Installing Hybrid Exchange Retrospectively?

Brass Contributor

Just curious, and wondering if anyone has tried this, but:


If you have an O365 Tenant with Azure AD Connect syncing on premises AD, with mailboxes green fields-ly created Cloud Only; can you still install a Exchange 2016 server on premises and configure a Hybrid Environment?


Will this cause all sorts of problems (soft matching, or manually entering the attributes, etc) or will it just work? 

3 Replies

Technically, you can, but what's the end goal here? You want to move the mailboxes on-premises? You want to host some mailboxes On-Prem? You want to manage them via the On-Prem tools? Depending on your goal, you might need to create a representation of any cloud mailboxes in the on-premises AD, which might involve soft/hard-matching. At the very least, you will have to reconfigure AAD Connect after extending the AD schema.

The main objective is for management; just to make it easier for others to create new ADusers & O365 Mailboxes in future.

Since Exchange was never used previously (Lotus Notes) what can I expect to break? :)
Will it just be a case of modifying/adding attributes for the ADusers to be able to match with the mailboxes in Cloud?

Well it's  hard to guess as I have no idea how your AD looks like, but in general, it's doable and shouldn't break things. The first thing you need to do is extend AD with the Exchange schema attributes and refresh the AAD Connect schema. This will allow you to edit all the Exchange related attributes from on-premises. You can "match" the already existing users and have everything managed centrally from AD.


From there, you can decide which route to take in terms of actual management. Hybrid is not a requirement for that. Technically, you can manage everything just fine once the schema is extended, as long as you feel comfortable using ADUC or PowerShell to do so. You don't even need to have an Exchange server installed, just the schema. The problem with this approach is that is not supported by Microsoft, meaning if you run into some issue, they might deny you support. If you want to be in supported configuration, you need to have at least one Exchange server for management purposes. But that adds some overhead, and some organizations prefer to simply use the AD tools instead.