Find Autodiscover endpoints by using SCP lookup in Exchange
Find out how to locate Autodiscover SCP objects in Active Directory Domain Services (AD DS) and use them to find Autodiscover endpoint URLs to use with the Exchange Autodiscover service.
Autodiscover makes it easy to retrieve information that you need to connect to mailboxes on Exchange servers. However, in order to use Autodiscover, you need a way to find Autodiscover servers that are appropriate for the user you're retrieving settings for. Service connection point (SCP) objects in AD DS provide an easy way for domain-joined clients to look up Autodiscover servers.
Get set up to find Autodiscover endpoints
To locate Autodiscover SCP objects in AD DS, you need to have access to the following:
A server that is running a version of Exchange on-premises starting with Exchange 2007 SP1.
A client computer that is joined to the domain that the Exchange server is installed in.
A user account that has a mailbox on the Exchange server.
Also, before you begin, you'll want to be familiar some basic concepts. The following are some resources that you'll find helpful.
Table 1. Related articles for finding Autodiscover endpoints from SCP objects
Read this article | To learn about… |
---|---|
Autodiscover for Exchange |
How the Autodiscover service works. |
Publishing with Service Connection Points |
How SCP objects are used to publish service-specific data. |
Locate Autodiscover SCP objects in AD DS
The first step toward finding Autodiscover endpoints published in AD DS is to locate the Autodiscover SCP objects. Exchange publishes two types of SCP objects for Autodiscover:
SCP pointers — These contain information that points to specific LDAP servers that should be used to locate Autodiscover SCP objects for the user's domain. SCP pointers are stamped with the following GUID: 67661d7F-8FC4-4fa7-BFAC-E1D7794C1F68.
SCP URLs — These contain URLs for Autodiscover endpoints. SCP URLs are stamped with the following GUID: 77378F46-2C66-4aa9-A6A6-3E7A48B19596.
To locate Autodiscover SCP objects
Read the configurationNamingContext property of the root DSE entry in AD DS to get the path to the configuration naming context for the domain. You can do this by using the DirectoryEntry class, or any other API that can acces AD DS.
Search for SCP objects in the configuration naming context that have either the SCP pointer GUID or the SCP URL GUID in the keywords property.
Check the SCP objects you found for an SCP pointer that is scoped to the user's domain by checking the keywords property for an entry equal to
"Domain=<domain>"
. For example, if the user's email address is elvin@contoso.com, you would look for an SCP pointer with an entry in the keywords property that is equal to"Domain=contoso.com"
. If a matching SCP pointer is found, discard the set of SCP objects and start over at step 1 using the value of the serviceBindingInformation property as the server to connect to for the Root DSE entry.If you don't find any SCP pointers scoped to the user's domain, check for any SCP pointers that aren't scoped to any domain, and save the value of the serviceBindingInformation property as a "fallback" server, in case the current server doesn't give you any results.
If you didn't find any SCP pointers scoped to the domain, you're ready to move on to the next step: generating a prioritized list of Autodiscover endpoints from your results.
Generate a prioritized list of Autodiscover endpoints
You can generate a prioritized list of Autodiscover endpoint URLs, using the set of SCP objects that you located, by doing the following:
Get the Active Directory site name of the client computer.
Check the keywords property on each SCP URL in the set of SCP objects you found, and assign a priority to the URL based on the following rules:
If the keywords property contains a value of
"Site=<site name>"
, where<site name>
equals the name of the Active Directory site you retrieved in the previous step, assign the URL a priority of 1.If the keywords property does not contain an entry with a value that starts with
"Site="
, assign the URL a priority of 2.If the keywords property contains a value of
"Site=<site name>
, where<site name>
does not equal the name of the Active Directory site you retrieved in the previous step, assign the URL a priority of 3.
