Configuring Active Directory for Automatic Detection
Updated: February 1, 2011
Applies To: Forefront Threat Management Gateway (TMG)
Forefront TMG uses Active Directory (AD) Marker for automatic detection of the location of Forefront TMG. The TmgAdConfig tool is an autodiscovery tool which configures Active Directory with a marker key that points to the Forefront TMG computer. This key is used by the Forefront TMG Client to locate and connect to the Forefront TMG computer.
Warning
AD Marker is not supported in a workgroup deployment. If your computer is not a member of a domain, either add it to a domain or use the legacy detection methods by clearing the Use Active Directory (recommended) check box in the Forefront TMG Client‘s advanced settings.
To run the AD Marker tool for automatic detection
To store the marker key in Active Directory, at the command prompt, type: TmgAdConfig.exe add -default -type winsock -url <service-url> [-f] where:
- The service-url entry should be in the format https://<TMG Server Name>:8080/wspad.dat.
The following parameters can be used in the commands:
To delete a key from Active Directory, at a command line prompt, type:TmgAdConfig.exe del -default -type winsock
To configure the Active Directory marker for a specific site, use the –site command line parameter.
For a complete list of options, type TmgAdConfig.exe -?
For detailed usage information, type TmgAdConfig.exe <command> -help
The TmgAdConfig tool creates the following registry key in Active Directory: LDAP://Configuration/Services/Internet Gateway("Container") /Winsock Proxy("ServiceConnectionPoint")
The key’s server binding information will be set to <service-url>. This key will be retrieved by the Forefront TMG Client and will be used to download the wspad configuration file.