Beruflich Dokumente
Kultur Dokumente
This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without
notice. This document does not provide you with any legal rights to any intellectual property in any Microsoft product or product name. You may copy and use
this document for your internal, reference purposes. You may modify this document for your internal, reference purposes. 2013 Microsoft. All rights reserved.
Terms of Use (http://technet.microsoft.com/cc300389.aspx) | Trademarks (http://www.microsoft.com/library/toolbar/3.0/trademarks/en-us.mspx)
Table Of Contents
Chapter 1
Security Cmdlets
Chapter 1
Security Cmdlets
Exchange 2010
Add-ADPermission1
Get-ADPermission2
Remove-ADPermission3
Enable-ExchangeCertificate4
Export-ExchangeCertificate5
Get-ExchangeCertificate6
Import-ExchangeCertificate7
New-ExchangeCertificate8
Remove-ExchangeCertificate9
Get-SecurityPrincipal10
Get-Trust11
2010MicrosoftCorporation.Allrightsreserved.
Links Table
1http://technet.microsoft.com/en-us/library/bb124403(v=exchg.141).aspx
2http://technet.microsoft.com/en-us/library/bb125183(v=exchg.141).aspx
3http://technet.microsoft.com/en-us/library/aa996048(v=exchg.141).aspx
4http://technet.microsoft.com/en-us/library/aa997231(v=exchg.141).aspx
5http://technet.microsoft.com/en-us/library/aa996305(v=exchg.141).aspx
6http://technet.microsoft.com/en-us/library/bb124950(v=exchg.141).aspx
7http://technet.microsoft.com/en-us/library/bb124424(v=exchg.141).aspx
8http://technet.microsoft.com/en-us/library/aa998327(v=exchg.141).aspx
9http://technet.microsoft.com/en-us/library/aa997569(v=exchg.141).aspx
10http://technet.microsoft.com/en-us/library/dd298162(v=exchg.141).aspx
11http://technet.microsoft.com/en-us/library/dd335185(v=exchg.141).aspx
2013Microsoft.Allrightsreserved.
TechNet Products IT Resources Downloads Training Support
Home Online 2013 2010 Other Versions Library Forums Gallery EHLO Blog
TechNet Library
Exchange
Exchange Server 2010 Add-ADPermission
Exchange Management Shell
Exchange 2010 Other Versions
Exchange 2010 Cmdlets
Security Cmdlets
Add-ADPermission Applies to: Exchange Server 2010 SP2
Get-ADPermission
Topic Last Modified: 2012-11-19
Remove-ADPermission
Enable-ExchangeCertificate Use the Add-ADPermission cmdlet to add permissions to an Active Directory object.
Export-ExchangeCertificate
Get-ExchangeCertificate Syntax
Import-ExchangeCertificate
New-ExchangeCertificate Detailed Description
Remove-ExchangeCertificate
Get-SecurityPrincipal The ADPermission cmdlets can be used to directly modify Active Directory access control lists (ACLs). Although some Microsoft
Exchange Server 2010 features may continue to use the ADPermission cmdlets to manage permissions, for example transport
Get-Trust
Send and Receive connectors, Exchange 2010 no longer uses customized ACLs to manage administrative permissions. If you want
to grant or deny administrative permissions in Exchange 2010, you must use the Role Based Access Control (RBAC) management
cmdlets. For more information about RBAC, see Understanding Role Based Access Control.
Parameters
Related Forum Discussions
Ask a question
Input Types
Visit the forums
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank,
Exchange 2007
the cmdlet doesnt accept input data.
Exchange 2010
Return Types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the
Output Type field is blank, the cmdlet doesnt return data.
Examples
EXAMPLE 1
This example grants Send As permissions for Aaron Painter to Ellen Adams's mailbox.
EXAMPLE 2
This example configures the IP Secured Inbound Receive connector to accept anonymous SMTP messages.
Caution:
This example assumes that another security mechanism is used to ensure the Receive connector can't be used to send
unsolicited commercial e-mail messages. We recommend that you don't allow external clients to send messages
anonymously through a Receive connector.
Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | Site Feedback 2013 Microsoft
TechNet Products IT Resources Downloads Training Support
Home Online 2013 2010 Other Versions Library Forums Gallery EHLO Blog
TechNet Library
Exchange
Exchange Server 2010 Get-ADPermission
Exchange Management Shell
Exchange 2010 Other Versions
Exchange 2010 Cmdlets
Security Cmdlets
Add-ADPermission Applies to: Exchange Server 2010 SP2
Get-ADPermission
Topic Last Modified: 2012-11-19
Remove-ADPermission
Enable-ExchangeCertificate Use the Get-ADPermission cmdlet to get permissions on an Active Directory object.
Export-ExchangeCertificate
Get-ExchangeCertificate Syntax
Import-ExchangeCertificate
New-ExchangeCertificate Detailed Description
Remove-ExchangeCertificate
Get-SecurityPrincipal The ADPermission cmdlets can be used to directly modify Active Directory access control lists (ACLs). Although some Microsoft
Exchange Server 2010 features may continue to use the ADPermission cmdlets to manage permissions, for example transport
Get-Trust
Send and Receive connectors, Exchange no longer uses customized ACLs to manage administrative permissions. If you want to
grant or deny administrative permissions in Exchange 2010, you must use the Role Based Access Control (RBAC) management
cmdlets. For more information about RBAC, see Understanding Role Based Access Control.
Parameters
Related Forum Discussions
Ask a question
Input Types
Visit the forums
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank,
Exchange 2007
the cmdlet doesnt accept input data.
Exchange 2010
Return Types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the
Output Type field is blank, the cmdlet doesnt return data.
Examples
EXAMPLE 1
This example returns the permissions that have been applied to the user Ed.
Get-ADPermission -Identity Ed
EXAMPLE 2
This example returns the permissions that have been granted to the user Chris on the Contoso.com Receive connector.
Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | Site Feedback 2013 Microsoft
TechNet Products IT Resources Downloads Training Support
Home Online 2013 2010 Other Versions Library Forums Gallery EHLO Blog
TechNet Library
Exchange
Exchange Server 2010 Remove-ADPermission
Exchange Management Shell
Exchange 2010 Other Versions
Exchange 2010 Cmdlets
Security Cmdlets
Add-ADPermission Applies to: Exchange Server 2010 SP2
Get-ADPermission
Topic Last Modified: 2012-11-19
Remove-ADPermission
Enable-ExchangeCertificate Use the Remove-ADPermission cmdlet to remove permissions from an Active Directory object.
Export-ExchangeCertificate
Get-ExchangeCertificate Syntax
Import-ExchangeCertificate
New-ExchangeCertificate Detailed Description
Remove-ExchangeCertificate
Get-SecurityPrincipal The ADPermission cmdlets can be used to directly modify Active Directory access control lists (ACLs). Although some Microsoft
Exchange Server 2010 features may continue to use the ADPermission cmdlets to manage permissions, for example transport
Get-Trust
Send and Receive connectors, Exchange no longer uses customized ACLs to manage administrative permissions. If you want to
grant or deny administrative permissions in Exchange 2010, you must use the Role Based Access Control (RBAC) management
cmdlets. For more information about RBAC, see Understanding Role Based Access Control.
Parameters
Related Forum Discussions
Ask a question
Input Types
Visit the forums
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank,
Exchange 2007
the cmdlet doesnt accept input data.
Exchange 2010
Return Types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the
Output Type field is blank, the cmdlet doesnt return data.
Examples
EXAMPLE 1
This example removes the Send As permissions from user Kim on the user Administrator.
EXAMPLE 2
This example removes the ability for anonymous users to send messages through the Receive connector IP Secured Inbound.
Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | Site Feedback 2013 Microsoft
TechNet Products IT Resources Downloads Training Support
Home Online 2013 2010 Other Versions Library Forums Gallery EHLO Blog
TechNet Library
Exchange
Exchange Server 2010 Enable-ExchangeCertificate
Exchange Management Shell
Exchange 2010 Other Versions
Exchange 2010 Cmdlets
Security Cmdlets
Add-ADPermission Applies to: Exchange Server 2010 SP2
Get-ADPermission
Topic Last Modified: 2012-11-30
Remove-ADPermission
Enable-ExchangeCertificate Use the Enable-ExchangeCertificate cmdlet to enable an existing certificate in the local certificate store for Exchange services such
Export-ExchangeCertificate as Internet Information Services (IIS), SMTP, POP, IMAP, and Unified Messaging (UM).
Get-ExchangeCertificate
Important:
Import-ExchangeCertificate
New-ExchangeCertificate There are many factors to consider when you configure certificates for Transport Layer Security (TLS) and Secure Sockets Layer
Remove-ExchangeCertificate (SSL) services. You must understand how these factors may affect your overall configuration. Before you continue, read
Understanding TLS Certificates.
Get-SecurityPrincipal
Don't use the Enable-ExchangeCertificate cmdlet to enable a wildcard certificate for POP and IMAP services. To enable a
Get-Trust wildcard certificate, you must use the Set-ImapSettings or Set-PopSettings cmdlets with the fully qualified domain name
(FQDN) of the service.
Don't use the Enable-ExchangeCertificate cmdlet to enable a certificate for federation. Certificates used for federation trusts are
managed by using the New-FederationTrust and Set-FederationTrust cmdlets.
Related Help Topics
Syntax
The Enable-ExchangeCertificate cmdlet enables certificates by updating the metadata stored with the certificate. To enable an
existing certificate to work with additional Exchange services, use the Enable-ExchangeCertificate cmdlet and specify the
Related Forum Discussions
additional services.
Ask a question
Visit the forums
Important:
Exchange 2007
The Enable-ExchangeCertificate cmdlet is additive. When you specify a subset of services for which a certificate is enabled,
Exchange 2010
the services that aren't specified aren't removed from the Services property. If you don't want to use an existing enabled
certificate for Exchange services, you must enable another certificate, and then remove the certificate you don't want to use.
Different services have different certificate requirements. For example, some services may only require a server name in the
Subject Name or Subject Alternative Name fields of a certificate, whereas other services may require an FQDN. Make sure that
the certificate name can support the uses required by the services you enable it for.
You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this
topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what
permissions you need, see the "Certificate management" entry in the Exchange and Shell Infrastructure Permissions topic.
Parameters
Input Types
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank,
the cmdlet doesnt accept input data.
Return Types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the
Output Type field is blank, the cmdlet doesnt return data.
Examples
EXAMPLE 1
This example enables a certificate for POP, IMAP, SMTP, and IIS services.
Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -Servic
es POP,IMAP,SMTP,IIS
Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | Site Feedback 2013 Microsoft
TechNet Products IT Resources Downloads Training Support
Home Online 2013 2010 Other Versions Library Forums Gallery EHLO Blog
TechNet Library
Exchange
Exchange Server 2010 Export-ExchangeCertificate
Exchange Management Shell
Exchange 2010 Other Versions
Exchange 2010 Cmdlets
Security Cmdlets
Add-ADPermission Applies to: Exchange Server 2010 SP2
Get-ADPermission
Topic Last Modified: 2012-11-19
Remove-ADPermission
Enable-ExchangeCertificate Use the Export-ExchangeCertificate cmdlet to export an existing certificate from the certificate store on the local computer. You
Export-ExchangeCertificate can export a certificate with its private key or a certificate request file.
