de-DEen-GB
 
MVP - Most Valuable Professional
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange, Office 365, Azure and Cloud Security.

Exchange Receive Connector and the Custom Permissions Group

An Exchange Receive Connector requires a configuration for who can submit messages to the connector. The original TechNet description of the Set-ReceiveConnector cmdlet and the PermissionGroups attribute is as follows:

"The PermissionGroups parameter specifies the groups or roles that can submit messages to the Receive connector and the permissions assigned to those groups. A permission group is a predefined set of permissions granted to well-known security principals. The valid values for this parameter are as follows: None, AnonymousUsers, Custom, ExchangeUsers, ExchangeServers, ExchangeLegacyServers, and Partners. The default permission groups assigned to a Receive connector depend on the connector usage type specified by the Usage parameter when the Receive connector was created. "

The description implies that it is possible to set the PermissionGroups attribute to Custom.

When you try to set the permission group to Custom, you will notice that this results in an error. You will encounter this error especially when you try to copy a receive connector from one Exchange Server to another Exchange Server.

The attribute itself is being set to Custom by Exchange itself when add AD permission explicitly.

Example

The example shows the configuration of a FerrariFax receive connector that needs to be configured across all Exchange 2013 DAG member servers.

Receice connector set to None

Receive Connector with PermissionGroups set to None

Add a dedicated Permission

Get-ReceiveConnector "SERVER\Connector for UMS (SERVER-FAX)" | Add-ADPermission -User DOMAIN\FaxUser -ExtendedRights ms-Exch-SMTP-Submit,ms-Exch-Bypass-Anti-Spam,ms-Exch-SMTP-Accept-Any-Recipient

Receive connector set to Custom by Exchange

Receive Connector with PermissionGroups set to Custom

 

Note

You can copy a receive connector across a number of Exchange servers using the PowerShell script Copy-ReceiveConnector.ps1 hat has been published at TechNet Gallery.

The script has not been modified to handle this situation, yet. The source code repository is available at Github



Comments are closed.

Showing 0 Comment