TechShizz | All posts tagged 'Exchange 2010'

Managing Transport Rules

To get a full list of all transport rules predicates - Run this rule on the server with the Hub-Transport role.


Get-TransportRulePredicate | FT


These predicated can be a condition or an exception when used to identify matching criteria. 



Transport Rule Actions are applied when the messages match the conditions but no exceptions.


For a full list of actions type


Get-TransportRuleAction | FL


The output may be different depending on if this is run on the Hub Transport or the Edge Transport Server.


The following command creates the transport rule TransportRuleExample, which adds Kim Akers to the

recipients of any email messages sent to Mark Harrington except for messages that are sent by the external user


New-TransportRule –Name TransportRuleExample –SentTo "Mark Harrington" –AddToRecipients

"Kim Akers" –ExceptIfFrom



Active Directory stores transport rules that are configured on Hub Transport servers so

that these transport rules are accessible to all Hub Transport servers in the organization

through Active Directory replication.


Transport rules that are configured on Edge Transport servers are stored in Active Directory Lightweight Directory Services (AD LDS) - Rules configured on one Edge Transport server do not automatically replicate to other Edge Transport servers in an Exchange organization.

Edge server transport rules apply to all types of message, cannot expand distribution group membership, cannot access Active Directory attributes, and cannot inspect or modify IRM-protected message content.

Coding a Transport Rule That Uses an Expression

Because regular expressions can appear to be complex and lead to lengthy EMS commands

being written to interpret such expressions, administrators often write code in the EMS to

implement such rules. This code is not complex programming but consists mainly of defining

variables that simplify the final statement of the rule.

A typical example detects that a number pattern is in the format of a U.S. Social Security

number.  The following code, entered into the EMS, creates a


rule that prohibits the transmission of a U.S. Social Security number:


$Condition = Get-TransportRulePredicate SubjectMatches

$Condition.Patterns = @("\d\d\d-\d\d-\d\d\d\d")

$Action = Get-TransportRuleAction RejectMessage

$Action.RejectReason = "You are not permitted to transmit Social Security Numbers."

New-TransportRule -Name "Block Social Security Numbers" -Condition $Condition -Action




To modify a transport rule



Receive Connectors in Exchange 2010

A receive connecter acts as a logical gateway used to listen for inbound connections of certain specifications to receive mail.


You could set up a receive connector for just one Protocol, or from a range of IP addresses and therefore we can have multiple receive connectors that receive mail of different origins.

Hub Transport Node

  • Client connector is used to receive from non MAPI clients
  • Default is used for connections from other Hub Transport servers.


In the properties of these receive connectors we can specify the following:


The FQDN that the connector will listen on

Turn on/off Protocol logging (for troubleshooting)

Maximum message receive size

Protocol Logging Level


Specify IP addresses the connector listens on IPv4/v6

Specify IP addresses the connector listens on IPv4/v6

The authentication method when a connection is made. If this is not secured/configured properly, it may be possible for email to  be relayed from our server without permission. (Open Relay).

Authentication Tab

Permission Groups - Which groups of users or computers can connect to this connector.


Client Connector Permissions

Permission Groups


Default Connector Permissions


Permission Groups

Get X500 addresses

To get X500 addresses from users in a domain:


Get-ADUser -SearchBase "OU=SBSUsers,OU=Users,OU=MyBusiness,dc=Mydomain,dc=local" -Filter * -Properties SamAccountName,legacyExchangeDN | Select-Object SamAccountName,legacyExchangeDN | Export-CSV C:\UserExport.csv -NoTypeInformation

Edge Server Address Rewriting

Address rewriting on an Edge Transport server requires that address rewriting agents

be enabled. To enable the inbound and outbound transport agents, run the following EMS


Enable-TransportAgent –Identity "Address Rewriting Inbound agent"

Enable-TransportAgent –Identity "Address Rewriting Outbound agent"

Installation of Edge Transport Role


Edge transport usually sits in the DMZ

Is NOT a member of the Domain.

Has an IP address and the DNS suffix is specified.

Has AD LDS Installed (and working)

Has .NET Framework 3.5 Installed

Tcp Port Sharing service set to Automatic Startup

Open port 50636 Bothways between the Hub Transport and Edge Transport servers.




To Configure the prerequisites run the following PowerShell command:


Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS, -Restart




Run the Exchange DVD and select to run the