Forum Discussion
Remove On Premises exchange Hybrid and go fully Online
Hi Keith,
Been through the comments in your thread and reminded me of my previous project where the customer stated to go fully online after moving the last mailbox to the cloud since they were using a hosted mailbox solution and had to continue paying if they wanted the hybrid to remain.
We did the following
1. Remove the hybrid relationship between the hosted exchange and the Office 365
2. Change DNS records to fully go O365 based ( autodiscover, SPF, DKIM, MX )
3. Update the AAD connect to only use the the current primary AD Forest for sync.
The customer's team had no issues in updating required attributes using AD. But Microsoft FastTrack came back stating that if we do the O365 with only an AAD Connect in place and no exchange server then it puts us in an Un-Supported platform when you call Microsoft for any help.
What they suggested is that you need to have Exchange installed atleast to make sure that your Schema supports the right attributes and that the exchange server should be used to provision the mail enabled accounts so that the right attributes are synced to the cloud.
I do have an email from FTC, but unfortunately cannot share it in public as the information contains customer sensitive information in it.
To end the story with that customer, we ended up installing a minimal exchange server and back to hybrid configuration to make sure that the configuration is still supported.
Not sure what you would gain by removing that exchange server unless its a high dependency on some resources, costs etc, i would suggest to leave the hybrid ON. It can also be used as an email relay within the organization. You can trim down the hardware and give just the bare necessary requirements in it.
Hope my previous situation and its outcome helps you.
Regards,
Prashant
- BrianSmithJan 07, 2019Copper Contributor
I have a scenario somewhat similar. All mailboxes, DL's, and contacts are in the cloud. I'm using AADSync to sync passwords to Azure AD. All email management is done in the cloud, nothing in on-prem Exchange. What's the need to keep the on-prem Exchange other than Microsoft's "Because I said so"?
Some replies say that it's minimal, but it's more than that. It's an OS license, it's patch management, it's still uses resources, still needs to be backed up. There is still a lot of maintaining there. I want the on-prem gone since it's not being used.
Also, we don't use AD FS and all DNS records, MX, autodiscover, cname, etc, have been pointed to O365.
- Dominik WagnerJan 08, 2019Copper Contributor
BrianSmith wrote:I have a scenario somewhat similar. All mailboxes, DL's, and contacts are in the cloud. I'm using AADSync to sync passwords to Azure AD. All email management is done in the cloud, nothing in on-prem Exchange. What's the need to keep the on-prem Exchange other than Microsoft's "Because I said so"?
Some replies say that it's minimal, but it's more than that. It's an OS license, it's patch management, it's still uses resources, still needs to be backed up. There is still a lot of maintaining there. I want the on-prem gone since it's not being used.
Also, we don't use AD FS and all DNS records, MX, autodiscover, cname, etc, have been pointed to O365.
I can only say that, so far, about 2 months into the transition I don't miss the on-premise Exchange server at all.
I've gotten used to simply managing our AD accounts using the attribute editor and syncing everything using AAD.
Of course, I don't know how things might eventually evolve over those next few years..maybe there'll be indeed a server-side change on Microsoft's part which would eventually require an on-premise Exchange server for necessary AD schema additions..but I'll cross that bridge when I come to it.
Like you said, keeping an on-premise Exchange around, even if just for management purposes, is just too much of a hassle and completely negates the primary motivation of moving everything to the cloud in the first place.
I really hope Microsoft corrects their stance on this particular issue, it really is quite bewildering.
- BrianSmithJan 08, 2019Copper Contributor
Being that I still have an on-prem Exchange server, I have not had the need to edit any attributes. Without the on-prem, what attributes are needing to be edited?
- Jan 07, 2019Basically, it’s for easier attribute creation and management and keep it a supported configuration according to Microsoft
- BrianSmithJan 07, 2019Copper Contributor
We don't edit any of the attributes. And all management is done in the cloud. All I need AADSync for password sync so I don't have to manage another password system.
I'm trying to grasp why in my environment I still need Exchange outside of Microsoft saying I do. If AADSync handles the password sync to Azure AD, no attributes are modified, and all management is done in the cloud, I see no further use for the on-prem Exchange.
- Carlos ViscarraNov 01, 2018Copper Contributor
Hi Prashant.
In the scenario you described and concluded by asking "Not sure what you would gain by removing that exchange server" I would like to in turn ask what do you gain or lose by removing that server?
We want to remove as much of our On-Prem as possible and my task is to decommission our On-Prem Exchange altogether and rely solely on the cloud.
Thanks,
Carlos
- Spiros KarampinisNov 09, 2018Brass Contributor
Hello Carlos,
it is pretty clear at the moment that maintaining one last Exchange server just for management purposes is the supported way to go when you like to synchronize your active directory users and their attributes to Azure AD.
