Check for Autodiscover ServiceBindingInformation during the installation of Exchange — This way you can be alerted when the property is configured, and we can $Null it out.

Scenario: We are installing Exchange On-Premises on some new servers, and we want to minimize the amount of Security Alerts that pop up on users Outlook connections. The Security Alerts pop up because we do not put the servername on the public certificates AND Exchange wants to configure the autodiscover record with https://<local server name>/autodiscover/autodiscover.xml — silly Microsoft.

Solution: During the Exchange Installation, run the following scriptlet to loop through and beep/display when it is there, so you can go in and null it out in ADSI edit (or Exchange if it allows you).

#Variables

You can find the exact $AD property by locating the DN of the server by navigating through the ADSIEdit Configuration (working your way backwards from the AD property below) and copying it.

$s = "ExServer21"
$ad = "CN=$s,CN=Autodiscover,CN=Protocols,CN=$S,CN=Servers,CN=Exchange Administrative Group,CN=Administrative Groups,CN=Enterprise Exchange,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com"

#Loop It

Do{
$1 = Get-ADObject $AD -properties * |Select -expandproperty ServiceBindingInformation
"Checking $s for Service Binding Information...."
If($1 -ne $null){ 
    [console]::beep(500,300)
    "ServiceBindingInfomation: $1"}
Sleep 5
}While($C -ne "RunForever")

You could also run set-clientaccessserver <servername> -AutodiscoverServiceInternalUri $null



Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: