[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 780
  • Last Modified:

AD authentication OWA

Hi Experts,

I was just wondering about authentication to OWA at my company.

From the internet, when I browse to my company's Outlook web access URL, I get prompted for forms-based authentication. That is, within the webpage, I see a box for username and password. The OWA is being reverse proxied by the ISA server. ISA server is on the DMZ and the back-end exchange server is on the inside network.

When I input my AD credentials, is the ISA server passing it to the backend exchange server which passes it to AD servers to check?
  • 2
2 Solutions
Schnell SolutionsSystems Infrastructure EngineerCommented:
Hello Trojan81

What is happening in this case is that the credentials received by ISA Server are validates directly from the ISA server to AD, if these credentials are corrected them ISA Server pass these credentials to your exchange server

Internally, the second step, and been transparent for the user, the credentials sent to exchange from ISA Server (And already validated by ISA Server with AD) are revalidated again in Exchange with the AD

I am assuming in this example that you have your exchange servers configured with basic authentication and your ISA Server with form base authentication
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
When I input my AD credentials, is the ISA server passing it to the backend exchange server which passes it to AD servers to check? - Yes

Authentication in ISA Server 2006


What is the ISA and Exchange Versions.

- Rancy
trojan81Author Commented:
Hello guys. So is the authentication happening at the ISA or is the ISA passing it to exchange which does an LDAP check against configured AD servers?
Schnell SolutionsSystems Infrastructure EngineerCommented:
Both things are correct. ISA authenticates the OWA connection with the DCs and them pass the credentials to the OWA servers. The LDAP connection between ISA server and the DCs make exactly an authentication communication that includes the query for validating the user, validating the credentials and so on

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now