Sık Kullanılan Exchange Sertifika Console Komutları

My Collection
This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without
notice. This document does not provide you with any legal rights to any intellectual property in any Microsoft product or product name. You may copy and use
this document for your internal, reference purposes. You may modify this document for your internal, reference purposes. 2013 Microsoft. All rights reserved.
Terms of Use (http://technet.microsoft.com/cc300389.aspx) | Trademarks (http://www.microsoft.com/library/toolbar/3.0/trademarks/en-us.mspx)
Table Of Contents
Chapter 1
Security Cmdlets
Chapter 1
Security Cmdlets
Exchange 2010
Applies to: Exchange Server 2010 SP2
Topic Last Modified: 2011-10-13
Add-ADPermission1
Get-ADPermission2
Remove-ADPermission3
Enable-ExchangeCertificate4
Export-ExchangeCertificate5
Get-ExchangeCertificate6
Import-ExchangeCertificate7
New-ExchangeCertificate8
Remove-ExchangeCertificate9
Get-SecurityPrincipal10
Get-Trust11
2010MicrosoftCorporation.Allrightsreserved.
Links Table
1http://technet.microsoft.com/en-us/library/bb124403(v=exchg.141).aspx
3http://technet.microsoft.com/en-us/library/aa996048(v=exchg.141).aspx
10http://technet.microsoft.com/en-us/library/dd298162(v=exchg.141).aspx
11http://technet.microsoft.com/en-us/library/dd335185(v=exchg.141).aspx
2013Microsoft.Allrightsreserved.
TechNet Products IT Resources Downloads Training Support
United States (English) Sign in
Home Online 2013 2010 Other Versions Library Forums Gallery EHLO Blog
TechNet Library
Exchange
Exchange Server 2010 Add-ADPermission
Exchange Management Shell
Exchange 2010 Other Versions
Exchange 2010 Cmdlets
Security Cmdlets
Add-ADPermission Applies to: Exchange Server 2010 SP2
Get-ADPermission
Remove-ADPermission
Enable-ExchangeCertificate Use the Add-ADPermission cmdlet to add permissions to an Active Directory object.
Export-ExchangeCertificate
Get-ExchangeCertificate Syntax
Import-ExchangeCertificate
New-ExchangeCertificate Detailed Description
Remove-ExchangeCertificate
Get-SecurityPrincipal The ADPermission cmdlets can be used to directly modify Active Directory access control lists (ACLs). Although some Microsoft
Exchange Server 2010 features may continue to use the ADPermission cmdlets to manage permissions, for example transport
Get-Trust
Send and Receive connectors, Exchange 2010 no longer uses customized ACLs to manage administrative permissions. If you want
to grant or deny administrative permissions in Exchange 2010, you must use the Role Based Access Control (RBAC) management
cmdlets. For more information about RBAC, see Understanding Role Based Access Control.
Related Help Topics

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this
topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what
permissions you need, see the "Legacy permissions" entry in the Role Management Permissions topic.
Related Blog Articles
Parameters
Related Forum Discussions
Ask a question
Input Types
Visit the forums
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank,
Exchange 2007
the cmdlet doesnt accept input data.
Exchange 2010
Return Types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the
Output Type field is blank, the cmdlet doesnt return data.
Examples
EXAMPLE 1
This example grants Send As permissions for Aaron Painter to Ellen Adams's mailbox.
Add-ADPermission -Identity "Ellen Adams" -User AaronPainter -AccessRights ExtendedRight

