diff --git a/Copy-ReceiveConnector.ps1 b/Copy-ReceiveConnector.ps1 index 49f0dcf..158208b 100644 --- a/Copy-ReceiveConnector.ps1 +++ b/Copy-ReceiveConnector.ps1 @@ -7,23 +7,24 @@ THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER. - Version 1.6, 2018-03-26 + Version 1.7, 2020-03-15 - Please send ideas, comments and suggestions to support@granikos.eu + Please submit ideas, comments, and suggestions using GitHub. .LINK http://scripts.granikos.eu .DESCRIPTION + This script copies a receive connector from a source Exchange Server to a single target Exchange server or to all Exchange servers. - Configured permissions are copied as well, if required + Configured permissions are copied as well, if required. .NOTES + Requirements - - Windows Server 2008 R2 SP1, Windows Server 2012 or Windows Server 2012 R2 - - Exchange Server 2007/2010 - - Exchange Server 2013/2016 + - Windows Server 2016, Windows Server 2019 + - Exchange Server 2013/2016/2019 Management Shell Revision History -------- ----------------------------------------------------------------------- @@ -35,6 +36,8 @@ 1.41 Minor fixes and update for Exchange 2016 1.5 Issue #2 fixed 1.6 Issue #3 fixed + 1.6.1 Minor fixes and tested with Exchange Server 2019 + 1.7 UpdateExistingConnector added (issue #6), tested with Exchange Server 2019 .PARAMETER ConnectorName Name of the connector the new IP addresses should be added to @@ -60,39 +63,53 @@ .PARAMETER ResetBindings Do not copy bindings but reset receive connector network bindings to 0.0.0.0:25 + .PARAMETER UpdateExistingConnector + Update an existing receive connector without confirmation prompt. + .PARAMETER ViewEntireForest View entire Active Directory forest .EXAMPLE - Copy Exchange 2013/2016 receive connector nikos-one-RC2 from server MBX01 to server MBX2 - .\Copy-ReceiveConnector.ps1 -SourceServer MBX01 -ConnectorName nikos-one-RC2 -TargetServer MBX2 -DomainController MYDC1.mcsmemail.de + + Copy Exchange 2013/2016/2019 receive connector MYRECEIVECONNECTOR from server MBX01 to server MBX2 + + .\Copy-ReceiveConnector.ps1 -SourceServer MBX01 -ConnectorName MYRECEIVECONNECTOR -TargetServer MBX2 -DomainController MYDC1.mcsmemail.de .EXAMPLE - Copy Exchange 2013/2016 receive connector nikos-one-RC2 from server MBX01 to all other Exchange 2013 servers - .\Copy-ReceiveConnector.ps1 -SourceServer MBX01 -ConnectorName nikos-one-RC1 -CopyToAllOther -DomainController MYDC1.mcsmemail.de + + Copy Exchange 2013/2016/2019 receive connector MYRECEIVECONNECTOR from server MBX01 to all other Exchange 2013+ servers + + .\Copy-ReceiveConnector.ps1 -SourceServer MBX01 -ConnectorName MYRECEIVECONNECTOR -CopyToAllOther -DomainController MYDC1.mcsmemail.de + + .EXAMPLE + + Copy Exchange 2013/2016/2019 receive connector MYRECEIVECONNECTOR from server MBX01 to all other Exchange 2013+ servers without confirmation prompt if connectors already exists + + .\Copy-ReceiveConnector.ps1 -SourceServer MBX01 -ConnectorName MYRECEIVECONNECTOR -CopyToAllOther -DomainController MYDC1.mcsmemail.de -UpdateExitingConnector .EXAMPLE - Copy Exchange 2013/2016 receive connector "nikos-two relay" from Exchange 2007 server MBX2007 to Exchange 2013 server MBX01 and reset network bindings - .\Copy-ReceiveConnector.ps1 -SourceServer MBX2007 -ConnectorName "nikos-two relay" -TargetServer MBX01 -MoveToFrontend -ResetBindings -DomainController MYDC1.mcsmemail.de + + Copy Exchange 2013/2016/2019 receive connector MYRECEIVECONNECTOR from Exchange 2010 server MBX2010 to Exchange 2016 server MBX01, make it a FrontEnd-Connector, and reset network bindings + + .