Forum Discussion
Remove On Premises exchange Hybrid and go fully Online
Hi Prashant.
In the scenario you described and concluded by asking "Not sure what you would gain by removing that exchange server" I would like to in turn ask what do you gain or lose by removing that server?
We want to remove as much of our On-Prem as possible and my task is to decommission our On-Prem Exchange altogether and rely solely on the cloud.
Thanks,
Carlos
Hello Carlos,
it is pretty clear at the moment that maintaining one last Exchange server just for management purposes is the supported way to go when you like to synchronize your active directory users and their attributes to Azure AD.
Sure many guys are going to say that you can use ADSI, third-party tools or even nothing to manage your Exchange users in Office 365 BUT the question is, is it really bothering you to keep a last virtual machine with 2 CPUs and 4 GB RAM to be in a supported scenario for your business critical application like mailing ? It will be also more comfortable for your exchange administrators or even just system administrators to manage your exchange objects, even those are in the cloud, Office 365, or on-premises like function mailboxes. Keep in mind that for that purpose the Microsoft provides an Exchange hybrid key to license your on-premises Exchange server. That on-premises server could also be used as SMTP server for on-premises devices like FAX or printers or even on-premises applications that need an SMTP server to send e-mails, think about your NAS System, your firewall etc.
If on the other hand, you would like to go FULL Cloud there is also an option for "small" companies called Microsoft 365 Business. With that license you can join your devices to Azure AD, your mailboxes are hosted in the cloud, you don't have to synchronize anything and you can manage your computers and devices through Microsoft Intune. Almost no server at all on-premises, but again, it depends on your environment, the use case and what are you trying to achieve.
If you don't mind to provide me few more information around your environment, even in a personal message, and I would be glad to share with you my experience and talk about what were the best options for your environment.
Kind regards
Spiros
I'm in the last steps of our migration from on-premise Exchange Server 2016 to Office 365.
I am honestly very surprised that demoting your on-prem Exchange server after moving all content to the cloud is an unsupported scenario.
For me at least, reducing our on-premise Windows and Exchange server footprint was one of the major reasons for migrating to the cloud in the first place.
Keeping a resource hog and patch management nightmare like Exchange server around in order to manage my cloud email accounts seems to defeat the entire purpose of moving to the cloud in the first place.
I'll go the unsupported path, decommission the on-prem Exchange and simply manage my user accounts using the attribute editor from Active Directory Users and Computers.
The handful of instances where I had to rely on Microsoft's paid support were really not worth the bother, so nothing ventured, nothing gained, I guess?
Dominik Wagner I agree completely with the idea that moving to the cloud and decommissioning the on-premise Exchange server regardless of whether or not Azure AD sync is enabled or being used should be a supported scenario. I mean my lord MS has done nothing but shove moving to the cloud down our throats so why not create a scenario where we can succumb to this methodology once and for all and get rid of our on-premise servers completely? Makes no sense. I think, in the future, we will see this very thing they're just ignoring the obvious for now as they figure it out. Also, for the record, I like Azure AD sync for one reason and one reason only: single sign-on for our users with their new O365 licenses and applications for all their devices. We setup Azure AD sync immediately and then start buying subscriptions and pushing out the applications to the users. We can say "use your normal email address and password to activate" and the users can manage this without a support ticket being created. This is the REAL benefit of Azure AD sync. Sure, all my clients have on-premise Exchange currently and I'm trying to figure out the best method for upgrading to the cloud and all of this seems WAYYY to f****** complicated for what should be a simple process. They want the recurring monthly revenue model, yet still make it a pain in the a** to migrate!
I have several Exchange servers in Hybrid configuration and I now believe this was a mistake. I should have simply created the cloud account(s), added the subscriptions, created the mailboxes and configured their Outlooks (after updating DNS records). Then I could just import their PST files. I did this exact scenario last week for a two user client and it worked perfectly. So for a 25 user or less client this is the method I would choose moving forward. However, now I have several Exchange servers that I'm scared to death to uninstall the Hybrid Config or decommission because I followed (blindly) the MS migration instructions and did as they said. STUPID and I should have known better. My way worked much better and faster. I guess I could manually cleanup Azure AD and delete all the accounts and start completely over with the clients I've already setup under Hybrid after removing Azure AD Connect and Hybrid Exchange, but seriously?? Has anybody tried to back out of this configuration yet and just start over? Something tells me THAT is definitely not supported. ha!
- Well, if you don't need local AD for anything, you can move to using only Azure AD after using Hybrid. Decommission Exchange, remove AD connect, decommision local AD, start creating users in Azure AD. You might first also Azure AD join all PCs. SSO should work also without local AD for Office 365 apps. I haven't tried this practically, but i think this should work. Hybrid is only forced to have something to edit Exchange settings of synced users.
Hello Dominik Wagner,
it is not exactly that way. Unsupported is only the scenario where you have Azure AD Connect tool synchronizing your on-premises Active Directory objects to Azure AD and also those objects are mail-enabled objects. If you don't synchronize your on-premises AD objects, for password sync etc, then you can just remove the last Exchange Server.
If on the other hand, you are on the need of synchronizing your on-premises AD objects and those are also mail-enabled objects then you should keep at least one hybrid Exchange Server on-premises. That Exchange Server, could be also a brand new Exchange 2016 with a hybrid key that you obtain from Microsoft at no cost, is not going to be any nightmare as you describe because you are not going to have any productive e-mail objects, like mailboxes, on that server. Either the cumulative updates should not be installed so often like in a production server because that server is there only for management purposes and does not host any critical e-mails objects. Either if that server gets destroyed or doesn't boot after a failed configuration-update it does not matter. Just install a new one and we are back in the game.
Please allow me to answer all your considerations if more exist.
Have a nice day mate
Kind regards,
Spikar
Hi Spikar,
thanks for your clarification.
Regardless, I've since removed the on-prem Exchange last Friday and haven't yet experienced any issues.
I'll keep using the AD attribute editor to modify email addresses. Since we're talking about 28 mailboxes in total, I should be able to handle it without creating any conflicts.
Should I encounter any insurmountable problems, I guess I can always simply add an Exchange server back to our domain.
Regards,
Dominik