Get-ExchangeCertificate
Import-ExchangeCertificate Syntax
New-ExchangeCertificate
Remove-ExchangeCertificate Detailed Description
Get-SecurityPrincipal
The Export-ExchangeCertificate cmdlet creates either of the following files:
Get-Trust
PKCS #10 file If the thumbprint specified in the command points to a certificate request, the Export-
ExchangeCertificate cmdlet creates a PKCS #10 file. A thumbprint is the digest of the certificate data. PKCS #10 is the
Related Help Topics Certification Request Syntax standard specified by RFC 2314. For more information, see PKCS #10: Certification Request
Syntax.
PKCS #12 file If the thumbprint specified in the command points to an actual certificate, the Export-
ExchangeCertificate cmdlet creates a PKCS #12 file. PKCS #12 is the Personal Information Exchange Syntax standard
Related Blog Articles specified by RSA Laboratories. For more information, see PKCS #12: Personal Information Exchange Syntax Standard.
Important:
When you use the Export-ExchangeCertificate cmdlet, you must export certificate data to a variable, as shown in
Related Forum Discussions
"Examples" later in this topic, and then use the Set-Content cmdlet to write the data to a file. For more information,
Ask a question see Understanding Importing and Exporting Files in the Exchange Management Shell. For more information about the
Visit the forums Set-Content cmdlet, see Set-Content.
Exchange 2007 You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this
Exchange 2010 topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what
permissions you need, see the "Certificate management" entry in the Exchange and Shell Infrastructure Permissions topic.
Parameters
Input Types
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank,
the cmdlet doesnt accept input data.
Return Types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the
Output Type field is blank, the cmdlet doesnt return data.
Examples
EXAMPLE 1
This example exports a certificate specified by its thumbprint, along with the private key, to a file named htcert.pfx in the
certificates directory on a Hub Transport server. The exported certificate is DER-encoded. A password is required when
exporting a certificate with its private key.
The following command uses the Export-ExchangeCertificate cmdlet to export certificate data to the variable $file.
Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | Site Feedback 2013 Microsoft
TechNet Products IT Resources Downloads Training Support
Home Online 2013 2010 Other Versions Library Forums Gallery EHLO Blog
TechNet Library
Exchange
Exchange Server 2010 Get-ExchangeCertificate
Exchange Management Shell
Exchange 2010 Other Versions
Exchange 2010 Cmdlets
Security Cmdlets
Add-ADPermission Applies to: Exchange Server 2010 SP2
Get-ADPermission
Topic Last Modified: 2012-11-19
Remove-ADPermission
Enable-ExchangeCertificate Use the Get-ExchangeCertificate cmdlet to view certificates in the local certificate store.
Export-ExchangeCertificate
Get-ExchangeCertificate Syntax
Import-ExchangeCertificate
New-ExchangeCertificate Detailed Description
Remove-ExchangeCertificate
Get-SecurityPrincipal You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this
topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what
Get-Trust
permissions you need, see the "Certificate management" entry in the Exchange and Shell Infrastructure Permissions topic.
Input Types
Related Blog Articles
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank,
the cmdlet doesnt accept input data.
Examples
EXAMPLE 1
This example returns all certificates stored in the local computer certificate store.
Get-ExchangeCertificate
EXAMPLE 2
Note:
The Thumbprint parameter is a positional parameter so you can provide only the thumbprint value without the Thumbprint
parameter name.
EXAMPLE 3
This example shows which certificate Exchange will select for the domain name mail.contoso.com. A Send or Receive
connector selects the certificate to use based on the fully qualified domain name (FQDN) of the connector. If you have
multiple certificates with the same FQDN, you can see which certificate Exchange will select by using the DomainName
parameter to specify the FQDN. The first certificate returned is the certificate Exchange will select.
Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | Site Feedback 2013 Microsoft
TechNet Products IT Resources Downloads Training Support
Home Online 2013 2010 Other Versions Library Forums Gallery EHLO Blog
TechNet Library
Exchange
Exchange Server 2010 Import-ExchangeCertificate
Exchange Management Shell
Exchange 2010 Other Versions
Exchange 2010 Cmdlets
Security Cmdlets
Add-ADPermission Applies to: Exchange Server 2010 SP2
Get-ADPermission
Topic Last Modified: 2012-11-19
Remove-ADPermission
Enable-ExchangeCertificate Use the Import-ExchangeCertificate cmdlet to import a certificate or chain of certificates.
