Forum Discussion
Exchange Server 2013 Hybrid
Hello, I'd like to hear your opinion on the idea of decommissioning our on-premises Exchange 2013 CU23 and handling all our distribution lists through Entra (Azure AD). Currently, we're overseeing our distribution lists in our on-premises AD and employing a one-way sync with ADConnect. I'm wondering if it's feasible to transition everything to Azure. Is there a method to establish a two-way sync so that any alterations we make in Azure DLs or Exchange Online DLs created on-premises will synchronize seamlessly? Are there any recommended approaches for accomplishing this?
- Hybrid has nothing to do with having to manage DL's using in-prem tools. This is the result of you syncing them from on-prem to M365 using AAD Connect. If you want to manage the DL's in M365, you'll need to recreate them as cloud only and not sync them from on-prem AD. There's no way to sync the objects and still be able to manage them in M365. On another point, I would be looking to remove Exchange Server 2013 ASAP.....it's a security risk and needs to be removed by moving to Exchange Server 2019 or getting rid of Exchange on-prem totally
6 Replies
- Hybrid has nothing to do with having to manage DL's using in-prem tools. This is the result of you syncing them from on-prem to M365 using AAD Connect. If you want to manage the DL's in M365, you'll need to recreate them as cloud only and not sync them from on-prem AD. There's no way to sync the objects and still be able to manage them in M365. On another point, I would be looking to remove Exchange Server 2013 ASAP.....it's a security risk and needs to be removed by moving to Exchange Server 2019 or getting rid of Exchange on-prem totally
Is there a more straightforward process or specific steps for re-establishing them as cloud-only? I have a substantial number of Distribution Lists, including nested ones. Any guidance or references you could provide on this matter would be greatly appreciated.
I'd also like to mention that I've completed the migration of all mailboxes to Exchange Online. Initially, I've been creating our users in Active Directory and synchronizing them to the Cloud using AAD. In most cases, I've been able to manage them directly in the cloud. However, when it comes to Distribution Groups, even though they replicate in the cloud, they aren't manageable there. All DGs created in AD have to be managed in Exchange on-premises, either using ECP or EMS, which is currently unsupported by Microsoft.
I came across an article mentioning that if we're using AD Connect to handle user accounts in Active Directory, we need to retain at least one Microsoft Exchange server on-premises. This is to ensure we can still make changes to Exchange recipients in Exchange Online because the source of authority remains on-premises. Does this also apply to Distribution Groups? I assume that once we replicate the distribution groups in the cloud, those in Active Directory won't have as much significance. However, I recently realized there may be some settings in Active Directory for our Distribution Lists that might not be available in the cloud.
Arnold LopezDown the track there might be options to manage the source or authority for objects, but at this stage there aren't any options other than to recreate them. All objects synced to AAD/EXO from on-prem need to be managed on-prem with the exception of permissions, which are managed in the cloud.
You don't need to keep an Exchange server on-prem anymore, but you do need to use Exchange tools to manage mail related attributes. This is because other on-prem tools (ADUC, ADSIEdit) do not perform any error checking, so you could end up with invalid values for properties you update using these tools. You can find more information on removing the last Exchange server in a hybrid here