\Copy-ReceiveConnector.ps1 -SourceServer MBX2010 -ConnectorName MYRECEIVECONNECTOR -TargetServer MBX01 -MoveToFrontend -ResetBindings -DomainController MYDC1.mcsmemail.de #> param( [parameter(Mandatory,HelpMessage='Source Exchange server to copy from')] - [string] $SourceServer, - [parameter(Mandatory,HelpMessage='Name of the receive connector to copy')] - [string] $ConnectorName, - [string] $TargetServer = '', + [string]$SourceServer, + [parameter(Mandatory,HelpMessage='Name of the source receive connector')] + [string]$ConnectorName, + [string]$TargetServer = '', [parameter(Mandatory,HelpMessage='Domain Controller name')] - [string] $DomainController = '', - [switch] $CopyToAllOther, - [switch] $CopyPermissions, - [switch] $MoveToFrontend, - [switch] $ResetBindings, - [switch] $ViewEntireForest + [string]$DomainController = '', + [switch]$CopyToAllOther, + [switch]$CopyPermissions, + [switch]$MoveToFrontend, + [switch]$ResetBindings, + [switch]$UpdateExitingConnector, + [switch]$ViewEntireForest ) -# Set-StrictMode -Version Latest - Import-Module -Name ActiveDirectory $sourceRC = $null @@ -119,21 +136,22 @@ function Copy-ToServer { param( [string]$TargetServerName = '' ) + + $ExchangeGroups = @('Externally Secured Servers','Edge Transport Servers','Hub Transport Servers','Exchange Servers','ExchangeLegacyInterop') if ($TargetServerName -ne '') { - $sourceRC = Get-ReceiveConnector -Server $SourceServer | Where-Object{$_.Name -eq $ConnectorName} -ErrorAction SilentlyContinue + $sourceRC = Get-ReceiveConnector -Server $SourceServer -DomainController $DomainController | Where-Object{$_.Name -eq $ConnectorName} -ErrorAction SilentlyContinue - $targetRC = Get-ReceiveConnector -Server $TargetServerName | Where-Object{$_.Name -eq $ConnectorName} -ErrorAction SilentlyContinue + $targetRC = Get-ReceiveConnector -Server $TargetServerName -DomainController $DomainController | Where-Object{$_.Name -eq $ConnectorName} -ErrorAction SilentlyContinue if(($sourceRC -ne $null) -and ($targetRC -eq $null)){ - Write-Host - Write-Host ('Working on {0} and receive connector {1}' -f $TargetServerName, $ConnectorName) + Write-Host ('Working on [{0}] and receive connector [{1}]' -f $TargetServerName.ToUpper(), $ConnectorName) # clear permission groups for Exchange Server 2013 (thanks to Jeffery Land, https://jefferyland.wordpress.com) $tempPermissionGroups = @($sourceRC.PermissionGroups) -split ', ' | Select-String -Pattern 'Custom' -NotMatch - $temp = ("$($tempPermissionGroups)").Replace(' ', ', ').Replace(' ','') + $temp = (('{0}' -f $tempPermissionGroups)).Replace(' ', ', ').Replace(' ','') if($temp -ne '') { $sourceRC.PermissionGroups = $temp @@ -149,6 +167,32 @@ function Copy-ToServer { $sourceRC.Bindings = '0.0.0.0:25' } + $TargetFqdn = $sourceRC.Fqdn + + # Check if source fqdn contains server name fqdn + if(([string]$sourceRC.Fqdn.Domain).ToLower().Contains([string]$sourceRC.Server.Name.ToLower())) { + Write-Verbose -Message 'Source connector uses server Fqdn. Changing to target server Fqdn.' + + $TargetFqdn = ('{0}.