Share via


Exchange Management Shell quick reference for Exchange 2013

Applies to: Exchange Server 2013

This topic describes the most frequently used cmdlets available in the release to manufacturing (RTM) and later versions of Microsoft Exchange Server 2013 and provides examples of their use.

Note

More content will be added about other areas of Exchange 2013 soon.

For more information about the Exchange Management Shell in Exchange 2013 and all the available cmdlets, see the following topics:

What would you like to learn about?

Common cmdlet actions

The following verbs are supported by most cmdlets and are associated with a specific action.

Verb Description
New The New verb creates an instance of something, such as a new configuration setting, a new database, or a new SMTP connector.
Remove The Remove verb removes an instance of something, such as a mailbox or transport rule.

All Remove cmdlets support the WhatIf and Confirm parameters. For more information about these parameters, see Important Parameters.
Enable The Enable verb enables a setting or mail-enables a recipient.
Disable The Disable verb disables an enabled setting or mail-disables a recipient.

All Disable tasks also support the WhatIf and Confirm parameters. For more information about these parameters, see Important Parameters.
Set The Set verb modifies specific settings of an object, such as the alias of a contact or the deleted item retention of a mailbox database.
Get The Get verb queries a specific object or a subset of a type of object, such as a specific mailbox, all mailbox users, or mailbox users in a domain.

Important parameters

The following parameters help you control how your commands run and indicate exactly what a command will do before it affects data.

Parameter Description
Identity The Identity parameter identifies the unique object for the task. It's typically used with Enable, Disable, Remove, Set, and Get cmdlets. Identity is also a positional parameter, which means that you don't have to specify Identity when you specify the parameter's value on the command line.

For example, Get-Mailbox -Identity user1 queries for the mailbox of user1. Get-Mailbox user1 is equivalent to Get-Mailbox -Identity user1.
WhatIf The WhatIf parameter instructs the cmdlet to simulate the actions that it would take on the object. By using the WhatIf parameter, you can view what changes would occur without actually applying any of the changes. The default value is $true.
Confirm The Confirm parameter causes the cmdlet to pause processing and requires the administrator to acknowledge what the cmdlet will do before processing continues. The default value is $true.
Validate The Validate parameter causes the cmdlet to check that all prerequisites for running the operation are satisfied and that the operation will complete successfully.

Tips and tricks

The following commands are associated with various tasks that you can use when administering Exchange 2013.

Cmdlet Description
Get-Command This cmdlet retrieves all tasks that can be executed in Exchange 2013.
Get-Command *keyword* This cmdlet retrieves tasks that have keyword in the cmdlet.
Get-Task | Get-Member This cmdlet retrieves all properties and methods of Task.
Get-Task | Format-List This cmdlet displays the output of the query in a formatted list. You can pipe the output of any Get cmdlet to Format-List to view the whole set of properties that exist on the object returned by that command, or you can specify individual properties that you want to view, separated by commas, as in the following example: Get-Mailbox john | Format-List alias,*quota*.
Help Task This cmdlet retrieves Exchange Management Shell help information for any task in Exchange 2013, as in the following example: Help Get-Mailbox.
Get-Task | Format-List > file.txt This cmdlet exports the output of Task to a text file: file.txt

Permissions

Command Description
Get-RoleGroupMember "Organization Management" This command retrieves the members of the Organization Management management role group.
Get-ManagementRoleAssignment -Role "Mail Recipient Creation" -GetEffectiveUsers This command retrieves a list of all the users who are granted permissions provided by the Mail Recipient Creation management role. This includes users who are members of role groups or universal security groups (USGs) that are assigned the Mail Recipient Creation role. This doesn't include users who are members of linked role groups in another forest.
Get-ManagementRoleAssignment -RoleAssignee Administrator | Get-ManagementRole | Get-ManagementRoleEntry This command retrieves a list of cmdlets that the user Administrator can run.
ForEach ($RoleEntry in Get-ManagementRoleEntry *Remove-Mailbox -Parameters Identity) {Get-ManagementRoleAssignment -Role $RoleEntry.Role -GetEffectiveUsers -Delegating $False | Where-Object {$_.EffectiveUserName -Ne "All Group Members"} | FL Role, EffectiveUserName, AssignmentChain} This command retrieves a list of all the users who can run the Remove-Mailbox cmdlet.
Get-ManagementRoleAssignment -WritableRecipient kima -GetEffectiveUsers | FT RoleAssigneeName, EffectiveUserName, Role, AssignmentChain This command retrieves a list of all users who can modify the mailbox of kima.
New-ManagementScope "Seattle Users" -RecipientRestrictionFilter "City -Eq 'Seattle'"

New-RoleGroup "Seattle Admins" -Roles "Mail Recipients", "Mail Recipient Creation", "Mailbox Import Export", -CustomRecipientWriteScope "Seattle Users"
This command creates a new management scope and management role group to enable members of the role group to manage recipients in Seattle.

