UPDATE 15-09-2016
Bulk remove
After adding all the old ip addresses at once, now was the time to remove some old ip addresses from servers that we're decommissioned.
Turn's out the script below can be edited at 1 character and it does the complete opposite.
Instead of adding it removes. Look at the line number 72:
The script shows its progress at the console, but it shows "Adding" instead of "Removing".
So when cleaning up the code to represent the correct Write-Host info I ended up with this:
function get_RecConnector{ $RecConns = Get-ReceiveConnector | Select -ExpandProperty Identity $Count = 0; Write-Host "Bulk Add of Remote IP Addresses for Exchange Receive Connectors" -ForegroundColor Green Write-Host "Version 0.1" -ForegroundColor Green Write-Host "www.telnetport25.com" -ForegroundColor Green Write-Host "" Write-Host "Detected Receive Connectors: " -ForegroundColor Cyan Write-Host "" foreach($Connector in $RecConns){ Write-Host $Count "." $Connector -ForegroundColor White $Count ++ } Write-Host "" $Choice = Read-Host "Please select the Receive Connector that you wish to work with." Write-Host "" import_RemoteIPRanges $RecConns[$Choice] } function import_RemoteIPRanges{ param($ConnectorID) $FileName = Select-FileDialog "Open IP Range Text File..." $IPs = Get-Content $FileName foreach($IP in $IPs){ Write-Host "Adding IP Address :" $IP " to "$ConnectorID -ForegroundColor Cyan $Rcnn = Get-ReceiveConnector "$ConnectorID" $Rcnn.RemoteIPRanges += $IP Set-ReceiveConnector "$ConnectorID" -RemoteIPRanges $Rcnn.RemoteIPRanges } } get_RecConnector Write-Host "" Write-Host "Script Completed." -ForegroundColor Yellow
The script uses a text file in the same way as the "Add" script, simply paste your IP addresses in a new Remove.txt file and point to it when the script runs.
Bulk Add
Had to create 6 new receive connectors on separate servers, with the email relay allowed ip addresses from an old Exchange 2010 connector.
So first export the old: (See this previous post of mine)
Get-ReceiveConnector "sr-XXXXX\smtp relay" | fl remoteipranges | out-file "d:\temp\smtp relay sr-XXXX.txt"
Then edit this file so that every ip address is on a single line without spaces, like so:
1.1.1.1
2.2.2.2
3.3.3.3
etc.
Now create the new send connectors, and note that on a multi role Exchange server you can't choose "Hubtransport" as connector type. If you do you'll get an error stating that there's already a connector with those exact same settings.
New-ReceiveConnector -Name "SMTP-Relay-SR-XXXXX" -Server sr-XXXXX -Usage Custom -Bindings 1.1.1.1:25 -RemoteIPRanges 2.2.2.2 -MaxMessageSize 30MB -TransportRole frontendtransport -Enabled $FalseNotice the "RemoteIPRanges" value, it has to have a value so remember to edit that out after importing the old ip address range from the old connector.
Also note the "-Enabled $False" value, if the security settings are in place and the ip address import went successful and the DNS entry for the connector is in place then enable it.
Then download the "BulkImportRemoteIPonRecConn.ps1" script from Andy Grogan to import the IP addresses. The script still works on Exchange 2013, not sure on 2016.
Then run the script:
[PS] C:\_Scripts\_TEST\BulkImportRemoteIpReceiveConnector> .\BulkImportRemoteIPonRecConn.ps1 Bulk Import of Remote IP Addresses for Exchange Receive Connectors Version 0.1 www.telnetport25.com Detected Receive Connectors: 0 . Servername\Client Servername 1 . Servername\Client Servername 2 . Servername\Default Servername 3 . Servername\Default Servername 4 . Servername\Default Servername 5 . Servername\Client Proxy Servername 6 . Servername\Default Frontend Servername 7 . Servername\Outbound Proxy Frontend Servername 8 . Servername\Client Frontend Servername 9 . Servername\XXXXX_inbound 10 . Servername\Default Servername 11 . Servername\Client Proxy Servername 12 . Servername\Client Frontend Servername 13 . Servername\XXXXX_inbound 14 . Servername\Default Servername 15 . Servername\Client Proxy Servername 16 . Servername\Default Frontend Servername 17 . Servername\Client Frontend Servername 18 . Servername\XXXXX_inbound 19 . Servername\Default Servername 20 . Servername\Client Proxy Servername 21 . Servername\Default Frontend Servername 22 . Servername\Outbound Proxy Frontend Servername 23 . Servername\Client Frontend Servername 24 . Servername\XXXXX_inbound 25 . Servername\Default Servername 26 . Servername\Client Proxy Servername 27 . Servername\Default Frontend Servername 28 . Servername\Outbound Proxy Frontend Servername 29 . Servername\Client Frontend Servername 30 . Servername\XXXXX_inbound 31 . Servername\Default Servername 32 . Servername\Client Proxy Servername 33 . Servername\Default Frontend Servername 34 . Servername\Outbound Proxy Frontend Servername 35 . Servername\Client Frontend Servername 36 . Servername\XXXXX_inbound 37 . Servername\Outbound Proxy Frontend Servername 38 . Servername\Default Frontend Servername 39 . Servername\Outbound Proxy Frontend Servername 40 . Servername\SMTP relay 41 . Servername\SMTP relay 42 . Servername\SMTP-Relay-Servername 43 . Servername\SMTP-Relay-Servername 44 . Servername\SMTP-Relay-Servername 45 . Servername\SMTP-Relay-Servername 46 . Servername\SMTP-Relay-Servername 47 . Servername\SMTP-Relay-Servername Please select the Receive Connector that you wish to work with.: 47 Adding IP Address : 1.1.1.57 to Servername\SMTP-Relay-Servername Adding IP Address : 1.1.1.58 to Servername\SMTP-Relay-Servername Adding IP Address : 1.1.1.59 to Servername\SMTP-Relay-Servername Adding IP Address : 1.1.1.14 to Servername\SMTP-Relay-Servername Adding IP Address : 1.1.1.36 to Servername\SMTP-Relay-Servername Adding IP Address : 1.1.1.18 to Servername\SMTP-Relay-Servername Adding IP Address : 1.1.1.19 to Servername\SMTP-Relay-Servername Adding IP Address : 1.1.1.23 to Servername\SMTP-Relay-Servername Adding IP Address : 1.1.1.26 to Servername\SMTP-Relay-Servername Adding IP Address : 1.1.1.28 to Servername\SMTP-Relay-Servername Adding IP Address : 1.1.1.100 to Servername\SMTP-Relay-Servername Adding IP Address : 1.1.1.101 to Servername\SMTP-Relay-Servername Adding IP Address : 1.1.1.102 to Servername\SMTP-Relay-Servername Adding IP Address : 1.1.1.103 to Servername\SMTP-Relay-Servername Adding IP Address : 1.1.1.104 to Servername\SMTP-Relay-Servername ... ... ... Script Completed. [PS] C:\_Scripts\_TEST\BulkImportRemoteIpReceiveConnector>
After the script completes set the security so Anonymous user access is granted. You have to do this at two places, one in PowerShell:
Get-ReceiveConnector "Servername\smtp-relay-Servername" | Add-ADPermission -User 'NT AUTHORITY\Anonymous Logon' -ExtendedRights MS-Exch-SMTP-Accept-Any-RecipientAnd one in the EAC on (all) the newly created receive connectors
Your connectors are done.
No comments:
Post a Comment