{1}' -f $TargetServerName,(Get-ExchangeServer $TargetServerName).Domain.ToString()).ToLower() + } + + $FixAuthMechanism = $false + + # change permission groups settings temporarily + if(([string]$sourceRC.AuthMechanism).Split(',').Trim().Contains('ExternalAuthoritative')) { + Write-Verbose -Message 'Connector is set to ExternalAuthoritative and needs special treatment.' + + # keep current source connector configuration + $AuthMechanism = $sourceRC.AuthMechanism + $PermissioNGroups = $sourceRC.PermissionGroups + + # set ExternalAuthoritative only + # $sourceRC.AuthMechanism = 'ExternalAuthoritative' + $sourceRC.PermissionGroups = 'ExchangeServers' + + $FixAuthMechanism = $true + } + # create new Receive Connector New-ReceiveConnector -Name $sourceRC.Name ` -TransportRole $sourceRC.TransportRole ` @@ -189,11 +233,25 @@ function Copy-ToServer { -EnhancedStatusCodesEnabled $sourceRC.EnhancedStatusCodesEnabled ` -Server $TargetServerName ` -AuthMechanism $sourceRC.AuthMechanism ` - -Fqdn $sourceRC.Fqdn + -Fqdn $TargetFqdn ` + -DomainController $DomainController + + if($FixAuthMechanism) { + + Write-Verbose -Message ('Wait {0} seconds for domain controller to update' -f $secondsToWait) + Start-Sleep -Seconds $secondsToWait + + $newConnector = Get-ReceiveConnector -Identity ('{0}\{1}' -f $TargetServerName, $sourceRC.Name) -DomainController $DomainController + + Write-Verbose -Message ('Updating PermissionGroups for {0}\{1}' -f $TargetServerName, $sourceRC.Name) + + $newConnector | Set-ReceiveConnector -PermissionGroups $PermissionGroups + + } if($CopyPermissions) { # fetch non inherited permissons from source connector - $sourcePermissions = Get-ReceiveConnector -Identity $sourceRC | Get-ADPermission | Where-Object {$_.IsInherited -eq $false} + $sourcePermissions = Get-ReceiveConnector -Identity $sourceRC -DomainController $DomainController | Get-ADPermission | Where-Object {$_.IsInherited -eq $false} # we wait some time for domain controller to get stuff done Write-Host ('Wait {0} seconds for domain controller to update' -f $secondsToWait) @@ -202,27 +260,38 @@ function Copy-ToServer { Write-Verbose -Message 'Adding AD permissions' # set access rights on target connector - $sourcePermissions | ForEach-Object { - Get-ReceiveConnector "$($TargetServerName)\$($sourceRC.Name)" -DomainController $DomainController | Add-ADPermission -DomainController $DomainController -User $_.User -Deny:$_.Deny -AccessRights $_.AccessRights -ExtendedRights $_.ExtendedRights | Out-Null - } + $null = Get-ReceiveConnector -Identity ('{0}\{1}' -f $TargetServerName, $sourceRC.Name) -DomainController $DomainController | Add-ADPermission -DomainController $DomainController -User $_.User -Deny:$_.Deny -AccessRights $_.AccessRights -ExtendedRights $_.ExtendedRights -ErrorAction SilentlyContinue + + Write-Verbose -Message 'Adding AD permissions finished' } } elseif($sourceRC -ne $null) { + + # target connector already exists Write-Output 'Target connector already exists.' - if((Request-Choice -Caption ('Do you want to UPDATE the receive connector {0} on server {1}?' -f $ConnectorName, $TargetServerName)) -eq 0) { + if(($UpdateExitingConnector) -or (Request-Choice -Caption ('Do you want to UPDATE the receive connector {0} on server {1}?' -f $ConnectorName, $TargetServerName)) -eq 0) { - Write-Host ('Updating server {0}' -f $TargetServerName) + Write-Host ('Updating connector on server {0}' -f $TargetServerName) # clear permission groups for Exchange Server 2013 (thanks to Jeffery Land, https://jefferyland.wordpress.com) $tempPermissionGroups = @($sourceRC.PermissionGroups) -split ', ' | Select-String -Pattern 'Custom' -NotMatch - $temp = ("$($tempPermissionGroups)").Replace(' ', ', ').Replace(' ','') + $temp = (('{0}' -f $tempPermissionGroups)).Replace(' ', ', ').Replace(' ','') if($temp -ne '') { $sourceRC.PermissionGroups = $temp } - Get-ReceiveConnector "$($TargetServerName)\$($sourceRC.Name)" | Set-ReceiveConnector ` + $TargetFqdn = $sourceRC.Fqdn + + # Check if source fqdn contains server name fqdn + if(([string]$sourceRC.Fqdn.Domain).ToLower().Contains([string]$sourceRC.Server.Name.ToLower())) { + Write-Verbose -Message 'Source connector uses server Fqdn. Changing to target server Fqdn.' + + $TargetFqdn = ('{0}.