MCSM Exchange 2013 - CAS - 2 Autodiscover

Microsoft Certified Solutions Master ®
MCSM: Messaging
AutoDiscover
Timothy Heeney
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging Version 1.0, Updated 4/16/2013
Internal Architecture – AutoDiscover 2010
Exchange 2010 Client Access Server

AutoDiscover
Outlook AD
AutoDiscover Provider Services Lookup
Service Discovery
AutoDiscover
MobileSync
Provider
The XML request contains a reference to a schema as the first part of the
opening <Autodiscover> XML tag
xmlns=http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006a
xmlns=http://schemas.microsoft.com/exchange/autodiscover/mobilesync/requestschema/2006a
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Internal Architecture – AutoDiscover 2013
Authenticate
User
AD
2013 CAS Server 2013 Mailbox Server Lookup
AutoDiscover
Outlook
AutoDiscover Provider
AutoDiscover Services
Proxy service
Service Discovery
TCP AutoDiscover
444 MobileSync
Provider
The XML request contains a reference to a schema as the first part of the
opening <Autodiscover> XML tag
xmlns=http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006a
xmlns=http://schemas.microsoft.com/exchange/autodiscover/mobilesync/requestschema/2006a
What Does It Do For Me?
• AutoDiscover provides Outlook with several key pieces of information

• Display Name
• Server/Outlook Anywhere End Point/RPC CAS
• Alias
• Availability Server URL
• OOF URL
• OAB URL or Location
• Unified Messaging URL if appropriate
• OWA Url
• ECP Url
• Auth Package
• Alternate Mailboxes
• Archive Access
• Public Folder Access
• Outlook Anywhere also includes SSL requirement and Certificate Principal
Name
Why Do I Need AutoDiscover?
• If you have Exchange 2007/10/13, you have no choice – you might get mail
to work, but Availability, OOF etc are not available without it
• You don’t need to configure it unless you have Outlook 2007+ deployed
and have Exchange 2007/10/13 Servers
• Only Outlook 2007+ clients can use AutoDiscover
• You can use AutoDiscover internally and externally
• Externally you need to configure several things to get it working
• Enabling Outlook Anywhere
• Certificates
• Configure URL’s for each service
• Publishing of URLs
• Configure DNS
• Without AutoDiscover configured correctly – Outlook 2007+ is dead in
the water if you have Exchange 2007/10/13
AutoDiscover vs Auto Account Setup
• Display Name and Email address are done by Auto
Account Setup
• It can be controlled by the DWORD ExchangeAddressDetect
at HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Preferen
ces
• Basic Outlook profile is done by Auto Account

Setup
• Outlook client can be stopped from configuring the profile automatically by
creating are DWORD value DisableAutoStartup
at HKCU\Software\Microsoft\Office\12.0\Outlook\AutoDiscover
• Additional Configuration (url’s, archive mailbox,

additional mailboxes, Public Folders etc) is done
by AutoDiscover
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. 6
MCSM: Messaging- Version 1.0, Updated 4/16/2013
Changes From AutoD 2007
• Exchange 2007 was Plain Old XML (POX)

• One request at a time could cause bottlenecks
• Entire XML was retrieved every time
• Still supported in 2010 ans 2013 for legacy clients
(Outlook is a legacy client )
• Exchange 2010/13 offers SOAP
• Client can request to receive specific parts instead of all
of it
• Exchange 2010/13 SOAP URL
• https://<server>/autodiscover/autodiscover.svc
• Legacy Autodiscover
• https://<server>/autodiscover/autodiscover.xml
• Who uses it?
Example POX AutoD request
<Autodiscover
xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
<Request>
<EMailAddress>user@fabrikam.com</EMailAddress>
<AcceptableResponseSchema>Http://schemas.microsoft.com/exchange
/autodiscover/outlook/responseschema/2006a
</AcceptableResponseSchema>
</Request>
</Autodiscover>
Example SOAP AutoD Request
<?xml version="1.0" encoding="utf-8"?>

