Hi Guys I've been searching on the web, but can't find an answer to this... Does anyone know how Exchange 2003/2007 authenticates with Active Directory when it carries out searches (DSAccess) or referalls for Outlook clients (DSProxy)? Is it Kerberos? Secondly, when Outlook directly accesses a GC - which I understand it selects from the DSProxy process - what authentication mechanism does it use? Thanks

Preferred authentication method isKerberosbut if not available then NTLM. Refer below thread where Allen explained it very well... http://social.technet.microsoft.com/Forums/en-US/exchangesvrsecuremessaging/thread/08bffd5a-4fe3-4c7c-b26f-512160f54495 Yes, outlook directly use DC/GC throughNSPI RCP call using DSProxy settings gathered first time.. Refer this thread for further detail... http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/740be8e8-8fab-4af4-83ab-fbbf09cfa54eAmit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com

Thanks Amit...Two questions:1) In an Outlook 2003/2007 , Exchange 2003 SP2 and AD 2003 environment, what would cause the authentication to fall from Kerberos to NTLM? Or will NTLM only be used with legacy type clients?2) I was interested in the actual authentication between Outlook and the GC - so this is Kerberos as well am I correct? Thanks for the help!

1. Yes correct, legacy client or server and outlook configuration method [which should not be RPC/HTTP in corporate network :)] 2. Yes, it is. However you can force as Allen told in his thread...Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com