SlideShare a Scribd company logo

Autodiscover flow in an exchange on premises environment non-active directory environment part 1#3 part 26#36

Eyal Doron, profile picture
Eyal Doron

The document discusses the autodiscover protocol used in non-active directory environments to locate the autodiscover endpoint in an Exchange on-premises setup. It explains the steps the autodiscover client takes to generate the endpoint URL based on the recipient's SMTP domain and highlights scenarios when the client cannot access an active directory. The article is the first in a series that aims to elucidate the autodiscover process and related components.

Technology
1 of 23
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Page 1 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Autodiscover flow in an Exchange on- Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 The Autodiscover protocol for discovering the Autodiscover Endpoint is a very smart protocol, which was designed to get the required results in a different environment such as Active Directory-based environment and a “non-Active Directory environment”. In a “non-Active Directory environment”, the Autodiscover client has an arsenal of methods and tools, which can help him to find his Autodiscover Endpoint.
Page 2 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment | The article series The current article is the first article on a series of three articles. The main focus of the first article is -presenting the logic and, the involved components in the Autodiscover flow that is implemented in Exchange on-Premises environment. In the next two articles, we will review the Autodiscover flow that is implemented in Exchange on-Premises environment, by using the Microsoft web-based tool, the Microsoft Remote Connectivity Analyzer (ExRCA).  Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 2#3 | Part 27#36  Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 3#3 | Part 28#36
Page 3 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Locating the Autodiscover Endpoint host | Active Directory versus none- Active Directory environment Before we get into the details of the Autodiscover process that is implemented in a non-Active Directory environment, it’s important to understand the major difference of the Autodiscover method that is performed on each of these environments. In an Active Directory environment, the Autodiscover client doesn’t know the name of the Autodiscover Endpoint and instead, relate to the Active Directory as a trusted source of infrastructure that can provide him the “names” of available Autodiscover Endpoints (Exchange CAS servers). In a non-Active Directory environment, the “missing part” is the Active Directory. Instead of addressing the Active Directory for information about the names of the Autodiscover Endpoint, the Autodiscover client will need to use another method. The Autodiscover method that is used by the Autodiscover client is based on a following flow: 1. The Autodiscover Endpoint “guess” or “generate” the URL address of a potential Autodiscover Endpoint based on the SMTP domain that he gets from the recipient E-mail address. 2. In case that the Autodiscover client manage to locate and communicate with the “Potential Autodiscover Endpoint” but the “destination host” cannot provide him the required information, the Autodiscover client will ask for a redirection to another potential Autodiscover Endpoint. Note – we use the term “Potential Autodiscover Endpoint” because when the Autodiscover client addresses a specific host as “Autodiscover Endpoint” he assumes that the destination host is an Autodiscover Endpoint, but he cannot be sure of the destination host is indeed Autodiscover Endpoint. 3. In case that the potential Autodiscover Endpoint from “step 1” could not provide the required Autodiscover information + couldn’t provide a redirection to a
Page 4 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 potential Autodiscover Endpoint, the Autodiscover client will try to query the DNS looking for SRV record that will include the host name of a potential Autodiscover Endpoint. Pay attention to the fact the in a non-Active Directory environment, the Autodiscover client can consider as “blind client” because, there is no “formal source of information” that can provide him the specific host name (the URL if we want to be more accurate”) of the potential Autodiscover Endpoint.
Page 5 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 The possible scenario in which Autodiscover client cannot use the Active Directory Autodiscover method. The four possible scenarios in which client cannot use the Autodiscover method that is based on an LDAP query and On-Premises Active Directory are: 1. The desktop is not a Domain joined As the name implies, this scenario can relate to one of the following options:  A user’s desktop that is not configured as a domain member (domain joined)  A user’s desktop that is configured as a domain member (domain joined) but the user login locally to his desktop and not to the “Domain profile”. 2. The desktop is a Domain joined but, there is no option to communicate with Active Directory An example could be a user whom his notebook, consider as a Domain joined, but the organization user is working from home or a public network.
Page 6 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 In that case, despite the fact that the desktop is a “Domain joined”, the communication attempt to the Active Directory will fail because by default, the Active Directory considers as protected or internal resources, and it’s not exposed to access by the host from the public network. 3. The desktop is a Domain joined, there is an option to communicate with Active Directory but the SMTP Domain that the client look for doesn’t “belong” to the Exchange on-Premises server (the Exchange is not authoritative for the specific domain name). Whoa!! This is a very long name for a scenario title! An example of this scenario could be a user who wants to create a new Outlook mail profile using a recipient E-mail address. The SMTP domain part of the recipient E-mail address doesn’t “belong” to the organization Domains (Domain that Exchange sees himself as authoritative for them). In that situation, although the domain is not part of the local Exchange infrastructure, the Autodiscover client will request a list of available Exchange CAS server from the Active Directory and try to communicate with each of the Exchange CAS servers in the list looking for the required Autodiscover information. Only after the Autodiscover client exhausts all the possible “internal Autodiscover Endpoints”, the Autodiscover client will “surrendered” and start to use an additional Autodiscover method. 4. An Exchange on-Premises server is not available. The charters of this scenario are:  The user desktop is a Domain joined.  The Autodiscover client manages to query the local Active Directory and gets a list of potential Autodiscover Endpoints.  The Autodiscover client tries to communicate the Autodiscover Endpoint (Exchange CAS server) but the Exchange CAS server is not available (not responding, etc.).
