SOLVED

Hybrid Exchange and autodiscover

%3CLINGO-SUB%20id%3D%22lingo-sub-212742%22%20slang%3D%22en-US%22%3EHybrid%20Exchange%20and%20autodiscover%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212742%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20a%20hybrid%20Exchange%20setup%20you%20are%20meant%20to%20leave%20the%20autodiscover%20record%20pointing%20at%20the%20onprem%20server.%20I%20have%20been%20going%20through%20DR%20planning%20and%20have%20realised%20that%20leaving%20it%20pointed%20onprem%20will%20cause%20disruption%20to%20clients%20in%20the%20event%20of%20loss%20of%20the%20on%20prem%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20on%20prem%20server%20hosts%20no%20active%20mailboxes%20they%20are%20all%20now%20365%20so%20the%20server%20is%20only%20kept%20for%20attribute%20changes%20as%20AD%20accounts%20replicate%20using%20ADC.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20question%20is%20with%20the%20Hybrid%20setup%20in%20this%20state%20can%20the%20autodiscover%20record%20safely%20be%20pointed%20at%20365%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-212742%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212754%22%20slang%3D%22en-US%22%3ERe%3A%20Hybrid%20Exchange%20and%20autodiscover%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212754%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20clarifying.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212753%22%20slang%3D%22en-US%22%3ERe%3A%20Hybrid%20Exchange%20and%20autodiscover%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212753%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F162426%22%20target%3D%22_blank%22%3E%40matthew%20want%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20are%20not%20using%20any%20mailbox%20on-premises%20and%20you%20do%20not%20need%20any%20on-premises%20autodiscover%20feature%20using%20your%20on-premises%20autodiscover%2C%20you%20can%20change%20it%20to%20Office%20365.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212750%22%20slang%3D%22en-US%22%3ERe%3A%20Hybrid%20Exchange%20and%20autodiscover%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212750%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20the%20reply%20Nuno.%20I%20get%20what%20you%20are%20saying%20about%20mailboxes%20moving%20back%20to%20on%20prem%20but%20don't%20get%20the%20last%20part%20where%20you%20say%20'or%20use%20the%20autodiscover%20to%20use%20in%20Outlook%20and%20Mobile'%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212744%22%20slang%3D%22en-US%22%3ERe%3A%20Hybrid%20Exchange%20and%20autodiscover%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212744%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F162426%22%20target%3D%22_blank%22%3E%40matthew%20want%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20do%20not%20have%20any%20mailboxes%20in%20on-premises%2C%20you%20can%20change%20the%20autodiscover%20to%20Office%20365%2C%20you%20only%20need%20to%20change%20it%20back%20if%20you%20need%20to%20migrate%20mailboxes%20on-premises%20or%20use%20the%20autodiscover%20to%20use%20in%20Outlook%20and%20Mobile.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1386257%22%20slang%3D%22en-US%22%3ERe%3A%20Hybrid%20Exchange%20and%20autodiscover%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1386257%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F50%22%20target%3D%22_blank%22%3E%40Nuno%20Silva%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20facing%20the%20same%20issue.%20Exchange%20hybrid%20with%20all%20our%20mailboxes%20in%20Office%20365.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20you%20saying%20delete%20the%20local%20autodiscover%20DNS%20records%3F%3C%2FP%3E%3CP%3EI%20have%202.%20Autodiscover.ttaf.co.za%20and%20autodiscover.ttaf.local.%3C%2FP%3E%3CP%3EBoth%20of%20those%20records%20point%20to%20my%20on-premise%20exchange%20server.%3C%2FP%3E%3CP%3ERecently%20we%20renewed%20the%20third%20party%20certificate%20on%20this%20server%20but%20I%20forgot%20to%20include%20autodiscover.ttaf.co.za%20in%20the%20certificate%20subject%20alternatives%20names.%3C%2FP%3E%3CP%3ENow%20staff%20members%20are%20getting%20certificate%20errors%20even%20thou%20their%20mailboxes%20are%20hosted%20in%20Office%20365.%3C%2FP%3E%3CP%3EAny%20advice%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20thought%20about%20creating%20CNAME%20records%20in%20the%20ttaf.co.za%20and%20ttaf.local%20internal%20DNS%20zones%20and%20pointing%20them%20to%20autodiscover.outlook.com.%20Do%20you%20think%20that%20would%20resolve%20the%20issue%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1394661%22%20slang%3D%22en-US%22%3ERe%3A%20Hybrid%20Exchange%20and%20autodiscover%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1394661%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F162426%22%20target%3D%22_blank%22%3E%40matthew%20want%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20I%20suggest%20is%20to%20run%3C%2FP%3E%3CP%3Eset-clientAccessServer%26nbsp%3B%20-AutoDiscoverServiceInternalUri%20%24Null%3C%2FP%3E%3CP%3EPoint%20the%20external%20URI%20to%20office%20365%20autodiscover%20record%20using%20a%20CNAME%20record.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20should%20work%20for%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1530811%22%20slang%3D%22en-US%22%3ERe%3A%20Hybrid%20Exchange%20and%20autodiscover%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1530811%22%20slang%3D%22en-US%22%3EHi%20Ashkb%2C%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20fully%20hybrid%20env%20with%20exch2010%20.%20and%20I%20just%20run%20AutoDiscoverServiceInternalUri%20%24Null%3CBR%20%2F%3ESo%20how%20do%20I%20retrieve%20old%20value%3F%3CBR%20%2F%3E%3CBR%20%2F%3ETA%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