-ExtendedRights "send as"
EXAMPLE 2
This example configures the IP Secured Inbound Receive connector to accept anonymous SMTP messages.
Caution:
This example assumes that another security mechanism is used to ensure the Receive connector can't be used to send
unsolicited commercial e-mail messages. We recommend that you don't allow external clients to send messages
anonymously through a Receive connector.
Add-AdPermission "IP Secured Inbound" -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRig

hts ms-Exch-SMTP-Submit,ms-Exch-SMTP-Accept-Any-Recipient,ms-Exch-Bypass-Anti-Spam
2010 Microsoft Corporation. All rights reserved.
Did you find this helpful? Yes No
Community Additions ADD
Manage Your Profile
Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | Site Feedback 2013 Microsoft
TechNet Library
Exchange
Exchange Server 2010 Get-ADPermission
Security Cmdlets
Get-ADPermission
Remove-ADPermission
Enable-ExchangeCertificate Use the Get-ADPermission cmdlet to get permissions on an Active Directory object.
Get-Trust
Send and Receive connectors, Exchange no longer uses customized ACLs to manage administrative permissions. If you want to
grant or deny administrative permissions in Exchange 2010, you must use the Role Based Access Control (RBAC) management
Related Help Topics

Parameters
Ask a question
Input Types
Visit the forums
Exchange 2007
Exchange 2010
Return Types
Examples
EXAMPLE 1
This example returns the permissions that have been applied to the user Ed.
Get-ADPermission -Identity Ed
EXAMPLE 2
This example returns the permissions that have been granted to the user Chris on the Contoso.com Receive connector.
Get-ADPermission "Contoso.com" -User Chris

Manage Your Profile
TechNet Library
Exchange
Exchange Server 2010 Remove-ADPermission
Security Cmdlets
Get-ADPermission
Remove-ADPermission
Enable-ExchangeCertificate Use the Remove-ADPermission cmdlet to remove permissions from an Active Directory object.
Get-Trust
Send and Receive connectors, Exchange no longer uses customized ACLs to manage administrative permissions. If you want to
grant or deny administrative permissions in Exchange 2010, you must use the Role Based Access Control (RBAC) management
Related Help Topics

Parameters
Ask a question
Input Types
Visit the forums
Exchange 2007
Exchange 2010
Return Types
Examples
EXAMPLE 1
This example removes the Send As permissions from user Kim on the user Administrator.
Remove-ADPermission -Identity Administrator -User Kim -ExtendedRights "send as"
EXAMPLE 2
This example removes the ability for anonymous users to send messages through the Receive connector IP Secured Inbound.
Remove-ADPermission "IP Secured Inbound" -User "NT AUTHORITY\ANONYMOUS LOGON" -Extended

Rights ms-Exch-SMTP-Submit,ms-Exch-SMTP-Accept-Any-Recipient,ms-Exch-Bypass-Anti-Spam

