Saturday, August 8, 2009

SharePoint Alternate Access Mappings way!

I see many people confused about AAMs, their role and their usage. Therefore, I decided to write a post about them and explain in clear English what are they, when to use them and where to define them.

What AAms are?

AAMs are different urls mapped to the same application in order to give access to the same content using different zones. We cannot talk about AAMs without talking about web application zones. Each SharePoint web application can have five zones : Default, Internet, Intranet, Extranet and Custom. Each zone can have its own authentication provider. For example, Integrated windows authentication for the Default zone, Anonymous access for the Internet zone and Form based authentication for the Extranet zone. All the five zones share the same Database. i.e. the same content, but each one has its proper IIS web Site. Each zone has a public url. When we create a web application, the default zone is created. Let's say "http://default.mycompany:80". Then, we can extend this web application to the four remaining zones if we need to. For our example, we will extend our web application to the Internet zone "" and the Extranet zone "".

When to use AAMs?

Suppose that for convenience, I want my internal users to access the default zone using a more simplified url. What to do? Create a new AAM (http://mycompany) and map it the default zone. Now, the default zone can be accessed using whether http://mycompany or http://default.mycompany:80.

Suppose again that my company has been sold to a rich man. The urls I created for my web application are no longer valid. What to do to rename my web application urls from mycompany to hiscompany? Backup the content, create a new web application with new urls then restore the content? Yes, it could be. However, there is a better and simpler solution : AAMs. Create new AAMs, i.e.
"http://default.hiscompany:80", "http://mycompany", "" and "" and map each url to the appropriate zone.

Where do I define these AAMs?

I'm glad you asked! Go to Central Admin > Operations > Alternate Access Mappings, under the Global Configuration section.

It goes without saying that the urls we are talking about must be first defined in the DNS and IIS.

I hope I have shed more light on AAMs by now. Nevertheless, if you have any question, feel free to ask.

Hope this post is helpful.


  1. Great job! That makes it much clearer.

  2. good
    thanks for your help

  3. nice post! this clarifies my confusion

  4. Hi, thanks for the great explanation.

    I have a scenario where I have an Internet facing SP2010 publishing website with anonymous access. I have an AAM in the Internet Zone for on port 80. I also want the website to be accessible on How do I configure the AAM for as there is only 1 entry allowed for Internet Zone.


    1. Hi Gary,

      It is possible de configure multiple urls for the same zone. To configure, follow these steps:

      1. Make sure you have a DNS entry for
      2. In IIS manager, right-click on the web application Internet zone website and select Properties > Click the Advanced button on the Web site tab > Click the Add button > Enter the port (usually 80) and in the Host header value text box. This must be done on every server in the farm.
      3. Return to Central administration go to Operation > Alternate access mappings > Click on Add Internal URLs > Select the AAM collection for your web application > Enter Http:// and select Internet zone.

      Hope this can help.

  5. Hi..Thanks for your post...

    But what exactly the differences between zones i mean how the different url/zones helps us in accessing the application, and whom can access the zones i.e all users can access all zones...


    1. Hi Raj,

      We use zones to expose the same content to different users using different Urls and authentication modes. Suppose you want to create an extranet. When you first create your web application, the default zone is automatically created, using usually windows authentication. Let's say the Url of the default zone is http://default.extranet. All your internal users can access this web application using their windows credentials. Let's say now that you want allow customers access this same content from outside your network. To do this, you can extend this application and create a new zone 'extranet', which Url could be Your customers are not in your AD of course. So, you can use another authentication mode like Form based authentication (FBA) to let them access your extranet via the URL

      Hope this helps.