Forum Discussion
new Exchange Installation Autodiscover
Hi
I have had a lab environment and suspended this to get experience with a new setup. Old setup had a ADFS server in place.
New lab setup is based on Windows Server 2025, 1 DC, 1 Exchange server SE. Installation is ok. Client is a Windows 11 machine with Outlook 2019.
DC is synching to EntraID. All based on German language. GPO for autodiscover is set. As well the DNS records.
Post installation is the part where I am have an issue at. At least in the part of the autodiscover. Adding the primary mail address is always leading in pointing to the company authentification page adfs.xy.com which was in the old lab in place.
I cant see any DNS entry neither on my external DNS provider nor internal (brand new setup) and have no clou where to search further. Wensearch did also not lead me to any solution. And a workaround to disable autodiscover is not my goal.
Therefore I am happy to get any idea where to look at to get read of the adfs link.
Appreciate your support. THY mame
Hi,
As per my understanding, Your Domain Is Still Federated.
Go to Entra ID → Custom Domain Names and check your domain.
It will likely show:
Authentication Type: Federated
instead of:
Authentication Type: ManagedThis happens because: Old lab used ADFS
You created a new lab but synced the same domain name, Entra ID stored the old federation configuration, including metadata, Sign-in URL, and IssuerURI
How to Fix the Issue: Convert Domain from Federated → Managed (recommended)Once you convert:
Outlook autodiscover will stop redirecting to ADFS
5 Replies
Hi,
I did double check my Roles from the account which I connect to via MSGraph and I do have the mentioned roles.
Unfortunately the check of AppRoleAssignement do only show some other roles, such as:
ResourceDisplayName AppRoleId
------------------- ---------
Unifi AD Connect 00000000-0000-0000-0000-000000000000
UNIFI Identity 00000000-0000-0000-0000-000000000000
Microsoft Tech Community 00000000-0000-0000-0000-000000000000
Microsoft Graph Command Line Tools 00000000-0000-0000-0000-000000000000Anything wrong on this?
Hi,
exactly this I can see at my EntraID portal. THX
Right now I am struggeling a bit with the commands (https://learn.microsoft.com/en-us/answers/questions/2279288/how-to-change-from-federated-to-managed-domain) But I believe it has to do with my actual bulky internet situation.
Hi,
As per my understanding, Your Domain Is Still Federated.
Go to Entra ID → Custom Domain Names and check your domain.
It will likely show:
Authentication Type: Federated
instead of:
Authentication Type: ManagedThis happens because: Old lab used ADFS
You created a new lab but synced the same domain name, Entra ID stored the old federation configuration, including metadata, Sign-in URL, and IssuerURI
How to Fix the Issue: Convert Domain from Federated → Managed (recommended)Once you convert:
Outlook autodiscover will stop redirecting to ADFSHi
my internet connection is stable and I am still getting an error on the command:
PS C:\WINDOWS\system32> Update-MgDomain -DomainId DOMAIN -AuthenticationType "Managed"
Update-MgDomain : Insufficient privileges to complete the operation.
Status: 403 (Forbidden)
ErrorCode: Authorization_RequestDenied
Date: 2025-11-26T13:28:48How do I check my privileges on EntrID. I am "almost" sure I do have the sufficient rights. My account is set as DomainAdministrator
THX
Hi,
1. Check your Entra ID role in the Azure Portal
- Go to: https://entra.microsoft.com
- In the left menu → Identity
- Select Users
- Search and open your account
- Click Assigned roles
You will now see whether you have roles such as:
- Global Administrator
- Privileged Role Administrator
- Security Administrator
- Cloud Application Administrator
- Application Administrator
- User Administrator
These are the cloud roles that matter for Entra ID.
2. Check your Entra roles via PowerShell
Run:
Connect-MgGraph -Scopes "RoleManagement.Read.All"
Get-MgUserAppRoleAssignment -UserId "<YourUPN>" | Select-Object ResourceDisplayName,AppRoleId
