Adding and removing authentication types for OWA may not be an everyday task, in fact these permissions may never change. However, if you need to change them, usually these need to be consistent for all servers hosting OWA. The same authentication types also need to be configured on the ECP Virtual directory as well.
The purpose of this script is to provide a simple menu driven approach to performing those tasks, whether in a production or test environment. The script allows modification of these authentication methods:
- ADFS Authentication
- Basic Authentication
- Digest Authentication
- Forms Authentication
- Windows Authentication
- OAuth Authentication
Script Menu
Notice that along with changing the OWA Virtual Directory Authentication, you can reset IIS or check what the current settings are for authentication.
Notice these are not default authentication settings. LiveID is not included as the Set-Command will not allow configuration.
Script In Action
ADFS Authentication Change
IIS Reset
All of the authentication changes require IISReset’s and being able to run a /noforce reset or a force reset of IIS can come into play after your changes have been made.
The Script
<#
.SYNOPSIS
This script will modify the various Authentication settings for the OWA virtual directory
.DESCRIPTION
.NOTES
Version : 1.0
Wish list :
Rights Required : Local admin on server
Sched Task Req'd : No
Exchange Version : 2013
Author : Just A UC Guy [JAUCG]
Email/Blog/Twitter : ( ) http://justaucguy.wordpress.com/
Dedicated Blog : http://justaucguy.wordpress.com/
Disclaimer : You are on your own. This was not written by, support by, or endorsed by Microsoft.
Info Stolen from : None, all hand written code.
.LINK
[TBD]
.EXAMPLE
.\Changes-OWAAuthSettings
.INPUTS
None. You cannot pipe objects to this script.
#>
param(
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false)]
[string] $strFilenameTranscript = $MyInvocation.MyCommand.Name + " " + (hostname)+ " {0:yyyy-MM-dd hh-mmtt}.log" -f (Get-Date),
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$true, Mandatory=$false)]
[string] $TargetFolder = "c:\Install",
# [string] $TargetFolder = $Env:Temp
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false)]
[bool] $WasInstalled = $false,
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false)]
[bool] $RebootRequired = $false,
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false)]
[string] $opt = "None",
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false)]
[bool] $HasInternetAccess = ([Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]'{DCB00C01-570F-4A9B-8D69-199FDBA5723B}')).IsConnectedToInternet)
)
Start-Transcript -path .\$strFilenameTranscript | Out-Null
$error.clear()
Clear-Host
Pushd
[string] $menu = @'
***********************************************************
OWA Virtual Directory Configuration Menu
***********************************************************
(1) ADFS Authentication
(2) Basic Authentication
(3) Digest Authentication
(4) Forms Authentication
(5) Windows Authentication
(6) OAuth Authentication
Resetting IIS
(7) Perform an IIS Reset /noforce
(8) Restart IIS forcefully
Authentication Check
(9) Status of Authentication Settings
Select an option.. [1-9 or 99]?
'@
function adfsauthentication {
write-host "Processing ..." -ForegroundColor Red
write-host " "
$value = get-owavirtualdirectory
write-host "Currently ADFS Authentication is set to:"
foreach ($line in $value) {$line.servername+","+$line.adfsauthentication}
write-host "Do you want to change you the ADFS Authentication setting: " -ForegroundColor green -NoNewline
$choice = read-host
if ($choice -eq "y") {
write-host "What value would you like to make it? Valid choices are " -nonewline
write-host '<$true | $false> ' -ForegroundColor green -nonewline
[string]$adfsauth = read-host
$value2 = get-ecpvirtualdirectory
if ($adfsauth -eq '$true') {
foreach ($line in $value2) {
$name = $line.server.name
if ($line.adfsauthentication -eq $false ) {
write-host "The ECP Virtual Directory needs to be configured as '$true' on $name in order for this to work. Would you like to configure that now? " -nonewline -ForegroundColor yellow
$ecp = read-host
if ($ecp -eq "y") {
get-ecpvirtualdirectory -server $name | set-ecpvirtualdirectory -adfsauthentication $true
get-owavirtualdirectory -server $name | set-owavirtualdirectory -adfsauthentication $true
} else {
write-host "Change not made!" -ForegroundColor red
}
} else {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -adfsauthentication $true
}
}
} else {
foreach ($line in $value2) {