<soap:Envelope xmlns:a="http://schemas.microsoft.com/exchange/2010/Autodiscover"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<a:RequestedServerVersion>Exchange2010</a:RequestedServerVersion>
<wsa:Action>http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodisc
over/GetUserSettings</wsa:Action>
<wsa:To>https://myserver.contoso.com/autodiscover/autodiscover.svc</wsa:To>
</soap:Header>
<soap:Body>
<a:GetUserSettingsRequestMessage
xmlns:a="http://schemas.microsoft.com/exchange/2010/Autodiscover">
<a:Request>
<a:Users> <a:User>
<a:Mailbox>User@fabrikam.com</a:Mailbox>
</a:User> </a:Users>
<a:RequestedSettings>
<a:Setting>UserDisplayName</a:Setting>
<a:Setting>UserDN</a:Setting>
<a:Setting>UserDeploymentId</a:Setting>
<a:Setting>InternalMailboxServer</a:Setting>
<a:Setting>MailboxDN</a:Setting>
<a:Setting>ActiveDirectoryServer</a:Setting>
<a:Setting>CasVersion</a:Setting>
<a:Setting>EwsSupportedSchemas</a:Setting>
</a:RequestedSettings>
</a:Request>
</a:GetUserSettingsRequestMessage>
©2013 Microsoft Corporation. </soap:Body>
All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
AutoDiscover - Internal
1) Outlook verifies logged

on to the Domain and fills
out the user’s email address
and password from AD SCP
SCP
(Auto Account Setup) SCP
SCP LDAP search SCP objects
SCP
SCP
2) Outlook performs LDAP
search for SCP
... AUTH
Redmond
AD Lookup
ServiceConnectionPoints
3) SCP list is filtered based

on Client’s ADSite
TCP
4) URL’s are retrieved from 444
SCP objects, SCP objects are
tried in order of Creation
Date
5) After successful
Authentication, the Mailbox
server builds the
AutoDiscover.xml response
6) Outlook consumes the connection settings in AutoDiscover.xml
response, and connects to the Exchange services
AutoDiscover – Internal Cont...
• During initial CAS installation, setup creates a Service Connection Point (SCP)
in AD for the AutoDiscover service
• Configuration/Services/Microsoft Exchange/Org Name/Administrative Groups/Admin
Group/Servers/Servername/Protocols/AutoDiscover/Servername
• When the Outlook is domain-joined and domain-connected, Outlook will

connect to the Active Directory and look up the SCP records. LDAP Filter:
'(&(objectcategory=serviceConnectionPoint)(|(keywords=77378F46-2C66-4aa9-A6A6-
3E7A48B19596)(keywords=67661D7F-8FC4-4fa7-BFAC-E1D7794C1F68)))‘
• Attributes retrieved are serviceBindingInformation and Keywords

• [Keywords] Value – Site=[ClientSite] is used to specify the AD Sites a CAS responds to requests
for
• Outlook receives a list of CAS’s and builds one list, those in-site or those out-of-site
• This value can be changed and can be set to a specific site, several sites or all sites
• CAS uses the Active Directory information and configuration information to

generate XML document
• Outlook 2007+ consumes XML document provided by CAS which provides
necessary profile and urls
SCP Use Algorithm
• Based on the site of the CLIENT machine, not mailbox

• One list created – either all those in-site or all of those
out-of-site
• Then in either case: By install order…(whenCreated)
• Fallback to External AutoD algorithm using DNS
• Limit of about 800-900 sites in one Keywords attribute – if
you need that many…
• Wildcards don’t work
• What happens if the CAS in the client AD site is non
responsive… will we use the out of site SCP’s
SCP Use Algorithm
AutoDiscoverSiteScope
Redmond
Tokyo, Redmond Red1 Red3
Creation Date
Tokyo
Lon 11 Tokyo, Redmond Red2 Red4
Red
Lon 21
Red 2
Lon
DNS12
Red
Lon 2
Red London
DNS
London Lon1 Lon3
London Lon2 Lon4
Outlook Provider for 2010
• By default three Outlook Providers are used to configure email settings individually
• <Account>
• <AccountType>email</AccountType>
• <Action>settings</Action>
• <Protocol>
• Internal clients (EXCH), Outlook Anywhere (EXPR) and WEB.
• The EXCH setting references the Exchange RPC protocol that is used internally.
• The EXPR setting references the Exchange HTTP protocol that is used by Outlook Anywhere.
• The WEB setting contains the best URL for Outlook Web Access for the user to use. This setting is not in use in
Office/Exchange 2007 but is used for showing the OWA url in Outlook 2010.
• The FQDN displayed is the lowest alphanumerically
• Example: red-cas-1 will show above red-cas-2
• The <AlternativeMailbox> <x> settings are also returned if the mailbox is on 2010/13 and has an Archive enabled or has
full perms to another mailbox. LegDN is returned along with RPC CA endpoint for access
• <Delegate>
• <Archive>
• To remove delegate backlinks – adsi on delegate – msExchDelegateListLink
• In 2010 SP2+ and 2013:
• Add-MailboxPermission sharedmailbox –User UserMailbox –AccessRights:FullAccess –AutoMapping $false
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. 14
MCSM: Messaging- Version 1.0, Updated 4/16/2013
Autodiscover updates
• There are now 5 Outlook providers, kind of…

