Following the updates on 24th July to the New/Set-InboundConnector cmdlets, you can no longer create Inbound connectors of type on-premise in the UI.

You get the error:

Microsoft.Exchange.Management.Tasks.ConnectorNotApplicablePropertyException|The properties ‘RestrictDomainsToCertificate’ are not applicable to connector of type
‘OnPremises’ with the current combination. Connector creation or modification aborted.

Essentially, the RestrictDomainsToCertificate and RestrictDomainsToIPAddresses parameters were updated to only be allowed for partner connectors.

This is understandable, since these elements aren’t considered for emails delivered via on-premise connectors anyway.

However, if you try and create an on-premise connector in the Exchange Online UI, particularly for certificated based auth, the RestrictDomainsToCertificate is set to $true by default in the UI, even though the PowerShell param default is $false.

If so, you can still make the connector, you just need to do so via PowerShell, and either omit the -RestrictDomainsToCertificate parameter or explicitly set it as $false.

If you need to edit an existing connector that was created with this set to true, you need to set it to false first before editing, and again, only via PowerShell.

Set-InboundConnector -Identity “connectorID/name” -RestrictDomainsToCertificate:$false

​Following the updates on 24th July to the New/Set-InboundConnector cmdlets, you can no longer create Inbound connectors of type on-premise in the UI. You get the error:Microsoft.Exchange.Management.Tasks.ConnectorNotApplicablePropertyException|The properties ‘RestrictDomainsToCertificate’ are not applicable to connector of type’OnPremises’ with the current combination. Connector creation or modification aborted. Essentially, the RestrictDomainsToCertificate and RestrictDomainsToIPAddresses parameters were updated to only be allowed for partner connectors.This is understandable, since these elements aren’t considered for emails delivered via on-premise connectors anyway. However, if you try and create an on-premise connector in the Exchange Online UI, particularly for certificated based auth, the RestrictDomainsToCertificate is set to $true by default in the UI, even though the PowerShell param default is $false. If so, you can still make the connector, you just need to do so via PowerShell, and either omit the -RestrictDomainsToCertificate parameter or explicitly set it as $false. If you need to edit an existing connector that was created with this set to true, you need to set it to false first before editing, and again, only via PowerShell.Set-InboundConnector -Identity “connectorID/name” -RestrictDomainsToCertificate:$false   Read More

​