How to control Outlook AutoDiscover by using Group Policy
Original KB number: 2612922
When you view the Microsoft Office Outlook 2007 or Outlook 2010 policy settings in the Group Policy Object Editor, you only see the following policy setting that is related to AutoDiscover:
Automatically configure profile based on Active Directory Primary SMTP address
However, this policy setting only controls whether the startup wizard dialog box appears when Microsoft Exchange mailbox information is available to your domain-joined workstation.
In some scenarios, you may want to control the methods that are used by Outlook to find the AutoDiscover service. This depends on the client/server topology, but these are the methods that are used by Outlook:
HTTPS root domain query
HTTPS AutoDiscover domain query
HTTP redirect method
SRV record query
By default, Outlook uses one or more of these methods to reach the AutoDiscover service. For example, for a computer that is not joined to a domain, Outlook tries to connect to the predefined URLs (for example,
https://autodiscover.contoso.com/autodiscover/autodiscover.xml) by using DNS. If that fails, Outlook tries the HTTP redirect method. If that does not work, Outlook tries to use the SRV record lookup method. If all lookup methods fail, Outlook cannot obtain "Outlook Anywhere" configuration and URL settings.
This article discusses how you can enable or disable the AutoDiscover feature and how you can specify which methods for Outlook to use to try to reach the AutoDiscover service.
To deploy the custom Group Policy template to control the behavior of the Outlook AutoDiscover feature, follow these steps:
Download and extract the custom Group Policy template for your version of Outlook from the Microsoft Download Center:
Copy the .adm file that you downloaded in step 1 to your domain controller:
Outlook 2010 = Outlk14-autodiscover.adm
Outlook 2007 = Outlk12-autodiscover.adm
The steps to add the .adm file to a domain controller vary, depending on the version of Windows that you are running. Also, because you may be applying the policy to an organizational unit (OU) and not to the whole domain, the steps may vary in this aspect of applying a policy. Therefore, check your Windows documentation for more information.
Under User Configuration, expand Classic Administrative Templates (ADM) to locate the policy node for your template.
To configure the AutoDiscover feature, find the Exchange node. In the Exchange node, select the AutoDiscover node. Double-click the AutoDiscover policy setting in the details pane.
In the dialog box for the policy setting, select Enabled to enable the policy.
When you enable the policy setting, the five Exclude check boxes under this item are selected. To disable the AutoDiscover feature, make sure that all the check boxes are selected. Or, you can use the five check boxes to specify which discovery methods Outlook AutoDiscover uses to try to reach the AutoDiscover service.
After you finish configuring the AutoDiscover policy and the information has propagated to your Outlook clients, you can verify that the policies are available to Outlook by examining the following subkey in the registry:
The <1x.0> placeholder represents your version of Outlook (12.0 = Outlook 2007, and 14.0 = Outlook 2010).
Methods used to try to reach the AutoDiscover service
SCP object lookup
Outlook performs an Active Directory query for Service Connection Point (SCP) objects.
Root domain query based on your primary SMTP address
Outlook uses the root domain of your primary SMTP address to try to locate the AutoDiscover service. Outlook tries to connect to the following URL based on your SMTP address:
Query for the AutoDiscover domain
Outlook uses the AutoDiscover domain to try to locate the AutoDiscover service. Outlook tries to connect to the following URL based on your SMTP address:
Outlook uses HTTP redirection if Outlook cannot reach the AutoDiscover service through either of the secure HTTPS URLS:
SRV record query in DNS
Outlook uses an SRV record lookup in DNS to try to locate the AutoDiscover service.