Set-AutoDiscoverSiteScopeExchangeServers Part 1
In this blog post a few years ago: https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Exchange-Active-Directory-Deployment-Site/ba-p/604329 was a discussion around Exchange AutoDiscoverSiteScope information. The good news is, it worked perfectly in a lab, however, rarely is any production environment like a lab. Thus, there was some missing information. We're updating the article to include solutions to fix the problem. This post is more in detail about how to run the functions in the Exchange_AddIn module to help customers.
The function Set-AutoDiscoverSiteScopeExchangeServers can be run in two options:
- Get all AD Sites in a forest, exclude 'test' or 'deployment' sites, and assign all of the AD Sites to every Exchange server as the AutoDiscoverSiteScope value. This will work for most customers.
- Import a CSV file to define, which Exchange servers will be responsible for specific AD Sites to be scoped in the AutoDiscoverSiteScope value.
This part 1 article covers the first step, tomorrow will be the part 2 process for more complex organizations.
When you run the Set-AutoDiscoverSiteScopeExchangeServers, you do have to be logged into an Exchange server PowerShell session. You can use Connect-ExchangeServer function to easily do this, or use EMS on an Exchange Server. The parameter -DeployADSiteExclusion has a default value of "*deploy*". This follows the guidance of setting an AD deploy site aside to have Outlook clients not connect to the Exchange server until all services are assigned correctly with client side accepted certificates. It is this assigning that can only be done after an Exchange server install is complete, but before the services assigned, cause certificate warnings in Outlook to your end users and that is what we are trying to avoid. It is only avoidable, if all AD sites are assigned to the Exchange servers AutodiscoverSiteScope values, hence the reason for this function.
For most customers, with less than a dozen or so Exchange servers, several AD sites, and two data centers hosting Exchange servers, this default value will work really well. Should only take several seconds to run, and viola, you're good to go. Whenever you install a new Exchange server, perform all install steps in a deployment site, then move the IP address, run the Set-AutoDiscoverSiteScopeExchangeServers function, and once again, everything should work easily with no Outlook client disruptions.
If you have 'test' AD sites or some other temporary locations to install an Exchange server, that's what the parameter of -DeployADSiteExclusion allows you to set. The default value is *deploy*
When you run the function, it presents the current AutodiscoverSiteScope of the Exchange servers, presents the current AD sites, and has whatif/confirm prompts.
It also presents the value of your 'deploy' sites or test values that you've entered. Here is another example with more sites and more excluded sites, first the AD Sites and Services view:
Notice that the 'Test' site is not there, but all of the others are available and will set to the Exchange servers:
There you go, the easy way to setup all of your Exchange servers to cover all AD sites that all Outlook clients reside in and exclude your deployment site, so that no Outlook clients will get a pop-up with a certificate error and cause you to get a phone call.
Stay tuned for tomorrow's post on how to use the Set-AutoDiscoverSiteScopeExchangeServers for large or complex environments.
Mike