Manual Removal of on-premises Exchange Organization

%3CLINGO-SUB%20id%3D%22lingo-sub-2211666%22%20slang%3D%22en-US%22%3EManual%20Removal%20of%20on-premises%20Exchange%20Organization%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2211666%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20everyone%2C%3C%2FP%3E%3CP%3EI%20have%20a%20hybrid%20setup%20with%20Exchange%202016%20and%20Office%20365.%20All%20of%20my%20mailboxes%20reside%20in%20the%20cloud%20and%20I%20only%20maintain%20my%20Exchange%202016%20server%20to%20provide%20management%20for%20accounts%20that%20sync%20with%20AD%20Sync.%20When%20going%20to%20apply%20the%20security%20update%20for%20the%20ProxyLogon%20vulnerability%2C%20I%20discovered%20that%20our%20Exchange%20server%20had%20been%20exploited%20on%202%2F28.%20I%20have%20found%20no%20evidence%20of%20post%20exploitation%20activity%2C%20but%20I%20do%20not%20feel%20confident%20putting%20my%20Exchange%20server%20back%20online.%26nbsp%3BIn%20light%20of%20that%2C%20I%20would%20like%20to%20turn%20off%20AD%20Sync%20to%20my%20O365%20org%20and%20remove%20my%20local%20Exchange%20org.%20Is%20it%20possible%20to%20remove%20the%20on-prem%20Exchange%20org%20manually%20after%20I%20disable%20the%20AD%20Sync%3F%20Are%20there%20specific%20pitfalls%20that%20make%20this%20more%20difficult%2Fproblematic%20than%20rolling%20back%20the%20on-prem%20to%20pre-exploit%20and%20removing%20Exchange%20gracefully%3F%20I%20understand%20that%20many%20things%20will%20need%20to%20be%20recreated%20in%20the%20cloud%20as%20a%20result%2C%20I'm%20just%20looking%20for%20some%20insight%20into%20removing%20my%20on-prem%20Exchange%20for%20good.%20Any%20advice%20is%20appreciated.%3CBR%20%2F%3EThank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2211666%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Visitor

Hi everyone,

I have a hybrid setup with Exchange 2016 and Office 365. All of my mailboxes reside in the cloud and I only maintain my Exchange 2016 server to provide management for accounts that sync with AD Sync. When going to apply the security update for the ProxyLogon vulnerability, I discovered that our Exchange server had been exploited on 2/28. I have found no evidence of post exploitation activity, but I do not feel confident putting my Exchange server back online. In light of that, I would like to turn off AD Sync to my O365 org and remove my local Exchange org. Is it possible to remove the on-prem Exchange org manually after I disable the AD Sync? Are there specific pitfalls that make this more difficult/problematic than rolling back the on-prem to pre-exploit and removing Exchange gracefully? I understand that many things will need to be recreated in the cloud as a result, I'm just looking for some insight into removing my on-prem Exchange for good. Any advice is appreciated.
Thank you.

0 Replies