#copy-receiveconnetor # # Read connector form source and copy to target server. # update existing connector # # Sample .\copy-receiveconnector.ps1 -Sourceserver EX01 -TargetServers EX02 -Identity EX01\SAP-Smarthost # # 20220430 - Initial Version Frank Carius www.msxfaq.de # 20231106 - Erweiterung um AD-Permission [CmdletBinding()] param ( [parameter(Position = 1, Mandatory = $false, ValueFromPipeline = $false, ParameterSetName = 'Identity')] [string]$Identity = "", [parameter(Position = 1, Mandatory = $false, ValueFromPipeline = $false, ParameterSetName = 'SourceServer')] [string]$SourceServer, [parameter(Position = 2, Mandatory = $true, ValueFromPipeline = $false, ParameterSetName = 'Identity')] [parameter(Position = 2, Mandatory = $false, ValueFromPipeline = $false, ParameterSetName = 'SourceServer')] [string[]]$TargetServers, [switch]$Overwrite, $PropertiestoCopy = @( "AdvertiseClientSettings","AuthMechanism","AuthTarpitInterval", "Banner","BareLinefeedRejectionEnabled","BinaryMimeEnabled", "Bindings","ChunkingEnabled", "Comment", "ConnectionInactivityTimeout","ConnectionTimeout", "DefaultDomain", "DeliveryStatusNotificationEnabled", "DomainSecureEnabled", "EightBitMimeEnabled", "EnableAuthGSSAPI", "Enabled", "EnhancedStatusCodesEnabled", "ExtendedProtectionPolicy", "LongAddressesEnabled", "MaxAcknowledgementDelay", "MaxHeaderSize","MaxHopCount","MaxLocalHopCount","MaxLogonFailures", "MaxInboundConnection","MaxInboundConnectionPerSource","MaxInboundConnectionPercentagePerSource", "MaxMessageSize","MaxProtocolErrors","MaxRecipientsPerMessage","MessageRateLimit", "MessageRateSource", "OrarEnabled", "PermissionGroups", "PipeliningEnabled", "ProtocolLoggingLevel", "RejectReservedSecondLevelRecipientDomains","RejectReservedTopLevelRecipientDomains","RejectSingleLabelRecipientDomains", "RemoteIPRanges", "RequireEHLODomain", "RequireTLS", "ServiceDiscoveryFqdn", "SizeEnabled", "SmtpUtf8Enabled", "SuppressXAnonymousTls", "TarpitInterval", "TlsCertificateName","TlsDomainCapabilities", "TransportRole") ) if (!(Get-Command Get-ExchangeServer -ErrorAction SilentlyContinue)) { throw "Please start in Exchange Management PowerShell"; } Write-Host "Copy-Receiveconnector: Start" if ($identity -eq "") { if ($null -eq $Sourceserver) { Throw "Identity or SourceServer required" } $Sourceconnectorlist = get-Receiveconnector -Server $Sourceserver } else { $Sourceconnectorlist = get-Receiveconnector -Identity $identity } foreach ($targetserver in $Targetservers) { Write-Host " Targetserver $($targetserver) START ======================" foreach ($sourceconnector in $Sourceconnectorlist) { Write-Host "Processing Connector: $($sourceconnector.identity)" Write-Host " SourceServer : $($sourceconnector.server)" Write-Host " TargetServer : $($TargetServer)" $Targetconnectoridentity = $sourceconnector.identity.tostring().replace(($sourceconnector.server),$targetserver) $Targetconnectorname = $sourceconnector.name.tostring().replace(($sourceconnector.server),$targetserver) $Sourceserver = $sourceconnector.server Write-Host " TargetConnectorID : $($Targetconnectoridentity)" Write-Host "TargetConnectorname: $($Targetconnectorname)" $target = get-receiveconnector -Identity $Targetconnectoridentity -ErrorAction SilentlyContinue if ($null -eq $target) { Write-Host "TargetConnector not found - Create new connector START" -ForegroundColor yellow Write-host "Name :$($Targetconnectorname)" Write-host " Bindings: $($sourceconnector.Bindings)" Write-Host " RemoteIPRange: $($sourceconnector.RemoteIPRanges)" $target = New-Receiveconnector ` -Name $Targetconnectorname ` -Server $targetserver ` -Transportrole $sourceconnector.Transportrole ` -Bindings $sourceconnector.Bindings ` -RemoteIPRanges $sourceconnector.RemoteIPRanges ` -Custom Write-Host "TargetConnector not found - Create new connector DONE" -ForegroundColor Green } elseif ($Overwrite) { Write-Host "Update existing TargetConnector" -ForegroundColor green } else { Write-Host "Skip existing TargetConnector. Overwrite-Flag is $($overwrite)" -ForegroundColor Magenta $target = $null } if ($null -ne $target) { Write-Host "Updating Properties for $($target.identity)" $param=@{} foreach ($Property in $PropertiestoCopy) { Write-Host "Copy $($Property) Value: $($sourceconnector.$Property)" # Special Handling with PermissionGroups if ($Property -eq "PermissionGroups" -and ($sourceconnector.PermissionGroups -split ", ").contains("Custom")) { $param += @{$property = (($sourceconnector.Permissiongroups.tostring() -split ", ") ` | Where-Object {$_ -ne "Custom"})} $param } elseif ($Property -in ("fqdn","Banner","TlsCertificateName") ` -and ![string]::IsNullOrEmpty($sourceconnector.$Property)) { # Replace Servername with target Server ame $param += @{$property = $sourceconnector.$Property.tostring().replace($Sourceserver,$TargetServer)} } else { $param += @{$property = $sourceconnector.$Property} } } Write-Host "Configure Receive Connector $($target.identity)" if ($PSCmdlet.MyInvocation.BoundParameters["Verbose"].IsPresent) { Set-ReceiveConnector -Identity $target.identity @param -verbose } else { Set-ReceiveConnector -Identity $target.identity @param } # Update ADPermissions Write-Host " PermissionGroup $($sourceconnector.PermissionGroups)" if (($sourceconnector.PermissionGroups -split ", ").contains("Custom")) { Write-Host "Found Custom Permission Group" -ForegroundColor Magenta # Pending. Custom Permissions auslesen $adrelay = Get-ADPermission -Identity $a[0].Identity ` | where-object { $_.isinherited -eq $false ` -and $_.ExtendedRights.rawidentity -eq "ms-Exch-SMTP-Accept-Any-Recipient"} foreach ($ADacl in $adrelay) { $acluser = $adacl.user.tostring() Write-host " ACLCheck for User $($acluser)" if ($acluser -eq "MS Exchange\Externally Secured Servers" ` -or $acluser -eq "MS Exchange\Edge Transport Servers" ` -or $acluser -eq "MS Exchange\Hub Transport Servers" ` -or $acluser -like "*\ExchangeLegacyInterop" ` -or $acluser -like "*\Exchange Servers" ){ Write-Host "Skip System ACL $($acluser) $($adacl.ExtendedRights.rawidentity)" } else { Write-Host "Update custom ACL" Write-Host " User: $($acluser) ACL: $($adacl.ExtendedRights.rawidentity)" Add-ADPermission -Identity $Target.Distinguishedname -User $acluser ExtendedRights $adacl.ExtendedRights.rawidentity } } } else { Write-Host "SKIP Processing ADPermissions - No Custom found" } } Write-Host "Receive Connector $($target.identity) DONE" } Write-Host " Targetserver $($targetserver) DONE" } Write-Host "Copy-Receiveconnector: End"