MVP - Most Valuable Professional

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft technologies like Exchange Server, Microsoft 365, Microsoft Teams, and Cloud Security.

Exchange Server LogoExchange Server uses Receive Connectors for providing SMTP endpoints for incoming connections. A modern Exchange Server provides a default connector on TCP port 25. 

Sometimes you might have a requirement to create a new receive connector for selected incoming SMTP connections. A standard requirement is a receive connector for relaying messages to external recipients. This cannot (should not) be achieved using the default connector.

Each connector uses the RemoteIPRanges attribute to store the list of IP addresses of remote systems that can connect to that connector. The default connector utilizes the full IPv4 and IPv6 addresses ranges.

Your new receive connector requires at least a single IP address for a selected remote system that is supposed to connect to that receive connector. You can add a single IP address, address ranges, or IP addresses using CIDR notation.

The attribute RemoteIPRanges is a multi-value attribute and has a limit of IP address entries that can be added. 

The maximum number of address entries that you can add to that attribute varies. You can store approximately 1,300 entries.

When you exceed the number of values you receive the following error message:

The administrative limit for this request was exceeded.
    + CategoryInfo          : NotSpecified: (:) [Set-ReceiveConnector], AdminLimitExceededException
    + FullyQualifiedErrorId : [Server=EX01,RequestId=ee9d45ad-418b-4172-9235-963eca1a7830,TimeStamp=18.08.2020
    20:07:54] [FailureCategory=Cmdlet-AdminLimitExceededException] AC1E336E,Microsoft.Exchange.Management.SystemConfi
    + PSComputerName        :


I have tested the number of values that can be stored in that multi-value attribute. Depending on the IP address format I was able to add 1,238 (172.80.x.y) or 1,244 (10.1.x.y) single IP addresses to the RemoteIPRanges attribute.

Plan your IP address configuration requirements carefully and avoid using single IP addresses. Preferably, you should use IP address ranges or IP address CIDR notation for networks.




Enjoy Exchange Server!


Are you located in Germany, Austria, or Switzerland? Join the Exchange User Group DACH to collaborate with other Exchange enthusiasts.
Follow us on Twitter @exusg, join on Meetup, or visit our website


Read More »
Last updated: 2017-11-28

Exchange Server 2013Exchange Server 2016Description

This script adds or removes IP addresses or IP address ranges to/from existing Receive Connectors.

The input file can contain more than one IP address (range), one entry per line. The IP address parameter can be used to add a single IP address.

The script creates a new sub directory beneath the current location of the script. The script utilizes the directory as a log directory to store the current remote IP address ranges prior modification.

A log is written to the \log subfolder utilitzing the GlobalFunctions Logger object.


  • Registered GlobalModules PowerShell module,
  • Windows Server 2016, Windows Server 2012 R2, Windows Server 2008 R2 SP1
  • Exchange ManagementShell 2013+
  • Optionally, a txt file containing new remote IP address ranges, one per line



# Example 1
# Add all IP addresses stored in D:\Scripts\ip.txt to a receive connector named RelayConnector

.\Set-ReceiveConnectorIpAddress.ps1 -ConnectorName RelayConnector -FileName D:\Scripts\ip.txt -Action Add
# Example 2
# Remove IP address from a receive connector nameds MyConnector from all Exchange Servers in the forest

.\Set-ReceiveConnectorIpAddress.ps1 -ConnectorName MyConnector -IpAddress -Action Remove -ViewEntireForest $true

Version History

  • 1.0, Initial community release
  • 1.1, Comment parameter added



Read More »

An Exchange Receive Connector requires a configuration for who can submit messages to the connector. The original TechNet description of the Set-ReceiveConnector cmdlet and the PermissionGroups attribute is as follows:

"The PermissionGroups parameter specifies the groups or roles that can submit messages to the Receive connector and the permissions assigned to those groups. A permission group is a predefined set of permissions granted to well-known security principals. The valid values for this parameter are as follows: None, AnonymousUsers, Custom, ExchangeUsers, ExchangeServers, ExchangeLegacyServers, and Partners. The default permission groups assigned to a Receive connector depend on the connector usage type specified by the Usage parameter when the Receive connector was created. "

The description implies that it is possible to set the PermissionGroups attribute to Custom.