Page 7 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 In this case, the Autodiscover client will “surrendered” and start to use an additional Autodiscover method. The journey for the Lost Treasure- Autodiscover.xml file To simplify the concept of Autodiscover process, let’s use the following metaphor: The process of Autodiscover is very similar to a “the search for the lost treasure”. We heard from someone, about very precious treasure. We want this treasure very much, and we know that “somewhere” there is a person that holds this precious treasure. All we need is a “map” that could lead us to the person that hold our precious treasure!
Page 8 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Let’s return to the “real world” and try to understand what process each of this Imaginary figure represent. 1. The “searcher” The “searcher” could be any Autodiscover client. In our scenario, the Autodiscover client is Outlook that needs configuration setting for creating a new Outlook mail profile. 2. The lost treasure – Autodiscover information The assent of “Autodiscover journey” is very simple – find the Autodiscover information (the lost treasure).
Page 9 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 3. The “source” The “element” that holds our precious treasure is the Exchange CAS server or if we want to use the formal term – potential Autodiscover Endpoint. Technically speaking, we use the term “potential” because, in reality, when the Autodiscover client addresses a specific host he doesn’t know if the host (the potential Autodiscover Endpoint) replies to his communication request or, in case that the host reply, we cannot be sure that the specific host is the “right one”. For this reason, we use the term “potential” because the host the Autodiscover client address has the potential to be the “right Autodiscover Endpoint” but, at the same time, the Autodiscover client will need to know how to deal with a scenario in which the host is not the “right Autodiscover Endpoint”.
Page 10 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 4. The “Map” In our story, the “map” should lead us to the person that hold our desirable treasure. In the Autodiscover world, the “map” is implemented as a web address (URL). If we want to be more precise, the client (Outlook) has already most of the map, the only missing part in the “map” is the name of the Autodiscover Endpoint who “hold” the information (hold our precious treasure). Autodiscover URL (the map to the lost treasure)
Page 11 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Continuing our metaphor, the” map” (the address) to the lost treasure, aka the Autodiscover information is implemented by using a URL address. Let’s look at the structure of the Autodiscover URL address, so we can understand better the Autodiscover method that is used by the Autodiscover client in a non- Active Directory environment. The Autodiscover URL address, includes the following parts:  The protocol name (HTTPS or HTTP)  The host name of the Autodiscover Endpoint  The path that includes the name of the folder (Autodiscover) and the name of the required file (autodiscover.xml or autodiscover.svc) Autodiscover client knows what is the URL address structure that he should use for addressing the Autodiscover Endpoint. The default communication protocol is HTTPS (another option is HTTP in a scenario of a redirection requests). Note that the name of the FQDN of the Autodiscover Endpoint is not known to the Autodiscover client! In the next section, we will learn how the Autodiscover client solves this problem, but it’s important to emphasize that in a non-Active Directory environment the Autodiscover client cannot know “in advance” the host name if the Autodiscover Endpoint. The default path of the Autodiscover URL is based on the following naming convention. <Folder name><File name> The default path of Autodiscover services is: /Autodiscover/autodiscover.xml
Page 12 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 In the following diagram, we can see the presentation of the “well know the Autodiscover URL address” concept. The Autodiscover client, “knows” most of the “parts” of the Autodiscover URL address. The only “missing part” is the host name of the Autodiscover Endpoint.
Page 13 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 The great mystery revealed! Generating the Autodiscover Endpoint host name When an Autodiscover client uses the “Active Directory Autodiscover method”, the Autodiscover client, trust or relies on the Active Directory as a source for information about the available Autodiscover Endpoint. But in case that the Autodiscover client cannot use the Active Directory as a “source for information”, how can the Autodiscover client know what the name of Autodiscover Endpoint is? Is there more than one potential Autodiscover Endpoint?
Page 14 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 I’m excited! Today we are going to reveal the big secret which only a few people in the whole world know! The way that the Autodiscover client use for “finding” the host name of the Autodiscover Endpoint is maybe not the “big secret which only a few people in the
Page 15 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 whole world know!” however, it’s still an interesting process that some of us are not familiar with.  The mission is – creating a new Outlook mail profile.  The agent name is – Bob  The location – Bob is located on a public network and for this reason, he cannot access the organization Active Directory.  The obstacles – how to find the Exchange CAS server (the Autodiscover Endpoint) that will enable Bob to connect to his mailbox + provides all the required information for creating the Outlook Anywhere mail profile.