Manage Your Profile
TechNet Library
Exchange
Exchange Server 2010 Enable-ExchangeCertificate
Security Cmdlets
Get-ADPermission
Remove-ADPermission
Enable-ExchangeCertificate Use the Enable-ExchangeCertificate cmdlet to enable an existing certificate in the local certificate store for Exchange services such
Export-ExchangeCertificate as Internet Information Services (IIS), SMTP, POP, IMAP, and Unified Messaging (UM).
Get-ExchangeCertificate
Important:
New-ExchangeCertificate There are many factors to consider when you configure certificates for Transport Layer Security (TLS) and Secure Sockets Layer
Remove-ExchangeCertificate (SSL) services. You must understand how these factors may affect your overall configuration. Before you continue, read
Understanding TLS Certificates.
Get-SecurityPrincipal
Don't use the Enable-ExchangeCertificate cmdlet to enable a wildcard certificate for POP and IMAP services. To enable a
Get-Trust wildcard certificate, you must use the Set-ImapSettings or Set-PopSettings cmdlets with the fully qualified domain name
(FQDN) of the service.
Don't use the Enable-ExchangeCertificate cmdlet to enable a certificate for federation. Certificates used for federation trusts are
managed by using the New-FederationTrust and Set-FederationTrust cmdlets.
Related Help Topics
Syntax
Related Blog Articles Detailed Description
The Enable-ExchangeCertificate cmdlet enables certificates by updating the metadata stored with the certificate. To enable an
existing certificate to work with additional Exchange services, use the Enable-ExchangeCertificate cmdlet and specify the
additional services.
Ask a question
Visit the forums
Important:
Exchange 2007
The Enable-ExchangeCertificate cmdlet is additive. When you specify a subset of services for which a certificate is enabled,
Exchange 2010
the services that aren't specified aren't removed from the Services property. If you don't want to use an existing enabled
certificate for Exchange services, you must enable another certificate, and then remove the certificate you don't want to use.
Different services have different certificate requirements. For example, some services may only require a server name in the
Subject Name or Subject Alternative Name fields of a certificate, whereas other services may require an FQDN. Make sure that
the certificate name can support the uses required by the services you enable it for.
permissions you need, see the "Certificate management" entry in the Exchange and Shell Infrastructure Permissions topic.
Parameters
Input Types
Return Types
Examples
EXAMPLE 1
This example enables a certificate for POP, IMAP, SMTP, and IIS services.
Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -Servic
es POP,IMAP,SMTP,IIS
Manage Your Profile
TechNet Library
Exchange
Exchange Server 2010 Export-ExchangeCertificate
Security Cmdlets
Get-ADPermission
Remove-ADPermission
Enable-ExchangeCertificate Use the Export-ExchangeCertificate cmdlet to export an existing certificate from the certificate store on the local computer. You
Export-ExchangeCertificate can export a certificate with its private key or a certificate request file.
Import-ExchangeCertificate Syntax
New-ExchangeCertificate
Remove-ExchangeCertificate Detailed Description
The Export-ExchangeCertificate cmdlet creates either of the following files:
Get-Trust
PKCS #10 file If the thumbprint specified in the command points to a certificate request, the Export-
ExchangeCertificate cmdlet creates a PKCS #10 file. A thumbprint is the digest of the certificate data. PKCS #10 is the
Related Help Topics Certification Request Syntax standard specified by RFC 2314. For more information, see PKCS #10: Certification Request
Syntax.
PKCS #12 file If the thumbprint specified in the command points to an actual certificate, the Export-
ExchangeCertificate cmdlet creates a PKCS #12 file. PKCS #12 is the Personal Information Exchange Syntax standard
Related Blog Articles specified by RSA Laboratories. For more information, see PKCS #12: Personal Information Exchange Syntax Standard.
Important:
When you use the Export-ExchangeCertificate cmdlet, you must export certificate data to a variable, as shown in
"Examples" later in this topic, and then use the Set-Content cmdlet to write the data to a file. For more information,
Ask a question see Understanding Importing and Exporting Files in the Exchange Management Shell. For more information about the
Visit the forums Set-Content cmdlet, see Set-Content.
Exchange 2007 You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this
Exchange 2010 topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what
Parameters
Input Types
Return Types
Examples
EXAMPLE 1
This example exports a certificate specified by its thumbprint, along with the private key, to a file named htcert.pfx in the
certificates directory on a Hub Transport server. The exported certificate is DER-encoded. A password is required when
exporting a certificate with its private key.
The following command uses the Export-ExchangeCertificate cmdlet to export certificate data to the variable $file.
$file = Export-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e

-BinaryEncoded:$true -Password (Get-Credential).password
The following command uses the Set-Content cmdlet to write data stored in the variable $file to the file htcert.pfx.
Set-Content -Path "c:\certificates\htcert.pfx" -Value $file.FileData -Encoding Byte
Manage Your Profile
Search Exchange with Bing
TechNet Library
Exchange
Exchange Server 2010 Get-ExchangeCertificate
Security Cmdlets
Get-ADPermission
Remove-ADPermission
Enable-ExchangeCertificate Use the Get-ExchangeCertificate cmdlet to view certificates in the local certificate store.
Get-SecurityPrincipal You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this
Get-Trust
Related Help Topics