• EXPR
• EXCH
• WEB
• EXHttp (Internal)
• ExHttp (External)
Autodiscover updates cont…
• EXHTTP added to provide

• Ability to retrieve the internal and external hostnames
separate
• Cause we were too lazy to get SVC/soap working with
outlook 
• Only works on patched 2007/2010 and 2013 clients
• Allows us to have split DNS and other configuration
difference not be an issue
What does Outlook display
• We first look to see if there is

an EXHTTP response
• If so we use that response
• If there is more than one we
use the internal URL
• If it fails we use the External
URL
• If no Exhttp responses we use
the regular responses EXCH
EXPR
• Stored in
HKEY_CURRENT_USER\Softwa
re\Microsoft\Office\15.0\Outlo
ok\Profiles\Profile
Name\xxxxxxxxxxxxxxxxxxxx
x
• PR_PROFILE_RPC_PROXY_SERVER_SECONDARY_W
• PR_PROFILE_RPC_PROXY_SERVER_PRINCIPAL_SECONDARY_W
Certificate issue with providers
• What if you use a wildcard?

• XP will have issues…
• Need to set the provider configuration in 2 places
• Set-OutlookProvider EXCH -CertPrincipalName
msstd:*.contoso.com
• Set-OutlookProvider EXPR -CertPrincipalName
msstd:*.contoso.com
So how do I configure the Provider
• When you run get-outlookprovider how many do

you see from 2013?
• The ExHttp Providers are dynamic and built from
existing providers
• The Internal ExHTTP provider is built from the EXCH
• The External ExHTTP is built from the EXPR
• This allow for splitting the settings for internal and
external access
• Why would you need different settings?
URL’s and Vdir’s
• In Exchange 2007 there are two or three url’s required for

Outlook 2007+ to work correctly
• ../EWS/Exchange.asmx
• ../OAB (optional but recommended)
• ../UnifiedMessaging/Service.asmx
• In Exchange 2010/2013 there are two or three url’s
required for Outlook 2007+ to work correctly
• ../EWS/Exchange.asmx
• ../OAB (again optional)
• ../ECP (for Outlook 2010/2013 only)
• Each Vdir has an internalurl and externalurl value – which
control the response given by AutoDiscover, not who or
how clients can connect
• All are given to a user with a mailbox on 2010 – even if the
client, Outlook 2007 for example, doesn’t know what to do
with them
URL’s Returned by AutoDiscover
- Outlook
Inside the Outside

network the
network
Internal – EXCH External – EXPR
Set-VirtualDirectory Set-VirtualDirectory
–Identity server/website –Identity server/website
–internalurl https://fqdn/path –externalurl https://fqdn/path
Internal and External There is a new deal

OWA URL’s only ever coming that I may
used by Outlook be able to talk about
2010 clients, for in class.. Not sure
links inside Outlook yet…actually
File menu nevermind
Autodiscover output Now
• Protocol>
• <Type>EXHTTP</Type>
• <Server>mail.exchange.microsoft.com</Server>
• <SSL>On</SSL>
• <AuthPackage>Negotiate</AuthPackage>
• <ASUrl>https://mail.exchange.microsoft.com/ews/exchange.asmx</ASUrl>
• <EwsUrl>https://mail.exchange.microsoft.com/ews/exchange.asmx</EwsUrl>
• <EmwsUrl>https://mail.exchange.microsoft.com/ews/exchange.asmx</EmwsUrl>
• <SharingUrl>https://mail.exchange.microsoft.com/ews/exchange.asmx</SharingUrl>
• <EcpUrl>https://mail.exchange.microsoft.com/ecp/</EcpUrl>
• <EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-um>
• <EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-aggr>
• <EcpUrl-
mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=exchange.microsoft.com</EcpUrl-mt>
• <EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-ret>
• <EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-sms>
• <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=exchange.microsoft.com</EcpUrl-publish>
• <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-photo>
• <EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-tm>
• <EcpUrl-
tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=exchange.microsoft.com</EcpUr
l-tmCreating>
• <EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-tmEditing>
• <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-extinstall>
• <OOFUrl>https://mail.exchange.microsoft.com/ews/exchange.asmx</OOFUrl>
• <UMUrl>https://mail.exchange.microsoft.com/ews/UM2007Legacy.asmx</UMUrl>
• <OABUrl>https://mail.exchange.microsoft.com/OAB/b46f3720-5328-4fb4-8830-ca7363b84dbc/</OABUrl>
• <ServerExclusiveConnect>On</ServerExclusiveConnect>
• </Protocol>
• <PublicFolderInformation>
• <SmtpAddress>ContentMailbox2@exchange.microsoft.com</SmtpAddress>
• </PublicFolderInformation>
• </Account>
• </Response>
</Autodiscover>
©2013 •Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Autodiscover output
• <PublicFolderInformation>
•
<SmtpAddress>ContentMailbox2@exchange.microsoft.com</SmtpAddress>
• </PublicFolderInformation>
• Supported client will connect to the hierarchy mailbox

