In April, we released an update to the Management tools in Exchange Server 2019 that enables organizations that use Azure AD Connect and sync their Active Directory to manage Exchange recipients with...
Updated Aug 15, 2023
Version 7.0
Blog Post
Hello again.
Just FYI, after some testing in an Exchange test environment we tend to agree with this blog post here (and not with the newer document in the link above, which states that you can never run Exchange Server again). As it stands, at least in practice, a "...Prepare Active Directory and then install Exchange Server 2019..." is quite feasible and working.
More than that, it must be working (to some degree at least).
We have found out that even the installation of the pure Management Role expects a "prepared AD", so if you ran the CleanupScript before, you have no choice but to run PrepareAD again! Which in turn recreates much of the classic Exchange objects, including containers, groups, permission assignments in AD, etc.
This makes this role (or the current implementation of the "minimal role" concept) a bit awkward. Every time you want to install another management servers/computer (and this can happen more than once in the course of years), you must necessarily re-prepare the AD and afterwards re-run the CleanupScript! Not to mention the practical implications for all this in an AD with active security tiering concept (aka tier model, aka Enterprise access model; neither CleanupActiveDirectoryEMT.ps1 nor Add-PermissionForEMT.ps1 seem to be really built for this scenario, but that's another story).
The_Exchange_Team
At least that's our view of things and the result of our tests. If we have misunderstood something, please correct us.
Just to be clear: we really appreciate the idea of a pure Management Role. And we will use it. But the implementation and use is currently more complicated than it seems.
Thank you