In a hybrid Exchange setup you are meant to leave the autodiscover record pointing at the onprem server. I have been going through DR planning and have realised that leaving it pointed onprem will cause disruption to clients in the event of loss of the on prem server.

 

My on prem server hosts no active mailboxes they are all now 365 so the server is only kept for attribute changes as AD accounts replicate using ADC.

 

My question is with the Hybrid setup in this state can the autodiscover record safely be pointed at 365?

7 Replies
Highlighted

Hi @matthew want,

 

If you do not have any mailboxes in on-premises, you can change the autodiscover to Office 365, you only need to change it back if you need to migrate mailboxes on-premises or use the autodiscover to use in Outlook and Mobile.

Highlighted

Thanks for the reply Nuno. I get what you are saying about mailboxes moving back to on prem but don't get the last part where you say 'or use the autodiscover to use in Outlook and Mobile'?

Highlighted
Best Response confirmed by matthew want (New Contributor)
Solution

Hi @matthew want,

 

If you are not using any mailbox on-premises and you do not need any on-premises autodiscover feature using your on-premises autodiscover, you can change it to Office 365.

Highlighted

Thanks for clarifying.

Highlighted

Hi @Nuno Silva 

 

I am facing the same issue. Exchange hybrid with all our mailboxes in Office 365.

 

Are you saying delete the local autodiscover DNS records?

I have 2. Autodiscover.ttaf.co.za and autodiscover.ttaf.local.

Both of those records point to my on-premise exchange server.

Recently we renewed the third party certificate on this server but I forgot to include autodiscover.ttaf.co.za in the certificate subject alternatives names.

Now staff members are getting certificate errors even thou their mailboxes are hosted in Office 365.

Any advice?

 

I thought about creating CNAME records in the ttaf.co.za and ttaf.local internal DNS zones and pointing them to autodiscover.outlook.com. Do you think that would resolve the issue?

 

 

 

Highlighted

@matthew want 

What I suggest is to run

set-clientAccessServer  -AutoDiscoverServiceInternalUri $Null

Point the external URI to office 365 autodiscover record using a CNAME record.

 

This should work for you.

Highlighted
Hi Ashkb,

I have fully hybrid env with exch2010 . and I just run AutoDiscoverServiceInternalUri $Null
So how do I retrieve old value?

TA