Friday, April 15, 2016

Script for Bulk Modification of Remote IP Ranges of Receive Connectors

Hi folks,

I decided to capitalize on this previous post of mine to consider for automatic updating of more than one receive connectors for the Exchange environment. While that post was of good use for small Exchange environment, there are a lot of big Exchange deployments which can benefit from it.

As you well aware that receive connectors are managed on the per-server basis and therefore in order for all the environment to be able to receive emails from one IP address every receive connector should be attended. Manually tweaking each of them may be time consuming for the lazy boys like me.

Let us again imagine that we are in professionally designed environment where names of receive connectors are consistent. Let us imagine that every transport server (mailbox server in 2013/16 environment) is identically configured with a receive connector named "From Internet". To automatically change this receive connector on every server we need to collect information about each of these connectors into a variable. After information is collected we will use play for attribute named RemoteIPRanges to add or remove IP addresses. For addition it will be something like $recCon.RemoteIPRanges +="192.168.0.1" and for removal $recCon.RemoteIPRanges -="192.168.0.1".

Since we are modifying a large number of receive connectors a single error in the code can be fatal and break mail routing. Therefore I have added some visibility to the script by using Write-Host command. In my case it will report which receive connector my script is dealing with and also outputs updated list of IP addresses in the white list thus proving that execution was successful. And it does so for every single receive connector.

The code for adding IP addresses to white list of multiple receive connectors will look as follows:


$recCons= Get-ReceiveConnector | Where {$_.Identity -like "*From Internet*"} |sort Identity

ForEach ($recCon in $recCons) {
               Write-Host "Adding 192.168.0.1 to Remote IP Ranges of " $recCon.Identity
$recCon.RemoteIPRanges +="192.168.0.1"
       Set-ReceiveConnector $recCon -RemoteIPRanges $recCon.RemoteIPRanges
Write-Host "Below is the updated white list for " $recCon.Identity
                Get-ReceiveConnector $recCon |select -ExpandProperty remoteIpranges |select expression |sort Expression
}

And script for removal of the IP address will be something like below:

$recCons= Get-ReceiveConnector | Where {$_.Identity -like "*From Internet*"} |sort Identity

ForEach ($recCon in $recCons) {
               Write-Host "Removing 192.168.0.1 from Remote IP Ranges of " $recCon.Identity
$recCon.RemoteIPRanges -="192.168.0.1"
       Set-ReceiveConnector $recCon -RemoteIPRanges $recCon.RemoteIPRanges
Write-Host "Below is the updated white list for " $recCon.Identity
                Get-ReceiveConnector $recCon |select -ExpandProperty remoteIpranges |select expression |sort Expression
}

Now let's slightly complicate our task and imagine we need to add or remove more than 1 IP address into the remote IP ranges of the receive connector named "From Internet". This article offers a good way of dealing with this problem. To achieve this we specify IP addresses in quotes and separated by comma (,). Our variable for IP addresses will be something like:

$recCon.RemoteIPRanges +="192.168.1.201","192.168..1.202","192.168.1.203"

This will result into the below code for addition of IP addresses


$recCons= Get-ReceiveConnector | Where {$_.Identity -like "*From Internet*"} |sort Identity

ForEach ($recCon in $recCons) {
              Write-Host "Adding new IP Addresses to Remote IP Ranges of " $recCon.Identity
$recCon.RemoteIPRanges +="192.168.1.201","192.168..1.202","192.168.1.203"
      Set-ReceiveConnector $recCon -RemoteIPRanges $recCon.RemoteIPRanges
Write-Host "The updated lis of IP Addresses in Remote IP Ranges of " $recCon.Identity
                Get-ReceiveConnector $recCon |select -ExpandProperty remoteIpranges |select expression |sort Expression
}

When attempting to adopt the same approach for removing of multiple records I got the following error:



And this article came to my help. As a workaround for each address you to update RemoteIpRanges array by configuring variable like this (separately for each IP Address:
$recCon.RemoteIPRanges -="192.168.5.201"
$recCon.RemoteIPRanges -="192.168.5.202"
$recCon.RemoteIPRanges -="192.168.5.203"

As the result my script started looking as below:

$recCons= Get-ReceiveConnector | Where {$_.Identity -like "*From Internet*"} |sort Identity

ForEach ($recCon in $recCons) {Write-Host "Removing new IP Addresses from Remote IP Ranges of " $recCon.Identity
     $recCon.RemoteIPRanges -="192.168.5.201"
                        $recCon.RemoteIPRanges -="192.168.5.202"
                        $recCon.RemoteIPRanges -="192.168.5.203"
                        Set-ReceiveConnector $recCon -RemoteIPRanges $recCon.RemoteIPRanges
    Write-Host "The updated lis of IP Addresses in Remote IP Ranges of " $recCon.Identity
                        Get-ReceiveConnector $recCon |select -ExpandProperty remoteIpranges |select expression |sort Expression
}

This resulted in the successful script execution.

PowerShell is indeed power shell.

Enjoy.