Script: Set-Exchange2010RedirectSSL.ps1 – Redirecting the Root Web Site to /owa and Forcing SSL in Exchange 2010
A common practice is to redirect the default website to the OWA site in IIS. This allows for a shorter URL for users to remember, and catches those who don’t append “/owa “. It’s a simple enough task for an administrator to do, but I wanted to script it so that I could include it in other Exchange 2010 build scripts to help streamline the process.
Another common practice is to force SSL on specific virtual directories to help enhance security of client access to Exchange. This can take a few extra minutes, but can easily be scripted as well, so I combined both into a simple script. Some of the initial code came from colleague and Exchange Ranger Mark Smith, but I converted it to PowerShell, and added some checks and balances.
Run the script after installing Exchange, and pass it the destination to forward to. An example would be
.\Set-Exchange2010RedirectSSL.ps1 -url "https://mail.ucunleashed.com/owa"
This will redirect the root site to the URL listed. If you don’t specify the ForceSSL option, it will automatically secure the recommended virtual directories. To override that, set it to $false, such as
.\Set-Exchange2010RedirectSSL.ps1 -url "https://mail.ucunleashed.com/owa" -ForceSSL $false
The script starts by verifying the web-http-redirect feature is installed. If not, it will install it. Then, the script will backup the current IIS config, apply the changes, then do an IISRESET for them to take effect.
If you’re not sure of how to run it, there is built in help. Just run
UPDATE:Â I forgot to mention that the script also assigns permissions to the web.config file for the Offline Address Book to resolve a problem where downloading of the OAB would stop in the middle after configuring HTTP redirection. Microsoft Exchange PFE Bhargav Shukla has pointed out that this was mentioned in fellow MVP Henrik Walther’s post OAB issues after simplifying the OWA 2010 URL? As mentioned earlier, I got initial code from someone else, and didn’t realize that Henrik had already posted about it. So rather than go into details on the issue, please visit Henrik’s excellent post if you’d like more info. Thanks to both Henrik and Bhargav.
Execution Policy: Third-party PowerShell scripts may require that the PowerShell Execution Policy be set to either AllSigned, RemoteSigned, or Unrestricted. The default is Restricted, which prevents scripts – even code signed scripts – from running. For more information about setting your Execution Policy, see Using the Set-ExecutionPolicy Cmdlet.
I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.
v1.5 – 04-29-2014 – Set-Exchange2010RedirectSSL.v1.5.zip
v1.4 – 01-27-2014 – Set-Exchange2010RedirectSSLv1.4.zip
v1.3 – 01-30-2012 – Set-Exchange2010RedirectSSL.v1.3.zip
v1.2 – 10-19-2011 – Set-Exchange2010RedirectSSL.v1.2.zip
v1.0 – 04-26-2010 – Set-Exchange2010RedirectSSL.zip
See the changelog for this script which details all versions and their features