Our security team has set up a pretty slick system to have Active Directory users provisioned from the PeopleSoft HR system via MS Forefront Identity Manager (FIM). The provisioning includes setting up the Exchange mailbox for the user account. In order to make that happen, we needed to enable PowerShell remoting on the Exchange 2010 CAS servers, as well as the FIM server (both Windows 2008 R2). Below are the steps we took to set this up.
Overall Steps:
- Enable PowerShell Remoting on the FIM server.
- Enable PowerShell Remoting on the CAS servers.
- Add the FIM server to the PowerShell TrustedHosts on the CAS servers.
- Test the PowerShell remote session from the FIM server to the CAS server.
Enable PowerShell Remoting on the FIM Server
- Log on to the FIM server, open PowerShell and run the following command to verify that the WinRM service is installed and running: Get-Service winrm.
- Enable PowerShell remoting by entering the following command: Enable-PSRemoting. Answer Y for yes to the prompts.
Enable PowerShell Remoting on the CAS Servers
- Log on to the CAS servers, open PowerShell and run the following command to verify that the WinRM service is installed and running: Get-Service winrm.
- Enable PowerShell remoting by entering the following command: Enable-PSRemoting. Answer Y for yes to the prompts.
Add FIM Server to the CAS Server PowerShell Trusted Hosts List
1. Check the Trusted Hosts list:
cd wsman:
cd localhost\client
Get-Item TrustedHosts
2. Add the FIM server to the Trusted Hosts list:
cd wsman:
cd localhost\client
Set-Item TrustedHosts fimserver.test.local
Restart-Service winrm
Get-Item TrustedHosts
Test the Remote PowerShell Session
Log on to the FIM server and open PowerShell. Enter the following command:
Enter-PSSession casserver.test.local
To end the session enter the following command:
Exit-PSSession