Depending on your situation, you may want to take control of how Exchange’s Autodiscover lookup process works. Specifically, there are a lot of scenarios where Autodiscover will break because the lookup process isn’t properly controlled. In this article, I’ll go over registry settings that will let you control which steps are used and which ones are skipped.…
The Problem
A very common issue when moving an organization from an on-premises Exchange environment to Office 365 is non-usable domain names. The issue happens because a domain name of the Active Directory Domain has one of these issues:
- The Domain used by AD is not “owned” by the organization. This issue happens when a company decides to use a specific domain name on their Internal network when they have either lost control of that domain name or never had control of it.
One of the most historically difficult problems to address in IT is usernames and passwords for multiple applications. We all have a multitude of accounts we have to manage. Bank accounts, social media, email, work accounts, cloud storage, and every other system we use relies on usernames and passwords to “authenticate” who we are. There are a number of different solutions for this problem, but the most user friendly method is a technique called “Identity Federation.”…
How to solve problems with Exchange Autodiscover. Certificate Error issues in particular.
Take a minute to go over this post from Dirk-jan Mollema. Go ahead and read it. I’ll wait…
Did you realize how scary that kind of attack is? As an IT guy who specializes in Exchange server and loves studying security, that article scared the snot out of me. Based on my experience with organizations of all sizes I can say with a good bit of authority that almost every Exchange organization out there is probably vulnerable to this attack.…
Here’s an interesting trick that might help you resolve some of your DNS management woes, particularly if you have a different Public and Private DNS zone in your environment. For instance, you have a domain name of whatever.com externally, but use whatever.local internally. When your DNS is set up like that, all attempts to access systems using the whatever.com…
I’ve run into a number of people who get confused about this subject when trying to determine how to get their On-Prem accounts and Office 365 synced and working properly. Most often, people are making a comment somewhere that says, “Just use Password sync, it’s just as good and doesn’t require a server,” or something similar.…
In a previous post I explained how you can use a SRV record to resolve certificate issues with Autodiscover when your Internal domain isn’t the same as your Email domain. This time, I’m going to explain how to fix things by making changes to Exchange and Active Directory that will allow things to function normally without having to use a SRV record or any DNS records at all, for that matter.…
He’s an issue I’ve just run into that there doesn’t seem to be a good answer to on the Internet. When you are building a highly available ADFS farm to enable Single Sign On for Office 365, should you use the Windows Integrated Database (WID) that comes with Windows Server or store the ADFS Configuration on a SQL server?…
One of the subjects that doesn’t get a whole lot of coverage in IT is how to name an Active Directory domain. There’s a lot of confusion around the how and why to name a Domain primarily because the best practices for doing so have changed a number of times over the past decade or so.…