Clone Exchange 2013 SMTP Receive connectors

It’s a Microsoft’s best practice to run every Exchange server role on 2 servers at least. So when you deploy a new HubTransport, or HubTransport+Mailbox server – you face a task to duplicate SMTP receive connectors for printers, devices and other services like MSSQL, monitoring and reporting, etc. Medium to large organizations can use several such connectors with dozens of IP addresses and ranges, so copying it manually from server to server is an ungrateful burden.

Here is a nice and sharp method to clone such connectors with all its configuration en masse. God bless Powershell 🙂
UPDATE: A full PS1 script is available for download in the TechNet Scripts Gallery.

Just a few Exchange Management Shell one-liners, that you can copy and run in your environment:

1. Let’s define an “Source server” where we get the connectors from and a “Target server” for the destination:

$SourceServer = "YourSourceExchangeFQDN"
$TargetServer = "YourTargetExchangeFQDN"

2. So we need a list of SMTP receive connectors except for default Exchange connectors which are unique per each server and created automatically during the server deployment. These connectors are usually “Client Frontend Servername”, “Client Proxy Servername”, “Default Servername”, “Default Frontend Servername”, and “Outbound Proxy Frontend Servername” and so forth.

[array]$ReceiveConnectors = Get-ReceiveConnector -Server $SourceServer | Where {$_.Name -notlike "*Default*" -and $_.Name -notlike "*Client*" -and $_.Name -notlike "*Proxy*"}

Take care of your specific connectors’ names don’t include “Default”, “Client”, or “Proxy”, otherwise they will be omitted in this procedure. However, if you tend to keep such words in your custom connector – you can edit a degree of freedom in the filter above.

3. Then we test creation of new connectors at the target server:

$ReceiveConnectors | foreach {New-ReceiveConnector -Name $_.Name -Usage 'Custom' -TransportRole 'FrontendTransport' -AuthMechanism $_.AuthMechanism -BinaryMimeEnabled $_.BinaryMimeEnabled -Bindings $_.Bindings -ChunkingEnabled $_.ChunkingEnabled -DeliveryStatusNotificationEnabled $_.DeliveryStatusNotificationEnabled -EightBitMimeEnabled $_.EightBitMimeEnabled -DomainSecureEnabled $_.DomainSecureEnabled -EnhancedStatusCodesEnabled $_.EnhancedStatusCodesEnabled -LongAddressesEnabled $_.LongAddressesEnabled -OrarEnabled $_.OrarEnabled -SuppressXAnonymousTls $_.SuppressXAnonymousTls -AdvertiseClientSettings $_.AdvertiseClientSettings -ServiceDiscoveryFqdn $_.ServiceDiscoveryFqdn -TlsCertificateName $_.TlsCertificateName -Comment $_.Comment -Enabled $_.Enabled -ConnectionTimeout $_.ConnectionTimeout -ConnectionInactivityTimeout $_.ConnectionInactivityTimeout -MessageRateLimit $_.MessageRateLimit -MessageRateSource $_.MessageRateSource -MaxInboundConnection $_.MaxInboundConnection -MaxInboundConnectionPerSource $_.MaxInboundConnectionPerSource -MaxInboundConnectionPercentagePerSource $_.MaxInboundConnectionPercentagePerSource -MaxHeaderSize $_.MaxHeaderSize -MaxHopCount $_.MaxHopCount -MaxLocalHopCount $_.MaxLocalHopCount -MaxLogonFailures $_.MaxLogonFailures -MaxMessageSize $_.MaxMessageSize -MaxProtocolErrors $_.MaxProtocolErrors -MaxRecipientsPerMessage $_.MaxRecipientsPerMessage -PermissionGroups AnonymousUsers -PipeliningEnabled $_.PipeliningEnabled -ProtocolLoggingLevel $_.ProtocolLoggingLevel -RemoteIPRanges $_.RemoteIPRanges -RequireEHLODomain $_.RequireEHLODomain -RequireTLS $_.RequireTLS -EnableAuthGSSAPI $_.EnableAuthGSSAPI -ExtendedProtectionPolicy $_.ExtendedProtectionPolicy -TlsDomainCapabilities $_.TlsDomainCapabilities -SizeEnabled $_.SizeEnabled -TarpitInterval $_.TarpitInterval -MaxAcknowledgementDelay $_.MaxAcknowledgementDelay -Server $TargetServer -WhatIf}

