Home

ActiveSync Redirect with ADFS

%3CLINGO-SUB%20id%3D%22lingo-sub-62799%22%20slang%3D%22en-US%22%3EActiveSync%20Redirect%20with%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-62799%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooking%20for%20some%20clarification%20on%20an%20issue%20we%20are%20seeing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOn-prem%20Exchange%202013%3C%2FP%3E%3CP%3EOffice%20365%20E3%3C%2FP%3E%3CP%3EHybrid%20connector%3C%2FP%3E%3CP%3EAADC%20synching%20accounts%20to%20O365%3C%2FP%3E%3CP%3EOn-prem%20ADFS%20server%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20local%20AD%2C%20their%20internal%20domain%20is%20set%20to%20%22%3CORGNAME%3E.local%22%3B%20before%20moving%20them%20to%20the%20cloud%2C%20we%20change%20their%20UPN%20to%20%22%3CORGNAME.CA%3E%22%20so%20that%20it%20matches%20the%20domain%20configured%20in%20O365.%3C%2FORGNAME.CA%3E%3C%2FORGNAME%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAccording%20to%20what%20I%20have%20read...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E(for%20example%2C%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fexchange%2F2015%2F03%2F23%2Fexchange-activesync-on-boarding-to-office-365%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Fexchange%2F2015%2F03%2F23%2Fexchange-activesync-on-boarding-to-office-365%2F%3C%2FA%3E%20)%3C%2FP%3E%3CP%3E...when%20users%20get%20moved%20from%20on-prem%20to%20O365%2C%20their%20mobile%20device%20ActiveSync%20profile%20should%20get%20automatically%20updated%20and%20they%20should%20have%20nothing%20to%20reconfigure%20on%20their%20mobile%20devices.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20this%20doesn't%20seem%20to%20be%20working%3B%20the%20engineer%20working%20on%20this%20says%20that%20it's%20because%20of%20ADFS%3B%20he%20says%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3E%22it%20looks%20like%20all%20Active%20Sync%20historical%20profiles%20must%20be%20recreated%20to%20point%20directly%20to%20Cloud%20following%20the%20Cloud%20mailbox%20move%20event.%26nbsp%3B%20Currently%2C%20I%20am%20not%20aware%20of%20any%20%3CSTRONG%3Emain%20stream%3C%2FSTRONG%3E%20way%20to%20get%20the%20existing%20On%20Prem%20Active%20Sync%20profile%20to%20continue%20working%20after%20a%20mailbox%20move%20to%20a%20Cloud%20ADFS%20front%20ended%20configuration%22%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETrue%20or%20not%3F%20If%20not%2C%20then%20any%20ideas%20what%20the%20issue%20could%20be%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJacques%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-62799%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2013%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-62839%22%20slang%3D%22en-US%22%3ERe%3A%20ActiveSync%20Redirect%20with%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-62839%22%20slang%3D%22en-US%22%3E%3CP%3EI%20can%20see%20people%20are%20saying%20it%20worked%20for%20them%20but%20sometime%20it%20takes%20for%20redirection%20to%20work%20however%26nbsp%3Bfor%20me%20it%20never%20worked%20and%20I%20have%20to%20recreate%20the%20profiles.%20While%20searching%20on%20this%20I%20found%20below%20article%20which%20says%20we%20have%20to%20check%26nbsp%3B%3CSPAN%3Edevice%20prefixes%20are%20known%20to%20Exchange%20or%20not.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.granikos.eu%2Fen%2Fjustcantgetenough%2FPostId%2F244%2Fexchange-activesync-redirect-not-working-for-android-device%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.granikos.eu%2Fen%2Fjustcantgetenough%2FPostId%2F244%2Fexchange-activesync-redirect-not-working-for-android-device%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ECould%20you%20please%20check%26nbsp%3BIIS%20logs%20of%20an%20Exchange%20Server%202013%20Mailbox%20server%2C%20whether%20exchange%20server%20attempted%20to%20perform%20the%20redirection%20or%20not%2C%20if%20it%20performed%20to%20do%20the%20redirection%20than%20we%20have%20to%20check%20the%20device%20compatibility%20whether%20device%20supports%20Exchange%20ActiveSync%20451%20redirection%20or%20not.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIf%20you%20found%20solution%26nbsp%3Bworking%20with%20MS-%20please%20let%20us%20know%20as%20well.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Jacques Sauvé
Regular Visitor

Hello all,

 

Looking for some clarification on an issue we are seeing.

 

On-prem Exchange 2013

Office 365 E3

Hybrid connector

AADC synching accounts to O365

On-prem ADFS server

 

In local AD, their internal domain is set to "<orgname>.local"; before moving them to the cloud, we change their UPN to "<orgname.ca>" so that it matches the domain configured in O365.

 

According to what I have read...

 

(for example, here: https://blogs.technet.microsoft.com/exchange/2015/03/23/exchange-activesync-on-boarding-to-office-36... )

...when users get moved from on-prem to O365, their mobile device ActiveSync profile should get automatically updated and they should have nothing to reconfigure on their mobile devices.

 

However, this doesn't seem to be working; the engineer working on this says that it's because of ADFS; he says:

 

"it looks like all Active Sync historical profiles must be recreated to point directly to Cloud following the Cloud mailbox move event.  Currently, I am not aware of any main stream way to get the existing On Prem Active Sync profile to continue working after a mailbox move to a Cloud ADFS front ended configuration"

 

True or not? If not, then any ideas what the issue could be?

 

Thanks!

 

Jacques

 

1 Reply

I can see people are saying it worked for them but sometime it takes for redirection to work however for me it never worked and I have to recreate the profiles. While searching on this I found below article which says we have to check device prefixes are known to Exchange or not. 

 

https://www.granikos.eu/en/justcantgetenough/PostId/244/exchange-activesync-redirect-not-working-for...

 

Could you please check IIS logs of an Exchange Server 2013 Mailbox server, whether exchange server attempted to perform the redirection or not, if it performed to do the redirection than we have to check the device compatibility whether device supports Exchange ActiveSync 451 redirection or not.

 

If you found solution working with MS- please let us know as well.

Related Conversations