Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1
Topic Last Modified: 2007-07-06

Use the Add-IPBlockListEntry cmdlet to add an IP address or IP address range to the IP Block list configuration information for the Connection Filter configuration for the computer on which the command is run. You must have Administrator rights on the computer that has the Hub Transport server role or Edge Transport server role installed.


Add-IPBlockListEntry -IPRange <IPRange> [-Comment <String>] [-Confirm [<SwitchParameter>]] [-ExpirationTime <DateTime>] [-Server <ServerIdParameter>] [-WhatIf [<SwitchParameter>]]
Add-IPBlockListEntry -IPAddress <IPAddress> [-Comment <String>] [-Confirm [<SwitchParameter>]] [-ExpirationTime <DateTime>] [-Server <ServerIdParameter>] [-WhatIf [<SwitchParameter>]]


Parameter Required Type Description




You can specify a single IP address to add to the IP Block list. For example,




You can add IP addresses to the IP Block list in the following formats:

  • CIDR IP    Classless InterDomain Routing. For example,

  • IP Range   For example,




Use this parameter to make administrative notes or reminders about this specific entry. You must enclose the value of the Comment parameter in double quotation marks, as follows, for example: "this is an admin note".




The Confirm parameter causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm parameter.




You can specify a day and time when the IP Block list entry that you are creating will expire. If you specify a time only, and you do not specify a date, the current day is assumed. When you enter a specific date, use the short date format that is defined in the Regional Options settings that are configured on the local computer. For example, if your computer is configured to use the short date format mm/dd/yyyy hh:mm:ss, to set the expiration time at 11:00 A.M. January 3, 2007, enter the following information, enclosed in double quotation marks: "1/3/2007 11:00".




To specify a different Hub Transport server on which you run the Add-IPBlockListEntry cmdlet, include the Server parameter in the command. If you do not use the Server parameter, the command is run on the local server where the command is run.

You cannot use this cmdlet to configure other Edge Transport servers remotely.




The WhatIf parameter instructs the command to simulate the actions that it would take on the object. By using the WhatIf parameter, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf parameter.

Detailed Description

If you do not specify the IPAddress parameter when you run the Add-IPBlockListEntry cmdlet, the Exchange Management Shell prompts you for it. Either the IPAddress parameter or the IPRange parameter is required.

If Microsoft Exchange Server 2007 Service Pack 1 (SP1) is deployed on a computer that is running Windows Server 2008, you can enter IP addresses and IP address ranges in the Internet Protocol Version 4 (IPv4) format, Internet Protocol Version 6 (IPv6) format, or both formats. A default installation of Windows Server 2008 enables support for IPv4 and IPv6. For more information about Exchange 2007 SP1 support for IPv6 addresses, see IPv6 Support in Exchange 2007 SP1 and SP2.

To run the Add-IPBlockListEntry cmdlet, the account you use must be delegated the following:

  • Exchange Server Administrator role and local Administrators group for the target server

To run the Add-IPBlockListEntry cmdlet on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.

For more information about permissions, delegating roles, and the rights that are required to administer Microsoft Exchange Server 2007, see Permission Considerations.

Input Types

Return Types


Error Description



The following code example shows how to use the Add-IPBlockListEntry cmdlet to add an IP address range on the IP Block list for the computer on which the command is run. The second example sets the same IP Block list entry to expire at 11:59 P.M. on January 3, 2007.

Copy Code
Add-IPBlockListEntry -IPRange:
Add-IPBlockListEntry -IPRange: -ExpirationTime "1/3/2007 23:59"