Find all receive connectors with Anonymous Relay enabled

When Migrating Receive connectors from an earlier version of (2007 upwards), it can be useful to find the application Receive Connectors, that are used by , multifunction devices, printers, etc.

Relay permissions are an permission and not an Exchange permission, with that in mind the line of PowerShell below looks for all receive connectors in the organisation, and then filters for the AD permission "MS-Exch-SMTP-Accept-Any-Recipient" granted to “NT AUTHORITY\Anonymous Logon”


Get-ReceiveConnector | Get-ADPermission | where {$_.identity -notlike "*Default*" -and $_.identity -notlike "*Client*" -and $_.user -like "NT AUTHORITY\*" -and $_.ExtendedRights -like "MS-Exch-SMTP-Accept-Any-Recipient"} | select i
dentity, user, ExtendedRights