mentioned, if not supported the RPC service will be used
to find PF
• There is load balancing logic built into the service to
spread the load between the pf mailboxes
• You can hardcode as well set-mailbox -
defaultpublicfoldermailbox
>1 CAS AutoD Complexities
• When CAS is first installed the SCP is created using the server FQDN and
the AD Site it was in - at the time of install – if it changes later the SCP is
NOT updated
• When Outlook 2007> queries AD for an SCP to find the AutoDiscover
URL it builds a list of CAS (either in site if any match or out of site if none
match - but not both), then connects to the OLDEST, using the FQDN
specified
• If the AutoDiscoverServiceInternalURI is still set to the FQDN, it will
ALWAYS go to that CAS first
• It will fail to next oldest if not reachable
• If there is more than one CAS the urls’ returned will not be evenly
balanced
• This varies depending on CAS and mailbox version
• Outlook will NOT fail over if URL’s are not reachable
• OWA InternalURL in Outlook 2010 will be the lowest alphanumeric value – and
may not be reachable – but if changed for a load balanced value – may break
proxy…. More when we cover proxy and redirection
NOTE: 2013 URL should be the AutodiscoverServiceInternalURI

AutoDiscover - External
• Outlook cannot talk to Active Directory

• Outlook may not even be part of the Active Directory
• Outlook prompts the user for their email address and password
• Outlook 2007 then locates AutoDiscover Service using e-mail domain and
DNS records
• https://<e-mail domain>/autodiscover/autodiscover.xml
• https://autodiscover.<e-mail domain>/autodiscover/autodiscover.xml
• Local AutoDiscover XML if present
• http://autodiscover.<e-mail domain>/autodiscover/autodiscover.xml
and get a redirect (multi tenant hosting solution) – pop up
• SRV Record lookup (hot-fix might be required for Outlook 2007) – pop
up (you can suppress the warning by following
http://support.microsoft.com/default.aspx/kb/956528)
• DNS record points to a CAS accessible on the Internet
• CAS use Active Directory information and configuration information to
generate XML document
• Outlook consumes XML document provided by CAS
Autodiscover process enhancement
• Outlook 2010/2007 performed the different lookup

methods one at a time
• Now we perform multiple lookup methods at the
same time
• We also store the connection that worked
(supposedly)
• This does not change the priority of the methods
• This does speed the process up in many cases
Autodiscover process enhancement
• With enhancements come issues

• Outlook 2013 now warns if we hit an endpoint that
does not have proper names on the certs
• For instance if the name contoso.com resolves to a
CA that is enabled for web enrolment…
• There is a bug open with the outlook team on this
Certificate Requests – EMS 2010/2013
• To generate a certificate enrollment request that utilizes the Subject

Alternate Name property, two parts:
Generate the request
New-ExchangeCertificate -GenerateRequest –domainname
mail.northwind.com, autodiscover.northwind.com, legacy.contoso.com -
FriendlyName mail.northwind.com -privatekeyexportable:$true | out-file
c:\install\certreq.txt -encoding ASCII
Submit the resultant text file to the certificate authority
• Once you receive the certificate, import it and enable it using the
following command:
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path
c:\newCert.cer -Encoding byte -ReadCount 0)) | Enable-
ExchangeCertificate –services IIS
Contacting AutoDiscover
• What makes Outlook contact the AutoDiscover Service?

