How to work with AAM in SharePoint

On my journey on SharePoint sometimes I meet the admin part in SharePoint.
Now I got the AAM in front on me and that’s quite cool.

A short description

AAM are a shortcut for Alternative Access Mapping. They all are available in different Zones. In SharePoint exists 4 Zones:

  • Default
  • Internet
  • Intranet
  • Custom

In each Zone you can add internal Urls. But for what it that mapping and why are there zones?

Simple Example

Let’s assume you got an adress like this can be your internal URL after your setup.
Now when you navigate to you will get the sharepoint displayed (mapped to the webapplication).
After a while, you will migrate a SharePoint to your new instance. The old instace listens on the Adress

What now? Let’s assume you can migrate the SharePoint into a subweb or And now there comes the AAM.

You have initial the default URL you can now add the as new public URL.
But everytime when the user call the server response with This “positive” effect is, that the bookmarks on the clients a refreshed with the new adress.

Open SharePoint for access over the internet

Extend-WebapplicationNow the company want to open the sharepoint for the external partners. To open it with the default Zone this may cause several securty and performance problems.
To accomplish that, you can extend the webapplication with a “Internet”-Zone. The main Key benefits of extending an webapplication ist that there will be created  a separate webapplication in IIS. So they get an own Workerprocess but they use the same application pool, so you can use a different authentication handler, or an customzied IIS configuration to meet the security requirements, without impacting the default zone. On this zone you can now add separate public url bindings.

Let’s assume you got the new Internetadress This Adress must meet the requirement that the user must logon within a federated login page. So you know now that you must extent the existing sharepoint webapplication to meet this requirement, because you can configure a separte authentication provider in the new zone. In this new zone, you can also add different public url mappings. Here are the rules equals to the default zones. When you use a mapped url, the default url from the zone will be responded.

How to check which Zone is already configured

Sometimes it is neccessary to check, which zone already was set. So you can go in the central administrion to find the neccessary menu but you can do it easier by powershell. First Fire up the SharePoint PowerShell to execute this code

Replace the adress with your sharepoint webapplication name or associated adress. As result you will see the list of configured zones.

How to remove a zone from SharePoint

SometimeDelete-Removes you will recreate the zones or they will not be used anymore. For this you can go on your webapplication list with the url http://sharepoint.central.admin/_admin/webapplicationlist.aspx and then you can select your webapplication, which you wan’t to remove the zone, and then click on “Delete”-> “Delete SharePoint from IIS Web Site”

After that you will be promted with a selection dialog in wich you can select the available zones. You can now select your zone and delete it.


Otherwise you can use this PowerShell to do this.

This removes the Extranet Zone form the webapplication mapped to the adress