Applies to: Exchange Server 2013

Topic Last Modified: 2012-09-18

Use the Set-EcpVirtualDirectory cmdlet to modify the properties of an Exchange Control Panel (ECP) virtual directory. The ECP virtual directory manages the Exchange Administration Center (EAC).

Warning:
The ECP is the web-based user interface developed for Microsoft Exchange Server 2010. The Exchange Server 2013 Exchange Administration Center cmdlets for virtual directory still use ECP in the name, and the ECP cmdlets can be used to manage Exchange 2010 and Exchange 2013 ECP virtual directories.

For information about the parameter sets in the Syntax section below, see Syntax.

Syntax

Set-EcpVirtualDirectory -Identity <VirtualDirectoryIdParameter> [-AdfsAuthentication <$true | $false>] [-AdminEnabled <$true | $false>] [-BasicAuthentication <$true | $false>] [-Confirm [<SwitchParameter>]] [-DigestAuthentication <$true | $false>] [-DomainController <Fqdn>] [-ExtendedProtectionFlags <MultiValuedProperty>] [-ExtendedProtectionSPNList <MultiValuedProperty>] [-ExtendedProtectionTokenChecking <None | Allow | Require>] [-ExternalAuthenticationMethods <MultiValuedProperty>] [-ExternalUrl <Uri>] [-FormsAuthentication <$true | $false>] [-GzipLevel <Off | Low | High | Error>] [-InternalUrl <Uri>] [-LiveIdAuthentication <$true | $false>] [-OwaOptionsEnabled <$true | $false>] [-WhatIf [<SwitchParameter>]] [-WindowsAuthentication <$true | $false>]

Examples

EXAMPLE 1

This example disables Basic authentication on the default ECP virtual directory on the server Server01.

Copy Code
Set-EcpVirtualDirectory -Identity "Server01\ecp (default Web site)" -BasicAuthentication:$false

EXAMPLE 2

This example turns off the Internet access to the EAC on server CAS01.

Copy Code
Set-EcpVirtualDirectory -Identity "CAS01\ecp (default Web site)" -AdminEnabled $false

Detailed Description

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Exchange Administration Center connectivity" entry in the Exchange and Shell Infrastructure Permissions topic.

Parameters

Parameter Required Type Description

Identity

Required

Microsoft.Exchange.Configuration.Tasks.VirtualDirectoryIdParameter

The Identity parameter specifies the name or GUID of an ECP virtual directory. The Identity parameter is represented as: ServerName\ECP (WebsiteName). To manage the first ECP virtual directory created in an Exchange organization, you must run the Set-EcpVirtualDirectory cmdlet on the computer that includes the first ECP virtual directory. If you create additional ECP virtual directories, you can manage those remotely.

AdfsAuthentication

Optional

System.Boolean

The AdfsAuthentication parameter specifies that the ECP virtual directory allows users to authenticate through Active Directory Federation Services (AD FS) authentication. This parameter accepts $true or $false.

AdminEnabled

Optional

System.Boolean

The AdminEnabled parameter specifies that the EAC isn't able to be accessed through the Internet. For more information, see Turn Off Access to the Exchange Admin Center. This parameter accepts $true or $false.

BasicAuthentication

Optional

System.Boolean

The BasicAuthentication parameter specifies whether Basic authentication is enabled on the ECP virtual directory. This parameter can be used with the FormsAuthentication parameter or with the DigestAuthentication and WindowsAuthentication parameters.

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.

DigestAuthentication

Optional

System.Boolean

The DigestAuthentication parameter specifies whether Digest authentication is enabled on the ECP virtual directory.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.

ExtendedProtectionFlags

Optional

Microsoft.Exchange.Data.MultiValuedProperty

The ExtendedProtectionFlags parameter is used to customize the options you use if you're using Extended Protection for Authentication. The possible values are:

  • None   Default setting.

  • Proxy   Specifies that a proxy is terminating the SSL channel. A Service Principal Name (SPN) must be registered in the ExtendedProtectionSPNList parameter if proxy mode is configured.

  • ProxyCoHosting   Specifies that both HTTP and HTTPS traffic may be accessing the Client Access server and that a proxy is located between at least some of the clients and the Client Access server.