Parameters
Input Types

Ask a question
Visit the forums Return Types
Exchange 2007
Exchange 2010
Examples
EXAMPLE 1
This example returns all certificates stored in the local computer certificate store.
EXAMPLE 2
This example returns the properties of a specified certificate in a formatted list.
Note:
The Thumbprint parameter is a positional parameter so you can provide only the thumbprint value without the Thumbprint
parameter name.
Get-ExchangeCertificate 0271A7F1CA9AD8A27152CCAE044F968F068B14B8 | Format-List *
EXAMPLE 3
This example shows which certificate Exchange will select for the domain name mail.contoso.com. A Send or Receive
connector selects the certificate to use based on the fully qualified domain name (FQDN) of the connector. If you have
multiple certificates with the same FQDN, you can see which certificate Exchange will select by using the DomainName
parameter to specify the FQDN. The first certificate returned is the certificate Exchange will select.
Get-ExchangeCertificate -DomainName mail.contoso.com
Manage Your Profile
TechNet Library
Exchange
Exchange Server 2010 Import-ExchangeCertificate
Security Cmdlets
Get-ADPermission
Remove-ADPermission
Enable-ExchangeCertificate Use the Import-ExchangeCertificate cmdlet to import a certificate or chain of certificates.
Get-SecurityPrincipal You can use the Import-ExchangeCertificate cmdlet for the following purposes:
Get-Trust
To import a certificate or chain of certificates from a PKCS #7 file that has been issued by a certification authority (CA).
PKCS #7 is the Cryptographic Message Syntax Standard, a syntax used for digitally signing or encrypting data using public
key cryptography, including certificates.
Related Help Topics To import an existing certificate and private key from a PKCS #12 (.pfx or .p12) file to the certificate store on the local
computer. PKCS #12 is the Personal Information Exchange Syntax Standard, a file format used to store certificates with
corresponding private keys protected with a password. The standard is specified by RSA Laboratories. For more
information, see the PKCS #12: Personal Information Exchange Syntax Standard Web site.
Related Blog Articles Important:
There are many factors to consider when you configure certificates for Transport Layer Security (TLS) and Secure
Sockets Layer (SSL) services. You must understand how these factors may affect your overall configuration. Before you
Related Forum Discussions continue, see Understanding TLS Certificates.
Ask a question
Visit the forums Note:
Exchange 2007 In Microsoft Exchange Server 2010, to import data from a file, you must use the Get-Content cmdlet to retrieve file
Exchange 2010 data and use the FileData parameter to specify the retrieved data. This can be done in a two-step process, or in a single
step. Examples shown in this cmdlet use the single-step approach. For more information about importing and
exporting files in Exchange 2010, see Understanding Importing and Exporting Files in the Exchange Management Shell.
The certificate may be published in Active Directory for the purposes of direct trust by using mutual TLS if the following
conditions are true:
The certificate is marked as an SMTP TLS certificate.

The Subject Name on the certificate matches the fully qualified domain name (FQDN) of the local computer.
The certificate may be published in Active Directory by Edge Subscription if the following conditions are true:
You import the certificate to an Edge Transport server.

The certificate has an FQDN that matches the server FQDN.
The Import-ExchangeCertificate cmdlet imports either a certificate that's issued from an outstanding request or a PKCS #12 file.
Parameters
Input Types
Return Types
Examples
EXAMPLE 1
This example imports an existing certificate and private key from the PKCS #12 file ExportedCert.pfx.
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\certificates\Expor

tedCert.pfx -Encoding byte -ReadCount 0)) -Password:(Get-Credential).password
EXAMPLE 2
This example imports a chain of certificates from the PKCS #7 file IssuedCert.p7b.
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\certificates\Issue