{1}' -f $TargetServerName,(Get-ExchangeServer $TargetServerName).Domain.ToString()).ToLower() + } + + Get-ReceiveConnector -Identity ('{0}\{1}' -f ($TargetServerName), $sourceRC.Name) | Set-ReceiveConnector ` -RemoteIPRanges $sourceRC.RemoteIPRanges ` -Banner $sourceRC.Banner ` -ChunkingEnabled $sourceRC.ChunkingEnabled ` @@ -258,11 +327,10 @@ function Copy-ToServer { -TarpitInterval $sourceRC.TarpitInterval ` -EnhancedStatusCodesEnabled $sourceRC.EnhancedStatusCodesEnabled ` -AuthMechanism $sourceRC.AuthMechanism ` - -Fqdn $sourceRC.Fqdn - # -Bindings $targetRC.Bindings ` - # -TransportRole $sourceRC.TransportRole ` + -Fqdn $TargetFqdn if($CopyPermissions) { + # fetch non inherited permissons from source connector $sourcePermissions = Get-ReceiveConnector -Identity $sourceRC | Get-ADPermission | Where-Object {$_.IsInherited -eq $false} @@ -270,11 +338,11 @@ function Copy-ToServer { Write-Host ('Wait {0} seconds for domain controller to update' -f $secondsToWait) Start-Sleep -Seconds $secondsToWait - Write-Verbose 'Adding AD permissions' + Write-Verbose -Message 'Adding AD permissions' # set access rights on target connector $sourcePermissions | ForEach-Object { - Get-ReceiveConnector "$($TargetServerName)\$($sourceRC.Name)" -DomainController $DomainController | Add-ADPermission -DomainController $DomainController -User $_.User -Deny:$_.Deny -AccessRights $_.AccessRights -ExtendedRights $_.ExtendedRights | Out-Null + $null = Get-ReceiveConnector -Identity ('{0}\{1}' -f $TargetServerName, $sourceRC.Name) -DomainController $DomainController | Add-ADPermission -DomainController $DomainController -User $_.User -Deny:$_.Deny -AccessRights $_.AccessRights -ExtendedRights $_.ExtendedRights } } } @@ -285,22 +353,22 @@ function Copy-ToServer { } } else { - Write-Host 'No target server name specified' + Write-Verbose -Message 'No target server name specified' } } function Copy-ToAllServers { - Write-Verbose 'Copy receive connector to all other Exchange 2013+ servers' + Write-Verbose -Message 'Copy receive connector to all other Exchange 2013+ servers' # Quick fix for issue #3, assuming that you've deployed Exchange 2013 multi-role - $frontendServers = Get-ExchangeServer | Where-Object{($_.AdminDisplayVersion.Major -eq 15) -and (([string]$_.ServerRole).Contains('Mailbox')) -and ($_.Name -ne $SourceServer)} | Sort-Object Name + $frontendServers = Get-ExchangeServer | Where-Object{($_.AdminDisplayVersion.Major -eq 15) -and (([string]$_.ServerRole).Contains('Mailbox')) -and ($_.Name -ne $SourceServer)} | Sort-Object -Property Name foreach($server in $frontendServers){ Write-Output -InputObject ('Working on server: {0}' -f $server) Copy-ToServer -TargetServerName $server } - Write-Verbose 'Copying to all Exchange servers done' + Write-Verbose -Message 'Finished copying connector to all modern Exchange servers done' } ### MAIN ---------------------------------- @@ -320,6 +388,6 @@ elseif($TargetServer -ne ''){ Copy-ToServer -TargetServerName $TargetServer } elseif($CopyToAllOther){ - # Copy to all other Exchange 2013/2016 servers + # Copy to all Exchange 2013/2016/2019 