Export-ExchangeCertificate
Get-ExchangeCertificate Syntax
Import-ExchangeCertificate
New-ExchangeCertificate Detailed Description
Remove-ExchangeCertificate
Get-SecurityPrincipal You can use the Import-ExchangeCertificate cmdlet for the following purposes:
Get-Trust
To import a certificate or chain of certificates from a PKCS #7 file that has been issued by a certification authority (CA).
PKCS #7 is the Cryptographic Message Syntax Standard, a syntax used for digitally signing or encrypting data using public
key cryptography, including certificates.
Related Help Topics To import an existing certificate and private key from a PKCS #12 (.pfx or .p12) file to the certificate store on the local
computer. PKCS #12 is the Personal Information Exchange Syntax Standard, a file format used to store certificates with
corresponding private keys protected with a password. The standard is specified by RSA Laboratories. For more
information, see the PKCS #12: Personal Information Exchange Syntax Standard Web site.
Related Blog Articles Important:
There are many factors to consider when you configure certificates for Transport Layer Security (TLS) and Secure
Sockets Layer (SSL) services. You must understand how these factors may affect your overall configuration. Before you
Related Forum Discussions continue, see Understanding TLS Certificates.
Ask a question
Visit the forums Note:
Exchange 2007 In Microsoft Exchange Server 2010, to import data from a file, you must use the Get-Content cmdlet to retrieve file
Exchange 2010 data and use the FileData parameter to specify the retrieved data. This can be done in a two-step process, or in a single
step. Examples shown in this cmdlet use the single-step approach. For more information about importing and
exporting files in Exchange 2010, see Understanding Importing and Exporting Files in the Exchange Management Shell.
The certificate may be published in Active Directory for the purposes of direct trust by using mutual TLS if the following
conditions are true:
The certificate may be published in Active Directory by Edge Subscription if the following conditions are true:
The Import-ExchangeCertificate cmdlet imports either a certificate that's issued from an outstanding request or a PKCS #12 file.
You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this
topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what
permissions you need, see the "Certificate management" entry in the Exchange and Shell Infrastructure Permissions topic.
Parameters
Input Types
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank,
the cmdlet doesnt accept input data.
Return Types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the
Output Type field is blank, the cmdlet doesnt return data.
Examples
EXAMPLE 1
This example imports an existing certificate and private key from the PKCS #12 file ExportedCert.pfx.
EXAMPLE 2
This example imports a chain of certificates from the PKCS #7 file IssuedCert.p7b.
Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | Site Feedback 2013 Microsoft
New-ExchangeCertificate
Exchange 2010 5 out of 10 rated this helpful
Use the New-ExchangeCertificate cmdlet to create a self-signed certificate, renew an existing self-signed certificate, or generate a new certificate request for obtaining a certificate from
a certification authority (CA).
Important:
There are many variables that you must consider when configuring certificates for Secure Sockets Layer (SSL) and Transport Layer Security (TLS). You must understand how these
variables may affect your overall configuration. For more information and before you continue, see Understanding TLS Certificates.
Syntax
Detailed Description
Microsoft Exchange Server 2010 uses certificates for SSL and TLS encryption. The New-ExchangeCertificate cmdlet uses many parameters of type SwitchParameter. For more
information about how to use this parameter type, see "Switch Parameters" in Parameters.
You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if
they're not included in the permissions assigned to you. To see what permissions you need, see the "Certificate management" entry in the Exchange and Shell Infrastructure
Permissions topic.
Parameters
Input Types
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesnt accept input data.
Return Types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesnt return
data.
