I'm trying to connect to Office365 with Powershell.
$username = "username@domain.com"
$password = "password"
$secure_password = $password | ConvertTo-SecureString -AsPlainText -Force
$credencial = New-Object System.Management.Automation.PSCredential ($username, $secure_password)
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell/" -Credential $credencial -Authentication Basic -AllowRedirection -ErrorAction Stop -WarningAction SilentlyContinue
Import-PSSession $session -AllowClobber | Out-Null
Problem is that on Powershell console on local PC and on server it works fine without any errors, but when I'm trying to run this with PHP:
<?php
$command = 'powershell -File "'.dirname(__DIR__).'\\ps\\test.ps1"';
exec($command, $output);
print_r($output);
?>
I'm getting error, that "Access is denied":
Array
(
[0] => New-PSSession : [pod51047psh.outlook.com] Connecting to remote server pod51047p
[1] => sh.outlook.com failed with the following error message : Access is denied. For
[2] => more information, see the about_Remote_Troubleshooting Help topic.
[3] => At C:\inetpub\xxxxxx\ps\test.ps1:6 char:12
[4] => + $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
[5] => "h ...
[6] => + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[7] => ~~~
[8] => + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:Re
[9] => moteRunspace) [New-PSSession], PSRemotingTransportException
[10] => + FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
)
Any suggestions what I'm doing wrong? Are there other ways to run this Powershell script with PHP?
From the error, powershell script has already been launched, so PHP should have no problem to run powershell command.
The user account you use to connect to Exchange Online must be enabled for remote Shell. Please check this msdn article to see how to do it.
I agree... That particular user account doesn't have permission for PSRemoting
I just ran into this with in a similar situation with another scripting language (PowerShell) to O365. I assume you're running PHP in an Application Pool under IIS. If not, substitute the user your web server runs as below.
If you can run the PHP script from the console but not via IIS -> PHP (with the same credentials), this might be because running it through IIS is not considered "interactive", and the account you're using is not explicitly authorized.
On Windows Server 2012R2, the default permissions configuration for initiating PSSessions requires membership in BUILTIN\Administrators, BUILTIN\Remote Management Users or NT AUTHORITY\INTERACTIVE.
Run Get-PSSessionConfiguration
from an PowerShell instance with local Administrator privileges to see what users are already authorized.
To add Execute permission to the user that your IIS Application Pool uses, run the following command (also from a PowerShell instance with local Administrator privileges): Set-PSSessionConfiguration -Name Microsoft.PowerShell -showSecurityDescriptorUI
When the security descriptor UI pops up, add the Execute permission for the user that your IIS App Pool runs as, click OK.
See this PowerShell Team Blog "You Don’t Have to Be An Administrator to Run Remote PowerShell Commands" for more information: https://blogs.msdn.microsoft.com/powershell/2009/11/22/you-dont-have-to-be-an-administrator-to-run-remote-powershell-commands/