PS - Exchange Certificates and Autodiscover

on

Here are a few Exchange PowerShell commands and tips and tricks that have come in handy.
To test the Outlook web services use the following from the exchange management shell:

 Test-OutlookWebServices -identity:neil.petersen@domain.com -MailboxCredential (Get-Credential)
To see the Autodiscover Internal and External URLs defined you can run:

 Get-AutodiscoverVirtualDirectory | select Name, Server, InternalURL, ExternalURL
To see the configured certificates for the exchange server and the services it is bound to run the following(this can also be seen in the Exchange Control Panel)

 Get-ExchangeCertificate -server SERVERNAME | Select Subject,IsSelfSigned,Services,Thumbprint | ft -auto
To list the configured client access servers run:

 Get-ClientAccessServer
To get the details of the AutoDiscover URLs configured and their Scope run:

 Get-ClientAccessServer | select Name, AutoDiscoverServiceInternalUri, AutoDiscoverSiteScope (you can add | ft -AutoSize)
To See the Autodiscover SCP configured in Active Directory

 You can use Active Directory Sites and Services mmc to view the SCP configured for Autodiscover within your environment. 

 Open ADSS
Select View/Show Service Node
Browse to Services/Microsoft Exchange/Organisation/Administrative Groups/Exchange Administrative GroupsServers/SERVERNAME/Protocol/Autodiscover right click the container and view the properties. 

 If you look at the “serviceBindingInformation” attribute. This has the Fully Qualified Domain Name (FQDN) of the Client Access server in the form of https://server.domain.com/autodiscover/autodiscover.xml, where server.domain.com is the FQDN of the CAS server. 
Autodiscover Resolution Order:

 Autodiscover will resolve in the following order:

  1. https://<smtpdomain>/Autodiscover/Autodiscover.xml
  2. https://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml
  3. http://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml
  4. SRV record query for _autodiscover._tcp.<smtpdomain>

EWS, Autodiscover and Forms Based Authentication
Note it is not supported to have EWS or Autodiscover behind FBA.


To get the details of the the authentication methods configured for Outlook Anywhere

 Get-OutlookAnywhere | FT Identity,*auth* -AutoSize
The Get-OutlookProvider cmdlet gets the global settings from the AutoDiscoverConfig object in Active Directory and returns an OutlookProvider object to be managed in the Exchange Management Console.

 Get-OutlookProvider

 http://ilantz.com/2013/06/29/exchange-2013-outlook-anywhere-considerations/

Comments

Post a Comment