4. If you are satisfied with a projected result – just run the same line without -WhatIf in the end:

$ReceiveConnectors | foreach {New-ReceiveConnector -Name $_.Name -Usage 'Custom' -TransportRole 'FrontendTransport' -AuthMechanism $_.AuthMechanism -BinaryMimeEnabled $_.BinaryMimeEnabled -Bindings $_.Bindings -ChunkingEnabled $_.ChunkingEnabled -DeliveryStatusNotificationEnabled $_.DeliveryStatusNotificationEnabled -EightBitMimeEnabled $_.EightBitMimeEnabled -DomainSecureEnabled $_.DomainSecureEnabled -EnhancedStatusCodesEnabled $_.EnhancedStatusCodesEnabled -LongAddressesEnabled $_.LongAddressesEnabled -OrarEnabled $_.OrarEnabled -SuppressXAnonymousTls $_.SuppressXAnonymousTls -AdvertiseClientSettings $_.AdvertiseClientSettings -ServiceDiscoveryFqdn $_.ServiceDiscoveryFqdn -TlsCertificateName $_.TlsCertificateName -Comment $_.Comment -Enabled $_.Enabled -ConnectionTimeout $_.ConnectionTimeout -ConnectionInactivityTimeout $_.ConnectionInactivityTimeout -MessageRateLimit $_.MessageRateLimit -MessageRateSource $_.MessageRateSource -MaxInboundConnection $_.MaxInboundConnection -MaxInboundConnectionPerSource $_.MaxInboundConnectionPerSource -MaxInboundConnectionPercentagePerSource $_.MaxInboundConnectionPercentagePerSource -MaxHeaderSize $_.MaxHeaderSize -MaxHopCount $_.MaxHopCount -MaxLocalHopCount $_.MaxLocalHopCount -MaxLogonFailures $_.MaxLogonFailures -MaxMessageSize $_.MaxMessageSize -MaxProtocolErrors $_.MaxProtocolErrors -MaxRecipientsPerMessage $_.MaxRecipientsPerMessage -PermissionGroups AnonymousUsers -PipeliningEnabled $_.PipeliningEnabled -ProtocolLoggingLevel $_.ProtocolLoggingLevel -RemoteIPRanges $_.RemoteIPRanges -RequireEHLODomain $_.RequireEHLODomain -RequireTLS $_.RequireTLS -EnableAuthGSSAPI $_.EnableAuthGSSAPI -ExtendedProtectionPolicy $_.ExtendedProtectionPolicy -TlsDomainCapabilities $_.TlsDomainCapabilities -SizeEnabled $_.SizeEnabled -TarpitInterval $_.TarpitInterval -MaxAcknowledgementDelay $_.MaxAcknowledgementDelay -Server $TargetServer}

Here it is, you can now review the resulted new connectors and compare it’s settings to the original one.

2.

Do not forget to add AD permissions to Anonymous Logon for the newly cloned connector!:

Get-ReceiveConnector "TargetServer\connectorName" | Add-ADPermission -User 'NT AUTHORITY\Anonymous Logon' -ExtendedRights MS-Exch-SMTP-Accept-Any-Recipient

Feedback is very welcomed, feel free to post your thoughts and questions bellow.

2 thoughts on “Clone Exchange 2013 SMTP Receive connectors”

  1. i have a question regarding the receive connectors. I ve set all SMTP-Banners on the mailservers receive connectors. When connect to it via telnet on port 25 from an internal subnet everythings fine, it shows the configured banner.

Leave a Reply

Your email address will not be published.