Hi guys and gals,
I am trying to build a JEA-endpoint for a junior-admin on an Exchange Server 2013 to give him limited access to Exchange-cmdlets (e.g. get-recipient). Unfortunately I don’t find information on how to import a SnapIn into the JEA session.
Can some please help?
Edit: To be more precise: I need to import the SnapIn and restrict access to certain cmdlets.
Thanks!
With import-module you can specify what cmdlets are imported.
I do not know if this is possible with a SnapIn
Is this really not possible, or am I asking the wrong question?
Guess I will use RBAC…
Hi Manuel,
Here are some things I would try:
VisibleCmdlets = @{
Name = 'Add-PSSnapin'
Parameters = @{ Name = 'Name'; ValidateSet = 'SnapinName' }
},
I believe one of those should do the trick, though I’ve never had to import a snapin on a JEA endpoint.
JEA requires WMF5 and since WMF5 is not supported with Exchange 2013 I wouldn’t suggest this route at all. https://msdn.microsoft.com/en-us/powershell/wmf/5.0/productincompat?f=255&MSPPError=-2147217396
RBAC is quite granular, and you’ll need to set the users up with correct RBAC roles/role groups to be able to administer Exchange anyway… Is there some specific reason you don’t seem keen on using RBAC?
Not really, no.
It was more curiosity than necessity.
You should not be loading the PSSNapin directly since that is not supported by MS (Directly Loading Exchange 2010 or 2013 SnapIn Is Not Supported). While it works, you will run into odd errors and results on some cmdlets. You also Bypass RBAC completely when doing so, which defeats the purpose of trying to limit cmdlet access. In this case RBAC is going to be what you want to use in order to reduce the cmdelt set for the session.