Create a TXT Record for Federation

Microsoft Exchange Server 2010 uses Federation for federated sharing. Federation requires a federation trust with the Microsoft Federation Gateway. After you create the trust, you must configure the federated organization identifier with the accepted domains you want to federate. For more information about the Microsoft Federation Gateway, see Microsoft Federation Gateway.

To provide proof of ownership of the registered Internet domain, you must create a text (TXT) record in the Domain Name System (DNS) zone of each accepted domain you want to federate. The TXT record contains the application identifier (AppID) generated by the Microsoft Federation Gateway, and provided as output when you create the federation trust.

You can create a TXT record by using DNS Manager on a server running Windows Server 2008 that has the DNS server role installed. Your organization may use DNS server software from another vendor or use a service provider to host the DNS zone for the domain. Many Internet domain registrars host DNS zones for customers. Most service providers offer Web-based management tools to allow customers to manage DNS records for their domains. To learn more about the DNS server role, see DNS Server Role.

Looking for other management tasks related to Federation? Check out Managing Federation.

Prerequisites

• A federation trust has been created between your Exchange 2010 organization and the Microsoft Federation Gateway. For details, see Create a Federation Trust.
• Your Exchange organization uses one or more Internet domains registered with a domain registrar.
• The domains have a DNS zone accessible from the Internet.
• The DNS server role or the DNS Server service is installed.

Use DNS Manager to create a TXT record

1. In DNS Manager, expand Forward Lookup Zones under the selected DNS server.

2. Select the forward lookup zone in which you want to create the TXT record.

3. From the menu bar, navigate to Action > Other New Records.

4. In Resource Record Type, select Text (TXT), and then click Create Record.

5. In New Resource Record, complete the following fields:

   • Record name (uses parent domain if left blank)   Leave this field blank, allowing it to create a record with the same name as the domain name.

   • Fully qualified domain name type (FQDN)   This read-only field displays the FQDN created by concatenating the record name to the domain name.

   • Text   Type AppID= followed by the AppID that was generated when you created the federation trust. For example, if the AppID is 000000004001A66A, you must enter AppID=000000004001A66A.

     Note

     If you use the EMC to create the federation trust, the AppID is displayed on the Completion page of the New Federation Trust wizard. If you use the Shell, it's displayed as output when you run the New-FederationTrust cmdlet. You can also retrieve the AppID by running the following Shell command: Get-FederationTrust | Select ApplicationIdentifier

     Important

     The AppID is a string of alphanumeric characters. To avoid input errors, we recommend that you copy the AppID from the EMC or the Shell, paste it into a text editor such as Notepad, and then paste it into the Text field of the TXT record. If the TXT record is created using an incorrect AppID, the Microsoft Federation Gateway will be unable to verify proof of domain ownership, and you won't be able to add it to the federated organization identifier (OrgId).

6. Click OK, and then click Done to create the record.

Use the DNSCmd command to create a TXT record

This example creates a TXT record in the forward lookup zone contoso.com with AppID 000000004001A66A on DNS server NS1.

DNSCmd NS1 /RecordAdd contoso.com "@" TXT "AppID=000000004001A66A"

For detailed parameter and syntax information, see Dnscmd.

Other Tasks

After you create a TXT record for Federation, you may also want to:

• Add a federated domain (see Manage Federation)
• Create an Organization Relationship