When demoting a server from an existent Active Directory you will be prompted for the credentials with an error saying
The Operation failed because: The attempt at remote directory server to remove directory server was unsuccessful. “Access Denied”.
This issue is due to the fact that the object is set with
Protect object against Accidental Deletion
To fix this open
Active Directory Sites and Services. Find the server which you are trying to demote and expand it. Right click on
NTDS Settings and click on
Properties. Click on the
Object tab and un-tick the
Protect object from Accidental Deletion.
Retry the demotion and it will work. If it doesn’t then check the
Active Directory Users and Computers and check if the computer account has the
Protect object from Accidental Deletion enabled. Make sure to click on
You will notice that the AzureAD Sync tool stopped synchronizing and in the Office 365 portal under Health Directory Sync Status you will notice the error message Warning: no recent synchronization under Password Sync.
In Powershell when you run the
Start-ADSyncSyncCycle you will get the below error
Warning: no recent synchronization
Start-ADSyncSyncCycle : System.InvalidOperationException: Scheduler is already
suspended via global parameters.
To fix this, simply open Powershell and run the below command.
Set-ADSyncScheduler -SchedulerSuspended $false
After it completes, re-run
Start-ADSyncSyncCycle and it will work.
When having a local setup of Exchange and you want to migrate to Office 365 while leaving the local Exchange in place, you will have problems with autodiscover still pointing users to the local Exchange setup. If you don’t do the below, Outlook will still try to connect to the old Exchange server.
To stop the Autodiscover, open ADSIEDIT.MSC from the Active Directory server and delete the below entry so that the local SCP entry is skipped.
Select the “Configuration” naming context
CN=Exchange Administrative Groups\
And delete the CN= of class serviceConnectionPoint
Since Outlook uses SCP as well, you might want to run this registry update on the local machines.
(The version number varies depending on your Office application version)
– Navigate to HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover
– Create new DWord ExcludeScpLookup
– Set the DWord as 1
After this, try to ping autodiscover.mydomain.com to ensure that it’s pointing to the Office 365
You can also do the following maybe it will help more. These should be created under the AutoDiscover Key