I am performing workstation, user, and mailbox migrations from Forest A to Forest B, with a two way transitive trust in place. Forest A has Exchange 2013 and Forest B has Office 365 (with an Exchange 2016 server for management purposes, with Azure AD sync in place).
On Forest A's Exchange 2013 server, I am doing remote-moves to Forest B's Office 365 tenant in parallel to the Active Directory user/workstation cutover.
After the workstation and mailbox have been cutover to Forest B / Office 365 and the user logs in for the first time - Outlook always tries to connect to Forest A's CAS server, no matter what. This results in repeated credential prompts, and no acceptance of either legacy or new credentials. I have updated the SCP object to outlook.office.com and autodiscover seems to be taking the logical steps with 'test-email autoconfiguration', but there seems to be no re-direction from the legacy CAS server to Forest B's Office 365 tenant.
I am lost here, what am I overlooking? Is there some additional attribute I need to set in the source forest to get the redirection to Office 365 ( I have already set the targetaddress attribute)? There are some instances where if I cancel the first credential prompt (i.e. the connection to the legacy CAS server), autodiscovery will kick in and open a new credential prompt, connecting to Office 365. From there I can enter my credentials and it works as expected. Any help here is appreciated. I hope I don't need to recreate outlook profiles for 10K+ users....