Code example: Performing an SCP lookup
In the following code example, you'll see how to locate Autodiscover SCP objects and generate a prioritized list of Autodiscover endpoints.
using System;
using System.Collections.Generic;
using System.DirectoryServices;
using System.DirectoryServices.ActiveDirectory;
namespace ScpLookup
{
// This sample is for demonstration purposes only. Before you run this sample, make sure
// that the code meets the coding requirements of your organization.
class Program
{
static void Main(string[] args)
{
string domain = args[0];
Console.WriteLine("Performing SCP lookup for {0}.", domain);
List<string> scpUrls = GetScpUrls(null, domain);
Console.WriteLine("\nOrdered List of Autodiscover endpoints:");
foreach (string url in scpUrls)
{
Console.WriteLine(" {0}", url);
}
Console.WriteLine("SCP lookup done.");
}
// GUID for SCP URL keyword.
private const string ScpUrlGuidString = @"77378F46-2C66-4aa9-A6A6-3E7A48B19596";
// GUID for SCP pointer keyword.
private const string ScpPtrGuidString = @"67661d7F-8FC4-4fa7-BFAC-E1D7794C1F68";
static List<string> GetScpUrls(string ldapServer, string domain)
{
// Create a new list to return.
List<string> scpUrlList = new List<string>();
string rootDSEPath = null;
// If ldapServer is null/empty, use LDAP://RootDSE to
// connect to Active Directory Domain Services (AD DS). Otherwise, use
// LDAP://SERVERNAME/RootDSE to connect to a specific server.
if (string.IsNullOrEmpty(ldapServer))
{
rootDSEPath = "LDAP://RootDSE";
}
else
{
rootDSEPath = ldapServer + "/RootDSE";
}
SearchResultCollection scpEntries = null;
try
{
// Get the root directory entry.
DirectoryEntry rootDSE = new DirectoryEntry(rootDSEPath);
// Get the configuration path.
string configPath = rootDSE.Properties["configurationNamingContext"].Value as string;
// Get the configuration entry.
DirectoryEntry configEntry = new DirectoryEntry("LDAP://" + configPath);
// Create a search object for the configuration entry.
DirectorySearcher configSearch = new DirectorySearcher(configEntry);
// Set the search filter to find SCP URLs and SCP pointers.
configSearch.Filter = "(&(objectClass=serviceConnectionPoint)" +
"(|(keywords=" + ScpPtrGuidString + ")(keywords=" + ScpUrlGuidString + ")))";
// Specify which properties you want to retrieve.
configSearch.PropertiesToLoad.Add("keywords");
configSearch.PropertiesToLoad.Add("serviceBindingInformation");
scpEntries = configSearch.FindAll();
}
catch (Exception ex)
{
Console.WriteLine("SCP lookup failed with: ");
Console.WriteLine(ex.ToString());
}
// If no SCP entries were found, then exit.
if (scpEntries == null || scpEntries.Count <= 0)
{
Console.WriteLine("No SCP records found.");
return null;
}
string fallBackLdapPath = null;
// Check for SCP pointers.
foreach (SearchResult scpEntry in scpEntries)
{
ResultPropertyValueCollection entryKeywords = scpEntry.Properties["keywords"];
if (CollectionContainsExactValue(entryKeywords, ScpPtrGuidString))
{
string ptrLdapPath = scpEntry.Properties["serviceBindingInformation"][0] as string;
// Determine whether this pointer is scoped to the user's domain.
if (CollectionContainsExactValue(entryKeywords, "Domain=" + domain))
{
Console.WriteLine("Found SCP pointer for " + domain + " in " + scpEntry.Path);
// Restart SCP lookup with the server assigned for the domain.
Console.WriteLine("Restarting SCP lookup in " + ptrLdapPath);
return GetScpUrls(ptrLdapPath, domain);
}
else
{
// Save the first SCP pointer that is not scoped to a domain as a fallback
// in case you do not get any results from this server.
if (entryKeywords.Count == 1 && string.IsNullOrEmpty(fallBackLdapPath))
{
fallBackLdapPath = ptrLdapPath;
Console.WriteLine("Saved fallback SCP pointer: " + fallBackLdapPath);
}
}
}
}
string computerSiteName = null;
try
{
// Get the name of the ActiveDirectorySite the computer
// belongs to (if it belongs to one).
ActiveDirectorySite site = ActiveDirectorySite.GetComputerSite();
computerSiteName = site.Name;
Console.WriteLine("Local computer in site: " + computerSiteName);
}
catch (Exception ex)
{
Console.WriteLine("Unable to get computer site name.");
Console.WriteLine(ex.ToString());
}
if (!string.IsNullOrEmpty(computerSiteName))
{
// Scan the search results for SCP URLs.