$name = $line.server.name
if ($line.adfsauthentication -eq $true ) {
write-host "The ECP Virtual Directory needs to be configured as '$false' on $name in order for this to work. Would you like to configure that now? " -nonewline -ForegroundColor yellow
$ecp = read-host
if ($ecp -eq "y") {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -adfsauthentication $false
get-ecpvirtualdirectory -server $name | set-ecpvirtualdirectory -adfsauthentication $false
} else {
write-host "Change not made!" -ForegroundColor red
}
} else {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -adfsauthentication $false
}
}
}
}
write-host " "
write-host "ADFS Authentication - After:" -foregroundcolor cyan
Get-OwaVirtualDirectory |ft servername,adfs* -auto
}
function basicauthentication {
write-host "Processing ..." -ForegroundColor Red
write-host " "
$value = get-owavirtualdirectory
write-host "Currently Basic Authentication is set to:"
foreach ($line in $value) {$line.servername+","+$line.basicauthentication}
write-host "Do you want to change you the Basic Authentication setting: " -ForegroundColor green -NoNewline
$choice = read-host
if ($choice -eq "y") {
write-host "What value would you like to make it? Valid choices are " -nonewline
write-host '<$true | $false> ' -ForegroundColor green -nonewline
[string]$basicauth = read-host
$value2 = get-ecpvirtualdirectory
if ($basicauth -eq '$true') {
foreach ($line in $value2) {
$name = $line.server.name
if ($line.basicauthentication -eq $false ) {
write-host "The ECP Virtual Directory needs to be configured as '$true' on $name in order for this to work. Would you like to configure that now? " -nonewline -ForegroundColor yellow
$ecp = read-host
if ($ecp -eq "y") {
get-ecpvirtualdirectory -server $name | set-ecpvirtualdirectory -basicauthentication $true
get-owavirtualdirectory -server $name | set-owavirtualdirectory -basicauthentication $true
} else {
write-host "Change not made!" -ForegroundColor red
}
} else {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -basicauthentication $true
}
}
} else {
foreach ($line in $value2) {
$name = $line.server.name
if ($line.basicauthentication -eq $true ) {
write-host "The ECP Virtual Directory needs to be configured as '$false' on $name in order for this to work. Would you like to configure that now? " -nonewline -ForegroundColor yellow
$ecp = read-host
if ($ecp -eq "y") {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -basicauthentication $false
get-ecpvirtualdirectory -server $name | set-ecpvirtualdirectory -basicauthentication $false
} else {
write-host "Change not made!" -ForegroundColor red
}
} else {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -basicauthentication $false
}
}
}
}
write-host " "
write-host "Basic Authentication - After:" -foregroundcolor cyan
Get-OwaVirtualDirectory |ft servername,basic* -auto
}
function digestauthentication {
write-host "Processing ..." -ForegroundColor Red
write-host " "
$value = get-owavirtualdirectory
write-host "Currently digest Authentication is set to:"
foreach ($line in $value) {$line.servername+","+$line.digestauthentication}
write-host "Do you want to change you the Digest Authentication setting: " -ForegroundColor green -NoNewline
$choice = read-host
if ($choice -eq "y") {
write-host "What value would you like to make it? Valid choices are " -nonewline
write-host '<$true | $false> ' -ForegroundColor green -nonewline
[string]$digestauth = read-host
$value2 = get-ecpvirtualdirectory
if ($digestauth -eq '$true') {
foreach ($line in $value2) {
$name = $line.server.name
if ($line.digestauthentication -eq $false ) {
write-host "The ECP Virtual Directory needs to be configured as '$true' on $name in order for this to work. Would you like to configure that now? " -nonewline -ForegroundColor yellow
$ecp = read-host
if ($ecp -eq "y") {
get-ecpvirtualdirectory -server $name | set-ecpvirtualdirectory -digestauthentication $true
get-owavirtualdirectory -server $name | set-owavirtualdirectory -digestauthentication $true
} else {
write-host "Change not made!" -ForegroundColor red
}
} else {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -digestauthentication $true
}
}
} else {
foreach ($line in $value2) {
$name = $line.server.name
if ($line.digestauthentication -eq $true ) {
write-host "The ECP Virtual Directory needs to be configured as '$false' on $name in order for this to work. Would you like to configure that now? " -nonewline -ForegroundColor yellow
$ecp = read-host
if ($ecp -eq "y") {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -digestauthentication $false
get-ecpvirtualdirectory -server $name | set-ecpvirtualdirectory -digestauthentication $false
} else {
write-host "Change not made!" -ForegroundColor red
}
} else {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -digestauthentication $false
}
}
}
}
write-host " "
write-host "Digest Authentication - After:" -foregroundcolor cyan
Get-OwaVirtualDirectory |ft servername,digest* -auto
}
function formsauthentication {
write-host "Processing ..." -ForegroundColor Red
write-host " "
$value = get-owavirtualdirectory
write-host "Currently forms Authentication is set to:"
foreach ($line in $value) {$line.servername+","+$line.formsauthentication}
write-host "Do you want to change you the Forms Authentication setting: " -ForegroundColor green -NoNewline
$choice = read-host
if ($choice -eq "y") {
write-host "What value would you like to make it? Valid choices are " -nonewline
write-host '<$true | $false> ' -ForegroundColor green -nonewline
[string]$formsauth = read-host
$value2 = get-ecpvirtualdirectory
if ($formsauth -eq '$true') {
foreach ($line in $value2) {
$name = $line.server.name
if ($line.formsauthentication -eq $false ) {
write-host "The ECP Virtual Directory needs to be configured as '$true' on $name in order for this to work. Would you like to configure that now? " -nonewline -ForegroundColor yellow
$ecp = read-host
if ($ecp -eq "y") {
get-ecpvirtualdirectory -server $name | set-ecpvirtualdirectory -formsauthentication $true
get-owavirtualdirectory -server $name | set-owavirtualdirectory -formsauthentication $true
} else {
write-host "Change not made!" -ForegroundColor red
}
} else {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -formsauthentication $true
}
}
} else {
foreach ($line in $value2) {
$name = $line.server.name
if ($line.formsauthentication -eq $true ) {
write-host "The ECP Virtual Directory needs to be configured as '$false' on $name in order for this to work. Would you like to configure that now? " -nonewline -ForegroundColor yellow
$ecp = read-host
if ($ecp -eq "y") {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -formsauthentication $false
get-ecpvirtualdirectory -server $name | set-ecpvirtualdirectory -formsauthentication $false
} else {
write-host "Change not made!" -ForegroundColor red
}
} else {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -formsauthentication $false
}
}
}
}
write-host " "
write-host "Forms Authentication - After:" -foregroundcolor cyan
Get-OwaVirtualDirectory |ft servername,forms* -auto
}
function Windowsauthentication {
write-host "Processing ..." -ForegroundColor Red
write-host " "
$value = get-owavirtualdirectory
write-host "Currently Windows Authentication is set to:"
foreach ($line in $value) {$line.servername+","+$line.Windowsauthentication}
write-host "Do you want to change you the Windows Authentication setting: " -ForegroundColor green -NoNewline
$choice = read-host
if ($choice -eq "y") {
write-host "What value would you like to make it? Valid choices are " -nonewline
write-host '<$true | $false> ' -ForegroundColor green -nonewline
[string]$Windowsauth = read-host
$value2 = get-ecpvirtualdirectory
if ($Windowsauth -eq '$true') {
foreach ($line in $value2) {
$name = $line.server.name
if ($line.Windowsauthentication -eq $false ) {
write-host "The ECP Virtual Directory needs to be configured as '$true' on $name in order for this to work. Would you like to configure that now? " -nonewline -ForegroundColor yellow
$ecp = read-host
if ($ecp -eq "y") {
get-ecpvirtualdirectory -server $name | set-ecpvirtualdirectory -Windowsauthentication $true
get-owavirtualdirectory -server $name | set-owavirtualdirectory -Windowsauthentication $true
} else {
write-host "Change not made!" -ForegroundColor red
}
} else {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -Windowsauthentication $true
}
}
} else {
foreach ($line in $value2) {
$name = $line.server.name
if ($line.Windowsauthentication -eq $true ) {
write-host "The ECP Virtual Directory needs to be configured as '$false' on $name in order for this to work. Would you like to configure that now? " -nonewline -ForegroundColor yellow
$ecp = read-host
if ($ecp -eq "y") {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -Windowsauthentication $false
get-ecpvirtualdirectory -server $name | set-ecpvirtualdirectory -Windowsauthentication $false
} else {
write-host "Change not made!" -ForegroundColor red
}
} else {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -Windowsauthentication $false
}
}
}
}
write-host " "
write-host "Windows Authentication - After:" -foregroundcolor cyan
