Set-WebServicesVirtualDirectory

This cmdlet is available only in on-premises Exchange. Use the Set-WebServicesVirtualDirectory cmdlet to modify existing Exchange Web Services virtual directories that are used in Internet Information Services (IIS) on Microsoft Exchange servers. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax (https://technet.microsoft.com/library/bb123552.aspx).

Syntax

Set-WebServicesVirtualDirectory
   [-Identity] <VirtualDirectoryIdParameter>
   [-BasicAuthentication <$true | $false>]
   [-CertificateAuthentication <$true | $false>]
   [-Confirm]
   [-DigestAuthentication <$true | $false>]
   [-DomainController <Fqdn>]
   [-ExtendedProtectionFlags <MultiValuedProperty>]
   [-ExtendedProtectionSPNList <MultiValuedProperty>]
   [-ExtendedProtectionTokenChecking <None | Allow | Require>]
   [-ExternalUrl <Uri>]
   [-Force]
   [-GzipLevel <Off | Low | High | Error>]
   [-InternalNLBBypassUrl <Uri>]
   [-InternalUrl <Uri>]
   [-MRSProxyEnabled <$true | $false>]
   [-MRSProxyMaxConnections <Unlimited>]
   [-UpdateManagementVirtualDirectory]
   [-WhatIf]
   [-WindowsAuthentication <$true | $false>]
   [-WSSecurityAuthentication <$true | $false>]
   [-OAuthAuthentication <$true | $false>]
   [<CommonParameters>]

Description

You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://technet.microsoft.com/library/mt432940.aspx).

Examples

-------------------------- Example 1 --------------------------

Set-WebServicesVirtualDirectory -Identity Contoso\EWS(Default Web Site) -ExternalUrl https://www.contoso.com/EWS/exchange.asmx -BasicAuthentication $true -InternalUrl https://contoso.internal.com/EWS/exchange.asmx

This example sets the authentication method to Basic authentication for the virtual directory EWS on the server Contoso. This example also sets the external and internal URLs for this virtual directory.

-------------------------- Example 2 --------------------------

Set-WebServicesVirtualDirectory -Identity Contoso\EWS* -ExternalUrl https://www.contoso.com/EWS/exchange.asmx

This example uses a wildcard character instead of "Default Web site" as was used in Example 1.

-------------------------- Example 3 --------------------------

Set-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -MRSProxyEnabled $true

This example enables MRSProxy on the EWS default website. MRSProxy is the service responsible for assisting in remote mailbox moves.

Required Parameters

-Identity

The Identity parameter specifies the Exchange Web Services virtual directory that you want to view.

You can use any value that uniquely identifies the virtual directory. For example:

  • Name or <Server>\Name

  • Distinguished name (DN)

  • GUID

The Name value uses the syntax "<VirtualDirectoryName> (<WebsiteName>)" from the properties of the virtual directory. You can specify the wildcard character (*) instead of the default website by using the syntax <VirtualDirectoryName>*.

Type:VirtualDirectoryIdParameter
Position:1
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016

Optional Parameters

-BasicAuthentication

The BasicAuthentication parameter specifies whether Basic authentication is enabled on the virtual directory. Valid values are:

  • $true: Basic authentication is enabled. This is the default value.

  • $false: Basic authentication is disabled.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-CertificateAuthentication

The CertificateAuthentication parameter specifies whether certificate authentication is enabled. This parameter affects the <Servername>/ews/management/ virtual directory. It doesn't affect the <Servername>/ews/ virtual directory.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-Confirm

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.

  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-DigestAuthentication

The DigestAuthentication parameter specifies whether Digest authentication is enabled on the virtual directory. Valid values are:

  • $true: Digest authentication is enabled.

  • $false: Digest authentication is disabled. This is the default value.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-DomainController

The DomainController parameter specifies the domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the domain controller by its fully qualified domain name (FQDN). For example, dc01.contoso.com.

Type:Fqdn
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-ExtendedProtectionFlags

The ExtendedProtectionFlags parameter specifies custom settings for Extended Protection for Authentication on the virtual directory. Valid values are:

  • None: This is the default setting.

  • AllowDotlessSPN: Required if you want to use Service Principal Name (SPN) values that don't contain FQDNs (for example, HTTP/ContosoMail instead of HTTP/mail.contoso.com). You specify SPNs with the ExtendedProtectionSPNList parameter. This setting makes Extended Protection for Authentication less secure because dotless certificates aren't unique, so it isn't possible to ensure that the client-to-proxy connection was established over a secure channel.

  • NoServiceNameCheck: The SPN list isn't checked to validate a channel binding token. This setting makes Extended Protection for Authentication less secure. We generally don't recommend this setting.

  • Proxy: A proxy server is responsible for terminating the SSL channel. To use this setting, you need to register an SPN by using the ExtendedProtectionSPNList parameter.

