+ Reply to Thread
Results 1 to 6 of 6
  1. Junior Member
    Join Date
    Mar 2013
    Location
    New York, NY
    Posts
    20

    Certifications
    CCNA
    #1

    Default Question about Exchange

    It is recommended by Microsoft that the internal domain name is different from the external. I have a test lab where i have my internal domain name as globomantics.local and external as globomantics.com. The problem is that when outlook auto configures, it uses the domain .local. Is there a way i can use .com without changing my internal dns name? Maybe a cname record?
    Reply With Quote Quote  

  2. SS
  3. Senior Member
    Join Date
    Dec 2008
    Location
    Denver
    Posts
    1,882

    Certifications
    CCNA:Security,BCNE,Exchange 2007, ITIL
    #2
    I think you might be talking about two different things. When outlook auto-configures it will use the internal domain name of the server no matter what. This is a big reason we we use SAN certs on our servers because Outlook Anywhere will connect to say "mail.globomantics.com" but when the RPC/HTTPS tunnel is nailed up, it will resolve "mail.globomantics.local" or whatever its internal name is. In your lab - just don't worry about the cert and click through the cert error.

    Now, if the situation is that it configures your email ADDRESS with the .local extension instead of .com, then you just need to change your default email address policy to assign a dot com address to your user accounts.
    Reply With Quote Quote  

  4. Senior Member rsutton's Avatar
    Join Date
    Sep 2007
    Location
    SF Bay Area, Ca
    Posts
    1,015

    Certifications
    83-640, 70-642, 70-662, ICND1
    #3
    For what it's worth, this "best practice" may be changing soon as the public CA's are not allowing you to generate a certificate with a .local or similar name on your SAN after November of 2015.
    Last edited by rsutton; 01-02-2014 at 05:13 PM.
    Reply With Quote Quote  

  5. Nidhoggr, the Net Serpent Claymoore's Avatar
    Join Date
    Nov 2007
    Location
    FL
    Posts
    1,622

    Certifications
    AWS Architect, MCSEx3, MCITPx6, MCTSx17
    #4
    Quote Originally Posted by dynamitekid View Post
    It is recommended by Microsoft that the internal domain name is different from the external.
    Mostly true, but .local domain names have never been recommended. You could use corp.globomantics.com for the internal domain or just keep the domains the same. Many companies keep them the same and it makes things easier when dealing with certificates, UPNs, ADFS and integration with external organizations or Office 365 and Azure.

    Autodiscover has an order of operations, and Outlook Autodiscover can be configured using group policy (if you need to disable SCP lookups in a forest with multiple child domains for example). The CAS registers itself as a Service Connection Point in AD using its FQDN when it is installed. You can change this to a FQDN that is part of your SAN cert with the Set-ClientAccessServer cmdlet.

    Set-ClientAccessServer -Identity "CAS-01" -AutoDiscoverServiceInternalUri "https://autodiscover.contoso.com/autodiscover/autodiscover.xml"

    Make sure you have a DNS record for Autodiscover that points to a CAS or is load balanced to the internal servers.
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Mar 2013
    Location
    New York, NY
    Posts
    20

    Certifications
    CCNA
    #5
    So if the internal domain name is the same as the external, how would an outside client differentiate from the external and internal.
    Reply With Quote Quote  

  7. Nidhoggr, the Net Serpent Claymoore's Avatar
    Join Date
    Nov 2007
    Location
    FL
    Posts
    1,622

    Certifications
    AWS Architect, MCSEx3, MCITPx6, MCTSx17
    #6
    Most simply, DNS. The client will query Autodiscover.globomantics.com and Webmail.globomantics.com from an external DNS server and get an external IP to connect to the service. Internal DNS will point to an internal IP. More complex is the EXPR and EXCH data returned in an autodiscover response. The EXPR data are the Outlook Anywhere URL and External URLs of the services like EWS and OOF that the Outlook client can use when outside the domain.

    You can have different internal and external names, but that doubles the entries in the SAN certificate and makes it more expensive. If you have a .local internal domain, you won't be able to buy a certificate past November 2015.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks