Migrate Remote IP Addresses to a New Relay Connector

In many Exchange transition projects, there is a need to migrate some receive connector settings used in an existing SMTP relay connector to the new servers being stood up in preparation for decommissioning legacy servers.

Also, in most cases, there are several remote IP addresses assigned to existing relay connectors that need to be assigned to the new receive connector. Imagine trying to manually copy and add each address … Not fun!

In this example, I will “migrate” the remote IP addresses of an existing receive connector (configured for relay) on Exchange 2013 server to a new “relay” connector on Exchange 2016. The server name EX1 represents Exchange 2013 and EX2 represents Exchange 2016.

 

GATHER BASIC CONNECTOR INFO

First, using the Exchange Management Shell (EMS) from the Exchange 2013 server, I will gather some general information regarding all of the existing receive connectors in the organization.

Get-ReceiveConnector

 

Running get-receiveconnector displays all of the existing receive connectors for both server. The one I am targeting is “EX1\Relay EX1”; the SMTP relay connector on the Exchange 2013 server.

Identity                                    Bindings                                          Enabled
--------                                    --------                                          -------
EX1\Default EX1                             {0.0.0.0:2525, [::]:2525}                         True
EX1\Client Proxy EX1                        {[::]:465, 0.0.0.0:465}                           True
EX1\Default Frontend EX1                    {[::]:25, 0.0.0.0:25}                             True
EX1\Outbound Proxy Frontend EX1             {[::]:717, 0.0.0.0:717}                           True
EX1\Client Frontend EX1                     {[::]:587, 0.0.0.0:587}                           True
EX1\Relay EX1                               {0.0.0.0:25}                                      True
EX2\Default EX2                             {0.0.0.0:2525, [::]:2525}                         True
EX2\Client Proxy EX2                        {[::]:465, 0.0.0.0:465}                           True
EX2\Default Frontend EX2                    {[::]:25, 0.0.0.0:25}                             True
EX2\Outbound Proxy Frontend EX2             {[::]:717, 0.0.0.0:717}                           True
EX2\Client Frontend EX2                     {[::]:587, 0.0.0.0:587}                           True

 

I need to get specific remote IP address information regarding the relay connector on EX1, so, I run the following command to provide me with a visual display of the addresses I intend to migrate to a new relay connector on EX2.

Get-ReceiveConnector "EX1\Relay EX1" | fl RemoteIPRanges

 

The remote IP addresses are displayed, however, the list is truncated…

RemoteIPRanges : {172.16.20.5, 172.16.162.50, 172.16.104.5, 10.88.162.9, 10.88.162.58, 10.88.162.26, 10.88.162.24, 10.88.162.237, 10.88.162.2, 10.88.162.19, 10.88.162.18, 10.88.162.15, 10.87.104.29, 10.87.104.26, 10.85.99.96, 10.85.99.36...}

 

DISPLAY LIMITATION

The fact that all of the addresses aren’t displayed does me no good. But, I can make a modification to how values are displayed. I now run the following two commands to check, and set, the display limit.

I’ll start with this command…

$FormatEnumerationLimit

The default value is 16. What that means is that any command will display a limit of 16 values. So, if I have more than 16 IP addresses (or ranges) assigned to my connector, running the ‘Get-ReceiveConnector’ command to reveal the remote IP addresses will display up to only 16 values (or IP addresses).

If I want to see more of the values, I can run the $FormatEnumerationLimit with a larger value like 20 or 30 or whatever I wish. However, I want to see all of the values displayed. Therefore, I run the following command which allows for an unlimited number of values to be displayed.

$FormatEnumerationLimit =-1

NOTE: If changing the enumeration limit, it will only remain set until the EMS is closed. When the EMS is reopened the value returns to the default of 16. However, the default value can be modified by editing this line “$FormatEnumerationLimit = 16” of the Exchange.ps1 file in the Bin directory.

 

Now, when I run this command again…

Get-ReceiveConnector "EX1\Relay EX1" | fl RemoteIPRanges

 

The full list of assigned IP addresses (including subnets and ranges) is displayed.

RemoteIPRanges : {172.16.20.5, 172.16.162.50, 172.16.104.5, 10.88.162.9, 10.88.162.58, 10.88.162.26, 10.88.162.24, 10.88.162.237, 10.88.162.2, 10.88.162.19, 10.88.162.18, 10.88.162.15, 10.87.104.29, 10.87.104.26, 10.85.99.96, 10.85.99.36, 10.85.99.25, 10.83.7.87, 10.83.7.61, 10.83.7.60, 10.83.7.54, 10.83.7.43, 10.83.7.41, 10.83.7.237, 10.83.7.233, 10.83.7.18, 10.83.7.147, 10.81.26.101, 10.0.0.0/24, 192.168.100.94-192.168.100.104, 10.10.10.151}

 

CREATE CONNECTOR AND ADD REMOTE IP ADDRESSES

Now that I can visually see all of the remote IP addresses, I could copy and paste them manually into a new receive connector but I don’t want to. Instead, I will create a new receive connector (for relay) via the EMS (still from the 2013 server) and add the existing remote IP addresses from the relay connector on EX1 to the new connector on EX2.

I run this command because I need to gather settings into a variable ($RecvConn) from the existing relay connector on EX1.

$RecvConn = Get-ReceiveConnector "EX1\Relay EX1"

 

Then, I create the new relay connector (Relay EX2) with this command by populating the RemoteIPRanges parameter with the values gather from “Relay EX1” in the previous command, and adding ‘AnonymousUsers’ to the permission group.

New-ReceiveConnector -Name "Relay EX2" -RemoteIPRanges $RecvConn.RemoteIPRanges -Bindings @('0.0.0.0:25') -Usage "Custom" -Server "EX2" -TransportRole "FrontendTransport" -PermissionGroups "AnonymousUsers"

 

Finally, we complete the new relay connector by setting it to accept anonymous messages from the remote IP addresses.

Get-ReceiveConnector "EX2\Relay EX2" | Add-ADPermission -User 'NT AUTHORITY\Anonymous Logon' -ExtendedRights MS-Exch-SMTP-Accept-Any-Recipient

 

CONCLUSION

After the new relay connector is created, I like thoroughly test it to ensure it functions for my needs. For me, I prefer this method to others because it is relatively simple to implement and get working in a short amount of time.

Good luck and have fun!

 

Reference(s):
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s