Page 16 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 The secret method which the Autodiscover client use is based on a little trick. As mentioned before, the URL address of the Autodiscover Endpoint is based on a predefined naming convention. For the Autodiscover client which needs to find his Autodiscover Endpoint, the only missing part is the host name of the Autodiscover Endpoint. The trick that the Autodiscover client use is based on the E-mail address of the recipient. Every standard E-mail address is consisted of two parts: 1. The “left part” this is the recipient alias or the recipient name. 2. The “Left part”, this part represents the domain name or the SMTP domain name of the organization of the company that the user belongs to. Autodiscover clients know how to use the “right part” of the E-mail address by “taking” the SMTP domain name and is it for “Fill in the missing part of the puzzle”. In our scenario, when Bob starts the Outlook wizard, Bob will have to provide his E- mail address – Bob@o365info.com The Autodiscover client (Outlook), take the domain name form the E-mail address and “put the name” in the Autodiscover URL.
Page 17 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 In our example, Outlook will start the journey by connecting DNS server and ask for the IP address of the host named – o365info.com In case that the DNS server can provide an IP address, Outlook (Autodiscover client) will relate to the host as a potential Autodiscover Endpoint. The basic Outlook assumption is that this host – o365info.com is a potential Autodiscover Endpoint meaning an Exchange CAS server or element that can provide him the required Autodiscover information for creating the Outlook Anywhere mail profile.
Page 18 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Most of the time, the method in which Autodiscover relates to the SMTP domain name is the host name of the potential Autodiscover Endpoint will not yield the required results because in a modern environment, the “root domain name” is usefully mapped to the public company web site. In now days, we can “reach” most of the public web site without using the formal naming convention such as – www.<Domain name> but instead, we use only the domain name. Let’s assume that in our scenario, Outlook manage to find the IP address of a host named –o365info.com, but “this host” is not the required Autodiscover Endpoint (Exchange CAS server) but instead, just a simple website. In that situation, the Autodiscover client uses an additional naming convention, but this time; Outlook will try to address the Autodiscover Endpoint by using the following hostname –autodiscover.o365info.com The host name – Autodiscover is a preserved name. Each organization that wants to point Autodiscover clients to their Autodiscover Endpoint, need to create under the domain name in the DNS zone an A record, that
Page 19 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 includes the host name – Autodiscover and mapped to the IP address of the Exchange CAS server who operate as Autodiscover Endpoint. Q: Is this is the end of the Autodiscover journey? Can we assume that the story has a good end? A: Yes and no
Page 20 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 This could be the end of the Autodiscover journey in case that the host – autodiscover.o365info.com is the “real deal” and this is the “right Exchange CAS server” that can enable the Outlook to connect to user mailbox + provide all the required configuration settings for building a new Outlook Anywhere mail profile. Other passable scenarios is that the host the Outlook considers as a “potential Autodiscover Endpoint”, is not the host who can “end the process”. For example, there is an option in which Outlook finds the IP address of a host named-autodiscover.o365info.com but the “host” doesn’t respond to the HTTPS request that Outlook sends. (The Autodiscover process is based on the HTTPS protocol). In this case Outlook “understand” that this is not the “the last station” in his Autodiscover journey. In case that the Autodiscover Endpoint did not respond to the HTTPS communication request, the Autodiscover client still has “some belief” that the host can still help him in another way. HTTP Redirection Because of the destination, host doesn’t support HTTPS communication, the Autodiscover client “understand” that this is not the element that can provide him the require Autodiscover information. Instead of “give in”, Outlook client will address that host who doesn’t support HTTPS, and ask him if he knows about a Potential Autodiscover Endpoint. The Autodiscover Endpoint addresses the host by using HTTP protocol instead of HTTPS.
Page 21 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 In case that the host responds to the HTTP request, the Autodiscover client assumes that he can ask for help. The Autodiscover client will try to request from the host, information about the name if the Autodiscover Endpoint.
Page 22 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 So… is this is the end? The answer is not it! In case that the host whom the Autodiscover client address doesn’t support HTTP or cannot provide the name of a potential Autodiscover Endpoint, the Autodiscover client will use the “last method, he carries his sack” This Autodiscover method is based on a special DNS record named – SRV record. The uniqueness of a DNS SRV record is that this type of record enables DNS client to query DNS about the host name to provide a specific service with Outlook the need to know the host name. In other words, when using the SRV query, looking for a specific service, the DNS replay with the host names that provide the specific service. In case that the organization publishes in the DNS an SRV record that includes the host name of the Exchange CAS server (Autodiscover Endpoint) that can provide Autodiscover services, the Autodiscover client will use the name and relate to the host as a potential Autodiscover Endpoint.
Page 23 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Note – it’s important to mention that the SRV Autodiscover method is not supported in Office 365 and Exchange Online environment.

More Related Content

PDF
Exchange 2013 coexistence | Autodiscover infrastructure | Part 2/2 | 12#23
Eyal Doron
 
PPTX
API
Masters Academy
 
PDF
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB
 
PPTX
Play Your API with MuleSoft API Notebook
Rakesh Kumar Jha
 
PDF
NodeJS: the good parts? A skeptic’s view (jax jax2013)
Chris Richardson
 
PDF
Gluecon: Using sagas to maintain data consistency in a microservice architecture
Chris Richardson
 
PDF
ArchSummit Shenzhen - Using sagas to maintain data consistency in a microserv...
Chris Richardson
 
PDF
#JaxLondon keynote: Developing applications with a microservice architecture
Chris Richardson
 
Exchange 2013 coexistence | Autodiscover infrastructure | Part 2/2 | 12#23
Eyal Doron
 
API
Masters Academy
 
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB
 
Play Your API with MuleSoft API Notebook
Rakesh Kumar Jha
 
NodeJS: the good parts? A skeptic’s view (jax jax2013)
Chris Richardson
 
Gluecon: Using sagas to maintain data consistency in a microservice architecture
Chris Richardson
 
ArchSummit Shenzhen - Using sagas to maintain data consistency in a microserv...
Chris Richardson
 
#JaxLondon keynote: Developing applications with a microservice architecture
Chris Richardson
 

What's hot (20)

PDF
Map, Flatmap and Reduce are Your New Best Friends: Simpler Collections, Concu...
Chris Richardson
 
PDF
Microservices + Events + Docker = A Perfect Trio (dockercon)
Chris Richardson
 
PDF
JavaOne2017: ACID Is So Yesterday: Maintaining Data Consistency with Sagas
Chris Richardson
 
PDF
Developing microservices with aggregates (melbourne)
Chris Richardson
 
PDF
Events on the outside, on the inside and at the core (jfokus jfokus2016)
Chris Richardson
 
PDF
Building and deploying microservices with event sourcing, CQRS and Docker (Be...
Chris Richardson
 
PDF
OReilly SACON2018 - Events on the outside, on the inside, and at the core
Chris Richardson
 
PDF
Developing microservices with aggregates (SpringOne platform, #s1p)
Chris Richardson
 
PDF
Futures and Rx Observables: powerful abstractions for consuming web services ...
Chris Richardson
 
PDF
Building and deploying microservices with event sourcing, CQRS and Docker (Ha...
Chris Richardson
 
PDF
MongoDB.local Berlin: App development in a Serverless World
MongoDB
 
PDF
Microservices and Redis #redisconf Keynote
Chris Richardson
 
PDF
Handling Eventual Consistency in JVM Microservices with Event Sourcing (javao...
Chris Richardson
 
PDF
The never-ending REST API design debate -- Devoxx France 2016
Restlet
 
PDF
There is no such thing as a microservice! (oracle code nyc)
Chris Richardson
 
PPTX
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
Codemotion
 
PPTX
Polaris presentation ioc - code conference
Steven Contos
 
PDF
Microservices pattern language (microxchg microxchg2016)
Chris Richardson
 
PDF
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB
 
PDF
MongoDB .local Toronto 2019: MongoDB Atlas Jumpstart
MongoDB
 
Map, Flatmap and Reduce are Your New Best Friends: Simpler Collections, Concu...
Chris Richardson
 
Microservices + Events + Docker = A Perfect Trio (dockercon)
Chris Richardson
 
JavaOne2017: ACID Is So Yesterday: Maintaining Data Consistency with Sagas
Chris Richardson
 
Developing microservices with aggregates (melbourne)
Chris Richardson
 
Events on the outside, on the inside and at the core (jfokus jfokus2016)
Chris Richardson
 
Building and deploying microservices with event sourcing, CQRS and Docker (Be...
Chris Richardson
 
OReilly SACON2018 - Events on the outside, on the inside, and at the core
Chris Richardson
 
Developing microservices with aggregates (SpringOne platform, #s1p)
Chris Richardson
 
Futures and Rx Observables: powerful abstractions for consuming web services ...
Chris Richardson
 
Building and deploying microservices with event sourcing, CQRS and Docker (Ha...
Chris Richardson
 
MongoDB.local Berlin: App development in a Serverless World
MongoDB
 
Microservices and Redis #redisconf Keynote
Chris Richardson
 
Handling Eventual Consistency in JVM Microservices with Event Sourcing (javao...
Chris Richardson
 
The never-ending REST API design debate -- Devoxx France 2016
Restlet
 
There is no such thing as a microservice! (oracle code nyc)
Chris Richardson
 
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
Codemotion
 
Polaris presentation ioc - code conference
Steven Contos
 
Microservices pattern language (microxchg microxchg2016)
Chris Richardson
 
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB
 
MongoDB .local Toronto 2019: MongoDB Atlas Jumpstart
MongoDB
 
Ad

Viewers also liked (14)

PDF
PATHS at Royal Melbourne Institute of Technology
pathsproject
 
DOC
Fichas de la y
Trini Martínez Ballesteros
 
PDF
How does sender verification work how we identify spoof mail) spf, dkim dmar...
Eyal Doron
 
PDF
Boletim informativo - janeiro
bibliotecasjuliomartins
 
PDF
IND-2012-286 Loreto School Education - Spreading Literacy
designforchangechallenge
 
PDF
De-list your organization from a blacklist | My E-mail appears as spam | Part...
Eyal Doron
 
DOCX
Tgs implementing tfu story of change (dfc 2012-13)
designforchangechallenge
 
PPT
Extra unit 2
Sheetal Verma
 
PDF
PATHS Content processing 2nd prototype-revised.v2
pathsproject
 
PDF
PATHS Final state of art monitoring report v0_4
pathsproject
 
PDF
SemEval-2012 Task 6: A Pilot on Semantic Textual Similarity
pathsproject
 
PPTX
IND-2012-287 Anando -MILKY IDEA
designforchangechallenge
 
PDF
OWL2+SWRL to EMF+IQPL
izso
 
PDF
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
pathsproject
 
PATHS at Royal Melbourne Institute of Technology
pathsproject
 
Fichas de la y
Trini Martínez Ballesteros
 
How does sender verification work how we identify spoof mail) spf, dkim dmar...
Eyal Doron
 
