Set-MapiVirtualDirectory
This cmdlet is available only in on-premises Exchange.
Use the Set-MapiVirtualDirectory cmdlet to modify Messaging Application Programming Interface (MAPI) virtual directories that are used in Internet Information Services (IIS) on Microsoft Exchange servers. A MAPI virtual directory is used by supported versions of Microsoft Outlook to connect to mailboxes by using the MAPIHTTP protocol.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
Default (Default)
Set-MapiVirtualDirectory
[-Identity] <VirtualDirectoryIdParameter>
[-ApplyDefaults <Boolean>]
[-Confirm]
[-DomainController <Fqdn>]
[-ExtendedProtectionFlags <MultiValuedProperty>]
[-ExtendedProtectionSPNList <MultiValuedProperty>]
[-ExtendedProtectionTokenChecking <ExtendedProtectionTokenCheckingMode>]
[-ExternalUrl <Uri>]
[-IISAuthenticationMethods <MultiValuedProperty>]
[-InternalUrl <Uri>]
[-WhatIf]
[<CommonParameters>]
Description
You need to be assigned permissions before you can run this cmdlet. Although this article lists all parameters for the cmdlet, you might not have access to some parameters if they aren't included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.
Examples
Example 1
Set-MapiVirtualDirectory -Identity "ContosoMail\mapi (Default Web Site)" -InternalUrl https://contoso.com/mapi -IISAuthenticationMethods NTLM,Negotiate,OAuth
This example makes the following configuration changes to the MAPI virtual directory on the default web site of the server named ContosoMail:
- Internal URL:
https://contoso/mapi. - IIS authentication methods: NTLM, Negotiate, and OAuth.
Parameters
-ApplyDefaults
Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
The ApplyDefaults switch specifies whether to apply the correct defaults to the related internal IIS application settings. Typically, this switch is used only by Exchange Setup during the installation of Exchange Cumulative Updates or Service Packs and you shouldn't need to use it.
This switch doesn't affect the values you configure by using the IISAuthenticationMethods, InternalUrl or ExternalUrl parameters.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Confirm
Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.
- Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax:
-Confirm:$false. - Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DomainController
Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
The DomainController parameter specifies the domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the domain controller by its fully qualified domain name (FQDN). For example, dc01.contoso.com.
Parameter properties
| Type: | Fqdn |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ExtendedProtectionFlags
Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
The ExtendedProtectionFlags parameter specifies custom settings for Extended Protection for Authentication on the virtual directory. Valid values are:
- None: This is the default setting.
- AllowDotlessSPN: Required if you want to use Service Principal Name (SPN) values that don't contain FQDNs (for example, HTTP/ContosoMail instead of HTTP/mail.contoso.com). You specify SPNs with the ExtendedProtectionSPNList parameter. This setting makes Extended Protection for Authentication less secure because dotless certificates aren't unique, so it isn't possible to ensure that the client-to-proxy connection was established over a secure channel.
- NoServiceNameCheck: The SPN list isn't checked to validate a channel binding token. This setting makes Extended Protection for Authentication less secure. We generally don't recommend this setting.
- Proxy: A proxy server is responsible for terminating the TLS channel. To use this setting, you need to register an SPN by using the ExtendedProtectionSPNList parameter.
- ProxyCoHosting: HTTP and HTTPS traffic might be accessing the virtual directory, and a proxy server is located between at least some of the clients and the Client Access services on the Exchange server.
Parameter properties
| Type: | MultiValuedProperty |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ExtendedProtectionSPNList
Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
The ExtendedProtectionSPNList parameter specifies a list of valid Service Principal Names (SPNs) if you're using Extended Protection for Authentication on the virtual directory. Valid values are:
- $null: This value is the default.
- Single SPN or comma delimited list of valid SPNs: The SPN value format is
Protocol\FQDN. For example, HTTP/mail.contoso.com. To add an SPN that's not an FQDN (for example, HTTP/ContosoMail), you also need to use the AllowDotlessSPN value for the ExtendedProtectionFlags parameter.
Parameter properties
| Type: | MultiValuedProperty |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ExtendedProtectionTokenChecking
Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
The ExtendedProtectionTokenChecking parameter specifies whether Extended Protection for Authentication is used for client connections to the virtual directory. Valid values are:
- None: Extended Protection for Authentication isn't used for client connections to the virtual directory. This value is the default.
- Allow: Extended Protection for Authentication is used for client connections to the virtual directory if the client and server both support it.
- Require: Extended Protection for Authentication is required for client connections to the virtual directory. If the client or server don't support it, the connection fails. This value also requires a Service Principal Name (SPN) value for the ExtendedProtectionSPNList parameter.
Note: If a proxy server in front of the Exchange server terminates the client-to-proxy Transport Layer Security (TLS) channel, the values Allow or Require need one or more SPN values for the ExtendedProtectionSPNList parameter.
Parameter properties
| Type: | ExtendedProtectionTokenCheckingMode |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ExternalUrl
Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
The ExternalURL parameter specifies the URL that connects to the virtual directory from outside the firewall.
This setting enforces the Transport Layer Security (TLS) protocol and uses the default TLS port. Valid input for this parameter uses the syntax https://<Domain Name>/mapi(for example, https://external.contoso.com/mapi).
When you use the InternalUrl or ExternalUrl parameters, you need to specify one or more authentication values by using the IISAuthenticationMethods parameter.
Parameter properties
| Type: | Uri |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Identity
Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
The Identity parameter specifies the MAPI virtual directory that you want to modify. You can use any value that uniquely identifies the virtual directory. For example:
- Name or Server\Name
- Distinguished name (DN)
- GUID
The Name value uses the syntax "VirtualDirectoryName (WebsiteName)" from the properties of the virtual directory. You can specify the wildcard character (*) instead of the default website by using the syntax VirtualDirectoryName*.
Parameter properties
| Type: | VirtualDirectoryIdParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | 1 |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-IISAuthenticationMethods
Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
The IISAuthenticationMethods parameter specifies the authentication methods that are enabled on the virtual directory in Internet Information Services (IIS). Valid values are:
- Basic
- Negotiate
- NTLM
- OAuth
You can specify multiple values separated by commas.
The default values are NTLM, OAuth, and Negotiate. We recommend that you always have the virtual directory configured for OAuth.
For more information about the different authentication methods, see Understanding HTTP Authentication and What is OAuth authentication?.
Parameter properties
| Type: | MultiValuedProperty |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-InternalUrl
Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
The InternalURL parameter specifies the URL that connects to the virtual directory from inside the firewall.
This setting enforces the Transport Layer Security (TLS) protocol and uses the default TLS port. Valid input for this parameter uses the syntax https://<Domain Name>/mapi (for example, https://internal.contoso.com/mapi).
When you use the InternalUrl or ExternalUrl parameters, you need to specify one or more authentication values by using the IISAuthenticationMethods parameter.
Parameter properties
| Type: | Uri |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WhatIf
Applicable: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Server SE
The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
Input types
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn't accept input data.
Outputs
Output types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn't return data.