• On boot
• Periodically on a background thread (TTL setting in Set-OutlookProvider)
• If connection to Exchange server fails
• If the periodically poll returns changed information it is
used on next connection attempt – maybe! 
• Every hour it refreshes. Or if you repair…
AutoDiscover Extras
• SSL is not enforced on the OAB Vdir by default

• IE is a great tool for checking things – usually
• https://www.testexchangeconnectivity.com/
• Local AutoDiscover files can be used instead of the web service
• http://exchange-genie.blogspot.com/2007/07/autodiscover-ad-attribute.html
• Don’t forget to Load Balance the AutoDiscover service: does affinity
matter in 2010 or 2013?
• If you don’t set externalurl on the M-S-A Vdir then CAS cannot return a
valid url to the EAS client
• If you reset vdir’s you need to set the external URL values
• Can you force a client to use HTTPS before RPC via AutoDiscover?
• Yes you can now – Outlook 2010 – set the OutlookProviderFlags property of EXPR
to ServerExclusiveConnect
• Set-OutlookProvider EXPR –OutlookProviderFlags ServerExclusiveConnect
• Would any other change need to be made?
CAS2013 Client Protocol Connectivity Flow
Exchange Server 2010 Coexistence - Autodiscover (External clients)
Clients
autodiscover.contoso.com
CAS CAS
2010 PROXY PROXY 2010
handles handles
E2010 CAS request E2013 CAS E2010 CAS request
E2010/E2007
MBX
E2010 MBX E2013 MBX E2010 MBX
Internet facing site Intranet site
Exchange Server 2007 Coexistence - Autodiscover (External clients)
Clients
autodiscover.contoso.com
E2007 CAS E2013 CAS E2007 CAS
PROXY
MBX
2013
E2010/E2007 handles
MBX request
Exchange Server 2010 Coexistence - Autodiscover (Internal clients)
Lookup SCP records in

Outlook Clients AD
Internal LB
namespace
CAS CAS
2010 PROXY PROXY 2010
handles handles
E2010 CAS request E2013 CAS E2010 CAS request
E2010/E2007
MBX
Exchange Server 2007 Coexistence - Autodiscover (Internal clients)
Lookup SCP records in

Outlook Clients AD
Internal LB
namespace
E2007 CAS E2013 CAS E2007CAS
MBX
2013
E2010/E2007 handles
MBX request
Resource Forest AutoDiscover
• 2007 RTM requires you extend the schema in the

user forest – SP1+ does not but does require you
to populate the email property if you want Auto
Account Setup to work
• Either
• use DNS OR
• In the resource forest run
• Export-AutoDiscoverConfig -DomainController DomainControllerName –
TargetForestDomainController TargetForestDomainControllerName -TargetForestCredentials $a -
MultipleExchangeDeployments $true
• This is really just an optimization and not required

– if the pointer doesn’t exist, the client uses DNS
• Trust required
Resource Forest AutoDiscover
DNS
Mail-Enabled
User
SCP SCP
Client Access
O
Server
Outlook
Exchange Account Forest

