Forum Discussion
Mahmoud_Badran
Microsoft
May 10, 201960 minutes timeout on MFA Session
Below is the script for a non-ending MFA session, that renews it self ; once you connect to ExO with this script it will stay open.
first Use Internet Explorer to download and install this module https://cmdletpswmodule.blob.core.windows.net/exopsmodule/Microsoft.Online.CSE.PSModule.Client.application
The script has an automated firing timer every 10 minutes , but you can either force it by
Invoke-ExoOnlineConnection -RepairPSSession
or check if the session is about to expire and repairs itself
Invoke-ExoOnlineConnection -Checktimer
###############################################################
$Global:ErrorActionPreference = "Stop"
$Global:VerbosePreference = "Continue"
$office365UserPrincipalName = "ADMIN@o365.com"
$PSExoPowershellModuleRoot = (Get-ChildItem -Path $env:userprofile -Filter CreateExoPSSession.ps1 -Recurse -ErrorAction SilentlyContinue -Force | Select -Last 1).DirectoryName
$ExoPowershellModule = "Microsoft.Exchange.Management.ExoPowershellModule.dll";
$ModulePath = [System.IO.Path]::Combine($PSExoPowershellModuleRoot, $ExoPowershellModule);
Import-Module $ModulePath;
function Invoke-ExoOnlineConnection{
[cmdletbinding()]
Param
(
[Parameter(Mandatory=$false)]
[switch]$Checktimer,
[Parameter(mandatory=$false, valuefrompipeline=$false)]
[switch]$RepairPSSession
)
begin{}
process{
#determine if PsSession is loaded in memory
$ExosessionInfo = Get-PsSession
#calculate session time
if ($global:ExosessionStartTime){
$global:ExosessionTotalTime = ((Get-Date) - $global:ExosessionStartTime)
}
#need to loop through each session a user might have opened previously
foreach ($ExosessionItem in $ExosessionInfo){
#check session timer to know if we need to break the connection in advance of a timeout. Break and make new after 40 minutes.
if ($ExosessionItem.ComputerName.Contains("outlook.office365.com") -and $ExosessionItem.State -eq "Opened" -and $global:ExosessionTotalTime.TotalSeconds -ge "2400"){
Write-Verbose -Message "The PowerShell session has been running for $($global:ExosessionTotalTime.TotalMinutes) minutes. We need to shut it down and create a new session due to the access token expiration at 60 minutes."
$ExosessionItem | Remove-PSSession
Start-Sleep -Seconds 3
$strSessionFound = $false
$global:ExosessionTotalTime = $null #reset the timer
} else { Write-Verbose -Message "The PowerShell session has been running for $($global:ExosessionTotalTime.TotalMinutes) minutes.)"}
#Force repair PSSession
if ($ExosessionItem.ComputerName.Contains("outlook.office365.com") -and $RepairPSSession){
Write-Verbose -Message "Attempting to repair broken PowerShell session to Exchange Online using cached credential."
$ExosessionItem | Remove-PSSession
Start-Sleep -Seconds 3
$strSessionFound = $false
$global:ExosessionTotalTime = $null
}elseif ($ExosessionItem.ComputerName.Contains("outlook.office365.com") -and $ExosessionItem.State -eq "Opened"){
$strSessionFound = $true
}
}
if (!$strSessionFound){
Write-Verbose -Message "Creating new Exchange Online PowerShell session..."
try{
$ExoSession = New-ExoPSSession -UserPrincipalName $office365UserPrincipalName -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -ErrorAction SilentlyContinue -ErrorVariable $newOnlineSessionError
}
catch{
Write-Verbose -Message "Throw error..."
throw;
} finally {
if ($newOnlineSessionError) {
Write-Verbose -Message "Final error..."
throw $newOnlineSessionError
}
}
Write-Verbose -Message "Importing remote PowerShell session..."
$global:ExosessionStartTime = (Get-Date)
Import-PSSession $ExoSession -AllowClobber | Out-Null
}
}
end{}
}
## Create an Timer instance
$timer = New-Object Timers.Timer
## Now setup the Timer instance to fire events
$timer.Interval = 600000
$timer.AutoReset = $true # enable the event again after its been fired
$timer.Enabled = $true
## register your event
## $args[0] Timer object
## $args[1] Elapsed event properties
Register-ObjectEvent -InputObject $timer -EventName Elapsed -SourceIdentifier Repair -Action {Invoke-ExoOnlineConnection -Checktimer}
###############################################################
- kkrteekCopper Contributor
I have tried to run the below script
Get-Mailbox -resultsize unlimited -RecipientTypeDetails "UserMailbox" | Get-MailboxFolderPermission | Where-Object {$_.user -like "default"} | where-object {$_.Accessrights -notlike "none"} |Select-object -property Identity,FolderName,User,AccessRights
the above is ran against 1 Lakh mailboxes ,but the session is getting terminated half way and am getting the below error
Processing data for a remote command failed with the following error message: Access is denied. For more information,
see the about_Remote_Troubleshooting Help topic.Steps i followed:
1.Open Exo module,
2.Ran the script
3.Then connected to Exchange Online using Connect-Exopssession
Am i doing anything wrong?
- bjbakkerCopper Contributor
Following line is a bit slow because of directory traversal:
$PSExoPowershellModuleRoot = (Get-ChildItem -Path $env:userprofile -Filter CreateExoPSSession.ps1 -Recurse -ErrorAction SilentlyContinue -Force | Select -Last 1).DirectoryName
Replacing $env:userprofile with $($env:LOCALAPPDATA+"\Apps\2.0\") helps a lot.