Share via

Configuring Active Directory for Automatic Detection

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

Forefront TMG uses Active Directory (AD) Marker for automatic detection of the location of Forefront TMG. The TmgAdConfig tool is an autodiscovery tool which configures Active Directory with a marker key that points to the Forefront TMG computer. This key is used by the Forefront TMG Client to locate and connect to the Forefront TMG computer.


AD Marker is not supported in a workgroup deployment. If your computer is not a member of a domain, either add it to a domain or use the legacy detection methods by clearing the Use Active Directory (recommended) check box in the Forefront TMG Client‘s advanced settings.

To run the AD Marker tool for automatic detection

  1. To store the marker key in Active Directory, at the command prompt, type: TmgAdConfig.exe add -default -type winsock -url <service-url> [-f] where:

    • The service-url entry should be in the format https://<TMG Server Name>:8080/wspad.dat.

    The following parameters can be used in the commands:

    • To delete a key from Active Directory, at a command line prompt, type:TmgAdConfig.exe del -default -type winsock

    • To configure the Active Directory marker for a specific site, use the –site command line parameter.

    • For a complete list of options, type TmgAdConfig.exe -?

    • For detailed usage information, type TmgAdConfig.exe <command> -help

The TmgAdConfig tool creates the following registry key in Active Directory: LDAP://Configuration/Services/Internet Gateway("Container") /Winsock Proxy("ServiceConnectionPoint")

The key’s server binding information will be set to <service-url>. This key will be retrieved by the Forefront TMG Client and will be used to download the wspad configuration file.


Configuring automatic detection