A Guide To Alternate Access Mappings Basics in SharePoint 2013 - BLKSTHL

A guide to Alternate Access Mappings Basics in SharePoint 2013 | blksthl
CHUCK NORRIS THE ARCHIVES DOWNLOADS OFFICE 365 GUIDE SERIES ABOUT BLKSTHL
Home
> Alternate Access Mappings, Setup, SharePoint, SharePoint 2010, SharePoint 2013, SharePoint Foundation 2010, SharePoint Server RSS feed Twitter
2010, URL, Windows Server 2012 > A guide to Alternate Access Mappings Basics in SharePoint 2013
A guide to Alternate Access Mappings Basics in SharePoint 2013 Follow blksthl on WordPress.com
December 3, 2012 Go to comments Leave a comment Recent Posts

Office 365 feature comparison chart all plans
Office 365 News – First release for
select users
Office 365 News – Sway preview now
available in your First Release tenant
Right-click is here for SharePoint Online AND
OneDrive for Business
Alternate Access Mapping Basics in SharePoint 2013
Office 365 News – Office 365 Limited Admin
(This post is in its entirety valid for SharePoint 2010 as well) Roles are here
Office 365 – DTD is prohibited in this
Explains how you should look at Alternate Access Mappings – left to right.
document issue

Alternate Access Mappings is something that most SharePoint engineers or administrators
struggles with. More often than not, you get it right in the end but we are not really sure why it works Office 365 News – Move and Copy files and
folders in OneDrive for Business
or if it really works the way we want it to.

This, is my attempt to make it easy to understand. Office 365 guide series – Function to resolve a
users OneDrive for Business URL
Office 365 guide series – Manage files and
folders with PowerShell and CSOM
Office 365 News – New document now
supports Content types in SharePoint Online
Blogroll
Powershell.nu (Truesec)
Niklas Goude’s great
place for Powershell knowledge
harbar.net Spencer Harbars blog
One of the
best places to fins solid information on
SharePoint.
Share-n-dipity
Steve Peschka – Principal
Architect – Microsoft
Markus Lassfolk's Geek stuff
Geek Stuff
mainly related to Windows and Microsoft
infrastructure
Hasain Alshakarti on security (Truesec)
 Follow
Marcus Murray's truesecurity (Truesec)
Johan Persson (Truesec)
Follow “blksthl”
Mikael Nyström's blog (Truesec)
OS
Deployment, Virtualization, Microsoft based
Get every new post delivered to
Infrastructure…
http://blog.blksthl.com/2012/12/03/a-guide-to-alternate-access-mappings-basics-in-sharepoint-2013/[04/07/2015 21:00:48]
your Inbox.
ArchivesJoin 267 other followers
June 2015 (1)
Enter
May 2015 (4) your email address
April 2015 (2)
February 2015 (6) Sign me up
December 2014 (1)
Build
November a website with WordPress.com
2014 (1)
August 2014 (2)
July 2014 (1)
May 2014 (1)
March 2014 (2)
February 2014 (1)
January 2014 (3)
December 2013 (2)
November 2013 (2)
October 2013 (3)
September 2013 (2)
August 2013 (1)
Note: This is part 1 in a series, the next part will show how to configure DNS and a simple scenario adding a new
July 2013 (1)
NetBIOS name as URL to a Web Application.
June 2013 (1)
Note: For the complete guide, with DNS steps and 4 different scenarios including https, download the free May 2013 (4)
Whitepaper from TechNet: The final guide to Alternate Access Mappings
April 2013 (3)
March 2013 (3)
In order to make AAMs simpler to understand, look at it a bit differently, start with this simple table:
February 2013 (3)
Left area Internal URL’s
January 2013 (2)
Right area Public URL’s with a zone
Middle area Zones, is what connects Internal URL’s to Public URL’s, many to one. December 2012 (6)
November 2012 (13)
Internal URL redirects or transforms to a Public URL, from left, to right. The URL on the left, is what you enter in the address field in your browser, the
Public URL on the right is what you will see once there, this goes for visible and invisible links as well. October 2012 (5)
Internal URL format: Protocol + URL (+non default port) September 2012 (6)
August 2012 (4)
Public URL is the address of the Web Application for one of the five zones available. The ‘Default’ must be filled out and has some special
properties/uses, the other four are optional. You can only have five Public URL’s per Web Application. July 2012 (5)

