Post Cleanup of Connectors, DNS & Cert with Hybrid Environment

Copper Contributor

I'm attempting to cleanup some DNS Records and understand what SAN(s) we actually need (or don't) for our Hybrid Environment.


1. No MB's On-Prem (it's been more than a year)

2. No Inbound mail (that I can think of)

3. autodiscover is pointing to O365

4. We still have our Hybrid's (2013); but just for Mgmt & as a mail relay for internal Servers/Services

5. We have 2 Hybrid's utilizing Windows Load Balance


O365 Portal Connectors:

1. O365 outbound to On-Prem is/has been disabled for some time (can/should I delete)

2. O365 inbound from On-Prem - enabled, but I don't believe it's being used (references old cert)

Any thought?


Hybrid Connectors:

1. Direct; Enabled - will not touch

2. Outbound to O365; Enabled - I don't believe, or not sure it's being used - is there a way to determine? Can it be disabled


Hybrid Cert SAN(s) Entries

1. autodiscover - upon renewal can this be remove/not renewed

2. Hybrid Load Balance VIP DNS Name - is this even necessary? We already have a separate DNS Name with same IP that we configure internal servers/services, so can I remove the SAN that refers to the WNLB "name"?

3. Is there even a need for this cert anymore, the only thing that I can this would be relevant is the Connector outbound to O365 which I'm not even sure it's being used (as mentioned above).


Any feedback would be grateful....













1 Reply

Have you gone over the "decommission hybrid" article?


It details what to with connectors, among other things. It doesn't look like you need any Hybrid functionality, but you will have to keep one of the Exchange boxes for management purposes. So scenario 2.