Autodiscover and SCP process RRS feed

  • Question

  • Hi All

    Hoping someone can confirm the exact process for SCP discovery as I thought I understood the mechanics, but being told otherwise by a third party company.

    To put some history and not make it too long a post, we already 3 domains, abc.local, xyz.local and new.local. abc and xyz are Exchange 2010 and new is Exchange 2016. We are migrating users from abc and xyz to new. Users have Win7 machines connected to abc or xyz where their mail is located. Both domains have the same primary email domain of No 2 people have the same primary and contacts on both sides ensure it gets routed to the right domain.

    Users now get a new Win10 PC connected to new.local but still login with their old accounts (i.e abc\user or xyz\user) to access their email in the old domain (user/resource forest style). This is all working fine by the way as we have mail enabled accounts with target addresses pointing them back to their Exchange 2010 mailbox. My understanding of this process is:

    1. When Outlook opens on Win10 in new.local it will query SCP records based on the domain the PC is in (new.local)

    2. SCP returns autodiscover for the new Exchange 2016 servers.

    3. Outlook uses the email address it found in abc or xyz to query Exchange 2016 and finds a mail enabled object for

    4. The target address on the mail enabled account then tells Outlook to query abc.local or xyz.local to get to the relevant mailbox.

    A simplified example I know but my concern is around point 1. Is it true that the first SCP query is workstation domain based (i.e. look for SCP in new.local) and not based on any email domain at this point?

    The reason I ask is that to migrate I'm being told that SCP records in new.local can be crafted to send users to either abc.local or xyz.local and we no longer need mail enabled accounts to route users to the old system, but I think if all 3 domains are using the same primary email domain ( this won't be possible. I can understand routing to one or the other but not either based on how you login. 

    Apologies if it's confusing, as it is fairly complex and I've probably tried to simplify the detail a little too much.



    Wednesday, August 3, 2016 2:42 PM


All replies

  • Hi,

    In an Exchange 2016 Coexistence Environment with Exchange 2010,when the user connect to new.local but still login with their old accounts,exchange 2016 will perform a proxy request, proxying the HTTP session to the exchange 2010 server that hosts the mailbox.

    So I think it is normal that the SCP records in new.local can be got by users in exchange 2010.

    In addiction,I have found the following articles for your reference:


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact

    David Wang_
    TechNet Community Support

    Friday, August 5, 2016 1:13 AM
  • Hi,

    How about the issue?

    Are above replies helpful to you?

    If the issue is resolved,please mark some helpful replies as answers,that will encourage people to take time out to help you. 


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact

    David Wang_
    TechNet Community Support

    Thursday, August 11, 2016 9:30 AM
  • Hi David

    Thank you for your response. Yes I have seen those articles and you are correct in that once Oulook has the users details Exchange 2016 will indeed proxy the request to the Exchange 2010 servers and hence the users mailbox that is setup in the target or external address.

    What I am trying to find out is the mechanics well before this. I know that Outlook will do an LDAP query to the computer domain (new.local) for the list of SCP records that allow it to point to Exchange 2016 in new.local (autodiscover records). I'm presuming that the credentials that it uses to query AD for the SCP list are the ones the users use to login to the old domain (i.e. abc/user). I believe that due to this we can lock down SCP records on a domain basis, so if you login with say abc/user you will only get the SCP records that allow abc to access and those SCP records can be edited to point the user back to abc.local. In the same vein, other SCP records are locked down to say xyz domain users that will point them to Exchange in the xyz domain.

    I'm now digging into the actual MS protocol docs to see if I can confirm this.



    • Edited by Palace Thursday, August 11, 2016 12:30 PM
    Thursday, August 11, 2016 12:27 PM