Solved

How do you stop auto discovery in selected domains.

Posted on 2010-11-24
7
3,049 Views
Last Modified: 2012-05-10
We have just upgraded our MS Exchange Server from 2003 to 2010 (running Hub Transport, CAS and Mailbox roles).  Our AD forest has the root domain (we’ll call Domain A) plus three sub domains (let’s call them B,C,D).  Our clients are running Windows XP and Office 2007.  Only one domain (domain D) currently has exchange server installed however at least domain C did have exchange 2003 at one point in time.  Since the upgrade computers in domain B and C are now asking users for logon credentials to the Exchange server in domain D.  My issue is that users in domain B and C are configured to use exchange servers located in completely separate forest that have one way trust between either domain B or C and the local customer they support.  If the users hit cancel outlook works properly but they are prompted to log into domain D’s Exchange once an hour.  I’m looking for the best way to stop this from occurring while not disrupting the auto discovery/configuration features domain D.   I hope this make sense and I realize it’s confusing but that’s the way this project was setup for various reason.  
0
Comment
Question by:nkean
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 10

Expert Comment

by:dhruvarajp
ID: 34214109
all you can do is disable outlook clients to use auto discover

download group plolicies templetes
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=92d8519a-e143-4aee-8f7a-e4bbaeba13e7&displaylang=en 

use the Outlk12.adm  file for outlook 2007 and

Take a look at Automatic Profile Configuration:

1.Expand Microsoft Office Outlook 2007
2.Expand Tools | Account Settings
3.Click on Exchange
4.Double click on Automatically configure profile based on Active Directory Primary SMTP Address item
5.The possible values are Not Configured, Enabled and Disabled.

you chose "disabled" . apply this policy on the domain you want to disable autodiscovery

you can not do anything else as the configuration information for exchange is sotred on configuration partition
that is common accross forest.




0
 

Author Comment

by:nkean
ID: 34218677
I tried that and it didn't seem to work.  The users are still getting prompted for username and password.  The hit cancel and everything works again until they get prompted again.  

Are there some logs I should / could be looking at that may give me clues to what's going on?
0
 
LVL 10

Accepted Solution

by:
dhruvarajp earned 500 total points
ID: 34218749
ok.. i thouht so..
here is what you do ..


When Outlook 2007 attempts to contact the Autodiscover service it can use different methods to reach the service, depending on the topology. The currently implemented methods used by Outlook are:

l  SCP lookup

l  HTTPS root domain query

l  HTTPS Autodiscover domain query

l  HTTP redirect method

l  SRV record query

 

To disable each of the above Autodiscover connection methods used by Outlook, please modify the Outlk12.adm file by using the following steps:

a.      Open the Outlk12.adm file in Notepad

b.      Locate the following line in the template

POLICY !!L_AutomaticallyconfigurerofilebasedonActive

c.       Insert a blank-line above this line, and then paste the content below

 

POLICY !!L_Excludeautodiscoverscplookup

KEYNAME Software\Policies\Microsoft\Office\12.0\Outlook\AutoDiscover

VALUENAME ExcludeScpLookup

VALUEON NUMERIC 1

VALUEOFF NUMERIC 0

EXPLAIN !!L_ExcludeautodiscoverscplookupExplain

END POLICY

 

POLICY !!L_Excludeautodiscoverhttpsqueryforrootdomain

KEYNAME Software\Policies\Microsoft\Office\12.0\Outlook\AutoDiscover

VALUENAME ExcludeHttpsRootDomain

VALUEON NUMERIC 1

VALUEOFF NUMERIC 0

EXPLAIN !!L_ExcludeautodiscoverhttpsqueryforrootdomainExplain

END POLICY

 

POLICY !!L_Excludeautodiscoverhttpsqueryforautodiscoverdomain

KEYNAME Software\Policies\Microsoft\Office\12.0\Outlook\AutoDiscover

VALUENAME ExcludeHttpsAutoDiscoverDomain

VALUEON NUMERIC 1

VALUEOFF NUMERIC 0

EXPLAIN !!L_ExcludeautodiscoverhttpsqueryforautodiscoverdomainExplain

END POLICY

 

POLICY !!L_Excludeautodiscoverhttpredirectquery

KEYNAME Software\Policies\Microsoft\Office\12.0\Outlook\AutoDiscover

VALUENAME ExcludeHttpRedirect

VALUEON NUMERIC 1

VALUEOFF NUMERIC 0

EXPLAIN !!L_ExcludeautodiscoverhttpredirectqueryExplain

END POLICY

 

POLICY !!L_Excludeautodiscoversrvrecordquery

KEYNAME Software\Policies\Microsoft\Office\12.0\Outlook\AutoDiscover

VALUENAME ExcludeSrvRecord

VALUEON NUMERIC 1

VALUEOFF NUMERIC 0

EXPLAIN !!L_ExcludeautodiscoversrvrecordqueryExplain

END POLICY

 

d.      Locate the following line in the template

L_AutomaticallyconfigurerofilebasedonActiveExplain="By default, if a user is joined to a domain ...

e.      Insert a blank-line above this line, and then paste the content below

 

L_Excludeautodiscoverscplookup="Exclude the SCP object lookup for Autodiscover"

L_ExcludeautodiscoverscplookupExplain="Enable this policy to stop Outlook from performing an Active Directory query for Service Connection Point (SCP) objects with Autodiscover information."

 

L_Excludeautodiscoverhttpsqueryforrootdomain="Exclude the Autodiscover lookup using a query for the root domain of your primary SMTP address"

L_ExcludeautodiscoverhttpsqueryforrootdomainExplain="Enable this policy to stop Outlook from using the root domain of your primary SMTP address to locate the Autodiscover service. For example, if this policy is enabled, Outlook does not use the following URL:\n\nhttps://<smtp-address-domain>/autodiscover/autodiscover.xml."

 

L_Excludeautodiscoverhttpsqueryforautodiscoverdomain="Exclude the Autodiscover lookup using a query for the Autodiscover domain"

L_ExcludeautodiscoverhttpsqueryforautodiscoverdomainExplain="Enable this policy to stop Outlook from using the Autodiscover domain to locate the Autodiscover service. For example, if this policy is enabled, Outlook does not use the following URL:\n\nhttps://autodiscover.<smtp-address-domain>/autodiscover/autodiscover.xml."

 

L_Excludeautodiscoverhttpredirectquery="Exclude the Autodiscover lookup using the HTTP redirect method"

L_ExcludeautodiscoverhttpredirectqueryExplain="Enable this policy to stop Outlook from using the HTTP redirect method in the event it is unable to reach the Autodiscover service via either of the HTTPS URLs\n\nhttps://<smtp-address-domain>/autodiscover/autodiscover.xml\n\nhttps://autodiscover.<smtp-address-domain>/autodiscover/autodiscover.xml."

 

L_Excludeautodiscoversrvrecordquery="Exclude the Autodiscover query for an SRV record in DNS"

L_ExcludeautodiscoversrvrecordqueryExplain="Enable this policy to stop Outlook from using an SRV record lookup in DNS to locate the Autodiscover service."

 

Notes: When you paste the lines above into the notepad, please remove all the blank-line among them. Otherwise, it’ll cause problems in the GPO Editor

f.        Save and close .adm file

g.      Add the updated .adm file to the GPO Editor

h.      To configure the new policy setting, please go to “Tools | Account Settings - Exchange” node

 

Resources:

Outlook Automatic Account Configuration
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:nkean
ID: 34222748
I got word back today that even after this change the users are still getting prompted.  I guess I may be missing something here still because the clients are already configured users.  Is there a reason Outlook would still be running the auto discovery if the client is configured?

I've also verified that the new GPO is being applied although I'm not sure how to verify that the settings are truly being applied.  That's to say when I do a gpresult it say it's applied but were would I go to verify that the settings in the GPO took inside of outlook?
0
 

Author Comment

by:nkean
ID: 34223388
Looks like I mis-configured the GPO.  I misread what it said and disabled the settings instead of enabling them to stop the auto discovery feature.  Let me see if this does indeed correct our issue and get back to you.
0
 
LVL 10

Expert Comment

by:dhruvarajp
ID: 34223531
ok good luck. i am sure it will work
0
 

Author Comment

by:nkean
ID: 34227154
It worked.  Thanks again for the help.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
Mailbox Overload?
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question