In the following article, we look under the hood of the Autodiscover method that
is implemented in Active Directory-based environment. In the Active Directorybased environment, the process in which the Autodiscover client such as Outlook
locates available Autodiscover Endpoint, is implemented by addressing the Active
Directory as a source of information for available Autodiscover Endpoints (available
Exchange servers).
In our scenario, the Exchange CAS server registers himself in the Active Directory as
entity that can provide Autodiscover service.
The On-Premise Active Directory allocates a dedicated location (part of the OnPremise Active Directory system partition) for this purpose, by using a folder
named- SCP (Service Connection Point).
In the following diagram, we can see an example of this process.
Each time that a new Exchange On-Premise is installed, the Exchange On-Premise
accesses the Active Directory and, report about himself
Each of the Exchange CAS servers has the Autodiscover folder and the
Autodiscover folder serves as a container for the Autodiscover Endpoint object (a
specific Exchange CAS server).
To be able to see the property of a specific Autodiscover Endpoint (in our example
ex01), we can right click on the Exchange CAS server name and choose the
menu properties.
The property named Keywords, contain the Active Directory site name of a specific
Exchange CAS server.
The real magic is that behind the scenes, the simple task is translated too
complex and smart infrastructure that helps to make this process to appear as
simple and easy.
Task description
An organization user, get a new desktop, the user double-click on the Outlook icon
and after a couple of seconds, Outlook profile was successfully completed and the
user can see his mail, send and receive mail and so on.
In the following section, we will review what was the sequence of events, which led
to the above result
Phase 1 query the local Active Directory
The communication between the Autodiscover client and the Active Directory is
implemented by using the LDAP protocol.
Step 1 Client query the local Active Directory
The Autodiscover client (Outlook) creates an LDAP query and addresses the local
Active Directory, asking for a list of URL address of existing Autodiscover Endpoint.
In other words list of available Exchange CAS server\s
Step 2 Active Directory look at the SCP partition, looking for a value of an attribute
named ServiceBindingInformation
The Active Directory SCP contains a different or a
dedicated ServiceBindingInformation
The Exchange CAS server Autodiscover URL, is implemented by using the following
format:
https://cas_server.domain/Autodiscover/Autodiscover.xml
The Exchange CAS server name, is the internal Exchange server name (FQDN -Fully
Qualified Domain Name)
In our example, the internal FQDN of the Exchange CAS server who was registered
at the Active Directory SCP is ex01.0365info.com and the Autodiscover URL will be:
https://ex01.0365info.com/autodiscover/autodiscover.xml
Additional information that the Active Directory returns to the Autodiscover client
described as Keywords
The Keywords contain information about the Exchange CAS server Active
Directory site name.
(The Active Directory site name in which the Exchange CAS server resides).
When the Autodiscover client (Outlook) gets the list from the Active Directory, the
Autodiscover client will prefer to address the Exchange CAS server, that has the
same Active Directory site value, as the Active Directory site to which the
Autodiscover client belongs also.
This method in which the Autodiscover client prefers to contact a specific Exchange
CAS server over other Exchange CAS servers described as Site Affinity
In this phase, the client (Outlook) and the server (the Exchange CAS server) will
need to identify each other.
Step 5 Outlook asks for the Exchange CAS server to prove his identity by
providing a certificate.
Step 6 The Exchange CAS server, send his certificate to the client and the client
verifies the Exchange CAS server certificate.
Note If you want to read more detailed information about the Autodiscover
process, certificate and secure communication link, read the article Autodiscover
process and Exchange security infrastructure | Part 20#36
Step 7 In case that the Exchange certificate is OK, the client sends his identity
(user credentials) to the Exchange CAS server.
Step 8 In case that the user credentials are correct, the process of mutual
authentication and identification is completed.
Step 10 The Exchange server generate the configuration file based on the
Outlook version software and save it to a file named Autodiscover.xml
Step 11 Outlook client gets the configuration file and create a new Outlook mail
profile that includes all the required configuration settings.
In other words, the Active Directory is the information source authority for
providing the Autodiscover client information about available Autodiscover
Endpoints.
Step 2 in case that the Exchange organization includes more than one Exchange
CAS server, the answer that will the Autodiscover client gets to include a list of
optional Autodiscover Endpoints.
The Autodiscover client will need to implement some method for choosing the
most appropriate Autodiscover Endpoint for him.
This method described as site affinity. The Autodiscover client will prefer
Autodiscover Endpoint that is located in the same Active Directory as he.
Note the term located at the same Active Directory site as he is not accurate
because, in some scenarios, we can register a specific Exchange CAS server as an
Exchange server the belong to a specific Active Directory while the Exchange CAS
server physical location is at the Active Directory site.
Step 3 and step 4.1 in case that the Autodiscover client gets a list of available
Autodiscover Endpoint, the client will try to communicate the first Autodiscover
Endpoint and if the Autodiscover Endpoint is not an available, move to the next
Autodiscover Endpoint in the list and so on.
Step 5.1, 5.2, 5.3 and step 6, are steps that need to be successfully completed
before starting the phase in which the Autodiscover Endpoint provides the desired
information to his Autodiscover client.
The Autodiscover Endpoint, must be sure that the Autodiscover Endpoint can be
trusted and vice versa the Autodiscover Endpoint must identify the Autodiscover
client.
Step 7 the Autodiscover Endpoint (Exchange CAS server) generates the required
information (Autodiscover response) and sends it to the Autodiscover client
(Outlook).
Step 8 this is the happy end phase in which, the Outlook client take the
information and use it for creating a new Outlook mail profile.