instagram arrow-down
Kalle Lilja


Check Exchange Accepted Domains usage via DNS with Powershell

When running any version of Microsoft Exchange infrastructure, be it for internal use or customer facing it’s always a good idea to keep the Accepted Domains list as up to date and correct as possible due to the fact that miss-configurations may lead to users being able to send mail without them actually arriving at the intended inbox.

There are of course numerous ways to determine whether or not an accepted domain is in use, a quick one from the top of my head would be to check the domains external MX records, if they point back to This Exchange system as per configuration guidelines the domains must in some way still be active.
MX records can be checked via the nslookup command using this syntax nslookup -q=mx domain DNS.

I’ve cobbled together a PowerShell script that uses the Exchange command Get-AcceptedDomain to get a list of all configured Accepted Domains in the environment, then proceeds to check the domains MX records via Googles public DNS in two ways, the first way, “hard”, not only checks if the configuration includes the MX address but also if it has the in your eyes correct preference value, the second way, “soft”, simply makes sure the the MX address is included Somewhere.

I’ve distributed the script Get-AcceptedDomainMX.ps1 over on GitHub as well as below.