dCert.p7b -Encoding byte -ReadCount 0))
Manage Your Profile
Exchange 2010 5 out of 10 rated this helpful
Applies to: Exchange Server 2010 SP2
Use the New-ExchangeCertificate cmdlet to create a self-signed certificate, renew an existing self-signed certificate, or generate a new certificate request for obtaining a certificate from
a certification authority (CA).
Important:
There are many variables that you must consider when configuring certificates for Secure Sockets Layer (SSL) and Transport Layer Security (TLS). You must understand how these
variables may affect your overall configuration. For more information and before you continue, see Understanding TLS Certificates.
Syntax
Detailed Description
Microsoft Exchange Server 2010 uses certificates for SSL and TLS encryption. The New-ExchangeCertificate cmdlet uses many parameters of type SwitchParameter. For more
information about how to use this parameter type, see "Switch Parameters" in Parameters.
You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if
they're not included in the permissions assigned to you. To see what permissions you need, see the "Certificate management" entry in the Exchange and Shell Infrastructure
Permissions topic.
Parameters
Input Types
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesnt accept input data.
Return Types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesnt return
data.
Examples
EXAMPLE 1
This example runs the New-ExchangeCertificate cmdlet without parameters and generates a self-signed certificate. The certificate has the FQDN of the local computer as the
subject name. This default certificate can be used for direct trust authentication and encryption between Edge Transport servers and Hub Transport servers. The Network Services
local security group is also provided read access to the private key associated with the certificate. In addition, the certificate is published to Active Directory so that Exchange direct
trust can validate the authenticity of the server for mutual TLS.
EXAMPLE 2
This example outputs the certificate request in Base64 format to the command-line console. You must send the certificate request to a CA within the organization, a trusted CA
outside the organization, or a commercial CA. You can do this by pasting the certificate request output in an e-mail message or in the appropriate field on the certificate request
Web page of the CA. You can also save the certificate request to a file using a text editor such as Notepad.
The certificate that results has the following attributes associated with it:
Subject name: c=<ES>,o=<Woodgrove Bank>,cn=mail1.woodgrovebank.com

Subject alternate names: woodgrovebank.com and example.com
An exportable private key
New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, o=Woodgrove Bank, cn=mail1.woodgrovebank.com" -DomainName woodgrove

bank.com, example.com -PrivateKeyExportable $true
EXAMPLE 3
This example is a variation of the certificate request generated in EXAMPLE 2. However, instead of manually copying and pasting the certificate request output produced by the
cmdlet, the Set-Content cmdlet is used to write the request to a file.
The certificate that results has the following attributes associated with it:
Subject name: c=<ES>,o=<Woodgrove Bank>,cn=mail1.woodgrovebank.com

In the first step, the New-ExchangeCertificate cmdlet is used to generated the certificate request and save the output in a variable named $Data.
$Data = New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, o=Woodgrove Bank, cn=mail1.woodgrovebank.com" -DomainName w

oodgrovebank.com, example.com -PrivateKeyExportable $true
In the second step, the Set-Content cmdlet is used to write data from the variable to the certificate request file MyCertRequest.req in the Docs folder.
Set-Content -path "C:\Docs\MyCertRequest.req" -Value $Data
EXAMPLE 4
This example creates a DER-encoded certificate request file. The BinaryEncoded parameter is used to generate a DER-encoded certificate request. The Set-Content cmdlet is used
with the Encoding parameter to write the request to a file.
The certificate that results will have the following attributes associated with it:
Subject name: c=ES,o=Woodgrove Bank,cn=mail1.woodgrovebank.com

In the first step, the New-ExchangeCertificate cmdlet is used to generate the certificate request in DER-encoded format and save the output in a variable named $Data.
$Data = New-ExchangeCertificate -GenerateRequest -SubjectName "c=ES, o=Woodgrove Bank, cn=mail1.woodgrovebank.com" -DomainName w

oodgrovebank.com, example.com -BinaryEncoded -PrivateKeyExportable $true
In the second step, the Set-Content cmdlet is used to write data from the variable to the certificate request file MyCertRequest.req in the Docs folder.
Set-Content -path "C:\Docs\MyCertRequest.req" -Value $Data.FileData -Encoding Byte
EXAMPLE 5
This example shows how to renew a self-signed certificate.
Get-ExchangeCertificate -Thumbprint c4248cd7065c87cb942d60f7293feb7d533a4afc | New-ExchangeCertificate
Community Additions
Create Exchange certificate request with one line

You can use this one line instead:
Set-Content -Path "C:\MyCerRequest.cer" -Value (New-ExchangeCertificate -GenerateRequest -SubjectName 'C=US, O=Woodgrove Bank, CN=mail.woodgrovebank.com' -DomainName
woodgrovebank.com,autodiscover.woodgrovebank.com,legacy.woodgrovebank.com -PrivateKeyExportable $true -KeySize 2048)
Thomas Stensitzki (MCM)

3/29/2012
2013 Microsoft. All rights reserved.

