Explicit logons are required when the front-end server is not configured to authenticate users, or when users try to access mailboxes that are not their own, but for which they have access.
When the front-end server receives an explicit logon request, the user name is extracted from the URL. The user name is then combined with the SMTP domain name that is associated with the virtual directory or virtual server. This combination is created when the virtual directory or virtual server is created or when the default recipient policy's primary SMTP address is modified. This combination creates a fully qualified SMTP address that is a searchable property of a mail-enabled user object.
The front-end server then looks up this address in Active Directory and determines which server houses the mailbox that is associated with the address. The request is then forwarded to that server.