How to remove “local autodiscover” or SCP when migrating to O365

I work in the SMB, and we migrate most of our clients to Office 365 from local exchange servers. Often we still use a local server for user and computer management and move the users from Small Business Server 2008/2011 to Server 2012R2.

The caveat of this is that you often also bring along Exchange settings embedded deeply in the Active Directory schema. When users open Outlook on their local machines it will first find the SCP in the Active Directory and does not use AutoDiscover. That means that users will be logged onto the old(Decommissioned) server. While external AutoDiscover outside of the clients network works perfectly.

There are three ways of resolving this:

  1. Remove the SCP using PowerShell
  2. Remove the SCP using ADSI Edit
  3. Disable IIS on the decomissioned server

1.)

Using PowerShell on the old server is probably the easiest method, You can run the following cmdlet in the Exchange Powershell Module.
Remember to only run this if all local exchange servers have been decommissioned.

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri $null

If you still have one CAS server in the network, you can run the following command instead:

$ServerName = "OLDSERVER"
Set-ClientAccessServer -identity $ServerName -AutoDiscoverServiceInternalUri $null

2.) Using ADSIEDIT
To delete the string from the active directory you can use ADSI edit to open the following path, please change the red marked parts to your current environment:
CN=ServerName,CN=Autodiscover,CN=Protocols,CN=ServerName,CN=Servers,CN=Exchange Administrative Group (FYENEBBA),CN=Administrative Groups,CN=OrganizationName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DomainName,DC=Suffix

3.)

The last method is a “Lazy mans” solution and advised if you do not want to make any permanent changes. You can decide to disable the IIS services on the CAS server, preventing logons, Outlook will automatically use Autodiscover when it finds it cannot log into the local server.

Happy migrating 🙂

Recent Articles

The return of CyberDrain CTF

CyberDrain CTF returns! (and so do I!)

It’s been since september that I actually picked up a digital pen equivalent and wrote anything down. This was due to me being busy with life but also my side projects like CIPP. I’m trying to get back into the game of scripting and blogging about these scripts. There’s still so much to automate and so little time, right? ;)

Monitoring with PowerShell: Monitoring Acronis Backups

Intro

This is a monitoring script requested via Reddit, One of the reddit r/msp users wondered how they can monitor Acronis a little bit easier. I jumped on this because it happened pretty much at the same time that I was asked to speak at the Acronis CyberSummit so it kinda made sense to script this so I have something to demonstrate at my session there.

Monitoring with PowerShell: Monitoring VSS Snapshots

Intro

Wow! It’s been a while since I’ve blogged. I’ve just been so swamped with CIPP that I’ve just let the blogging go entirely. It’s a shame because I think out of all my hobbies it’s one I enjoy the most. It’s always nice helping others achieve their scripting target. I even got a couple of LinkedIn questions asking if I was done with blogging but I’m not. Writing always gives me some more piece of mind so I’ll try to catch up again. I know I’ve said that before but this time I’ll follow through. I’m sitting down right now and scheduling the release of 5 blogs in one go. No more whining and no more waiting.