An IIS website binding consists of the IP address, the TCP port, and potentially a host from which a web client can reach the site. Learn in this post how to manage IIS bindings with PowerShell.

Setting up IIS on a Windows Server installs a PowerShell module called WebAdministration and creates the IIS PowerShell drive. Using both of these items lets us create, read, modify, and remove IIS bindings with PowerShell. To demonstrate this, you'll first either need to RDP to the web server directly and open up a PowerShell console or use PowerShell remoting to connect to a remote session. Since I'm not up for RDPing to a server, I'll connect to my web server via PowerShell remoting.

Once connected to my session, I'll then need to import the WebAdministration module gained when installing the Web-Server Windows feature.

Querying web bindings ^

Once authenticated, I'm ready to get started. First, since a binding is no good without a website, I'll first ensure I can query my default website using the Get-Website cmdlet.

After I confirm I have a website available, I now need to investigate the bindings on that site. By default, you can only see the string output of the Bindings property when using Get-Website. We need to get some further information about this so I'll pipe the output to Select-Object and use the ExpandProperty parameter to see whether there's more information about bindings available if needed.

Display IIS website bindings with PowerShell

Display IIS website bindings with PowerShell

I can also approach this task of finding web bindings by using the Get-WebBinding command as well. This command will only return information about the bindings attached to a site rather than returning lots of other site information.

The information returned from Get-WebBinding is the same information as what's in the Collection property inside the binding property from the output that Get-Website returns.

Changing web bindings ^

Once we've confirmed attachment of a binding to a site, we can modify it and use the Set-WebBinding command. This command allows you to specify the website name using the Name parameter, the binding information, and the binding property you'd like to change. In the example below, I'm changing the binding attribute for my Default Web Site from port 80 to port 81.

I can then verify this change using Get-WebBinding.

As you probably already know, you can have multiple bindings attached to a single site. Using Set-WebBinding only modifies existing bindings. To create new bindings, we need to use the New-WebBinding cmdlet that allows you to point to a specific website name, provide the protocol, port, and other information to create a binding that fits your needs.

Below you can see I'm creating a new binding that binds HTTP to port 82. I'm then reading the web binding using Get-WebBinding to ensure the default website returns both bindings.

SSL bindings ^

You've been working with HTTP bindings only, but IIS also has SSL bindings you need to manage periodically. Luckily, we can perform all the same actions on SSL bindings as we do on HTTP bindings.

To work with SSL bindings, we'll use the IIS PowerShell drive instead of the cmdlets to show you a different approach.

Subscribe to 4sysops newsletter!

Let's say I have a certificate installed on my web server, and I want to bind that certificate to my Default Web Site. To do this, I'd first need to read the certificate. I can do this with PowerShell by reading the certificate from the Cert: drive.

Once I have assigned the certificate to a variable, I then need to create the binding information string. Notice I'm using SSLBindings in the path. In the example below, I plan to bind the certificate to listen on all IP addresses bound to port 445.

Finally, I can pipe the certificate I just gathered to the SSLBindings object I retrieved above to create the SSL binding.

PowerShell's WebAdministration module and IIS drive are great resources to use when needing to automate or manage IIS web bindings via the command line.

+4
11 Comments
  1. Sean 2 years ago

    this is good stuff!  you rock dude!

    +1

  2. Jae Soca 2 years ago

    This is a life saver !! Great write-up for a beginner PS person

    0

  3. John 2 years ago

    What if you have multiple sites and you want each their own cert?

    0

  4. @John

    You need to have a unique combination of IP & Port to manage multiple SSL sites on the server.  So, you can bind multiple IP's first, or you can use a separate port for the SSL traffic for each site.

    So, you would use multiple New-WebBinding commands for each site (ip/port).

    David F. 

    0

  5. AP 2 years ago

    I'm trying to use the Set-WebBinding command to just change the IP address of the binding. Very similar to your changing the port from 80 to 81. No matter what I try it fails.

    0

    • SS 2 years ago

      I am running into the same issue.  Any solutions for this?

      0

  6. Michael 3 months ago

    I am RDP'd into my  windows 2016 .net core server.  None of the iis binding commands are found.  I get the error, e.g.:  The term 'get-iissitebinding' is not recognized as the name of a cmdlet, function, script file, or operable program.

    If I following some other instructions found on i-net, I get following:  WARNING: Module webadministration is loaded in Windows PowerShell using WinPSCompatSession remoting session; please note that all input and output of commands from this module will be deserialized objects. If you want to load this module into PowerShell please use 'Import-Module -SkipEditionCheck' syntax.

    If I use the -skipeditioncheck I get:  Import-Module: Could not load type 'System.Management.Automation.PSSnapIn' from assembly 'System.Management.Automation, Version=7.1.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.

    The only way that seems to work is to enter a pssession even while RDP's in and use the commands above.  It works and doesn't require credentials so it's OK.  But does that sound right that you can only perform iis admin from a remote session?

    0

  7. Rajesh R 1 month ago

     

    0

  8. Rajesh R 1 month ago

     

    0

  9. You need to import your IISAdministration module.  That should create the PSDrive for you.

    David F.

    0

  10. Turns out I was wrong.. it's the webadministration module that creates the PSDrive, not the newer IISAdministration module.

    David F. 

    +1

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account