Forest
AutoDiscover in Resource Forest Scenarios
• UserA logs onto workstation in CORP communicate with AD servers in the CORP forest.
• UserA launches Outlook (for this scenario, will say it’s the first time).
• AutoDiscover process kicks in, queries AD
• Either it will retrieve the primary SMTP address (in case account forest user accounts
have the email property populated).
• Or user will enter in credentials and SMTP address
• We perform a query to see if there are any SCP records for that SMTP address
• We get back pointer/target SCP record
• Outlook then binds to the target forest (LDAP://target.forest.com) and retrieves the SCP
records. One of two things happen:
• If account forest AD site's are in the resource forest (requires synchronization), then
we will retrieve an SCP record for the Outlook client's AD site (and thus use a local
CAS server).
• If the SCP records don't have the site scope (or if we aren't replicating the AD site
topology) then we will get a random record and thus URLS to that random CAS
server.
• We connect to the autodiscover virtual directory on the CAS server
• We retrieve our autodiscover.xml settings, Outlook consumes them, and the profile is
built
MultipleExchangeDeployments$True
• Without
• >> Dn: CN=TAILSPIN.COM,CN=Microsoft Exchange
Autodiscover,CN=Services,CN=Configuration,DC=Accounts,DC=com
• 4> objectClass: top; leaf; connectionPoint; serviceConnectionPoint;
• 1> cn: TAILSPIN.COM;
• 1> distinguishedName: CN=TAILSPIN.COM,CN=Microsoft Exchange
Autodiscover,CN=Services,CN=Configuration,DC=Accounts,DC=com;
• 1> instanceType: 0x4 = ( IT_WRITE );
• 1> whenCreated: 07/08/2010 14:47:19 Pacific Standard Time Pacific Daylight Time;
• 1> whenChanged: 07/08/2010 14:47:19 Pacific Standard Time Pacific Daylight Time;
• 1> uSNCreated: 13996;
• 1> uSNChanged: 13996;
• 1> showInAdvancedViewOnly: TRUE;
• 1> name: TAILSPIN.COM;
• 1> objectGUID: c0a090d1-2e3d-4610-82af-e9a625cc336e;
• 1> keywords: 67661d7F-8FC4-4fa7-BFAC-E1D7794C1F68;
• 1> serviceBindingInformation: LDAP://TAILSPIN.COM;
• 1> objectCategory: CN=Service-Connection-
Point,CN=Schema,CN=Configuration,DC=Accounts,DC=com;
• With
• 2> keywords: Domain=TAILSPIN.COM; 67661d7F-8FC4-4fa7-BFAC-E1D7794C1F68;
Hybrid Forest AutoDiscover
DNS
Domain=Exchange Forest
1 SMTP Domain
Mail-Enabled
User
SCP SCP SCP
Client Access
O
Server Client Access
Outlook Server
Exchange Forest 1 Exchange Forest

2
Hybrid Forest AutoDiscover
• Scenario:
• Two forests – tailspin.com and contoso.com
• In tailspin, a mailuser object exists for user Barry whose
mailbox is in Contoso
• Target Address: barry@contoso.com
• Proxy addresses: barry@contoso.com barry@tailspin.com
• Auto Account Setup sees user email as barry@tailspin.com
• If primary proxy were set as barry@contoso.com – it would
use that during initial setup
• Either way, once it gets to AutoDiscover in the local forest it
gets a redirect to the target address – either using an SCP
object, or falling back to DNS
• So these two forests require different SMTP namespaces
• And two user accounts… or a trust
Recap
• Autodiscover now has 5 provider but 2 are

dynamic
• Autodiscover still relies on client for lookup
process
• Autodiscover for 2007 and 2010 are slightly
different
• No additional URL’s are required for autodiscover
coexistence with 2007

MCSM Exchange 2013 - CAS - 2 Autodiscover

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

MCSM Exchange 2013 - CAS - 2 Autodiscover

Загружено:

Авторское право:

Доступные форматы

Microsoft Certified Solutions Master ®

Exchange 2010 Client Access Server

• AutoDiscover provides Outlook with several key pieces of information

• Basic Outlook profile is done by Auto Account

• Additional Configuration (url’s, archive mailbox,

• Exchange 2007 was Plain Old XML (POX)

<?xml version="1.0" encoding="utf-8"?>

1) Outlook verifies logged

3) SCP list is filtered based

• When the Outlook is domain-joined and domain-connected, Outlook will

• Attributes retrieved are serviceBindingInformation and Keywords

• CAS uses the Active Directory information and configuration information to

• Based on the site of the CLIENT machine, not mailbox

Tokyo, Redmond Red1 Red3

London Lon2 Lon4

• There are now 5 Outlook providers, kind of…

• EXHTTP added to provide

• We first look to see if there is

• What if you use a wildcard?

• When you run get-outlookprovider how many do

• In Exchange 2007 there are two or three url’s required for

Inside the Outside

Internal – EXCH External – EXPR

Internal and External There is a new deal

• Supported client will connect to the hierarchy mailbox

NOTE: 2013 URL should be the AutodiscoverServiceInternalURI

• Outlook cannot talk to Active Directory

• Outlook 2010/2007 performed the different lookup

• With enhancements come issues

• To generate a certificate enrollment request that utilizes the Subject

• What makes Outlook contact the AutoDiscover Service?

• SSL is not enforced on the OAB Vdir by default

E2007 CAS E2013 CAS E2007 CAS

Lookup SCP records in

Lookup SCP records in

E2007 CAS E2013 CAS E2007CAS

• 2007 RTM requires you extend the schema in the

• This is really just an optimization and not required

Exchange Account Forest

Exchange Forest 1 Exchange Forest

• Autodiscover now has 5 provider but 2 are

Вам также может понравиться