Jul 29 2024 03:22 PM - edited Jul 29 2024 03:36 PM
Following the updates on 24th July to the New/Set-InboundConnector cmdlets, you can no longer create Inbound connectors of type on-premise in the UI.
You get the error:
Microsoft.Exchange.Management.Tasks.ConnectorNotApplicablePropertyException|The properties 'RestrictDomainsToCertificate' are not applicable to connector of type
'OnPremises' with the current combination. Connector creation or modification aborted.
Essentially, the RestrictDomainsToCertificate and RestrictDomainsToIPAddresses parameters were updated to only be allowed for partner connectors.
This is understandable, since these elements aren't considered for emails delivered via on-premise connectors anyway.
However, if you try and create an on-premise connector in the Exchange Online UI, particularly for certificated based auth, the RestrictDomainsToCertificate is set to $true by default in the UI, even though the PowerShell param default is $false.
If so, you can still make the connector, you just need to do so via PowerShell, and either omit the -RestrictDomainsToCertificate parameter or explicitly set it as $false.
If you need to edit an existing connector that was created with this set to true, you need to set it to false first before editing, and again, only via PowerShell.
Set-InboundConnector -Identity "connectorID/name" -RestrictDomainsToCertificate:$false
Jul 29 2024 03:41 PM
@liamherbert1105 Having the same issue and tried to detail it here as well. Properties are not applicable to connector of type 'OnPremises' with the current combination. - Micr...
Won't likely know anything until Microsoft responds or rolls back a change.
Jul 30 2024 12:55 AM
Jul 30 2024 03:53 AM - edited Jul 30 2024 03:55 AM
Odd that they specifically call it out as a parameter in their PS example here: https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail...
But with your comments in mind I do see how you can accomplish mostly the same functions as previous with Powershell. The only one that doesn't seem possible anymore is an IP address only Inbound OnPremises connector with RequireTls set to $true by itself. You must set a TlsSenderCertificateName as well but then the GUI shows that is the radial option selected so I guess there's probably a frontend release that supports these configurations in a more explicit fashion that's "yet to be released"?
Jul 30 2024 04:59 AM
Jul 30 2024 06:15 AM
Jul 30 2024 06:55 AM