Cannot Recreate Azure AD ‘Local’ AD Connector

KB ID 0001659

Problem

While trying to fix another Azure AD Replication problem today I managed to delete one of the connectors (the one for the local ‘on-prem’ Active Directory). In an effort to ‘recreate’ it, I ran the ‘Microsoft Azure Active Directory Connect’ and went to ‘Customise the Synchronisation Options’.  Unfortunately I got this error;

The forest {forest-name} cannot be added because the attribute used to uniquely identify your users in Azure AD (mS-DS-ConsistencyGuid) is already in use.

Thats not good! I was starting to get concerned.

Solution

There was, (on the old DirSync,) an install flag that would skip this step, would it still work? Yes it does, this time the wizard will complete, recreate the connector correctly and everything will work without any carnage! So what’s the command? See Below;

[box]

cd "C:\Program Files\Microsoft Azure Active Directory Connect"
AzureADConnect.exe /SkipLdapSearch 

[/box]

By the time I checked the Synchronisation service, everything has burst back into life, and all was well.

Related Articles, References, Credits, or External Links

NA

Exchange 2013 / 2016 / 2019 Default Receive Connector Settings

Default Receive Connectors KB ID 0001314 

Problem

Out of the box, Exchange 2016 (&2013) has five receive connectors. Three for the frontend transport service and two for the mailbox transport service.

  • Front End Transport Service: Does not alter, inspect, or queue mail. It is the first port of call for ALL mail coming into (and out of) the Exchange organisation. This service creates THREE receive connectors All are bound to 0.0.0.0 0.0.0.0, and all IPv6;
    • Client frontend {Server-Name} : listens on TCP 587 (Secure SMTP). It is generally only used for POP clients that are ‘Authenticated’, so are then able to send mail though the Exchange Org.
    • Default frontend {Server-Name}: Listens on TCP 25 (SMTP) and will allow Anonymous connections (by default). Note: Your  incoming mail, (from the public internet,) usually comes in through this connector.
    • Outbound proxy frontend {Server-name}: Confusingly this is actually a send connector and it’s only used if you have set your ‘send connector’ to proxy though one of your Exchange servers.
  • Mailbox Transport Service: Does NOT receive mail from clients it, (as the name implies),  routes mail from/to mailboxes from/to the frontend transport service. It is further broken down into;
    • Mailbox Transport Submission Service:
    • Mailbox Transport Delivery Service:
  • This creates two more receive connectors;
    • Client Proxy {Server-Name}: Listens on TCP 465.
    • Default {Server-Name}: Listens on TCP Port 25 (or 2525).

So what if someone ‘fiddles’ with them, or you are unsure if they are setup correctly?

 

Solution: Default Receive Connectors

Default Receive Connectors Settings

If you just want to check the settings in the Exchange Admin Center;