servers Copy-ToAllServers } \ No newline at end of file diff --git a/README.md b/README.md index b2c8f47..b052391 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,11 @@ This script copies a receive connector from a source Exchange Server to a single Configured permissions are copied as well, if required. +## Requirements + +- Windows Server 2016, Windows Server 2019 +- Exchange Server 2013/2016/2019 Management Shell + ## Parameters ### ConnectorName @@ -42,6 +47,10 @@ Change source connector transport role to FrontendTransport. This is required wh Do not copy bindings but reset receive connector network bindings to 0.0.0.0:25 +### UpdateExistingConnector + +Update an existing receive connector without confirmation prompt. + ### ViewEntireForest View entire Active Directory forest @@ -66,6 +75,12 @@ Copy Exchange 2013 receive connector nikos-one-RC2 from server MBX01 to all othe Copy Exchange 2013 receive connector "nikos-two relay" from Exchange 2007 server MBX2007 to Exchange 2013+ server MBX01 and reset network binding +``` PowerShell +.\Copy-ReceiveConnector.ps1 -SourceServer MBX01 -ConnectorName MYRECEIVECONNECTOR -CopyToAllOther -DomainController MYDC1.mcsmemail.de -UpdateExitingConnector +``` + +Copy Exchange 2013/2016/2019 receive connector MYRECEIVECONNECTOR from server MBX01 to all other Exchange 2013+ servers without confirmation prompt if connectors already exists + ## Note THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE @@ -75,7 +90,7 @@ RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER. Download and vote at TechNet Gallery -* [https://gallery.technet.microsoft.com/Copy-a-receive-connector-b20b9bef](https://gallery.technet.microsoft.com/Copy-a-receive-connector-b20b9bef) +- [https://gallery.technet.microsoft.com/Copy-a-receive-connector-b20b9bef](https://gallery.technet.microsoft.com/Copy-a-receive-connector-b20b9bef) ## Credits @@ -83,13 +98,15 @@ Written by: Thomas Stensitzki Stay connected: -* My Blog: [http://justcantgetenough.granikos.eu](http://justcantgetenough.granikos.eu) -* Twitter: [https://twitter.com/stensitzki](https://twitter.com/stensitzki) -* LinkedIn: [http://de.linkedin.com/in/thomasstensitzki](http://de.linkedin.com/in/thomasstensitzki) -* Github: [https://github.com/Apoc70](https://github.com/Apoc70) +- My Blog: [http://justcantgetenough.granikos.eu](http://justcantgetenough.granikos.eu) +- Twitter: [https://twitter.com/stensitzki](https://twitter.com/stensitzki) +- LinkedIn: [http://de.linkedin.com/in/thomasstensitzki](http://de.linkedin.com/in/thomasstensitzki) +- Github: [https://github.com/Apoc70](https://github.com/Apoc70) +- MVP Blog: [https://blogs.msmvps.com/thomastechtalk/](https://blogs.msmvps.com/thomastechtalk/) +- Tech Talk YouTube Channel (DE): [http://techtalk.granikos.eu](http://techtalk.granikos.eu) -For more Office 365, Cloud Security, and Exchange Server stuff checkout services provided by Granikos +For more Office 365, Cloud Security, and Exchange Server stuff checkout services provided by Granikos. -* Blog: [http://blog.granikos.eu](http://blog.granikos.eu) -* Website: [https://www.granikos.eu/en/](https://www.granikos.eu/en/) -* Twitter: [https://twitter.com/granikos_de](https://twitter.com/granikos_de) \ No newline at end of file +- Blog: [http://blog.granikos.eu](http://blog.granikos.eu) +- Website: [https://www.granikos.eu/en/](https://www.granikos.eu/en/) +- Twitter: [https://twitter.com/granikos_de](https://twitter.com/granikos_de) \ No newline at end of file