This is the URL that the browser will be redirected to in the end. June 2012 (5)
Public URL format: Protocol + URL (+non default port) May 2012 (2)
Zone is a label representing a Public URL, the zone is used to ‘connect’ an Internal URL to a Public URL. The zone names has no relation what so April 2012 (5)
ever with the four Internet Explorer security zones (Internet, Local Intranet, Trusted sites and Restricted sites) and could just as easily been named March 2012 (2)
1,2,3,4 and 5. A zone can also represent an authentication provider.
February 2012 (7)

Zones: Default, Intranet, Internet, Custom, Extranet
November 2011 (3)
Example:
October 2011 (2)
June 2011 (1)
Projects
About BLKSTHL
Chuck Norris
The Archives
Downloads
Note: Based on the Zone selected for every Internal URL, they will be connected to a Public URL. Office 365 guide series
Meta
From left – to right…
The zones might as well be represented by numbers:
Register
Log in
Entries RSS
Comments RSS
Create a free website or blog at
WordPress.com.
Note: Try to always use the most used URL as the default Public URL. This is what will be used by other services,
like crawl and in certain other links.
Translated to SharePoint GUI, this same setup would look like this:
Note: Filtered on this Web Applications Alternate Access Mapping Collection only.

Same Alternate Access Mappings as in the Example table above.
You will see that if you click on any of the ‘Internal URLs’ that you can select zone, and with the zone, the Public URL it will be connected to:

In addition to the actual Alternate Access Mapping in SharePoint Central Administration, you also have to add a Binding in IIS, contrary to what many
believe, except for the initial hostheader when you create the web application, SharePoint does not do that for you, so you have to do it manually.

The example above would show up in IIS Bindings like this:
As you can see, in IIS 8.0 and Windows Server 2012, the https binding does show up as a hostname, in IIS 7.5 and Windows Server 2008 R2, the
hostname is determined by the name configured in certificate used when adding that binding and hidden in this view.
That’s it! When you have configured your AAM’s and Bindings correctly, given that you have name resolution and IP addresses in order and
connectivity from the client to the server(s) and all other aspects in order, you can now start to use the URL’s you want.

_________________________________________________________
Enjoy!
Regards
Twitter | Technet Profile | LinkedIn
Share this:
 Twitter  Facebook
Loading...
Leave a comment Trackback

Trackbacks
Comments
(2) (22)

February 13, 2013 at Reply
Jason 15:27
Maitlen
Awesome, thanks clearing the muddy waters!

15:50 Thomas
Balkeståhl
Thanks for the feedback Jason.

// Thomas

September 6, 2013 at
15:34
anil
dear sir , i installed sharepoint 2013 foundation, everything is working fine , but i have public
ip , when i tried to open website from any other place , its asking for username and
password , after giving that , its getting ünable to connect”, some one said mapping , i dont
know how to map , please guide me step by step , much awaiting for your reply

September 6, 2013 at
17:15 Thomas
Balkeståhl
Hi Anil.

Just wrote a long detailed answer and it got lost…

I’ll try again.

Ok, in order to get any Web application access and authentication to work, you need a few
things. You need a DNS entry or use the iP address.
http://www.mysharepoint.com/ alt. http:192.168.1.70

The URL you use to access the web application from the Internet has to also have an
Alternate Access Mapping and a IIS binding.