Search Exchange with Bing
TechNet Library
Exchange
Exchange Server 2010 Remove-ExchangeCertificate
Security Cmdlets
Get-ADPermission
Remove-ADPermission
Enable-ExchangeCertificate Use the Remove-ExchangeCertificate cmdlet to remove an existing certificate from the local certificate store.
Get-ExchangeCertificate Important:
There are many factors to consider when you configure certificates for Transport Layer Security (TLS) and Secure Sockets Layer
New-ExchangeCertificate (SSL) services. You must understand how these factors may affect your overall configuration. Before you continue, read
Remove-ExchangeCertificate Understanding TLS Certificates.
Get-Trust Syntax
Detailed Description
Related Help Topics You can't remove the certificate that's being used. If you want to replace the default certificate for the server with another
certificate that has the same fully qualified domain name (FQDN), you must create the new certificate first, and then remove the
old certificate.

Ask a question
Visit the forums
Parameters
Exchange 2007
Exchange 2010 Input Types
Return Types
Examples
EXAMPLE 1
This example removes a certificate with the specified thumbprint.
Remove-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e

Manage Your Profile
Print This Topic Print Multiple Topics

TechNet Library
Exchange
Exchange Server 2010 Get-SecurityPrincipal
Security Cmdlets
Get-ADPermission
Remove-ADPermission
Enable-ExchangeCertificate Use the Get-SecurityPrincipal cmdlet to return a list of security principals.
Get-SecurityPrincipal Security principals are entities, such as users or security groups, which can be assigned permissions and user rights.
Get-Trust
Related Help Topics Note:
Loading
No resources found. If the IncludeDomainLocalFrom parameter is specified along with the Filter or Identity parameters, the cmdlet doesn't return
...More domain local security groups. This cmdlet is required for internal Exchange Management Console functionality.
The Get-SecurityPrincipal cmdlet is used by the Exchange Management Console and the Exchange Control Panel in Microsoft
Loading
Exchange Server 2010 to populate fields that display recipient information.
No resources found.
Ask a question
Ask a question permissions you need, see the "Active Directory Domain Services server settings" entry in the Exchange and Shell Infrastructure
Visit the forums Permissions topic.
Exchange 2007
Exchange 2010
Parameters
Input Types
Return Types
Examples
EXAMPLE 1
This example retrieves security principals in the OU People, well-known security principals, and domain local groups from the
domain Contoso.com.
Get-SecurityPrincipal -OrganizationalUnit OU=People,DC=Contoso,DC=com -IncludeDomainLoc

alFrom Contoso.com
EXAMPLE 2
This example retrieves security principals from the Legal department by using the Filter parameter. Only security principals
matching the filter condition are retrieved.
Get-SecurityPrincipal -Filter {Department -eq "Legal"} -IncludeDomainLocalFrom Contoso.

com
EXAMPLE 3
This example retrieves a single security principal explicitly specified by using the Identity parameter.
Get-SecurityPrincipal -Identity Administrator -IncludeDomainLocalFrom Contoso.com
EXAMPLE 4
This example retrieves well-known security principals by pipelining the results from the Get-SecurityPrincipal cmdlet to the
Where-Object command. The results are pipelined to the Format-Table command. Only the Name and SID parameters are
selected to be included in the final output.
Get-SecurityPrincipal -IncludeDomainLocalFrom Contoso.com | ? {$_.Type -eq "WellKnownSe