When you try to set the permission group to Custom, you will notice that this results in an error. You will encounter this error especially when you try to copy a receive connector from one Exchange Server to another Exchange Server.

The attribute itself is being set to Custom by Exchange itself when add AD permission explicitly.


The example shows the configuration of a FerrariFax receive connector that needs to be configured across all Exchange 2013 DAG member servers.

Receice connector set to None

Receive Connector with PermissionGroups set to None

Add a dedicated Permission

Get-ReceiveConnector "SERVER\Connector for UMS (SERVER-FAX)" | Add-ADPermission -User DOMAIN\FaxUser -ExtendedRights ms-Exch-SMTP-Submit,ms-Exch-Bypass-Anti-Spam,ms-Exch-SMTP-Accept-Any-Recipient

Receive connector set to Custom by Exchange

Receive Connector with PermissionGroups set to Custom



You can copy a receive connector across a number of Exchange servers using the PowerShell script Copy-ReceiveConnector.ps1 hat has been published at TechNet Gallery.

The script has not been modified to handle this situation, yet. The source code repository is available at Github

Read More »
Last updated: 2020-03-15


Exchange Server 2007Exchange Server 2010Exchange Server 2013Exchange Server 2016Exchange Server 2019Description


This script copies a single receive connector from a source Exchange Server to a single target Exchange server or all other Exchange servers.

The primary purposes of this script are:

  • Simplify migration of legacy Exchange receive connectors (Exchange 2007 or Exchange2010) to a modern Exchange server (Exchange 2013 or Exchange 2016)
  • Simplify receive connector distribution across multiple Exchange servers (Exchange 2013, Exchange 2016, or Exchange 2019)

Find the most recent full documentation at GitHub.



Copy Exchange 2013/2016 receive connector RC2 from server MBX01 to server MBX2

.\Copy-ReceiveConnector.ps1 -SourceServer MBX01 -ConnectorName RC2 `
-TargetServer MBX2 -DomainController

Copy Exchange 2013/2016 receive connector RC2 from server MBX01 to all other Exchange 2013 servers

.\Copy-ReceiveConnector.ps1 -SourceServer MBX01 -ConnectorName RC1 `
-CopyToAllOther -DomainController

Copy Exchange 2013/2016 receive connector relay from Exchange 2007 server MBX2007 to Exchange 2013 server MBX01 and reset network bindings

.\Copy-ReceiveConnector.ps1 -SourceServer MBX2007 -ConnectorName "relay" `
-TargetServer MBX01 -MoveToFrontend -ResetBindings `


Version History

  • 1.0, Initial community release
  • 1.1 Domain Controller parameter added, permissions group copy added
  • 1.2 Move to FrontendTransport added, optional permission copy added, reset bindings added
  • 1.3 Update receive connector, if receive connector exists
  • 1.4 Fix to handle connector updates properly
  • 1.41 Minor fixes and update for Exchange 2016
  • 1.5 Issue #2 fixed
  • 1.6 Issue #3 fixed
  • 1.7 Issue #6 fixed, new parameter UpdateExistingConnector added, tested with Exchange Server 2019




Additional Credits

Additional credits go to Jeffery Land,



Read More »


Add remote IP address ranges to an Exchange Server 2013/2016 receive connector.

Create a new text file containing the new remote IP address ranges


The script creates a new subfolder named ReceiveConnectorIpAddresses and saves the currently configured remote IP address ranges first.

While adding the new remote IP address ranges, the script checks, if the new ranges already exist.


# Add IP addresses from ip.txt to MYCONNECTOR

.\Add-ReceiveConnectorIpAddress.ps1 -ConnectorName MYCONNECTOR -FileName D:\Scripts\ip.txt

.\Add-ReceiveConnectorIpAddress.ps1 -ConnectorName REMOTECONNECTOR -FileName .\ip-new.txt -ViewEntireForest $true

Version History

  • 1.0, Initial community release
  • 1.4, Support Mailbox role added (Issue #4)





Read More »