Forum Discussion
liamherbert1105
Jul 29, 2024Copper Contributor
Create/Edit On-Premise type inbound connector in UI after cmdlet update
Following the updates on 24th July to the New/Set-InboundConnector cmdlets, you can no longer create Inbound connectors of type on-premise in the UI.
You get the error:
Microsoft.Exchange.Management.Tasks.ConnectorNotApplicablePropertyException|The properties 'RestrictDomainsToCertificate' are not applicable to connector of type
'OnPremises' with the current combination. Connector creation or modification aborted.
Essentially, the RestrictDomainsToCertificate and RestrictDomainsToIPAddresses parameters were updated to only be allowed for partner connectors.
This is understandable, since these elements aren't considered for emails delivered via on-premise connectors anyway.
However, if you try and create an on-premise connector in the Exchange Online UI, particularly for certificated based auth, the RestrictDomainsToCertificate is set to $true by default in the UI, even though the PowerShell param default is $false.
If so, you can still make the connector, you just need to do so via PowerShell, and either omit the -RestrictDomainsToCertificate parameter or explicitly set it as $false.
If you need to edit an existing connector that was created with this set to true, you need to set it to false first before editing, and again, only via PowerShell.
Set-InboundConnector -Identity "connectorID/name" -RestrictDomainsToCertificate:$false
- Matt-SywulakCopper Contributor
liamherbert1105 Having the same issue and tried to detail it here as well. Properties are not applicable to connector of type 'OnPremises' with the current combination. - Microsoft Community Hub
Won't likely know anything until Microsoft responds or rolls back a change.
- liamherbert1105Copper ContributorI've had confirmation from Microsoft that those connector properties are no longer, and have never been, applicable to on-premise type connectors. So although the UI is useless now, you only need to set affected properties to $false and then you may continue to edit them as required.
- Matt-SywulakCopper Contributor
Odd that they specifically call it out as a parameter in their PS example here: https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/integrate-office-365-with-an-email-add-on-service#use-exchange-online-powershell-to-create-an-inbound-connector-to-receive-messages-from-the-email-add-on-service
But with your comments in mind I do see how you can accomplish mostly the same functions as previous with Powershell. The only one that doesn't seem possible anymore is an IP address only Inbound OnPremises connector with RequireTls set to $true by itself. You must set a TlsSenderCertificateName as well but then the GUI shows that is the radial option selected so I guess there's probably a frontend release that supports these configurations in a more explicit fashion that's "yet to be released"?