New-MapiProfile

Description

This cmdlet creates a new MAPI profile.

Syntax
Note: Parameters in orange are optional.
New-MapiProfile
-ProfileNameString
New-MapiProfile
-ProfileNameString
-AddExchangeMailboxSwitchParameter
-ExchangeServerNameString
-MailboxIdentifierString
-OutlookAnywhereServerNameString
-OutlookAnywhereServerPrincipalNameString
-OutlookAnywhereAuthTypeMapi.NET.Flags.PR_ROH_PROXY_AUTH_SCHEME
-OutlookAnywhereFlagsMapi.NET.Flags.PR_ROH_FLAGS[]
-OutlookAnywhereUseSSLSwitchParameter
-LogonSecuritySchemeMapi.NET.Flags.PR_PROFILE_AUTH_PACKAGE
-AllowPromptForDetailsSwitchParameter
-CredentialsPSCredential
Parameters
ProfileName"A text string to be used to name the new MAPI profile. See Remarks."
AddExchangeMailboxA SwitchParameter which, if present, adds an Exchange mailbox service to the profile using the additional parameters below.
ExchangeServerNameThe name of the Exchange server to which the mailbox service should connect. See Remarks.
MailboxIdentifierA text string that uniquely identifies a mailbox in the Exchange Global Address List (GAL).
CredentialsAn optional PSCredential object that will be used if configuration of the mailbox requires authentication.
AllowPromptForDetailsA SwitchParameter which, if present, will allow MAPI to prompt for any missing details needed to configure the profile.
OutlookAnywhereServerNameThe name of the Outlook Anywhere proxy server used to connect to Exchange via HTTP.
OutlookAnywhereUseSSLA SwitchParameter which, if present, forces the Outlook Anywhere settings to always use SSL when connecting.
OutlookAnywhereServerPrincipalNameThe certificate principal name (aka subject) for the SSL certificate used by OutlookAnywhereServerName. See remarks.
OutlookAnywhereAuthTypeOne of the Mapi.NET.Flags.PR_ROH_PROXY_AUTH_SCHEME values.
OutlookAnywhereFlagsOne or more of the Mapi.NET.Flags.PR_ROH_FLAGS values. When this parameter is omitted the following flags are used: HttpFirstOnFast + HttpFirstOnSlow + UseRpcOnHttp.
LogonSecuritySchemeOne of the Mapi.NET.Flags.PR_PROFILE_AUTH_PACKAGE values. When this parameter is omitted it defaults to Kerberos_Ntlm (aka Negotiate).
Remarks

This cmdlet creates a new MAPI profile with the specified name.

Note that MAPI profiles names have both character and length limitations.  While it is possible to set a profile name with a long text string, only the first 64 characters of a profile name are every used.  This can be problematic since it is possible to create multiple profiles where the first 64 characters have the same character sequence.  MAPI profiles can contains space characters as long as they are surrounded by other non-space characters; a profile cannot start nor end with a space character.

When using the AddExchangeMailbox switch, the following comments apply:

The MailboxIdentifier parameter is typically the mailbox alias or smtp address of the specific mailbox to add.  However, when using an alias value, ambiguity can occur if multiple accounts exist with the same starting characters.  For example, the aliases 'JSmith' and 'JSmithson' both start with 'JSmith' and would be considered ambiguous.  If the AllowPromptForDetails switch is used, MAPI will produce a pick list dialog to choose the specific mailbox for the alias entered.  In order to explicitly choose a mailbox, it is suggested to use a SMTP or X500 address.

When configuring profiles to use Outlook Anywhere, it is important to match the OutlookAnywhereAuthType and LogonSecurityScheme to the same values that the target Exchange environment is configured to accept.  A mismatch on either value will not fail to create the profile, but will fail when the a new MAPI session is attempted with the profile.

Generally, the defaults for these values should work for most on-premises Exchange deployments.

Note that Exchange 2013 introduced a new OutlookAnywhereAuthType of 'Negotiate'.  Only Outlook 2007 and later offer support for this new authentication type, and only with specific Service Packs plus specific post-servicepack rollups.  Outlook 2007 and 2010 RTM cannot connect to Exchange 2013.

The OutlookAnywhereServerPrincipalName parameter should (currently) be prefixed with 'msstd:' before the name.  The value used should match the Subject of the SSL certificate for the Exchange server.  A key example is the Office365 SSL certificate for Exchange online where the certificate principal name is 'Outlook.com', not 'Office365.com'.  Validation of the certificate name is not performed by this cmdlet nor by MAPI.  However, an incorrect value will cause a later logon attempt to the profile to fail.

For connections to Office365, the same requirement for latest service packs and rollups also apply since Office365 (currently) are still based primarily on Exchange 2013.  However, unique to Office365 is a new combination of values for OutlookAnywhereAuthType and LogonSecurityScheme.  Specifically, OutlookAnywhereAuthType must be 'Basic' and LogonSecurityScheme must be 'Anonymous'.  And other variation from these settings will not allow a logon to Office 365 with the profile.