  • Client Frontend {Server-Name}
    • General Settings;
      • Name: Client Frontend {Server-name}
      • Connector Status: Enable
      • Protocol logging level: None
      • Maximum receive message limit size (MB): 36
      • Maximum hop local count: 12
      • Maximum hop count: 60
    • Security Settings;
      • Transport Layer Security (TLS)
      • Basic Authentication
        • Offer basic authentication only after starting TLS
      • Integrated Windows Authentication
    • Permission Groups;
      • Exchange Users
    • Scoping;
      • Remote network settings;
        • ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
        • 0.0.0.0-255.255.255.255
      • Network adaptor bindings;
        • (All Available IPv6) Port 587
        • (All Available IPv4) Port 587
      • FQDN: {The internal FQDN of your server}
  • Client Proxy {Server-Name}
    • General Settings;
      • Name: Client Proxy {Server-name}
      • Connector Status: Enable
      • Protocol logging level: None
      • Maximum receive message limit size (MB): 36
      • Maximum hop local count: 12
      • Maximum hop count: 60
    • Security Settings;
      • Transport Layer Security (TLS)
      • Basic Authentication
        • Offer basic authentication only after starting TLS
      • Integrated Windows Authentication
      • Exchange Server Authentication
    • Permission Groups;
      • Exchange Servers
      • Exchange Users
    • Scoping;
      • Remote network settings;
        • ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
        • 0.0.0.0-255.255.255.255
      • Network adaptor bindings;
        • (All Available IPv6) Port 465
        • (All Available IPv4) Port 465
      • FQDN: {The internal FQDN of your server}
  • Default {Server-Name}
    • General Settings;
      • Name: Default {Server-name}
      • Connector Status: Enable
      • Protocol logging level: None
      • Maximum receive message limit size (MB): 36
      • Maximum hop local count: 12
      • Maximum hop count: 60
    • Security Settings;
      • Transport Layer Security (TLS)
      • Basic Authentication
        • Offer basic authentication only after starting TLS
      • Integrated Windows Authentication
      • Exchange Server Authentication
    • Permission Groups;
      • Exchange Servers
      • Legacy Exchange Servers
      • Exchange Users
    • Scoping;
      • Remote network settings;
        • ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
        • 0.0.0.0-255.255.255.255
      • Network adaptor bindings;
        • (All Available IPv6) Port 2525
        • (All Available IPv4) Port 2525
      • FQDN: {The internal FQDN of your server}
  • Default Frontend {Server-Name}
    • General Settings;
      • Name: Default Frontend {Server-name}
      • Connector Status: Enable
      • Protocol logging level: None
      • Maximum receive message limit size (MB): 36
      • Maximum hop local count: 12
      • Maximum hop count: 60
    • Security Settings;
      • Transport Layer Security (TLS)
        • Enable domain security (mutual Auth TLS)
      • Basic Authentication
        • Offer basic authentication only after starting TLS
      • Integrated Windows Authentication
      • Exchange Server Authentication
    • Permission Groups;
      • Exchange Servers
      • Legacy Exchange Servers
      • Anonymous
    • Scoping;
      • Remote network settings;
        • ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
        • 0.0.0.0-255.255.255.255
      • Network adaptor bindings;
        • (All Available IPv6) Port 25
        • (All Available IPv4) Port 25
      • FQDN: {The internal FQDN of your server}
  • Outbound Proxy Frontend {Server-Name}
    • General Settings;
      • Name: Outbound Proxy Frontend {Server-name}
      • Connector Status: Enable
      • Protocol logging level: Verbose
      • Maximum receive message limit size (MB): 36
      • Maximum hop local count: 12
      • Maximum hop count: 60
    • Security Settings;
      • Transport Layer Security (TLS)
        • Enable domain security (mutual Auth TLS)
      • Basic Authentication
        • Offer basic authentication only after starting TLS
      • Integrated Windows Authentication
      • Exchange Server Authentication
    • Permission Groups;
      • Exchange Servers
    • Scoping;
      • Remote network settings;
        • ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
        • 0.0.0.0-255.255.255.255
      • Network adaptor bindings;
        • (All Available IPv6) Port 717
        • (All Available IPv4) Port 717
      • FQDN: {The internal FQDN of your server}

Recreating Your Exchange Default Receive Connectors From Scratch

Note: We are talking about the default receive connectors here, if you have created any of you own, for mail relaying from a device for example, you would need to manually recreate these. Below we are going to delete all the default connectors, and recreate them with a PowerShell Script.

Download Recreate Default Exchange Receive Connectors Scripts

Optional: Take a backup of the default receive connectors settings to a text files. Run the ‘Backup-Connector-Settings.ps1‘ script. This will dump the settings to the root of the C: drive in ‘Current {Server-Name} {Connector-Name}.txt’ format.

You can now delete the default receive connectors (Warning: Notice I said default  receive connectors, this may or may not be all the connectors). 

Recreate the Default Receive Connectors: Run the  ‘Create-Default-Receive-Connectors.ps1‘ script. 

Optional: You can now output the settings of the new connectors, (why? So you can compare them to your original settings.) Run the ‘AFTER-Connector-Settings.ps1’ script. This will dump the settings to the root of the C: drive in ‘Receive {Server-Name} {Connector-Name}.txt’ format.

You can now compare differences, the only differences are usually the creation date, and the GUID.

 

Related Articles, References, Credits, or External Links

NA

Exchange – Delete and Recreate the PowerShell Virtual Directory

KB ID 0000700 

Problem

One of the big drawbacks of Exchange management being built on PowerShell, and it talking to the PowerShell virtual director is, when IIS has a problem, you can’t manage your Exchange via the command shell, or the Exchange Management Console.

While trying to fix a problem last week I wanted to remove and recreate the PowerShell virtual directory, and I found the PowerShell command, but no working examples for the correct syntax.

Solution

1. Remember your Exchange Management Shell won’t work, so load the Windows Powershell Modules shell. (Note: You will find this one under Administrative tools, NOT the one on the taskbar).

2. To remove the PowerShell virtual directory from the default web site;

[box]
Remove-PowerShellVirtualDirectory “Powershell (Default Web Site)”
[/box]

3. Confirm by pressing A {enter}.

4. To recreate the PowerShell virtual directory;

[box]New-PowerShellVirtualDirectory -Name Powershell -RequireSSL:$False [/box]

5. You can restart the web services with the following command;

[box]
iisreset /noforce
[/box]

 

Related Articles, References, Credits, or External Links

Original article written 22/12/12