Thursday, April 17, 2014

Creating and configuring Receive Connectors in Couple Steps

Hi folks,

As you probably know Exchange server 2007 and later is managing receive connectors on a per server basis, rather than per organization. Thus if you need to create receive connector you need to do the same operation on each hub transport server (mailbox server in Exchange 2013). 

I needed to create a receive connector for an application on all hub servers in my lab environment for tests that listens on the port 465 and accepts traffic from 10.0.0.0/8 subnet (where application servers reside) with the explanatory name which would distinguish it from the rest of receive connectors.

It doesn't really work for a lazy person like me. So I have played a little bit with PowerShell to simplify this operation and reduce it to 2 steps. 

In my lab setup I have 3 CAS/HUB servers and 1 edge server. Get-TransportServer outputs all transport servers including Edge servers. Therefore I went on and rather used Get-ExchangeServer command by filtering output by CAS/HUB role. I have piped output into the cycle that runs New-ReceiveConnector command against the output. Therefore my final command that worked looks like that:

Get-ExchangeServer |Where-Object {$_.ServerRole -eq "ClientAccess, HubTransport"} |  foreach {New-ReceiveConnector -Name ‘Connector Name’ -Usage 'Custom' -Bindings '0.0.0.0:465' -Fqdn ‘smtprelay.domain.net’ -RemoteIPRanges '10.0.0.0-10.255.255.255' -Server $_.Name}

The other part of the task was to configure permissions for the created receive connector to configure authentication for Exchange Users (as a user needs to be authenticated to be able to send emails via this connector) and there was a requirement for IPsec authentication for the traffic sent to this connector. Instead of going around from server to server and ticking multiple boxes I have ended up with one command that collects all the connectors with the name as specified in the previous steps and then configures the appropriate permissions for each of the connector on each server,

Get-ReceiveConnector| where {$_.Name -like ‘Connector Name’ } |Set-ReceiveConnector -PermissionGroups 'ExchangeUsers','ExchangeServers' -AuthMechanism 'Tls','ExternalAuthoritative'

Thus I ended up with 3 connectors on 3 hub transport servers in my lab environment which listen on port 465, accept traffic from the particular subnet and with the necessary permissions and authentication settings. 

And it took me only 5 minutes to create them automatically in running only 2 strings of the code.