Examples
EXAMPLE 1
This example runs the New-ExchangeCertificate cmdlet without parameters and generates a self-signed certificate. The certificate has the FQDN of the local computer as the
subject name. This default certificate can be used for direct trust authentication and encryption between Edge Transport servers and Hub Transport servers. The Network Services
local security group is also provided read access to the private key associated with the certificate. In addition, the certificate is published to Active Directory so that Exchange direct
trust can validate the authenticity of the server for mutual TLS.
New-ExchangeCertificate
EXAMPLE 2
This example outputs the certificate request in Base64 format to the command-line console. You must send the certificate request to a CA within the organization, a trusted CA
outside the organization, or a commercial CA. You can do this by pasting the certificate request output in an e-mail message or in the appropriate field on the certificate request
Web page of the CA. You can also save the certificate request to a file using a text editor such as Notepad.
The certificate that results has the following attributes associated with it:
This example is a variation of the certificate request generated in EXAMPLE 2. However, instead of manually copying and pasting the certificate request output produced by the
cmdlet, the Set-Content cmdlet is used to write the request to a file.
The certificate that results has the following attributes associated with it:
In the first step, the New-ExchangeCertificate cmdlet is used to generated the certificate request and save the output in a variable named $Data.
In the second step, the Set-Content cmdlet is used to write data from the variable to the certificate request file MyCertRequest.req in the Docs folder.
EXAMPLE 4
This example creates a DER-encoded certificate request file. The BinaryEncoded parameter is used to generate a DER-encoded certificate request. The Set-Content cmdlet is used
with the Encoding parameter to write the request to a file.
The certificate that results will have the following attributes associated with it:
In the first step, the New-ExchangeCertificate cmdlet is used to generate the certificate request in DER-encoded format and save the output in a variable named $Data.
In the second step, the Set-Content cmdlet is used to write data from the variable to the certificate request file MyCertRequest.req in the Docs folder.
EXAMPLE 5
Community Additions
Set-Content -Path "C:\MyCerRequest.cer" -Value (New-ExchangeCertificate -GenerateRequest -SubjectName 'C=US, O=Woodgrove Bank, CN=mail.woodgrovebank.com' -DomainName
woodgrovebank.com,autodiscover.woodgrovebank.com,legacy.woodgrovebank.com -PrivateKeyExportable $true -KeySize 2048)
Home Online 2013 2010 Other Versions Library Forums Gallery EHLO Blog
TechNet Library
Exchange
Exchange Server 2010 Remove-ExchangeCertificate
Exchange Management Shell
Exchange 2010 Other Versions
Exchange 2010 Cmdlets
Security Cmdlets
Add-ADPermission Applies to: Exchange Server 2010 SP2
Get-ADPermission
Topic Last Modified: 2012-11-19
Remove-ADPermission
Enable-ExchangeCertificate Use the Remove-ExchangeCertificate cmdlet to remove an existing certificate from the local certificate store.
Export-ExchangeCertificate
Get-ExchangeCertificate Important:
Import-ExchangeCertificate
There are many factors to consider when you configure certificates for Transport Layer Security (TLS) and Secure Sockets Layer
New-ExchangeCertificate (SSL) services. You must understand how these factors may affect your overall configuration. Before you continue, read
Remove-ExchangeCertificate Understanding TLS Certificates.
Get-SecurityPrincipal
Get-Trust Syntax
Detailed Description
Related Help Topics You can't remove the certificate that's being used. If you want to replace the default certificate for the server with another
certificate that has the same fully qualified domain name (FQDN), you must create the new certificate first, and then remove the
old certificate.
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank,
the cmdlet doesnt accept input data.
Return Types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the
Output Type field is blank, the cmdlet doesnt return data.