Sure many guys are going to say that you can use ADSI, third-party tools or even nothing to manage your Exchange users in Office 365 BUT the question is, is it really bothering you to keep a last virtual machine with 2 CPUs and 4 GB RAM to be in a supported scenario for your business critical application like mailing ? It will be also more comfortable for your exchange administrators or even just system administrators to manage your exchange objects, even those are in the cloud, Office 365, or on-premises like function mailboxes. Keep in mind that for that purpose the Microsoft provides an Exchange hybrid key to license your on-premises Exchange server. That on-premises server could also be used as SMTP server for on-premises devices like FAX or printers or even on-premises applications that need an SMTP server to send e-mails, think about your NAS System, your firewall etc.
If on the other hand, you would like to go FULL Cloud there is also an option for "small" companies called Microsoft 365 Business. With that license you can join your devices to Azure AD, your mailboxes are hosted in the cloud, you don't have to synchronize anything and you can manage your computers and devices through Microsoft Intune. Almost no server at all on-premises, but again, it depends on your environment, the use case and what are you trying to achieve.
If you don't mind to provide me few more information around your environment, even in a personal message, and I would be glad to share with you my experience and talk about what were the best options for your environment.
Kind regards
Spiros
- Dominik WagnerNov 15, 2018Copper Contributor
I'm in the last steps of our migration from on-premise Exchange Server 2016 to Office 365.
I am honestly very surprised that demoting your on-prem Exchange server after moving all content to the cloud is an unsupported scenario.
For me at least, reducing our on-premise Windows and Exchange server footprint was one of the major reasons for migrating to the cloud in the first place.
Keeping a resource hog and patch management nightmare like Exchange server around in order to manage my cloud email accounts seems to defeat the entire purpose of moving to the cloud in the first place.
I'll go the unsupported path, decommission the on-prem Exchange and simply manage my user accounts using the attribute editor from Active Directory Users and Computers.
The handful of instances where I had to rely on Microsoft's paid support were really not worth the bother, so nothing ventured, nothing gained, I guess?
- Prashant DivakaranNov 08, 2018Brass Contributor
Hi Carlos,
Like you have mentioned, the only gain is to have 1 / 2 less server (s) to manage.
Downsides : - have seen them happen with customers
1. When we remove the server, then the SD or L1 guys who were used to provisioning mailbox/remote-mailbox or mail user with the exchange console will have to resort to manually populating the attributes (ADSIEDIT), which can be bothersome and some SD agents who are really beginners may not be comfortable doing that.
2. have had a detailed email from the FTC (fast track center) {we had planned and executed this for one customer like that} that removing the last server may be technically feasible, but MS PSS does not support when a customer has removed the last exchange server in hybrid and they "informed" in the email that to be supported by MS PSS we would have to re-install the hybrid server again.
Personally, if you ask me i would retain 1 single machine (which these days can be a high end laptop/desktop) to be in supported model rather than have nasty surprises when calling MS when you are in deep trouble with EMAIL system for something else.
Regards,
Prashant D
- Pete HarrisonNov 08, 2018Copper Contributor
I have found this thread very interesting. We are in a situation where our on prem server is so old it's no longer supported. Therefore, we've been looking at decommissioning it. So we're partly not supported anyway!
Regards
Pete
- Abdul KhanSep 28, 2018Copper Contributor
Gentlemen,
Thank you for this valuable info first of all. Secondly, I am with the school of thought that you can keep managing attributes in AD especially the mail ones like proxyAddress and targetAddress attributes. Having your last Exchange server around is unnecessary to me personally as the simple process of create accounts and syncing attributes is simple enough to provision mailboxes in Exch Online.
However, I can assume why Microsoft has given us a blanket answer for keeping ONE last Exch server around. The answer being that while MS goes around updating exchange server versions behind the scenes for all the client tenants. They may introduce new attributes (perhaps?) that only Active Directory may not house. I am talking about msExch attributes which is a big deal. Having a gap say between customers decommissioning from an Exchange 2013 hybrid while Exch Online will be running 2019 for a customer tenant. This is a dangerous gap to have... wouldn't you all agree? With having one exch server around, the onus will be on the customer to eventually upgrade the AD schema and employ such newer attributes to take advantage of features in Exch online. I hope I make sense in my assumption. What are your thoughts?- Ian MoranSep 28, 2018Iron Contributor
Everything you say makes sense, but it all comes down to running an environment supported by Microsoft. This may or may not matter in some scenarios but for me anyway I'd rather be managing a supported setup.
I'd highly recommend having a look for Hybrid related sessions coming out of Ignite 2018 as the story may have changed somewhat.
Ian
- GregMillerOregonOct 04, 2018Copper Contributor
I am just now looking into doing a O365 migration and when you look at the MS documentation they really push the Hybrid path for any site over 150 users, but it doesn't talk in the migration planing guides about the issues with decommissioning. Only because I am doing a lab setup and I am getting to the decommissioning faze with that, that I running across this.
It seems like if this is the migration scenario they are going to push they need to do some more work on getting it so you can really do a clean cut at the end.