The AAM entry has to be a Public URL and can easiest be added to the current Web
Apllication ‘collection’ in Alternate Access Mapping as the Internet zone Public URL.

Also, add the same URL or the IP as a binding in IIS.

How you do that is described pretty good in step 4 and 5 in my Kerberos guide:
http://wp.me/p1EuNv-lq

If you also have the URL(or the domain part *.mysharepoint.com) added to your IE ‘Local
Intranet’ zone, then you will also be logged on automatically with the current Windows
credentials.
I really hope that helps you? Please let me know how it goes.
Best regards

// Thomas

April 3, 2013 at Reply

John Doe 14:33
Very good article. I especially like the mentioning of the Site Bindings part since there always
seems to be confusion about this.

07:03 Thomas
Balkeståhl
Thanks John

Regards Thomas

May 14, 2013 at Reply

Jason 04:53
Great article. Though I am having trouble authenticating on my second default url. Any idea?

May 14, 2013 at Reply
05:44 Thomas
Balkeståhl
Hi Jason.

Second default meaning the second internal URL to the default zone?
Are you on the server? If so, check my latest post on the loopbackcheck.

Are the URL added as trusted or local intranet in your browser? (IE)
Regards

// Thomas

July 28, 2013 at Reply
Werner 12:14
Hi Thomas

Perfect job. Well done.

I lost so much time to install our SharePoint 2013 and finally a reinstall from scratch
including the SharePoint wizzard and your final guide made me able to achieve a fully
equipped SSL secured internal and external sp website.

Thank you very much!

Werner

00:21 Thomas
Balkeståhl
You’re welcome.

Regards Thomas

September 23, 2013 at Reply

Colin 07:51
Hi Thomas,
Great article.

Just a question, is it possible under Internal URL, have two address url the same, but each
one belonging to a different zone and going to different Public URL, eg
http://portal.com Default http://portal.com

http://portal.com Extranet https://portal-ext.com
So that when staff within the organisation enters http://portal.com they will go to
http://portal.com. But for external partners, they still enter the same url http://portal.com, but
they will be redirect to https://portal-ext.com.
Thanks

15:46 Thomas
Balkeståhl
Hi.

No, that’s the Quick answer to that one.

If you try, what you will see is this: ‘The IncomingUrl is already present in the collection.’
Imagine if you could, how will anyone or anything, know when to send the user to default and when to
send it to Extranet? The users have entered the same url…

What you could do, is use UAG(not sold anymore) or any other Product, to route extranet users
coming in on the same adress outside the copnetwork, to one and internal users to one.

You could then separate with exopended web app or just a different zone and public URL.
Sorry, but its not that easy.

Keep in mind this, the next link a user will click on, will take them to the public URL. Would that work
in your suggestion? No, click two would not even reach the same web app.
Hope that helps

Regards

// Thomas

15:48 Thomas
Balkeståhl
Or in simpler terms, Think of giving two people the same phonenumber…not good right?

(except if one had the number internally only, and one externally, then got connected to a different
number Before reaching the internal…make any sense?
// Thomas


Colin 05:28
Thanks Thomas, point taken.

October 5, 2013 at Reply

K. 03:13
Sakolegi
Sharepoint engineers? LOL

October 20, 2013 at Reply
18:26 Thomas
Balkeståhl
Hi.

I didn’t get that comment?
// Thomas


shobani 18:54
Thanks Thomas for the great post, I have one question..
I have two websites in my SP farm with different URL domains, the following public URLs for
example:

– http://toys.com

– http://parks.com
The internal employees edit the website through: http://edit.toys.com
I am having 1 WebApplication with 2 Host-Named SiteCollections,
My question, is the following AAM correct?

Internal -> Zone -> Public URL for Zone

For Toys SiteCollection:

-http://toys.com -> Default -> http://toys.com

-https://edit.toys.com -> Internet -> http://edit.toys.com

For Parks:

-http://parks.com -> Default -> http://parks.com

-https://edit.parks.com -> Internet -> https://edit.parks.com
Thanks in advance

16:47 Thomas
Balkeståhl
Hi Shobani.

