We recently migrated to hosted Exchange and we're having problems with autodiscover using the SCP from our internal Exchange environment and locking out users whose hosted Exchange password is different from their AD password. In DNS I've set a CNAME record for "autodiscover" pointing to the hosted provider, but the domain computers are still querying the SCP first, getting locked out and then finally connecting to the hosted provider's autodiscover. So far, e-mail works fine, autodiscover is working fine, but users with mismatched passwords are getting locked out every hour.
I managed to find the SCP attribute in ADSS and the serviceBindingInformation attribute that points to the local autodiscover url. My question is, what would happen if I changed this attribute to point to my hosted provider's autodiscover url, would it achieve what I'm trying to do? If not, is there a way I can disable domain clients from querying the SCP to get autodiscover information and just go straight to DNS?