Boletim informativo - janeiro
bibliotecasjuliomartins
 
IND-2012-286 Loreto School Education - Spreading Literacy
designforchangechallenge
 
De-list your organization from a blacklist | My E-mail appears as spam | Part...
Eyal Doron
 
Tgs implementing tfu story of change (dfc 2012-13)
designforchangechallenge
 
Extra unit 2
Sheetal Verma
 
PATHS Content processing 2nd prototype-revised.v2
pathsproject
 
PATHS Final state of art monitoring report v0_4
pathsproject
 
SemEval-2012 Task 6: A Pilot on Semantic Textual Similarity
pathsproject
 
IND-2012-287 Anando -MILKY IDEA
designforchangechallenge
 
OWL2+SWRL to EMF+IQPL
izso
 
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
pathsproject
 
Ad

Similar to Autodiscover flow in an exchange on premises environment non-active directory environment part 1#3 part 26#36 (19)

PDF
Autodiscover flow in an exchange on premises environment non-active director...
Eyal Doron
 
PDF
Autodiscover flow in active directory based environment part 15#36
Eyal Doron
 
PDF
Autodiscover flow in an exchange on premises environment non-active director...
Eyal Doron
 
PDF
The autodiscover algorithm for locating the source of information part 05#36
Eyal Doron
 
PDF
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Eyal Doron
 
PDF
Outlook autodiscover decision process choosing the right autodiscover method ...
Eyal Doron
 
PDF
My E-mail appears as spam - Troubleshooting path | Part 11#17
Eyal Doron
 
PPTX
Leveraging microsoft’s e discovery platform in your organization
Don Donais
 
PDF
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Eyal Doron
 
PDF
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Eyal Doron
 
PDF
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Eyal Doron
 
PDF
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Eyal Doron
 
PPTX
exchange-2013-autodiscover-overview_en.pptx
Francois88
 
PPT
office365- discovery and compliance
Juntarou Doi
 
PPTX
Information Governance and ediscovery in office 365 ediscovery deep dive
bilgore
 
PPTX
Empowering the business for eDiscovery in Office 365 - BRK2112
Joanne Klein
 
PDF
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Eyal Doron
 
PPTX
eDiscovery in SharePoint 2013 - DIWUG
Maarten Eekels
 
PDF
The old exchange environment versus modern exchange environment part 02#36
Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Eyal Doron
 
Autodiscover flow in active directory based environment part 15#36
Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Eyal Doron
 
The autodiscover algorithm for locating the source of information part 05#36
Eyal Doron
 
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Eyal Doron
 
Outlook autodiscover decision process choosing the right autodiscover method ...
Eyal Doron
 
My E-mail appears as spam - Troubleshooting path | Part 11#17
Eyal Doron
 
Leveraging microsoft’s e discovery platform in your organization
Don Donais
 
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Eyal Doron
 
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Eyal Doron
 
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Eyal Doron
 
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Eyal Doron
 
exchange-2013-autodiscover-overview_en.pptx
Francois88
 
office365- discovery and compliance
Juntarou Doi
 
Information Governance and ediscovery in office 365 ediscovery deep dive
bilgore
 
Empowering the business for eDiscovery in Office 365 - BRK2112
Joanne Klein
 
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Eyal Doron
 
eDiscovery in SharePoint 2013 - DIWUG
Maarten Eekels
 
The old exchange environment versus modern exchange environment part 02#36
Eyal Doron
 

More from Eyal Doron (20)

PPTX
How to simulate spoof e mail attack and bypass spf sender verification - 2#2
Eyal Doron
 
PDF
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Eyal Doron
 
PDF
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Eyal Doron
 
PDF
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
Eyal Doron
 
PDF
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
Eyal Doron
 
PDF
What are the possible damages of phishing and spoofing mail attacks part 2#...
Eyal Doron
 
PDF
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Eyal Doron
 
PDF
Mail migration to office 365 measure and estimate mail migration throughput...
Eyal Doron
 
PDF
Mail migration to office 365 factors that impact mail migration performance...
Eyal Doron
 
PDF
Mail migration to office 365 optimizing the mail migration throughput - par...
Eyal Doron
 
PDF
Mail migration to office 365 mail migration methods - part 1#4
Eyal Doron
 
PDF
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Eyal Doron
 
PDF
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
Eyal Doron
 
PDF
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Eyal Doron
 
PDF
Microsoft remote connectivity analyzer (ex rca) autodiscover troubleshooting...
Eyal Doron
 
PDF
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Eyal Doron
 
PDF
Should i use a single namespace for exchange infrastructure part 1#2 part ...
Eyal Doron
 
PDF
Public san certificate deprecated support in the internal server name part ...
Eyal Doron
 
PDF
Exchange infrastructure implementing single domain namespace scheme part 2#...
Eyal Doron
 
PDF
Exchange clients and their public facing exchange server part 13#36
Eyal Doron
 
How to simulate spoof e mail attack and bypass spf sender verification - 2#2
Eyal Doron
 
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Eyal Doron
 
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Eyal Doron
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
Eyal Doron
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
Eyal Doron
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
Eyal Doron
 
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Eyal Doron
 
Mail migration to office 365 measure and estimate mail migration throughput...
Eyal Doron
 
