An IIS website binding consists of the IP address, the TCP port, and potentially a host from which a web client can reach the site. Learn in this post how to manage IIS bindings with PowerShell.

Setting up IIS on a Windows Server installs a PowerShell module called WebAdministration and creates the IIS PowerShell drive. Using both of these items lets us create, read, modify, and remove IIS bindings with PowerShell. To demonstrate this, you'll first either need to RDP to the web server directly and open up a PowerShell console or use PowerShell remoting to connect to a remote session. Since I'm not up for RDPing to a server, I'll connect to my web server via PowerShell remoting.

$computerName = 'SRV1'
$credential = Get-Credential
Enter-PSSession -ComputerName $computerName -Credential $credential

Once connected to my session, I'll then need to import the WebAdministration module gained when installing the Web-Server Windows feature.

Import-Module WebAdministration

Querying web bindings

Once authenticated, I'm ready to get started. First, since a binding is no good without a website, I'll first ensure I can query my default website using the Get-Website cmdlet.

Get-Website -Name 'Default Web Site'

Name             ID   State      Physical Path                  Bindings
----             --   -----      -------------                  --------
Default Web Site 1    Stopped    %SystemDrive%\inetpub\wwwroot  http *:80:

After I confirm I have a website available, I now need to investigate the bindings on that site. By default, you can only see the string output of the Bindings property when using Get-Website. We need to get some further information about this so I'll pipe the output to Select-Object and use the ExpandProperty parameter to see whether there's more information about bindings available if needed.

Display IIS website bindings with PowerShell

Display IIS website bindings with PowerShell

I can also approach this task of finding web bindings by using the Get-WebBinding command as well. This command will only return information about the bindings attached to a site rather than returning lots of other site information.

PS C:\> Get-WebBinding -Name 'Default Web Site'

protocol bindingInformation sslFlags
-------- ------------------ --------
http     *:80:                     0

The information returned from Get-WebBinding is the same information as what's in the Collection property inside the binding property from the output that Get-Website returns.

PS> (Get-Website -Name 'Default Web Site').bindings.Collection

protocol bindingInformation sslFlags
-------- ------------------ --------
http     *:80:                     0

Changing web bindings

Once we've confirmed attachment of a binding to a site, we can modify it and use the Set-WebBinding command. This command allows you to specify the website name using the Name parameter, the binding information, and the binding property you'd like to change. In the example below, I'm changing the binding attribute for my Default Web Site from port 80 to port 81.

Set-WebBinding -Name 'Default Web Site' -BindingInformation "*:80:" ‑PropertyName Port -Value 81

I can then verify this change using Get-WebBinding.

Get-WebBinding -Name 'Default Web Site'

protocol bindingInformation sslFlags
-------- ------------------ --------
http     *:81:                     0

As you probably already know, you can have multiple bindings attached to a single site. Using Set-WebBinding only modifies existing bindings. To create new bindings, we need to use the New-WebBinding cmdlet that allows you to point to a specific website name, provide the protocol, port, and other information to create a binding that fits your needs.

Below you can see I'm creating a new binding that binds HTTP to port 82. I'm then reading the web binding using Get-WebBinding to ensure the default website returns both bindings.

New-WebBinding -Name 'Default Web Site' -Protocol http -Port 82
Get-WebBinding -Name 'Default Web Site'

protocol bindingInformation sslFlags
-------- ------------------ --------
http     *:81:                     0
http     *:82:                     0

SSL bindings

You've been working with HTTP bindings only, but IIS also has SSL bindings you need to manage periodically. Luckily, we can perform all the same actions on SSL bindings as we do on HTTP bindings.

To work with SSL bindings, we'll use the IIS PowerShell drive instead of the cmdlets to show you a different approach.

Let's say I have a certificate installed on my web server, and I want to bind that certificate to my Default Web Site. To do this, I'd first need to read the certificate. I can do this with PowerShell by reading the certificate from the Cert: drive.

