How to start remote PowerShell session to Exchange or Microsoft 365

[Update]: This blog post was updated on January 27, 2023.

How to start remote PowerShell session to Exchange & Exchange Online

One of many features of the PowerShell command line tool is its ability to connect with and manage the Exchange Server remotely. The procedure described below applies to the classic on-prem Exchange server and to the Microsoft 365/Exchange Online version.

System requirements

The workstation used for remote PowerShell administration must meet the following requirements:

For Exchange Online

  1. Operating system: Windows 8.1 (or later), Windows Server 2012 (or later). Note that Windows 7 and Windows Server 2008 R2 can still be used for connecting to Exchange Online, but are not recommended, since they have reached the end of extended support.
  2. Microsoft .Net Framework 4.5 or later and Windows Management Framework 5.1 (which should already be installed on the supported systems)
  3. Exchange Online PowerShell V3 module installed. Learn more about deprecation of the V2 module

For Exchange 2019/2016

  1. Operating system: Windows 10, Windows 8.1 (Windows 8.1 requires Microsoft .NET Framework 4.5.2 or later)
  2. Windows Server 2012 R2 (this version requires Microsoft .NET Framework 4.5.2 or later), Windows Server 2012 (after installing .NET Framework 4.5.2 or later, install Windows Management Framework as well)

For Exchange 2013

  1. Operating system: Windows 7 SP1 (or later), Windows Server 2008 R2 SP1 (or later).
  2. When using Windows 7 SP1 or Windows Server 2008 R2 SP1 you also need to install following modules:

Note: With later versions of the operating system, there is no need to install the above modules.

Connecting to Exchange Online and Microsoft 365

To use PowerShell to connect remotely to Exchange Online:

  1. Start the PowerShell console on the workstation.
  2. Enter:
$Credentials = Get-Credential

and provide administrative credentials.

  1. Enter the following command:
Connect-ExchangeOnline -Credential $Credentials

If you have MFA enabled, PowerShell will not accept your credentials from a variable. So, if your admin account has MFA enabled, you need to run Connect-ExchangeOnline -UserPrincipalName <Your UPN> and enter your credentials in the pop-up window.

Once you finish working with the remote PowerShell session, close it with the following command:

Disconnect-ExchangeOnline

Connecting to the on-premises Exchange 2019/2016

To use PowerShell to connect to Exchange 2019 or 2016:

  1. Start the PowerShell on the workstation.
  2. In the console, type the following command:
    $Credentials = Get-Credential

    In the resulting window, provide administrative credentials.

  3. The next step is to run this command:
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://< Exchange 2019/2016 Mailbox server FQDN>/PowerShell/ -Authentication Kerberos -Credential $Credentials

    Replace <Exchange 2019/2016 Mailbox server FQDN> with the fully qualified domain name (FQDN) of Exchange 2016 you want to connect to.

  4. Then, enter this command:
    Import-PSSession $Session

    This will connect to the Exchange Server and import all necessary administration cmdlets.

You are now all set to go and manage your Exchange  Server via PowerShell. Once you have finished, make sure the remote session is removed. To disconnect the session, use this command:

Remove-PSSession $Session

Connecting to the on-premises Exchange 2013

To start the remote PowerShell session with Exchange 2013:

  1. Start the PowerShell console on the workstation.
  2. In the console enter the following command:
    $Credentials = Get-Credential

    This brings up a new window where you need to enter your administrative credentials.

  3. In the console enter another command:
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<Exchange 2013 CAS FQDN>/PowerShell/ -Authentication Kerberos -Credential $Credentials

    Replace the <Exchange 2013 CAS FQDN> part with the address of your CAS role server.

  4. The next command is:
    Import-PSSession $Session

    It connects to the Exchange Server and imports all necessary server administration cmdlets.

You are now ready to manage your server with PowerShell.