Get-OwaVirtualDirectory |ft servername,Windows* -auto
}
function oauthauthentication {
write-host "Processing ..." -ForegroundColor Red
write-host " "
$value = get-owavirtualdirectory
write-host "Currently oauth Authentication is set to:"
foreach ($line in $value) {$line.servername+","+$line.oauthauthentication}
write-host "Do you want to change you the OAuth Authentication setting: " -ForegroundColor green -NoNewline
$choice = read-host
if ($choice -eq "y") {
write-host "What value would you like to make it? Valid choices are " -nonewline
write-host '<$true | $false> ' -ForegroundColor green -nonewline
[string]$oauthauth = read-host
$value2 = get-ecpvirtualdirectory
if ($oauthauth -eq '$true') {
foreach ($line in $value2) {
$name = $line.server.name
if ($line.oauthauthentication -eq $false ) {
write-host "The ECP Virtual Directory needs to be configured as '$true' on $name in order for this to work. Would you like to configure that now? " -nonewline -ForegroundColor yellow
$ecp = read-host
if ($ecp -eq "y") {
get-ecpvirtualdirectory -server $name | set-ecpvirtualdirectory -oauthauthentication $true
get-owavirtualdirectory -server $name | set-owavirtualdirectory -oauthauthentication $true
} else {
write-host "Change not made!" -ForegroundColor red
}
} else {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -oauthauthentication $true
}
}
} else {
foreach ($line in $value2) {
$name = $line.server.name
if ($line.oauthauthentication -eq $true ) {
write-host "The ECP Virtual Directory needs to be configured as '$false' on $name in order for this to work. Would you like to configure that now? " -nonewline -ForegroundColor yellow
$ecp = read-host
if ($ecp -eq "y") {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -oauthauthentication $false
get-ecpvirtualdirectory -server $name | set-ecpvirtualdirectory -oauthauthentication $false
} else {
write-host "Change not made!" -ForegroundColor red
}
} else {
get-owavirtualdirectory -server $name | set-owavirtualdirectory -oauthauthentication $false
}
}
}
}
write-host " "
write-host "OAuth Authentication - After:" -foregroundcolor cyan
Get-OwaVirtualDirectory |ft servername,oauth* -auto
}
function currentstatus {
write-host " "
write-host "The current Authentication settings are as follows:" -ForegroundColor Cyan
write-host " "
get-clientaccessserver | Get-OwaVirtualDirectory |fl server,*authentication
}
Do {
if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}
$opt = Read-Host $menu
switch ($opt) {
1 { ADFSAuthentication }
2 { BasicAuthentication }
3 { DigestAuthentication }
4 { FormsAuthentication }
5 { WindowsAuthentication }
6 { OAuthAuthentication }
7 { invoke-command -scriptblock {iisreset /noforce /timeout:30} }
8 { Restart-Service W3SVC,WAS -force}
9 { currentstatus }
99 {# Exit
popd
Write-Host "Exiting..."
Stop-Transcript
}
default {Write-Host "You haven't selected any of the available options. "}
}
} while ($opt -ne 99)
Feel free to download the script from HERE.
Update
I’ve also posted it to the TechNet Gallery under Exchange 2013.
Hello, I receive the following error:
Select an option.. [1-9 or 99]?: 1
Processing …
Currently ADFS Authentication is set to:
WIN2012DEV03,False
Do you want to change you the ADFS Authentication setting: Y
What value would you like to make it? Valid choices are $true
A parameter cannot be found that matches parameter name ‘adfsauthentication’.
+ CategoryInfo : InvalidArgument: (:) [Set-OwaVirtualDirectory], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Set-OwaVirtualDirectory
+ PSComputerName : win2012dev03.test2012.dom
ADFS Authentication – After:
ServerName AdfsAuthentication
———- ——————
WIN2012DEV03 False
The same happens with the “raw” command:
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -AdfsAuthentication $true -BasicAuthentication $false -DigestAuthentication $false -FormsAuthentication $false -WindowsAuthentication $false -OAuthAuthentication $false
The similar setting on ECP instead works fine… Why ???
If I choose option 9:
The current Authentication settings are as follows:
Server : WIN2012DEV03
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
So AdfsAuthentication is there!
What version of Exchange are you running this on? I’ve tested it with Exchange 2013 and 2016 with no issues.
Since I was trying the trial Sharepoint 2013 version available on the Microsoft site, I didn’t notice that it is the oldest version! So after upgrading to CU11 version, everything works fine. So it was a bug in Sharepoint. Thank you for the good work, the script worked very fine!