  • AllowDotlessSPN   Specifies whether you want to support valid SPNs that aren't in the fully qualified domain name (FQDN) format, for example ContosoMail. You specify valid SPNs with the ExtendedProtectionSPNList parameter. This option makes extended protection less secure because dotless certificates aren't unique, so it isn't possible to ensure that the client-to-proxy connection was established over a secure channel.

  • NoServiceNameCheck   Specifies that the SPN list won't be checked to validate a channel binding token. This option makes Extended Protection for Authentication less secure. We generally don't recommend this setting.

ExtendedProtectionSPNList

Optional

Microsoft.Exchange.Data.MultiValuedProperty

The ExtendedProtectionSPNList parameter specifies a list of valid Service Principal Names (SPNs) if you're using Extended Protection for Authentication on the specified virtual directory.

The possible values are:

  • Null   This is the default value.

  • Single SPN or comma delimited list of valid SPNs   By default, you must specify the fully qualified domain name (FQDN) (for example mail.contoso.com) for each SPN. If you want to add an SPN that's not an FQDN (for example, ContosoMail), you must also use the ExtendedProtectionTokenChecking parameter with the AllowDotlessSPN value. You specify the domain in SPN format. The SPN format is <protocol>/<FQDN>. For example, a valid entry could be HTTP/mail.contoso.com.

ExtendedProtectionTokenChecking

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.ExtendedProtectionTokenCheckingMode

The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the specified Exchange virtual directory. Extended Protection for Authentication isn't enabled by default. The available settings are:

  • None   Extended Protection for Authentication won't be used. Connections between the client and Exchange won't use Extended Protection for Authentication on this virtual directory. This is the default setting.

  • Allow   Extended Protection for Authentication will be used for connections between the client and Exchange on this virtual directory if both the client and server support Extended Protection for Authentication. Connections that don't support Extended Protection for Authentication on the client and server will work, but may not be as secure as a connection using Extended Protection for Authentication.

Note:
If you have a proxy server between the client and the Client Access server that's configured to terminate the client-to-proxy SSL channel, you must also configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
  • Require   Extended Protection for Authentication will be used for all connections between clients and Exchange servers for this virtual directory. If either the client or server doesn't support Extended Protection for Authentication, the connection between the client and server will fail. If you set this option, you must also set a value for the ExtendedProtectionSPNList parameter.

Note:
If you have a proxy server between the client and the Client Access server that's configured to terminate the client-to-proxy SSL channel, you must also configure one or more SPNs using the parameter ExtendedProtectionSPNList.

ExternalAuthenticationMethods

Optional

Microsoft.Exchange.Data.MultiValuedProperty

The ExternalAuthenticationMethods parameter specifies the authentication methods supported on the Exchange server from outside the firewall.

ExternalUrl

Optional

System.Uri

The ExternalUrl parameter specifies the host name used to connect to the Exchange server from outside the firewall. This setting is also important when Secure Sockets Layer (SSL) is used. This parameter must be set to allow the Autodiscover service to return the URL for the ECP virtual directory.

FormsAuthentication

Optional

System.Boolean

The FormsAuthentication parameter specifies whether forms-based authentication is enabled on the ECP virtual directory.

If the FormsAuthentication parameter is set to $true, the BasicAuthentication parameter is set to $true, and the DigestAuthentication and WindowsAuthentication parameters are set to $false.

GzipLevel

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.GzipLevel

The GzipLevel parameter sets Gzip configuration information for the ECP virtual directory.

InternalUrl

Optional

System.Uri

The InternalUrl parameter specifies the host name of the Exchange server for connections from inside the firewall. This setting is also important when SSL is used. This parameter must be set to allow the Autodiscover service to return the URL for the ECP virtual directory.

LiveIdAuthentication

Optional

System.Boolean

The LiveIdAuthentication parameter specifies whether Microsoft account (formerly known as Windows Live ID) authentication is enabled for the ECP virtual directory.

OwaOptionsEnabled

Optional

System.Boolean

The OwaOptionsEnabled parameter specifies that Outlook Web Access Options is enabled for end users. If this parameter is set to $false, users aren't able to access Outlook Web Access Options. You may want to disable access if your organization uses third-party provider tools. This parameter accepts $true or $false.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

WindowsAuthentication

Optional

System.Boolean

The WindowsAuthentication parameter specifies whether Integrated Windows authentication is permitted on the ECP virtual directory.

Input Types

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

Return Types

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.