PS> $cert = Get-ChildItem cert:\localmachine\my
PS> $cert
   PSParentPath: Microsoft.PowerShell.Security\Certificate::localmachine\my

Thumbprint                                Subject
----------                                -------
BD34F8866D09803C7049F296ED3580355B220B78  OU=Testing, CN=SRV1

Once I have assigned the certificate to a variable, I then need to create the binding information string. Notice I'm using SSLBindings in the path. In the example below, I plan to bind the certificate to listen on all IP addresses bound to port 445.

$bindingInfo = "IIS:\SSLBindings\*!445"

Finally, I can pipe the certificate I just gathered to the SSLBindings object I retrieved above to create the SSL binding.

Subscribe to 4sysops newsletter!

$cert | Set-Item -Path $bindingInfo

PowerShell's WebAdministration module and IIS drive are great resources to use when needing to automate or manage IIS web bindings via the command line.

avatar
12 Comments
  1. Sean 4 years ago

    this is good stuff!  you rock dude!

  2. Jae Soca 4 years ago

    This is a life saver !! Great write-up for a beginner PS person

  3. John 3 years ago

    What if you have multiple sites and you want each their own cert?

  4. @John

    You need to have a unique combination of IP & Port to manage multiple SSL sites on the server.  So, you can bind multiple IP's first, or you can use a separate port for the SSL traffic for each site.

    So, you would use multiple New-WebBinding commands for each site (ip/port).

    David F. 

  5. AP 3 years ago

    I'm trying to use the Set-WebBinding command to just change the IP address of the binding. Very similar to your changing the port from 80 to 81. No matter what I try it fails.

    • SS 3 years ago

      I am running into the same issue.  Any solutions for this?

  6. Michael 2 years ago

    I am RDP'd into my  windows 2016 .net core server.  None of the iis binding commands are found.  I get the error, e.g.:  The term 'get-iissitebinding' is not recognized as the name of a cmdlet, function, script file, or operable program.

    If I following some other instructions found on i-net, I get following:  WARNING: Module webadministration is loaded in Windows PowerShell using WinPSCompatSession remoting session; please note that all input and output of commands from this module will be deserialized objects. If you want to load this module into PowerShell please use 'Import-Module -SkipEditionCheck' syntax.

    If I use the -skipeditioncheck I get:  Import-Module: Could not load type 'System.Management.Automation.PSSnapIn' from assembly 'System.Management.Automation, Version=7.1.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.

    The only way that seems to work is to enter a pssession even while RDP's in and use the commands above.  It works and doesn't require credentials so it's OK.  But does that sound right that you can only perform iis admin from a remote session?

  7. Rajesh R 2 years ago
    while trying to run the command, i keep getting error
    
    
    
    PS C:> $cert = Get-ChildItem cert:\localmachine\my
    PS C:> $bindingInfo = "IIS:\SSLBindings\*!443"
    PS C:> $cert | Set-Item -Path $bindingInfo
    Set-Item : Cannot find drive. A drive with the name 'IIS' does not exist.
    At line:1 char:9
    + $cert | Set-Item -Path $bindingInfo
    +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (IIS:String) [Set-Item], DriveNotFoundException
        + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.SetItemCommand

     

    • toto 10 months ago

      you need to import the webadministration module first
      run this command
      import-module webadministration

  8. Rajesh R 2 years ago
    I even tried the following and still got error
    
    PS C:> $bindingInfo =Get-WebBinding -Name "Default Web Site" -Protocol "https"
    PS C:> $cert | Set-Item -Path $bindingInfo
    Set-Item : Provider operation stopped because the provider does not support this operation.
    At line:1 char:9
    + $cert | Set-Item -Path $bindingInfo
    +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotImplemented: (:) [Set-Item], PSNotSupportedException
        + FullyQualifiedErrorId : NotSupported,Microsoft.PowerShell.Commands.SetItemCommand
    

     

  9. You need to import your IISAdministration module.  That should create the PSDrive for you.

    David F.

  10. Turns out I was wrong.. it's the webadministration module that creates the PSDrive, not the newer IISAdministration module.

    David F. 

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account