Mail migration to office 365 factors that impact mail migration performance...
Eyal Doron
 
Mail migration to office 365 optimizing the mail migration throughput - par...
Eyal Doron
 
Mail migration to office 365 mail migration methods - part 1#4
Eyal Doron
 
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Eyal Doron
 
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
Eyal Doron
 
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Eyal Doron
 
Microsoft remote connectivity analyzer (ex rca) autodiscover troubleshooting...
Eyal Doron
 
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Eyal Doron
 
Should i use a single namespace for exchange infrastructure part 1#2 part ...
Eyal Doron
 
Public san certificate deprecated support in the internal server name part ...
Eyal Doron
 
Exchange infrastructure implementing single domain namespace scheme part 2#...
Eyal Doron
 
Exchange clients and their public facing exchange server part 13#36
Eyal Doron
 

Recently uploaded (20)

PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Approach and Philosophy of On baking technology
30anthuong17
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Teaching material agriculture food technology
LiaRayya
 
Encapsulation theory and applications.pdf
gurumoop
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 

Autodiscover flow in an exchange on premises environment non-active directory environment part 1#3 part 26#36

  • 1. Page 1 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Autodiscover flow in an Exchange on- Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 The Autodiscover protocol for discovering the Autodiscover Endpoint is a very smart protocol, which was designed to get the required results in a different environment such as Active Directory-based environment and a “non-Active Directory environment”. In a “non-Active Directory environment”, the Autodiscover client has an arsenal of methods and tools, which can help him to find his Autodiscover Endpoint.
  • 2. Page 2 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment | The article series The current article is the first article on a series of three articles. The main focus of the first article is -presenting the logic and, the involved components in the Autodiscover flow that is implemented in Exchange on-Premises environment. In the next two articles, we will review the Autodiscover flow that is implemented in Exchange on-Premises environment, by using the Microsoft web-based tool, the Microsoft Remote Connectivity Analyzer (ExRCA).  Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 2#3 | Part 27#36  Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 3#3 | Part 28#36
  • 3. Page 3 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Locating the Autodiscover Endpoint host | Active Directory versus none- Active Directory environment Before we get into the details of the Autodiscover process that is implemented in a non-Active Directory environment, it’s important to understand the major difference of the Autodiscover method that is performed on each of these environments. In an Active Directory environment, the Autodiscover client doesn’t know the name of the Autodiscover Endpoint and instead, relate to the Active Directory as a trusted source of infrastructure that can provide him the “names” of available Autodiscover Endpoints (Exchange CAS servers). In a non-Active Directory environment, the “missing part” is the Active Directory. Instead of addressing the Active Directory for information about the names of the Autodiscover Endpoint, the Autodiscover client will need to use another method. The Autodiscover method that is used by the Autodiscover client is based on a following flow: 1. The Autodiscover Endpoint “guess” or “generate” the URL address of a potential Autodiscover Endpoint based on the SMTP domain that he gets from the recipient E-mail address. 2. In case that the Autodiscover client manage to locate and communicate with the “Potential Autodiscover Endpoint” but the “destination host” cannot provide him the required information, the Autodiscover client will ask for a redirection to another potential Autodiscover Endpoint. Note – we use the term “Potential Autodiscover Endpoint” because when the Autodiscover client addresses a specific host as “Autodiscover Endpoint” he assumes that the destination host is an Autodiscover Endpoint, but he cannot be sure of the destination host is indeed Autodiscover Endpoint. 3. In case that the potential Autodiscover Endpoint from “step 1” could not provide the required Autodiscover information + couldn’t provide a redirection to a
  • 4. Page 4 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 potential Autodiscover Endpoint, the Autodiscover client will try to query the DNS looking for SRV record that will include the host name of a potential Autodiscover Endpoint. Pay attention to the fact the in a non-Active Directory environment, the Autodiscover client can consider as “blind client” because, there is no “formal source of information” that can provide him the specific host name (the URL if we want to be more accurate”) of the potential Autodiscover Endpoint.
  • 5. Page 5 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 The possible scenario in which Autodiscover client cannot use the Active Directory Autodiscover method. The four possible scenarios in which client cannot use the Autodiscover method that is based on an LDAP query and On-Premises Active Directory are: 1. The desktop is not a Domain joined As the name implies, this scenario can relate to one of the following options:  A user’s desktop that is not configured as a domain member (domain joined)  A user’s desktop that is configured as a domain member (domain joined) but the user login locally to his desktop and not to the “Domain profile”. 2. The desktop is a Domain joined but, there is no option to communicate with Active Directory An example could be a user whom his notebook, consider as a Domain joined, but the organization user is working from home or a public network.