  • ProxyCoHosting: HTTP and HTTPS traffic may be accessing the virtual directory and a proxy server is located between at least some of the clients and the Client Access services on the Exchange server.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-ExtendedProtectionSPNList

The ExtendedProtectionSPNList parameter specifies a list of valid Service Principal Names (SPNs) if you're using Extended Protection for Authentication on the virtual directory. Valid values are:

  • $null: This is the default value.

  • Single SPN or comma delimited list of valid SPNs: The SPN value format is <protocol>/<FQDN>. For example, HTTP/mail.contoso.com. To add an SPN that's not an FQDN (for example, HTTP/ContosoMail), you also need to use the AllowDotlessSPN value for the ExtendedProtectionFlags parameter.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-ExtendedProtectionTokenChecking

The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values are:

  • None: Extended Protection for Authentication isn't be used on the virtual directory. This is the default value.

  • Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory if both the client and server support it. Connections that don't support Extended Protection for Authentication will work, but may not be as secure as connections that use Extended Protection for Authentication.

  • Require: Extended Protection for Authentication is used for all connections between clients and the virtual directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also need to set an SPN value for the ExtendedProtectionSPNList parameter.

Note:

If you use the value Allow or Require, and you have a proxy server between the client and the Client Access services on the Mailbox server that's configured to terminate the client-to-proxy SSL channel, you also need to configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.

Type:None | Allow | Require
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-ExternalUrl

The ExternalURL parameter specifies the URL that's used to connect to the virtual directory from outside the firewall.

This setting is important when Secure Sockets Layer (SSL) is used.

Type:Uri
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-Force

The Force switch specifies whether to suppress warning or confirmation messages. You can use this switch to run tasks programmatically where prompting for administrative input is inappropriate. You don't need to specify a value with this switch.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-GzipLevel

The GzipLevel parameter sets the Gzip configuration for the Exchange Web Services virtual directory. Valid values are:

  • Off: No compression.

  • Low: Static compression only. This is the default value. This value has the same result as the Off value, because Exchange Web Services content is dynamic.

  • High: Static and dynamic compression. Content from Exchange Web Services is compressed if clients indicate support for Gzip compression in their requests.

  • Error: Identifies errors in the Gzip compression configuration.

Type:Off | Low | High | Error
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-InternalNLBBypassUrl

The InternalNLBBypassUrl parameter specifies the URL of the Exchange server that has the Client Access server role installed, regardless of whether it's behind a Network Load Balancing (NLB) array or not.

When you set the InternalUrl parameter to the URL of the NLB array, you should set the InternalNLBBypassUrl parameter to the URL of the Client Access server itself.

Type:Uri
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-InternalUrl

The InternalURL parameter specifies the URL that's used to connect to the virtual directory from inside the firewall.

This setting is important when SSL is used.

Type:Uri
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-MRSProxyEnabled

The MRSProxyEnabled parameter specifies whether to enable MRSProxy for the Exchange Web Services virtual directory on Exchange servers that have the Client Access server role installed. MRSProxy helps to proxy mailbox moves between Active Directory forests. The default value is $false.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-MRSProxyMaxConnections

The MRSProxyMaxConnections parameter specifies the maximum number of simultaneous move sessions that an instance of MRSProxy will accept. This setting accepts values from 0 to unlimited. The default value is 100. For more information about MRSProxy, see Understanding Move Requests.

Type:Unlimited
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010
-OAuthAuthentication

The OAuthAuthentication parameter specifies whether OAuth authentication is enabled on the virtual directory. Valid values are:

  • $true: OAuth authentication is enabled. This is the default value.

  • $false: OAuth authentication is disabled.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016
-UpdateManagementVirtualDirectory

The UpdateManagementVirtualDirectory parameter makes sure that the Exchange Web Services objects in Active Directory and the respective objects in Internet Information Services (IIS) are up to date and consistent.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010
-WSSecurityAuthentication

The WSSecurityAuthentication parameter specifies whether WS-Security (Web Services Security) authentication is enabled on the virtual directory. Valid values are:

  • $true: WS-Security authentication is enabled. This is the default value.

  • $false: WS-Security authentication is disabled.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-WhatIf

The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016
-WindowsAuthentication

The WindowsAuthentication parameter specifies whether Integrated Windows authentication is enabled on the virtual directory. Valid values are:

  • $true: Integrated Windows authentication is enabled. This is the default value.

  • $false: Integrated Windows authentication is disabled.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2010, Exchange Server 2013, Exchange Server 2016

Inputs

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types (https://go.microsoft.com/fwlink/p/?LinkId=616387). If the Input Type field for a cmdlet is blank, the cmdlet doesn't accept input data.

Outputs

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types (https://go.microsoft.com/fwlink/p/?LinkId=616387). If the Output Type field is blank, the cmdlet doesn't return data.