Exchange 2010 SP1 Multi-Tenant (Step 3 of 3)

Printer-friendly versionPDF version
Exchange 2010

Configuring Mailflow


Here is the issue. If you use DNS to route your mail then you will have a problem with sending emails between organizations. In order to make this work you must create a send connector that routes the traffic to and from the organizations. Another way to solve this problem is to use a smart host:

New-SendConnector -Name "Internet" -Usage "Custom" -AddressSpaces "SMTP:*;1" -IsScopedConnector $false -SmartHosts x.x.x.x,x.x.x.x -DNSRoutingEnabled $false -SmartHostAuthMechanism "None" -UseExternalDNSServersEnabled $false -SourceTransportServers "Exchange Server"

New Send Connector


Receive Connector:


Now we must tick the Anonymous box on the default receive connector so internet users can send to the Exchange Server:

Set-ReceiveConnector -PermissionGroups 'AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers' -Identity 'LABDCEX\Default LABDCEX'

Receive Connector


Setting External FQDN


Our next step will be to make sure we put the external FQDN on all of the virtual directories.



Set-OwaVirtualDirectory -Identity "owa (default web site)" -ExternalUrl



Set-EcpVirtualDirectory -Identity "ecp (default web site)"  -ExternalUrl


Active Sync:

Set-ActiveSyncVirtualDirectory -identity "microsoft-server-activesync (default web site)" -ExternalUrl



Set-OabVirtualDirectory -identity "oab (default web site)" -ExternalUrl




Now autodiscover is a little different with a multi-tenant deployment. The issue is you will have multiple domain names. Now we all know that autodiscover uses SSL certificates and we don’t want to buy a SSL certificate for every domain name we host.

Luckily there are two alternatives. One is you can use SRV records, and the other is autodiscover redirect. SRV records do have a problem though. Some devices may not check SRV records when trying to discover the email settings. I wasn’t able to get this to work on my iPhone, and Outlook 2007 requires a patch in order to make this work.

Your best bet is just to go with autodiscover redirect.


Here is a Microsoft Article that has descriptions of all the options to the New-SendConnector command:

Use this a reference when creating your send connector, as you will likely have to modify the example.

Very shortly this web site will be famous among all blogging and site-building viewers,
due to it's nice articles or reviews

You mention autodiscover redirects, but don't provide a link to any additional information. Can you provide a link to TechNet information about Autodiscover Redirection?

Here is a good link: 


Short version:

  • Configure autodiscover in hosted exchange for external address. Lets assume you put in:
  • In IIS on another server (not exchange) create a new website or a folder called autodiscover. Create a blank file called autodiscover.xml in that folder. Lets call this server
  • Disable HTTPS on that webserver
  • Configure IIS to redirect request to
  • Create A-HOST record for to point to your new website IP
  • For each client create a CNAME record for autodiscover to point to


CNAME examples: -> ->


The client will query everything using HTTPS and then fall back to HTTP. This is why you must have HTTPS off on the new webserver. So when it hits the new web server using HTTP it will then be redirected back to your actual exchange server.



Exchange 2010 /hosting articles are out of date. DO NOT install and use /hosting unless you already have. Microsoft released SP2 which support ABP [Address Book Policies] that will allow you do what /hosting does pretty much. The /hosting switch will no longer be supported when Exchange 2010 goes. Migrating from /hosting to SP2 is difficult and I personally have not done it yet. It requires a forest migration..

I would just stay away from /hosting

I can't get to go to its own secured OWA site unless I manually enter "".
It just goes to my site which works for login but, I'd rather it wasn't presented, and instead showed the client's HTTPS OWA address.

I'd like to make it so that by default when you enter it redirects to the HTTPS OWA website. Is there any way to do that perhaps?

Post new comment