locked
Connect Exonline using window powershell instead of using "Exchange Online PowerShell Module supports multi-factor authentication" RRS feed

  • Question

  • I followed the this article to connect to exchange online from local windows powershell but it fails.

    I tried adding the below profile to connect exonline but it does not work. it throws error 

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Function Connect-EXOnline {
     
        $URL = "https://ps.outlook.com/powershell"
        
        $Credentials = Get-Credential -Message "Enter your Office 365 admin credentials"
     
        $EXOSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $URL -Credential $Credentials -Authentication Basic -AllowRedirection -Name "Exchange Online"
     
        Import-PSSession $EXOSession
     
    }
     
    Function Disconnect-EXOnline {
        
        Remove-PSSession -Name "Exchange Online"
     
    }

    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Error"

    Actually my agenda is to connect to multiple resources using windows powershell like connecting Domain Controller, Local Exchange 2013 Powershell and finally Exchange online powershell. This was possible when MFA not enabled but after enabling MFA i can only connect to exchange online powershell via  "Exchange Online PowerShell Module supports multi-factor authentication" dedicated powershell.

    Please assist

    Thursday, August 23, 2018 5:26 AM

Answers

  • Your question is about connecting to Exchange Online with MFA using PowerShell and has been answered. I don't believe the DLLs have anything to do with the issue you are now experiencing. I import the DLL files in every PowerShell and can retrieve data from Active Directory without any problems. I would suggest you create a new question for this. It might be conflicting PowerShell sessions.

    Thursday, August 23, 2018 8:39 AM

All replies

  • Hi,

    As long as you have Multi-Factor Authentication enabled you must use the Exchange Online Remote PowerShell Module. There is no other way.

    Reference: https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/mfa-connect-to-exchange-online-powershell?view=exchange-ps

    "If you want to use multi-factor authentication (MFA) to connect to Exchange Online PowerShell, you can't use the instructions at Connect to Exchange Online PowerShell to use remote PowerShell to connect to Exchange Online. MFA requires you to install the Exchange Online Remote PowerShell Module, and use the Connect-EXOPSSession cmdlet to connect."

    Best regards,

    John

    Thursday, August 23, 2018 5:44 AM
  • If you wish, you are able to integrate the Exchange Online Remote PowerShell Module in a default Windows PowerShell session.

    Import the dll files from the Exchange Online Remote PowerShell Module in your PowerShell Profile (notepad $profile).

    Import-Module "C:\Program Files\WindowsPowerShell\Modules\ExoPssession\Microsoft.Exchange.Management.ExoPowershellModule.dll"
    Import-Module "C:\Program Files\WindowsPowerShell\Modules\ExoPssession\Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
    Import-Module "C:\Program Files\WindowsPowerShell\Modules\ExoPssession\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll"

    Now when you restart your PowerShell Window, you should be able to create an Exchange Online session with MFA. Use the following cmdlets:

    $session = New-ExoPSSession
    Import-PSSession $session -DisableNameChecking

    Best regards,

    John

    Thursday, August 23, 2018 5:51 AM
  • I am not able to find the below locations although i have installed Exchange MFA powershell

     "C:\Program Files\WindowsPowerShell\Modules\ExoPssession\Microsoft.Exchange.Management.ExoPowershellModule.dll"
     "C:\Program Files\WindowsPowerShell\Modules\ExoPssession\Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
     "C:\Program Files\WindowsPowerShell\Modules\ExoPssession\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll"


    Thursday, August 23, 2018 6:15 AM
  • I tried the below, it worked

    Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse ).FullName|?{$_ -notmatch "_none_"}|select -First 1)
    $EXOSession = New-ExoPSSession
    Import-PSSession $EXOSession

    Thursday, August 23, 2018 6:25 AM
  • Oh my bad,

    It's been a while. They are actually downloaded inside %localappdata%\Apps\2.0. I moved them there myself.

    You should be able to use the following to import the dll's:

    Import-Module (Get-ChildItem -Path "$env:LOCALAPPDATA\Apps\2.0\" -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse).FullName |
        ForEach-Object {
           $_ -notmatch "_none_"
        } | 
        Select-Object -First 1
    
    Import-Module (Get-ChildItem -Path "$env:LOCALAPPDATA\Apps\2.0\" -Filter Microsoft.IdentityModel.Clients.ActiveDirectory.dll -Recurse).FullName |
        ForEach-Object {
           $_ -notmatch "_none_"
        } | 
        Select-Object -First 1
    
    Import-Module (Get-ChildItem -Path "$env:LOCALAPPDATA\Apps\2.0\" -Filter Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll -Recurse).FullName |
        ForEach-Object {
           $_ -notmatch "_none_"
        } | 
        Select-Object -First 1



    Thursday, August 23, 2018 6:29 AM
  • I created a script which will fetch user information from our domain controller 

    Import-PSSession -Session $session -module ActiveDirectory
    $checktime = (get-date).adddays(-10)
    $NewUsers = Get-ADUser -SearchBase "DC=Contoso,DC=com" -Properties whencreated -filter {whencreated -ge $checktime} | select UserPrincipalName,GivenName,whencreated

    Then it will connect to Office 365

    Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse ).FullName|?{$_ -notmatch "_none_"}|select -First 1)
    $EXOSession = New-ExoPSSession -Credential $credential
    Import-PSSession $EXOSession -AllowClobber

    It connects perfectly from a windows powershell but after running it couple of times then it started throwing below error 

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Variable: 'checktime' found in expression: $checktime is not defined.
        + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ArgumentException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Comm
       ands.GetADUser
        + PSComputerName        : host.contoso.com

    +++++++++++++++++++++++++++++++++++++++++++++++++++++

    In fact, I closed the powershell and re-opened it again and then i ran Import-module ActiveDirectory to test whether Active Directory fails to retrieve the data. I guess since we imported the exchange online DLL's , it is somehow failing to retrieve information from Active Directory.



    Thursday, August 23, 2018 8:10 AM
  • Your question is about connecting to Exchange Online with MFA using PowerShell and has been answered. I don't believe the DLLs have anything to do with the issue you are now experiencing. I import the DLL files in every PowerShell and can retrieve data from Active Directory without any problems. I would suggest you create a new question for this. It might be conflicting PowerShell sessions.

    Thursday, August 23, 2018 8:39 AM
  • As you rightly said there is nothing to do with DLL's. it is connecting to both AD and Exchange Online. The above issue is related to something else.

    Thank you very much for your assistance 

    Thursday, August 23, 2018 8:55 AM