// SCP URLs fit into three tiers:
// Priority 1: The URL is scoped to the computer's Active Directory site.
// Priority 2: The URL is not scoped to any Active Directory site.
// Priority 3: The URL is scoped to a different Active Directory site.
// Temporary lists to hold priority 2 and 3 URLs.
List<string> priorityTwoUrls = new List<string>();
List<string> priorityThreeUrls = new List<string>();
foreach (SearchResult scpEntry in scpEntries)
{
ResultPropertyValueCollection entryKeywords = scpEntry.Properties["keywords"];
// Check for SCP URLs.
if (CollectionContainsExactValue(entryKeywords, ScpUrlGuidString))
{
string scpUrlPath = scpEntry.Properties["adsPath"][0] as string;
Console.WriteLine("SCP URL found at {0}", scpUrlPath);
string scpUrl = scpEntry.Properties["serviceBindingInformation"][0] as string;
scpUrl = scpUrl.ToLower();
// Determine whether this entry is scoped to the computer's site.
if (CollectionContainsExactValue(entryKeywords, "Site=" + computerSiteName))
{
// Priority 1.
if (!scpUrlList.Contains(scpUrl.ToLower()))
{
Console.WriteLine("Adding priority 1 SCP URL: {0}", scpUrl.ToLower());
scpUrlList.Add(scpUrl);
}
else
{
Console.WriteLine("Priority 1 SCP URL already found: {0}", scpUrl);
}
}
else
{
// Determine whether this is a priority 2 or 3 URL.
if (CollectionContainsPrefixValue(entryKeywords, "Site="))
{
// Priority 3.
if (!priorityThreeUrls.Contains(scpUrl))
{
Console.WriteLine("Adding priority 3 SCP URL: {0}", scpUrl);
priorityThreeUrls.Add(scpUrl);
}
else
{
Console.WriteLine("Priority 3 SCP URL already found: {0}", scpUrl);
}
}
else
{
// Priority 2.
if (!priorityTwoUrls.Contains(scpUrl))
{
Console.WriteLine("Adding priority 2 SCP URL: {0}", scpUrl);
priorityTwoUrls.Add(scpUrl);
}
else
{
Console.WriteLine("Priority 2 SCP URL already found: {0}", scpUrl);
}
}
}
}
}
// Now add the priority 2 URLs into the main list.
foreach (string priorityTwoUrl in priorityTwoUrls)
{
// If the URL is already in the list as a priority 1,
// don't add it again.
if (!scpUrlList.Contains(priorityTwoUrl))
{
scpUrlList.Add(priorityTwoUrl);
}
}
// Now add the priority 3 URLs into the main list.
foreach (string priorityThreeUrl in priorityThreeUrls)
{
// If the URL is already in the list as a priority 1
// or priority 2, don't add it again.
if (!scpUrlList.Contains(priorityThreeUrl))
{
scpUrlList.Add(priorityThreeUrl);
}
}
// If after all this, you still have no URLs in your list,
// try the fallback SCP pointer, if you have one.
if (scpUrlList.Count == 0 && fallBackLdapPath != null)
{
return GetScpUrls(fallBackLdapPath, domain);
}
}
return scpUrlList;
}
private static bool CollectionContainsExactValue(ResultPropertyValueCollection collection, string value)
{
foreach (object obj in collection)
{
string entry = obj as string;
if (entry != null)
{
if (string.Compare(value, entry, true) == 0)
return true;
}
}
return false;
}
private static bool CollectionContainsPrefixValue(ResultPropertyValueCollection collection, string value)
{
foreach (object obj in collection)
{
string entry = obj as string;
if (entry != null)
{
if (entry.StartsWith(value))
return true;
}
}
return false;
}
}
}
Next steps
The next step in the Autodiscover process is to send Autodiscover requests to the URLs that you found, starting with priority 1 URLs, then priority 2 URLs, and finally priority 3 URLs. To learn more about how to send Autodiscover requests and handle responses, read the following articles: