Optimizing Autodiscover

The Outlook/Exchange autodiscover process has been well documented by Microsoft (http://msdn.microsoft.com/en-us/library/office/jj900169(v=exchg.150).aspx)  The basic steps are

  1. Find Service Connection Points (SCP) in AD
    • check those records where keywords attribute contains site= matching the user’s AD Site
    • check those records where keywords attribute contains no site= at all
    • check those records where keywords attribute contains site= but none match user’s AD site
  2. Try https://smtpdomainname
  3. Try https://autodiscover.smtpdomainname
  4. See if there is a redirect returned by http://autodiscover.smtpdomainname
  5. lookup an SRV record in DNS for _autodiscover._tcp.smtpdomainname

Now each of these takes time of course, and not all are needed.  We can turn each of them on or off using registry settings within HKCU\Software\Policies\Microsoft\Office\xx.0\Outlook\Autodiscover

  1. ExcludeScpLookup
  2. ExcludeHttpsRootDomain
  3. ExcludeHttpsAutoDiscoverDomain
  4. ExcludeHttpRedirect
  5. ExcludeSrvRecord

 

Scenario 1 All users are on Office 365

When all users are on Office 365, the first three options are generally not required.  Now when you only have 100 or 1000 users then that isn’t a massive problem, but when you want the best performance or when you have tens of thousands of users then these requests can start to add up.

So use a Group Policy or equivalent method to set all of them to 1 except ExcludeHttpRedirect, which can be omitted or set to 0

Now you’ll find that the clients all just check for the redirect on autodiscover.smtpdomainname and they’ll be redirected to Office 365 for autodiscover

Scenario 2 All users are in Office 365 Hybrid Mode

A more complicated case is when your users are split between Office 365 and On Premise Exchange server in a Hybrid Configuration.  In this case you should still use SCP records for domain joined machines as you would normally for an On Premise Exchange environment, and your cloud users will rely on the targetAddress attribute to end up at Office 365.  Now if your Office 365 users are all in a different AD site than the on premise users, then you can use SCP for your Office 365 users too.

You would need to use adsiedit to create a new serviceConnectionPoint.  I generally create this in CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=<Exchange Org>,CN=Services,CN=Configuration and call it ExchangeOnline.

Make sure that the following attributes are set

  • keywords contains one entry 77378F46-2C66-4aa9-A6A6-3E7A48B19596
  • serviceBindingInformation is set to the URL that your users are redirected to

The easiest way to find the URL that your users are redirected to is by using Microsoft’s Remote Connectivity Analyzer

Screenshot 2014-07-16 13.48.49 Screenshot 2014-07-16 13.49.12 Screenshot 2014-07-16 13.49.20 Screenshot 2014-07-16 13.49.30 Screenshot 2014-07-16 13.49.44 Screenshot 2014-07-16 13.49.58

In my example you can see it returns https://autodiscover-s.outlook.com/Autodiscover/Autodiscover.xml

After you’ve created the SCP record you will find that AD sites that are not listed in the On Premise SCP records will use this new ExchangeOnline SCP record and will go directly to Office 365

 

Summary

As you can see, autodiscover is a complex tool, but it can be optimized via some simple registry changes.  As always make sure you test changes in a controlled environment before applying these changes wholesale across a production estate.

 

Twan van Beers

Twan is a senior consultant with over 20 years of experience. He has a wide range of skills including Messaging, Active Directory, SQL, Networking and Firewalls. Twan loves to write scripts and get deep and dirty into debugging code, in order to understand and resolve the most complex of problems.

This Post Has One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Search