can use them as if they are local) and explicit remoting (using Invoke-Command, New-PSSession, etc) are dependent on this.
If your help desk staff aren't going to see the script they are running, then I don't think there is a right way vs. a wrong way here as far as they are concerned. If you know the commands you want to use, it's about what your needs are and how you want to set it up. Since all of that will be hidden from the help desk staff inside of your script, you don't have to worry about it impacting them because all they are seeing is what you expose to them. Invoke-Command would be faster to get started with for this script, but if you'll be doing a lot more with Exchange from PowerShell, you might find it more convenient to use implicit remoting in the long run.
If you don't know the commands all that well though and if you will be relying on Get-Help and Intellisense when you're writing your script, then Implicit Remoting will be your better bet because it will expose that information locally where you create the script. You won't get Intellisense through Invoke-Command calls and you will only get help from remote commands if you wrap it in Invoke-Command.
You must be logged in to reply to this topic.