Autodiscover!

9 Jun

How to remove the Exchange Autodiscover SCP

Consider a scenario where you moved all your user’s mailboxes to Exchange Online, for instance after a cutover or staged migration and want to remove any dependencies on the local Exchange server. You may find that Outlook still connects to the local Exchange server for Autodiscover lookups, this is because Outlook is hard-coded to query an AD Service Connection Point to locate a server with the Autodiscover service. When this fails Outlook falls back to the next DNS based methods or uses a local XML file.

Exchange Management Shell

There are multiple ways to prevent Outlook from contacting the local Exchange server first, some of them make more sense than others. The preferred way is to use the Exchange Management Shell to clear the entry for the Client Access server from the SCP.

Set-ClientAccessServer –Identity ServerName -AutoDiscoverServiceInternalUri $null

image

This removes the SCP entry for this Exchange server.

ADSIEdit

If the above method can no longer be used a low level AD editor as EDSIEdit can be used to remove the SCP manually. The full path of the SCP is:

CN=ServerName,CN=Autodiscover,CN=Protocols,CN=ServerName,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=OrganizationName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DomainName,DC=Suffix

This object to remove has the Class type serviceConnectionPoint.

image

Alternative methods

One of the above steps is basically all you need to do. Alternatives include adding an ExcludeScpLookup value to the \Autodiscover registry key (KB article) and some articles even let you remove the Autodiscover virtual directory from IIS. This will of course make Outlook unable to query the local Exchange server for Autodiscover but why should you if you can simply remove the SCP.

How to verify?

As always, the proof is in the pudding. Use the Outlook test E-mail AutoConfiguration feature to verify the clients behavior. We’re specifically interested in the Log tab where we should see that Outlook is no longer able to query the SCP to obtain the Autodiscover url.

To start the Test E-mail AutoConfiguration tool, follow these steps:

  1. Start Outlook.
  2. Hold down the Ctrl key, right-click the Outlook icon in the notification area, and then click Test E-mail AutoConfiguration.
  3. Verify that the correct email address is in the E-mail Address box.
  4. In the Test E-mail AutoConfiguration window, click to clear the Use Guessmart check box and the Secure Guessmart Authentication check box.
  5. Click to select the Use AutoDiscover check box, and then click Test.

Earlier I wrote a short article about this tool, unfortunately available in Dutch only: Autodiscover testen met Outlook. But you’ll get the general idea. Focus on the first or third tab when you’re interested in the Autodiscover results, read the Log tab when you’re interested in the Autodiscover process.

Forcing Windows Server to recognise domain connection

26 May
  1. Go to Network Connections (from the Network and Sharing Center, click on “Change adapter settings”.)
  2. Go to the properties of one network connection marked as “Unidentified” but on the private LAN.
  3. Go to the properties for IPv4.
  4. Click the “Advanced…” button.
  5. Select the DNS tab.
  6. Enter your domain name into the text box for “DNS suffix for this connection:”.
  7. Disable and then enable the connection to get NLA to re-identify the location.

Apple ID “Greyed Out”

15 May

  1. Go to the app listed in the App Store as needing an update (usually in the /Applications folder).
  2. Right click the app then click “Show Package Contents”.
  3. Go into the “Contents” folder, then into the “_MASReceipt” folder.
  4. Delete the “receipt” file (you may need to enter a local administrator username and password).

 

Upgrade Win 10 Home to Pro

9 May

This assumes you are eligible for hardware based entitlement to Win 10 PRO

Enter the default Windows 10 Pro product key:

VK7JG-NPHTM-C97JM-9MPGT-3V66T

Below message is shown

4-upgrade-edition.png

Click Start Upgrade, and after a few minutes, the system restarted. As soon as I connected to the Internet, the Windows activation process checked my hardware against Microsoft’s servers. Because this hardware was already recorded with a digital entitlement to Windows 10 Pro, I was activated immediately, without the need to enter a product key.

internal-error-missing-template-err_connect_fail-meraki-mx100

28 Feb

just disable the safe search settings

Removing Inactive Domain Users from Global Address List – Azure AD SYNC

2 Feb

Generally speaking, we can use “Hide from Exchange Address lists” to achieve it.
You can hide the account from the Global Address List in Office 365 by setting the msExchHideFromAddressLists attribute for the object to “true” in their on-premises Active Directory. The prerequisite is that on-premises AD schema is extended for Exchange. You can open the Properties of this accout, and then locate the Attribute Editor tab to check this attribute.

Please refer to this article to see the attributes that are synced from local AD to Windows Azure Active Directory: http://social.technet.microsoft.com/wiki/contents/articles/19901.dirsync-list-of-attributes-that-are-synced-by-the-azure-active-directory-sync-tool.aspx

You can see the attribute msExchHideFromAddressLists is listed on the table.
After that, please force DirSync to update the change, and then wait a little time

Office 365 Calendar sharing – share to a group of people within organisation

2 Feb

Good discussion about sharing calendars with distribution groups and why it doesnt work!

https://community.spiceworks.com/topic/1747210-office-365-calendar-sharing-share-to-a-group-of-people-within-organisation