JEA and Exchange

Hi guys and gals,

I am trying to build a JEA-endpoint for a junior-admin on an Exchange Server 2013 to give him limited access to Exchange-cmdlets (e.g. get-recipient). Unfortunately I don’t find information on how to import a SnapIn into the JEA session.
Can some please help?

Edit: To be more precise: I need to import the SnapIn and restrict access to certain cmdlets.


With import-module you can specify what cmdlets are imported.

I do not know if this is possible with a SnapIn

Is this really not possible, or am I asking the wrong question?

Guess I will use RBAC…

Hi Manuel,

Here are some things I would try:

  1. Write a small PS1 file that imports the snapin and then point to that script on the “ScriptstoProcess” line in your role capabilities file.
  2. Write a module with a function that wraps the Get-Recipient CMDlet with the Add-PSSnapin CMDlet. Expose the module in your role capabilities file under ModulesToImport.
  3. Expose the Add-PSSnapin CMDlet with a parameter filter to only allow the appropriate snapin name to be added. Have the user add the snapin themselves. (see example below)
VisibleCmdlets = @{ 
    Name = 'Add-PSSnapin'
    Parameters = @{ Name = 'Name'; ValidateSet = 'SnapinName' }

I believe one of those should do the trick, though I’ve never had to import a snapin on a JEA endpoint.

JEA requires WMF5 and since WMF5 is not supported with Exchange 2013 I wouldn’t suggest this route at all.

RBAC is quite granular, and you’ll need to set the users up with correct RBAC roles/role groups to be able to administer Exchange anyway… Is there some specific reason you don’t seem keen on using RBAC?

Not really, no.
It was more curiosity than necessity.

You should not be loading the PSSNapin directly since that is not supported by MS (Directly Loading Exchange 2010 or 2013 SnapIn Is Not Supported). While it works, you will run into odd errors and results on some cmdlets. You also Bypass RBAC completely when doing so, which defeats the purpose of trying to limit cmdlet access. In this case RBAC is going to be what you want to use in order to reduce the cmdelt set for the session.