Not the best when it comes to HNSC’s…but as far as I remembered, you can’t use HNSC with AAM.

Found this quote:

‘HNSC have a single (unique) URL. So they do not support alternate access mappings and are
always considered to be in the Default zone.’

From http://www.sharepointpitstop.com/2012/11/sharepoint-host-named-site-collections.html
But then I also found this:

http://blogs.msdn.com/b/russmax/archive/2013/10/31/guide-to-sharepoint-2013-host-name-site-
collections.aspx

Locate the section on:

Host Name Site Collections with Multiple URL’s and Zones
This tells us it is possible and also how to do it
I think you have it right.

I hope that helps

Regards

// Thomas

February 10, 2014 at
18:07
shobani
Thanks Thomas, I did and it works!
You inspired me to write about my current experience.. Big thanks!!
Sent from my Windows Phone ________________________________


Sumit 10:17
Hi Thomas,
Can you please answer me if we are upgrading from SP 2007 to SP 2010. And we want that
Users must be able to access all documents during the upgrade process.
I found the answer that we can do this with alternate access mapping URL redirection. I am
not sure that this answer is correct or not. If yes please provide the reason that how can we
do so.
Thanks and Regards

Sumit

10:56 Thomas
Balkeståhl
Hi Sumit.

Using a side by side upgrade, you can let the users have access to all content until the very last few
steps, its really only from when you backup the content databases that you have to stop access.
From that point, you can use DNS to redirect the URL, and you must configure AAM, not shure if this
is what you are asking about though…

Remember that letting users have access can mean two things, that they update/write documents or
only read. Read can be offered almost 100% during an upgrade while write you cannot.

Hope this helps some? Get back if you have more questions.

Regards

// Thomas

05:48 Thomas
Balkeståhl
Hi.

I would say no. You would want a separate web app or a site collection.

Either choice allows you to use a extranet FQDN (extranet.domain.com), using a site
collection would require Host Named Site Collections. Look that up.

The only alternative, is to use a managed path like /sites/
Regards

// thomas
Leave a Reply
Email (required) (Address never made public)
Name (required)
Website
Notify me of new comments via email. Post Comment
BLKSTHL gets a well-deserved facelift How to disable IE Enhanced Security in Windows Server 2012
Create a free website or blog at WordPress.com. The INove Theme. Top

A Guide To Alternate Access Mappings Basics in SharePoint 2013 - BLKSTHL

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

A Guide To Alternate Access Mappings Basics in SharePoint 2013 - BLKSTHL

Hochgeladen von

Copyright:

Verfügbare Formate

A guide to Alternate Access Mappings Basics in SharePoint 2013 | blksthl

A guide to Alternate Access Mappings Basics in SharePoint 2013 Follow blksthl on WordPress.com

December 3, 2012 Go to comments Leave a comment Recent Posts

Twitter | Technet Profile | LinkedIn

Leave a comment Trackback

http://portal.com Default http://portal.com

Sorry, but its not that easy.

Hope that helps

Thanks Thomas, point taken.

Thanks Thomas for the great post, I have one question..

The internal employees edit the website through: http://edit.toys.com

I am having 1 WebApplication with 2 Host-Named SiteCollections,

My question, is the following AAM correct?

But then I also found this:

This tells us it is possible and also how to do it

I think you have it right.

Thanks Thomas, I did and it works!

You inspired me to write about my current experience.. Big thanks!!

Sent from my Windows Phone ________________________________

Thanks and Regards

Notify me of new comments via email. Post Comment

BLKSTHL gets a well-deserved facelift How to disable IE Enhanced Security in Windows Server 2012

Create a free website or blog at WordPress.com. The INove Theme. Top

Das könnte Ihnen auch gefallen