Exchange 2007, Exchange 2010

Configuring the Autodiscover Service for Multiple Forests

This text, is a copy and paste from: Exchange 2007 Autodiscover whitepaper (http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx)
I wanted to publish it to spread the knowledge how to deploy autodiscover function in large user and resource forests.

You can deploy Microsoft Exchange by using multiple forests. Two of the multiple forest deployment scenarios are the resource forest topology and
the multiple trusted forest topology. The following sections describe how the Autodiscover service is used in these two deployment scenarios.

Configuring the Autodiscover Service in a Resource Forest Topology

If you use a resource forest topology, user accounts reside in one forest (known as a user account forest) and Microsoft Exchange is deployed in a
separate forest (known as a resource forest).

In this scenario, the following will occur:

  1. The Outlook client contacts Active Directory in the user account forest to locate the URL for the Autodiscover service. Because the service is
    hosted in the resource forest, you must update Active Directory in the user account forest to include the information that Active Directory
    requires to enable the client to access the resource forest. To do this, you must create an Autodiscover SCP pointer record in Active Directory
    in the user account forest. The Autodiscover SCP pointer record includes the LDAP URL of the resource forest that the client will use to locate
    the Autodiscover service in the resource forest.
  2. Outlook binds to the target forest by using the LDAP URL and retrieves the SCP records.
  3. Depending on your SCP record configuration, the following will occur:
    1. If the account forest Active Directory sites are in the resource forest, which requires Microsoft Identity Lifecycle Manager 2007
      synchronization, the Outlook client will retrieve the SCP records for the Outlook client’s Active Directory site.
    2. If the SCP records do not have a site scope that matches the Outlook client’s site, the Outlook client will retrieve an SCP record at random.
      Also, if the Active Directory site topology is not being replicated between the user account forest and the resource forest, the Outlook
      client will retrieve an SCP record at random.
  4. The Outlook client connects to the URL that is specified in the SCP record that was obtained and retrieves the required user profile settings
    by using the Autodiscover service.

Configuring the Autodiscover Service in a Multiple Trusted Forest Topology

In the multiple trusted forest scenario, the user accounts and Microsoft Exchange are deployed in multiple forests. Exchange 2007 features such as the
Availability service and Unified Messaging rely on the Autodiscover service to access user accounts across forests. In this scenario, the Autodiscover service
must be available to users across multiple trusted forests. This scenario resembles the resource forest scenario, except that the Autodiscover SCP object
must be configured in all forests. To configure the Autodiscover SCP object in the multiple forest topology, run the Export-AutoDiscoveryConfig cmdlet from
each forest that has the Autodiscover service against each target forest where Microsoft Exchange is deployed.

How to Configure the Autodiscover Service When You Use Multiple Forests

If your Exchange deployment has two or more trusted forests, you must update Active Directory so that users who are running Microsoft Office Outlook 2007
in one forest can access the Client Access servers in the remote (or target) forest to use the Autodiscover service. To do this, you must extend the schema in
the user forest by running Exchange 2007 Setup with the /PrepareAD or /PrepareSchema switch, and then run the Export-AutodiscoverConfig cmdlet in the
resource forest that contains the Client Access servers that provide the Autodiscover service against the target forests. This will configure the SCP information
for the Autodiscover pointer in Active Directory. Or, you can manually create the root Autodiscover SCP record container in the user forest.

Important:
If you install Exchange 2007 Service Pack 1 (SP1), you will not have to extend the schema or manually create the Autodiscover SCP record container in the user forest.
Note:
If you do not want to extend the schema in the user forest, you can update DNS in the user forest with a host record that points to the internal IP address of the Client Access server in the resource forest where Autodiscover is hosted.
Note:
If you will be manually creating the Autodiscover SCP record container, you must install the Windows Server 2003 Support Tools from the Windows Server 2003 CD. After the Autodiscover SCP record container is installed, you can access the Active Directory Service Interfaces (ADSI) Edit tool by going to the Start menu, clicking Programs, and then clicking Windows Support Tools. Then select Support Tools Help.

Before You Begin

To perform the following procedures, the account you use must be delegated the Exchange Server Administrator role and membership in the local Administrators
group for the target server.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

To use ADSI Edit to extend the schema in the user forest

  • Run Exchange 2007 Setup on a server in the user forest by using the following command:


    Copy Code

    Setup.com /prepareschema
    
  • Or, create the “Microsoft Exchange Autodiscover” container in the user account forest by following these steps:
    • Start ADSI Edit.
    • Expand the Configuration container.
    • Expand CN=Configuration,DC=<root domain>.
    • Expand the CN=Services container.
    • Right-click CN=Services, click New, and then select Object.
    • Under Select a Class, select Container, and then click Next.
    • Next to Value, enter “Microsoft Exchange Autodiscover“, and then click Next.
    • Click Finish.
    • Allow Active Directory replication to occur before you continue with the next step.

To use the Exchange Management Shell to configure the Autodiscover service for multiple forests

  1. On an Exchange 2007 Client Access server in the resource forest, enter the user name and password for the account that has the required permissions
    for the target forest in the variable “$a” by running the following command:


    Copy Code

    $a = Get-Credential
    
  2. On an Exchange 2007 Client Access server in the resource forest, run the following command:


    Copy Code

    Export-AutoDiscoverConfig -DomainController DomainControllerName -TargetForestDomainController TargetForestDomainControllerName 
    -TargetForestCredentials $a -MultipleExchangeDeployments $true
    

For more information about syntax and parameters, see Export-AutoDiscoverConfig.

http://technet.microsoft.com/en-us/library/aa998832(EXCHG.80).aspx

Tagged