curityPrincipal"} | ft Name,SID -AutoSize
Note:
The question mark character (?) is an alias for the Where-Object command. Ft is an alias for the Format-Table command.
Both aliases are included by default in the Windows PowerShell command-line interface.
2013 Microsoft
Manage Your Profile
Newsletter|Contact Us|Privacy Statement|Terms of Use|Trademarks|
Site Feedback
TechNet Library
Exchange
Exchange Server 2010 Get-Trust
Security Cmdlets
Get-ADPermission
Remove-ADPermission
Enable-ExchangeCertificate Use the Get-Trust cmdlet to return external and forest trusts.
Get-SecurityPrincipal The Get-Trust cmdlet is used by the Exchange Management Console and the Exchange Control Panel in Microsoft Exchange
Server 2010 to populate fields that display recipient information.
Get-Trust
permissions you need, see the "Active Directory Domain Services server settings" entry in the Exchange and Shell Infrastructure
Related Help Topics
Permissions topic.

Parameters
Input Types
Ask a question
Visit the forums
Exchange 2007
Exchange 2010
Return Types
Examples
EXAMPLE 1
This example enumerates all trusts for the domain Contoso.com.
Get-Trust -DomainName Contoso.com
Manage Your Profile

Sık Kullanılan Exchange Sertifika Console Komutları

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sık Kullanılan Exchange Sertifika Console Komutları

Uploaded by

Copyright:

Available Formats

My Collection

Applies to: Exchange Server 2010 SP2

Topic Last Modified: 2011-10-13

United States (English) Sign in

Related Help Topics

Add-ADPermission -Identity "Ellen Adams" -User AaronPainter -AccessRights ExtendedRight

Add-AdPermission "IP Secured Inbound" -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRig

2010 Microsoft Corporation. All rights reserved.

Did you find this helpful? Yes No

Community Additions ADD

Manage Your Profile

United States (English) Sign in

Related Help Topics

Get-ADPermission "Contoso.com" -User Chris

2010 Microsoft Corporation. All rights reserved.

Community Additions ADD

Manage Your Profile

United States (English) Sign in

Related Help Topics

Remove-ADPermission -Identity Administrator -User Kim -ExtendedRights "send as"

Remove-ADPermission "IP Secured Inbound" -User "NT AUTHORITY\ANONYMOUS LOGON" -Extended

2010 Microsoft Corporation. All rights reserved.

Community Additions ADD

Manage Your Profile

United States (English) Sign in

Related Blog Articles Detailed Description

2010 Microsoft Corporation. All rights reserved.

Did you find this helpful? Yes No

Community Additions ADD

Manage Your Profile

United States (English) Sign in

$file = Export-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e

Set-Content -Path "c:\certificates\htcert.pfx" -Value $file.FileData -Encoding Byte

2010 Microsoft Corporation. All rights reserved.

Did you find this helpful? Yes No

Community Additions ADD

Manage Your Profile

United States (English) Sign in

Search Exchange with Bing

Related Help Topics

Related Forum Discussions

This example returns the properties of a specified certificate in a formatted list.

Get-ExchangeCertificate 0271A7F1CA9AD8A27152CCAE044F968F068B14B8 | Format-List *

Get-ExchangeCertificate -DomainName mail.contoso.com

2010 Microsoft Corporation. All rights reserved.

Did you find this helpful? Yes No

Community Additions ADD

Manage Your Profile

United States (English) Sign in

The certificate is marked as an SMTP TLS certificate.

You import the certificate to an Edge Transport server.

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\certificates\Expor

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\certificates\Issue

2010 Microsoft Corporation. All rights reserved.

Did you find this helpful? Yes No

Community Additions ADD

Manage Your Profile

Applies to: Exchange Server 2010 SP2

Topic Last Modified: 2012-11-19

Subject name: c=<ES>,o=<Woodgrove Bank>,cn=mail1.woodgrovebank.com

New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, o=Woodgrove Bank, cn=mail1.woodgrovebank.com" -DomainName woodgrove

Subject name: c=<ES>,o=<Woodgrove Bank>,cn=mail1.woodgrovebank.com

$Data = New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, o=Woodgrove Bank, cn=mail1.woodgrovebank.com" -DomainName w

Set-Content -path "C:\Docs\MyCertRequest.req" -Value $Data