When you finish your work close and remove the remote connection session with the following command:

Remove-PSSession $Session

Resolving typical connection problems

Establishing the connection with the remote server using PowerShell is relatively easy. However, you need to check a couple of settings that might stop you when they are mis-configured:

  1. Make sure that you enter your administrative credentials properly.
  2. Check if your workstation allows running scripts. You can check the current policy by entering the following command in the PowerShell console:
    Get-ExecutionPolicy

    If the policy shows that running scripts on the workstation is restricted, you can enable it with the following command (answer “Yes” to any questions that appear):

    Set-ExecutionPolicy RemoteSigned
  3. Make sure that the TCP 80 port is open between your workstation and the target server.
  4. Check if you have the appropriate access rights (Remote Shell rights). To do so run the following command on the server:
    Get-User [email protected] | select Name,RemotePowershellEnabled

    If the user lacks these rights use the following command to grant them:

    Set-User [email protected] -RemotePowerShellEnabled $True

    Note: The Remote Shell right is by default enabled for all newly created users.

  5. Connection with Exchange Online with the modern method (described in this article) requires Exchange Online PowerShell V2 or newer module installed. If you receive the following error:

    Connect-ExchangeOnline : The term 'Connect-ExchangeOnline' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

    it most probably means that you don’t have the module installed. To install it, run:

    Install-Module -Name ExchangeOnlineManagement;
    Import-Module -Name ExchangeOnlineManagement

    A prerequisite to installing the module is to install the latest NuGet provider. If you don’t have it installed, you will be prompted to download it automatically. If, while attempting to download the NuGet provider, you receive the error “Unable to download from URI”, you probably need to enable strong cryptography for .NET Framework in your registry. Follow these instructions on Microsoft’s site to learn how to do so.

Remote PowerShell is a great feature when you need to manage a number of servers simultaneously from one location and perform tasks that can be easily scripted, e.g. creation of users during Exchange migration.

There are some jobs however, that cannot be easily or quickly performed using PowerShell. The data migration that was mentioned earlier is one of them. To streamline it, you can utilize a third party tool, such as CodeTwo Exchange Migration or CodeTwo Office 365 Migration that takes much of the administrative burden off your shoulders.

Tools for Microsoft 365

12 thoughts on “How to start remote PowerShell session to Exchange or Microsoft 365


  1. Hi Adam,
    Thanks for the article. All documentation for connecting to OnPrem Exchange says that you need to use FQDN of the server. Is there any possible way to use an A Record FQDN? My use case is that we have scripts that launch these connections and I would rather use an alias for fault tolerance if possible.

  2. Hi, thanks for your hints I want to conect with HTTPS and get the error

    The SSL certificate contains a common name (CN) that does not match the hostname.

    I try to connect to our Exchange 2016. We have a hybrid configuration.

    When I try to Skip the CN Check, I get this error
    The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support the WS-Management protocol.

    Any tips how I can use HTTPS instead of HTTP?

    Best regards
    Vito

    • By default – no. It would require some additional coding to add prefixes to imported cmdlets.

  3. This is trivial, but may cause some confusion for non-observant and/or users new to PS. Please correct the mis-reference in your first example:
    “$Credentials = Get-Credential”
    then:
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http:///PowerShell/ -Authentication Kerberos -Credential $UserCredential
    I’m surprised nobody got lost on that one.

    • Thanks, Steve!
      I’m not entirely sure how it got there in the first place, thanks for letting me know!

    • Since Exchange 2013, the rule is to use the “PowerShell version that’s included in Windows” (source). To be honest, for Exchange 2016, I have never used a version other than 4.0. It still works without any issues.

  4. Hi
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http:///PowerShell/ -Authentication Kerberos -Credential $Credentials

    To access on premises server what should connection url?
    from the web browser i can open the connection url but not from powershell,
    How to fix this problem

    • Hi
      As explained in the article, you will need to provide the FQDN of your Mailbox Server (for Exchange 2016) or your CAS server (for Exchange 2013). The easiest way to find it is to access the right server, right-click on the Start Menu and choose System. The FQDN is under Full computer name. The right format of the ConnectionUri attribute is http:///PowerShell/
      Also make sure you have allowed remote connections to your server.

    • Hi Adejumo,

      When connecting to local Exchange you need the server’s FQDN (fully qualified domain name). It’s basically the name of the machine together with your domain, e.g. MBX_SRVR1.example.com.

      One of the places you can find it is the System section of the Control Panel of the server in question.

      Best regards,
      Adam

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

CodeTwo sp. z o.o. sp. k. is a controller of your personal data.
See our Privacy Policy to learn more.