First, the Seattle Users management scope is created, which matches only recipients who have Seattle in the City attribute on their user object.

Then, a new role group called Seattle Admins is created and the Mail Recipients, Mail Recipient Creation, and Mailbox Import Export roles are assigned. The role group is scoped so that its members can manage only users who match the Seattle Users recipient filter scope.
New-ManagementScope "Vancouver Servers" -ServerRestrictionFilter "ServerSite -Eq 'Vancouver'"

$RoleGroup = Get-RoleGroup "Server Management" <br/><br/> New-RoleGroup "Vancouver Server Management" -Roles $RoleGroup.Roles -CustomConfigWriteScope "Vancouver Servers"
This command creates a new management scope and copies an existing role group to enable members of the new role group to manage only servers in the Vancouver Active Directory site.

First, the Vancouver Servers management scope is created, which matches only servers that are located in the Vancouver Active Directory site. The Active Directory site is stored in the ServerSite attribute on the server objects.

Then, a new role group called Vancouver Server Management is created that's a copy of the Server Management role group. This new role group, however, is scoped to allow its members to manage only servers that match the Vancouver Servers configuration filter scope.
Add-RoleGroupMember "Organization Management" -Member davids This command adds the user davids to the Organization Management role group.
Get-ManagementRoleAssignment -Role "Mail Recipient Creation" -RoleAssignee "Seattle Admins" | Remove-ManagementRoleAssignment This command removes the Mail Recipient Creation role from the Seattle Admins role group. This command is useful because you don't need to know the name of the management role assignment that assigns the role to the role group.

Remote Shell

Command Description
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://ExServer.contoso.com/PowerShell/ -Authentication Kerberos

Import-PSSession $Session
These commands open a new remote Shell session between a local domain-joined computer and a remote Exchange 2013 server with the FQDN ExServer.contoso.com. Use this command if you want to administer a remote Exchange 2013 server and only have the Windows Management Framework, which includes the Windows PowerShell command-line interface, installed on your local computer. This command uses your current logon credentials to authenticate against the remote Exchange 2013 server.
$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://ExServer.contoso.com/PowerShell/ -Authentication Kerberos -Credential $UserCredential

Import-PSSession $Session
These commands open a new remote Shell session between a local domain-joined computer and a remote Exchange 2013 server with the FQDN ExServer.contoso.com. Use this command if you want to administer a remote Exchange 2013 server and only have the Windows Management Framework, which includes Windows PowerShell, installed on your local computer. This command uses credentials you specify explicitly to authenticate against the remote Exchange 2013 server.
Remove-PSSession $Session This command closes the remote Shell session between a local computer and the remote Exchange 2013 server.
Import-RecipientDataProperty -Identity "Tony Smith" -SpokenName -FileData ([System.IO.File]::ReadAllBytes('M:\AudioFiles\TonySmith.wma')) This command shows an example of the syntax required to import a file into a remote Exchange 2013 server using the FileData parameter on a cmdlet. The syntax encapsulates the data contained in the M:\AudioFiles\TonySmith.wma file and streams the data to the FileData property on the Import-RecipientDataProperty cmdlet.

The FileData parameter accepts data from a file on your local computer using this syntax on most cmdlets.
$SN = Export-RecipientDataProperty -Identity tonys@contoso.com -SpokenName

[System.IO.File]::WriteAllBytes('C:\tonysmith.wma', $SN.FileData)

This command shows an example of the syntax required to export a file from a remote Exchange 2013 server. The syntax encapsulates the data stored in the FileData property on the object returned by the cmdlet and then streams the data to your local computer. The data is then stored in the C:\tonysmith.wma file.

Most cmdlets that output objects with a FileData property use this syntax to export data to a file on your local computer.