Cloning Exchange Remote IP Ranges Between Connectors

Friday, September 9, 2011
I've been doing a number of Exchange 2007 to 2010 migrations lately.  Most of these customers have internal relay Receive Connectors that allow internal application servers to relay SMTP email through Exchange to internal and/or external recipients.  The connectors are configured to allow only certain IP addresses to use them, and often it's a pretty extensive list.  This article explains how to copy, or "clone", these remote IP addresses from one connector to another.

For example, here's an Exchange 2007 connector with over 25 remote IP addresses that are allowed to use this connector:


Typing in these IP addresses into a new Exchange 2010 Receive Connector is not only laborious, it can lead to errors that may take quite a bit of time to troubleshoot.

Using Powershell we can easily clone this set of IP addresses from an existing connector, named Anonymous Relay on EX2007HT, to another connector with the same name on an Exchange 2010 Hub Transport server, EX2010HT.

Begin by creating a Receive Connector on the target server, EX2010HT with the name Anonymous Relay and configure it with the appropriate permissions.  Then run the following cmdlets to clone the RemoteIPRanges attribute:
$connector = Get-ReceiveConnector "EX2007HT\Anonymous Relay"
Set-ReceiveConnector "EX2010HT\Anonymous Relay" -RemoteIPRanges $connector.RemoteIPRanges
You can use this method to copy any remote IP range from one connector to another.  Simply replace the server\connector names.

3 comments:

  1. Hi Jeff, I thought that the connector information and IPs would pull out of the configuration partition when we add Exchange 2010 HUB Transports? Do existing send connectors automatically get added to the 2010 HUBs when they are installed. We are about to install 2010 for a coexistence of 2007 and 2010. Or is this for new send connectors that are added manually. Thanks for the great information!

    ReplyDelete
  2. Hi Herb,

    Send Connectors are organizational in scope. Receive Connectors are created per server, so the ACLs do not replicate to new servers. You must configure them individually.

    ReplyDelete
  3. Jeff,

    I do remember that now. I guess we have one more task for our deployment, but this script will make it much easier. Thanks for the quick response and the information.

    ReplyDelete

Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.