Forum Discussion

Keith Caines's avatar
Keith Caines
Copper Contributor
Jan 09, 2018

Remove On Premises exchange Hybrid and go fully Online

Hello,   I currently have a scenario where there is a Hybrid Exchange environment with 1 server. All my mailboxes have been migrated online.   I would like to completely remove dependency on ...
exchange
hybrid
On-Premises
DBVW_George's avatar
DBVW_George
Copper Contributor
May 07, 2019

I'm getting ready to migrate my Exchange Server 2013 to Exchange Online in about 8 weeks.  What if I don't implement Azure AD Connect, and simply manually configure the passwords online to match the passwords in on-premises AD?  With only about 30 users, it would be easier for me to simply configure the same passwords in Azure AD manually (for the convenience of my users) than it would be to have AD Connect take care of that, but then have to continue maintaining the on-premises Exchange Server.  Do I have to implement Azure AD Connect for some reason?  And if not, and I don't, can I then do all my email admin (e.g. aliases, email addresses, hide from address book, distro groups, etc.) online?

adam deltinger's avatar
adam deltinger
MVP
May 07, 2019
Are you keeping your on premises AD?
  • DBVW_George's avatar
    DBVW_George
    Copper Contributor
    May 08, 2019

    adam deltinger 

    Yes, we will keep on premises AD.  I would keep Exchange Server on premises except given our size and the new hardware requirements for Exchange 2019, and our upgrade cycle, it's now more cost-effective to move Exchange to the cloud.

    • adam deltinger's avatar
      adam deltinger
      MVP
      May 08, 2019
      Ok! Just do as Said above or do a cut over migration! Keep ad connect for synvinkel users, but keep in mind you Will run in a nån supported mode
      • wroot's avatar
        wroot
        Silver Contributor
        May 08, 2019
        In his first message he mentioned that he doesn't want AD Connect and rather would set passwords manually in Azure AD. But if local AD is left in place (i assume for some legacy apps), then without AD Connect he will have to manage same user twice in local AD and in Azure AD. Same goes with the passwords. I don't think this is feasible to have users to reset passwords themselves (as they would have to do this twice and also understand the difference). So all secrecy management will be in one person's hands. Not ideal, but hey, it's your company :) In that case running a non-supported mode without local Exchange is the least problem. And one can argue (i had a fierce back and forth recently with one allegedly working with MS in the past person, who claimed MS is not really enforcing non-supported policy in any way when investigating cases, but i'm not sure if you can trust someone on the internet claiming something). I have this unsupported version for a few years and Ms never asked me about it or declined support. Granted, we didn't have any critical issues.

        Also, i haven't used cutover migration, so i don't know if it can work this way (without identity sync between local AD and Azure AD), but from i have read about cutover, it must be done quickly all in one run and there can be delays with emails, when staged can be spread to weeks and months and you can move mailboxes in small batches without almost any disruption to users.

Resources