Exchange/Outlook Autodiscover hints

Posted Thu 20 Apr 2023 11:40:10 AM CEST Florian Lohoff
in autodiscover exchange microsoft outlook

Microsoft Exchange Autodiscover is a very bad documented and complicated beast. To get everything right for all of your users may be difficult. So - one would like to see the reponses which is pretty hard to get right.

So here is the curl request you need:

curl --http1.1 \
    -d -vvv \
    -XPOST \
    --user "${USER}:${PASS}"  \
    -H "user-agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.10368; Pro)" \
    -H "X-User-Identity: ${EMAIL}" \
    -H "X-AnchorMailbox: ${EMAIL}" \
    -H "X-MAPIHttpCapability: 1" \
    -H "client-request-id: {$UUID}" \
    -H "X-MS-Negotiate: Server" \
    -H "Content-Type: text/xml" \
    https://autodiscover.$DOMAIN/Autodiscover/Autodiscover.xml  \
    -d @/tmp/t.xml

And the xml file to be posted:

<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
    <Request>
    <EMailAddress>EMAIL</EMailAddress>
    <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>
    </Request>
</Autodiscover>

As long as you dont sent the right "user-agent" you only see half of the game, namely the OWA endpoint. For evrything else you need to send the right user-agent.