Examples
EXAMPLE 1
Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | Site Feedback 2013 Microsoft
TechNet Products IT Resources Downloads Training Support
TechNet Library
Exchange
Exchange Server 2010 Get-SecurityPrincipal
Exchange Management Shell
Exchange 2010 Other Versions
Exchange 2010 Cmdlets
Security Cmdlets
Add-ADPermission Applies to: Exchange Server 2010 SP2
Get-ADPermission
Topic Last Modified: 2012-12-03
Remove-ADPermission
Enable-ExchangeCertificate Use the Get-SecurityPrincipal cmdlet to return a list of security principals.
Export-ExchangeCertificate
Get-ExchangeCertificate Syntax
Import-ExchangeCertificate
New-ExchangeCertificate Detailed Description
Remove-ExchangeCertificate
Get-SecurityPrincipal Security principals are entities, such as users or security groups, which can be assigned permissions and user rights.
Get-Trust
Related Help Topics Note:
Loading
No resources found. If the IncludeDomainLocalFrom parameter is specified along with the Filter or Identity parameters, the cmdlet doesn't return
...More domain local security groups. This cmdlet is required for internal Exchange Management Console functionality.
Related Blog Articles
The Get-SecurityPrincipal cmdlet is used by the Exchange Management Console and the Exchange Control Panel in Microsoft
Loading
Exchange Server 2010 to populate fields that display recipient information.
No resources found.
Ask a question
You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this
Related Forum Discussions
topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what
Ask a question permissions you need, see the "Active Directory Domain Services server settings" entry in the Exchange and Shell Infrastructure
Visit the forums Permissions topic.
Exchange 2007
Exchange 2010
Parameters
Input Types
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank,
the cmdlet doesnt accept input data.
Return Types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the
Output Type field is blank, the cmdlet doesnt return data.
Examples
EXAMPLE 1
This example retrieves security principals in the OU People, well-known security principals, and domain local groups from the
domain Contoso.com.
EXAMPLE 2
This example retrieves security principals from the Legal department by using the Filter parameter. Only security principals
matching the filter condition are retrieved.
EXAMPLE 3
This example retrieves a single security principal explicitly specified by using the Identity parameter.
EXAMPLE 4
This example retrieves well-known security principals by pipelining the results from the Get-SecurityPrincipal cmdlet to the
Where-Object command. The results are pipelined to the Format-Table command. Only the Name and SID parameters are
selected to be included in the final output.
Note:
The question mark character (?) is an alias for the Where-Object command. Ft is an alias for the Format-Table command.
Both aliases are included by default in the Windows PowerShell command-line interface.
2013 Microsoft
Manage Your Profile
Newsletter|Contact Us|Privacy Statement|Terms of Use|Trademarks|
Site Feedback
TechNet Products IT Resources Downloads Training Support
Home Online 2013 2010 Other Versions Library Forums Gallery EHLO Blog
TechNet Library
Exchange
Exchange Server 2010 Get-Trust
Exchange Management Shell
Exchange 2010 Other Versions
Exchange 2010 Cmdlets
Security Cmdlets
Add-ADPermission Applies to: Exchange Server 2010 SP2
Get-ADPermission
Topic Last Modified: 2012-11-19
Remove-ADPermission
Enable-ExchangeCertificate Use the Get-Trust cmdlet to return external and forest trusts.
Export-ExchangeCertificate
Get-ExchangeCertificate Syntax
Import-ExchangeCertificate
New-ExchangeCertificate Detailed Description
Remove-ExchangeCertificate
Get-SecurityPrincipal The Get-Trust cmdlet is used by the Exchange Management Console and the Exchange Control Panel in Microsoft Exchange
Server 2010 to populate fields that display recipient information.
Get-Trust
You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this
topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what
permissions you need, see the "Active Directory Domain Services server settings" entry in the Exchange and Shell Infrastructure
Related Help Topics
Permissions topic.
Input Types
Related Forum Discussions
Ask a question
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank,
Visit the forums
the cmdlet doesnt accept input data.
Exchange 2007
Exchange 2010
Return Types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the
Output Type field is blank, the cmdlet doesnt return data.
Examples
EXAMPLE 1
Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | Site Feedback 2013 Microsoft