Outlook Profile Autodiscover Service, Order of Precedence, and Disabling SCP For Hosted Exchange/Office 365 Migrations

    When you install the Client Access server role on a computer running Exchange 2010, a default virtual directory named Autodiscover is created under the default Web site in Internet Information Services (IIS). This virtual directory handles Autodiscover service requests from Outlook 2007 or Outlook 2010 clients and supported mobile phones under the following circumstances:

    • When a new user account is configured or updated
    • When an Outlook client periodically checks for changes to the Exchange Web Services URLs
    • When underlying network connection changes occur in your Exchange messaging environment

    Additionally, a new Active Directory object named the service connection point (SCP) is created on the server where you install the Client Access server role. The SCP object contains the authoritative list of Autodiscover service URLs for the forest. You can use the Set-ClientAccessServer cmdlet to update the SCP object. For more information, see Set-ClientAccessServer. For more information about SCP objects, see Publishing with Service Connection Points.

    The following figure shows how a client connects to a Client Access server the first time from inside the internal network. For external access, or using DNS, the client locates the Autodiscover service on the Internet by using the primary SMTP domain address from the user’s e-mail address.

    The Autodiscover service process for internal access The Autodiscover service process for internal access

    If the SCP is not available, the client looks for a valid SSL certificate typically a CNAME record for autodiscover.outlook.com for Office 365  

    The Autodiscover service process for external access The Autodiscover service process for external access

    To Disable SCP, on a forest that is migrating to hosted exchange or Office 365, and you’re NOT using the Microsoft Online Migrations Tool(web based Office 365 tool), you may need to disable the SCP in your Active Directory by running the following command in the Echange Server Management Shell:

    Set-ClientAccessServer -Identity “SERVERNAME” -AutoDiscoverServiceInternalUri $NULL

    If you have multiple Exchange servers, You may need to run this replacing SERVERNAME with all the Exchange servers in the directory. If you don’t have access to the Exchange server, and it was not uninstalled properly, you can delete the SCP entries using ADSIEdit in the following container: CN=Autodiscover,CN=Microsoft Exchange,CN=Services, [Configuration Naming Context].

    Published on: .

    This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

    How can we help?


    Let's start a conversation

    location Agile IT Headquarters
    4660 La Jolla Village Drive #100
    San Diego, CA 92122

    telephone-icon + 1 (619) 292-0800 mail-icon Sales@AgileIT.com

    Don’t want to wait for us to get back to you?