Set-AutoDiscoverSiteScopeExchangeServers Part 2
In the part 1 of this function, we covered an option to set all Exchange servers to use every AD site in an organization, minus any 'deployment' ones. But what if you have a very large organization, with multiple data centers hosting Exchange servers, various regions to support, and you want to target specific locations from clients to a defined list of Exchange servers? Well, we have you covered.
There is an option, to use a CSV file to import all of the content you want to use. You use the Export-CSVAllADSites function that creates a CSV file with 4 columns of data, one of them fully populated with AD sites in the AD forest. The other three columns, you must fill out: Identity, RegionForServers, and RegionForClients.
- Identity: This is the Exchange server NETBIOS names that the PowerShell code will read in to set on specific servers.
- RegionForServers: This column will be the regions that you want to assign Exchange servers to cover the Outlook client requests.
- RegionForClients: This column needs to match the server regions as being defined on where the client AD sites reside, to which servers will handle the request.
Example CSV file:
|
Identity |
RegionForServers |
ADSite |
RegionForClients |
|
East-MBX01 |
East |
E-ATL |
East |
|
East-MBX02 |
East |
E-MCO |
East |
|
West-MBX01 |
West |
E-BOS |
East |
|
West-MBX02 |
West |
E-BWI |
East |
|
APAC-MBX01 |
APAC |
W-LAX |
West |
|
APAC-MBX02 |
APAC |
W-SFO |
West |
|
EMEA-MBX01 |
EMEA |
W-SEA |
West |
|
EMEA-MBX02 |
EMEA |
W-PHX |
West |
|
|
|
A-HND |
APAC |
|
|
|
A-HKG |
APAC |
|
|
|
A-MEL |
APAC |
|
|
|
A-SYD |
APAC |
|
|
|
M-LHR |
EMEA |
|
|
|
M-MUC |
EMEA |
|
|
|
M-FRA |
EMEA |
|
|
|
M-HAM |
EMEA |
Once this CSV file is filled out, you can import it into the Set-AutoDiscoverSiteScopeExchangeServers and it’ll set the Exchange severs, to the region that you define, to cover the Outlook clients closest to the Exchange serves, in the data center that makes sense for your organization. Thus, any Outlook client, calling into a defined Exchange Autodiscover site scoped server, will avoid any new Exchange server SCP records, since the AD site the client is claiming to be in, is defined in the Exchange servers. Problem solved! No more certificate prompts from Outlook clients when standing up new Exchange servers where the services are not fully assigned yet.
The code for importing a file named ADSiteInfo.csv from the c:\temp folder:
Set-AutoDiscoverSiteScopeExchangeServers -ImportFile C:\temp\ADSiteInfo.csv The function has risk mitigation options built in, so you can run both or either of the -whatif switch and/or the -confirm parameter switch, before you blast this into production. And where do you test your code? Production! With this CSV import, it is an all or nothing option. All servers listed, will use the regional values you set, by design. If there are any values already set, this function resets them to what you want. But this is what you want, as AD sites come and go, you wouldn’t want to retain older out of date values, hence the reason you need to be careful and conscience with the values you put into the CSV file.
Even if you assign an AD site to a region that the mailbox is not optimal with bandwidth, by at least having them defined, the clients will get a proper response and ignore SCP records, since the AD site scope is properly answer a valid AD Site of where the client resides. As mentioned above, the Outlook client will search the keywords values of the list of Exchange server in its’ own site, if it exists, else it uses AD Site link cost values to then get to the closest Exchange server. The key we are talking about here is, IF you don’t have all AD Sites listed for Exchange servers to answer, THEN you have a potential for certificate issues when deploying new Exchange servers.
You can also use the CSV option to set a smaller environment, but that has lots of complexity. For instance, if you have just two data centers, with an Exchange DAG spread between the two, need AD sites to cover all of the client subnets assigned, but exclude several other AD sites (Dev, test, non-Outlook clients, etc.), then use the CSV and just define the values you need. Something like this:
| Identity | RegionForServers | ADSite | RegionForClients |
| MBX01-P | All | Site1 | All |
| MBX02-P | All | Site2 | All |
| MBX03-DR | All | Site3 | All |
| Site4 | All | ||
| Site5 | All |
This will set the two primary Exchange servers and the DR one, to all of the listed sites, in this case, Sites1-5. However, you could also have sites called: Deployment, Test, Site6, Site7, etc, that would be ignored. Thus, when you run Export-CSVAllADSites you'll just remove any sites you don't want to set to the Exchange servers. Easy peasy!
With both of these options, the set all and the CSV choice, this should cover all situations for this issue of the certificate pop-up occurring when deploying new Exchange servers. As long as you maintain the AD sites list, update any new ones, remove old ones, and re-run the Set-AutoDiscoverSiteScopeExchangeServers function, you should no longer have phone calls when deploying new Exchange servers on premises.
I hope this helps you and your end users have less disruptions and more productivity time during the day. Thank you.
Mike