  • 6. Page 6 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 In that case, despite the fact that the desktop is a “Domain joined”, the communication attempt to the Active Directory will fail because by default, the Active Directory considers as protected or internal resources, and it’s not exposed to access by the host from the public network. 3. The desktop is a Domain joined, there is an option to communicate with Active Directory but the SMTP Domain that the client look for doesn’t “belong” to the Exchange on-Premises server (the Exchange is not authoritative for the specific domain name). Whoa!! This is a very long name for a scenario title! An example of this scenario could be a user who wants to create a new Outlook mail profile using a recipient E-mail address. The SMTP domain part of the recipient E-mail address doesn’t “belong” to the organization Domains (Domain that Exchange sees himself as authoritative for them). In that situation, although the domain is not part of the local Exchange infrastructure, the Autodiscover client will request a list of available Exchange CAS server from the Active Directory and try to communicate with each of the Exchange CAS servers in the list looking for the required Autodiscover information. Only after the Autodiscover client exhausts all the possible “internal Autodiscover Endpoints”, the Autodiscover client will “surrendered” and start to use an additional Autodiscover method. 4. An Exchange on-Premises server is not available. The charters of this scenario are:  The user desktop is a Domain joined.  The Autodiscover client manages to query the local Active Directory and gets a list of potential Autodiscover Endpoints.  The Autodiscover client tries to communicate the Autodiscover Endpoint (Exchange CAS server) but the Exchange CAS server is not available (not responding, etc.).
  • 7. Page 7 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 In this case, the Autodiscover client will “surrendered” and start to use an additional Autodiscover method. The journey for the Lost Treasure- Autodiscover.xml file To simplify the concept of Autodiscover process, let’s use the following metaphor: The process of Autodiscover is very similar to a “the search for the lost treasure”. We heard from someone, about very precious treasure. We want this treasure very much, and we know that “somewhere” there is a person that holds this precious treasure. All we need is a “map” that could lead us to the person that hold our precious treasure!
  • 8. Page 8 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Let’s return to the “real world” and try to understand what process each of this Imaginary figure represent. 1. The “searcher” The “searcher” could be any Autodiscover client. In our scenario, the Autodiscover client is Outlook that needs configuration setting for creating a new Outlook mail profile. 2. The lost treasure – Autodiscover information The assent of “Autodiscover journey” is very simple – find the Autodiscover information (the lost treasure).
  • 9. Page 9 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 3. The “source” The “element” that holds our precious treasure is the Exchange CAS server or if we want to use the formal term – potential Autodiscover Endpoint. Technically speaking, we use the term “potential” because, in reality, when the Autodiscover client addresses a specific host he doesn’t know if the host (the potential Autodiscover Endpoint) replies to his communication request or, in case that the host reply, we cannot be sure that the specific host is the “right one”. For this reason, we use the term “potential” because the host the Autodiscover client address has the potential to be the “right Autodiscover Endpoint” but, at the same time, the Autodiscover client will need to know how to deal with a scenario in which the host is not the “right Autodiscover Endpoint”.
  • 10. Page 10 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 4. The “Map” In our story, the “map” should lead us to the person that hold our desirable treasure. In the Autodiscover world, the “map” is implemented as a web address (URL). If we want to be more precise, the client (Outlook) has already most of the map, the only missing part in the “map” is the name of the Autodiscover Endpoint who “hold” the information (hold our precious treasure). Autodiscover URL (the map to the lost treasure)
  • 11. Page 11 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Continuing our metaphor, the” map” (the address) to the lost treasure, aka the Autodiscover information is implemented by using a URL address. Let’s look at the structure of the Autodiscover URL address, so we can understand better the Autodiscover method that is used by the Autodiscover client in a non- Active Directory environment. The Autodiscover URL address, includes the following parts:  The protocol name (HTTPS or HTTP)  The host name of the Autodiscover Endpoint  The path that includes the name of the folder (Autodiscover) and the name of the required file (autodiscover.xml or autodiscover.svc) Autodiscover client knows what is the URL address structure that he should use for addressing the Autodiscover Endpoint. The default communication protocol is HTTPS (another option is HTTP in a scenario of a redirection requests). Note that the name of the FQDN of the Autodiscover Endpoint is not known to the Autodiscover client! In the next section, we will learn how the Autodiscover client solves this problem, but it’s important to emphasize that in a non-Active Directory environment the Autodiscover client cannot know “in advance” the host name if the Autodiscover Endpoint. The default path of the Autodiscover URL is based on the following naming convention. <Folder name><File name> The default path of Autodiscover services is: /Autodiscover/autodiscover.xml
  • 12. Page 12 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 In the following diagram, we can see the presentation of the “well know the Autodiscover URL address” concept. The Autodiscover client, “knows” most of the “parts” of the Autodiscover URL address. The only “missing part” is the host name of the Autodiscover Endpoint.
  • 13. Page 13 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 The great mystery revealed! Generating the Autodiscover Endpoint host name When an Autodiscover client uses the “Active Directory Autodiscover method”, the Autodiscover client, trust or relies on the Active Directory as a source for information about the available Autodiscover Endpoint. But in case that the Autodiscover client cannot use the Active Directory as a “source for information”, how can the Autodiscover client know what the name of Autodiscover Endpoint is? Is there more than one potential Autodiscover Endpoint?
  • 14. Page 14 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 I’m excited! Today we are going to reveal the big secret which only a few people in the whole world know! The way that the Autodiscover client use for “finding” the host name of the Autodiscover Endpoint is maybe not the “big secret which only a few people in the
  • 15. Page 15 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 whole world know!” however, it’s still an interesting process that some of us are not familiar with.  The mission is – creating a new Outlook mail profile.  The agent name is – Bob  The location – Bob is located on a public network and for this reason, he cannot access the organization Active Directory.  The obstacles – how to find the Exchange CAS server (the Autodiscover Endpoint) that will enable Bob to connect to his mailbox + provides all the required information for creating the Outlook Anywhere mail profile.
  • 16. Page 16 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 The secret method which the Autodiscover client use is based on a little trick. As mentioned before, the URL address of the Autodiscover Endpoint is based on a predefined naming convention. For the Autodiscover client which needs to find his Autodiscover Endpoint, the only missing part is the host name of the Autodiscover Endpoint. The trick that the Autodiscover client use is based on the E-mail address of the recipient. Every standard E-mail address is consisted of two parts: 1. The “left part” this is the recipient alias or the recipient name. 2. The “Left part”, this part represents the domain name or the SMTP domain name of the organization of the company that the user belongs to. Autodiscover clients know how to use the “right part” of the E-mail address by “taking” the SMTP domain name and is it for “Fill in the missing part of the puzzle”. In our scenario, when Bob starts the Outlook wizard, Bob will have to provide his E- mail address – Bob@o365info.com The Autodiscover client (Outlook), take the domain name form the E-mail address and “put the name” in the Autodiscover URL.
  • 17. Page 17 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 In our example, Outlook will start the journey by connecting DNS server and ask for the IP address of the host named – o365info.com In case that the DNS server can provide an IP address, Outlook (Autodiscover client) will relate to the host as a potential Autodiscover Endpoint. The basic Outlook assumption is that this host – o365info.com is a potential Autodiscover Endpoint meaning an Exchange CAS server or element that can provide him the required Autodiscover information for creating the Outlook Anywhere mail profile.
  • 18. Page 18 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Most of the time, the method in which Autodiscover relates to the SMTP domain name is the host name of the potential Autodiscover Endpoint will not yield the required results because in a modern environment, the “root domain name” is usefully mapped to the public company web site. In now days, we can “reach” most of the public web site without using the formal naming convention such as – www.<Domain name> but instead, we use only the domain name. Let’s assume that in our scenario, Outlook manage to find the IP address of a host named –o365info.com, but “this host” is not the required Autodiscover Endpoint (Exchange CAS server) but instead, just a simple website. In that situation, the Autodiscover client uses an additional naming convention, but this time; Outlook will try to address the Autodiscover Endpoint by using the following hostname –autodiscover.o365info.com The host name – Autodiscover is a preserved name. Each organization that wants to point Autodiscover clients to their Autodiscover Endpoint, need to create under the domain name in the DNS zone an A record, that
  • 19. Page 19 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 includes the host name – Autodiscover and mapped to the IP address of the Exchange CAS server who operate as Autodiscover Endpoint. Q: Is this is the end of the Autodiscover journey? Can we assume that the story has a good end? A: Yes and no
  • 20. Page 20 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 This could be the end of the Autodiscover journey in case that the host – autodiscover.o365info.com is the “real deal” and this is the “right Exchange CAS server” that can enable the Outlook to connect to user mailbox + provide all the required configuration settings for building a new Outlook Anywhere mail profile. Other passable scenarios is that the host the Outlook considers as a “potential Autodiscover Endpoint”, is not the host who can “end the process”. For example, there is an option in which Outlook finds the IP address of a host named-autodiscover.o365info.com but the “host” doesn’t respond to the HTTPS request that Outlook sends. (The Autodiscover process is based on the HTTPS protocol). In this case Outlook “understand” that this is not the “the last station” in his Autodiscover journey. In case that the Autodiscover Endpoint did not respond to the HTTPS communication request, the Autodiscover client still has “some belief” that the host can still help him in another way. HTTP Redirection Because of the destination, host doesn’t support HTTPS communication, the Autodiscover client “understand” that this is not the element that can provide him the require Autodiscover information. Instead of “give in”, Outlook client will address that host who doesn’t support HTTPS, and ask him if he knows about a Potential Autodiscover Endpoint. The Autodiscover Endpoint addresses the host by using HTTP protocol instead of HTTPS.
  • 21. Page 21 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 In case that the host responds to the HTTP request, the Autodiscover client assumes that he can ask for help. The Autodiscover client will try to request from the host, information about the name if the Autodiscover Endpoint.
  • 22. Page 22 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 So… is this is the end? The answer is not it! In case that the host whom the Autodiscover client address doesn’t support HTTP or cannot provide the name of a potential Autodiscover Endpoint, the Autodiscover client will use the “last method, he carries his sack” This Autodiscover method is based on a special DNS record named – SRV record. The uniqueness of a DNS SRV record is that this type of record enables DNS client to query DNS about the host name to provide a specific service with Outlook the need to know the host name. In other words, when using the SRV query, looking for a specific service, the DNS replay with the host names that provide the specific service. In case that the organization publishes in the DNS an SRV record that includes the host name of the Exchange CAS server (Autodiscover Endpoint) that can provide Autodiscover services, the Autodiscover client will use the name and relate to the host as a potential Autodiscover Endpoint.
  • 23. Page 23 of 23 | Autodiscover flow in an Exchange on-Premises environment | non-Active Directory environment| Part 1#3 | Part 26#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Note – it’s important to mention that the SRV Autodiscover method is not supported in Office 365 and Exchange Online environment.