Home

Retiring our hybrid Exchange Server

%3CLINGO-SUB%20id%3D%22lingo-sub-7979%22%20slang%3D%22en-US%22%3ERetiring%20our%20hybrid%20Exchange%20Server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-7979%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20almost%20done%20migrating%20all%20of%20our%20Exchange%20on-premise%20mailboxes%20to%20Office%20365%20and%20want%20to%20retire%20the%20on-prem%20Exchange%20Server.%26nbsp%3B%20In%20previous%20posts%20in%20the%20Yammer%20IT%20Pro%20group%20some%20said%20that%20this%20should%20not%20be%20done%20because%20some%20attributes%20for%20synched%20on-prem%20Active%20Directory%20accounts%20cannot%20be%20managed%20via%20the%20Office%20365%20Admin%20console.%26nbsp%3B%20However%2C%20I%20could%20not%20find%20details%20on%20which%20attributes.%3C%2FP%3E%3CP%3EWe%20opened%20two%20tickets%20with%20Microsoft.%20One%20pointed%20us%20to%20a%20technet%20article%20that%20in%20general%20terms%20says%20you%20should%20not%20retire%20the%20on-prem%20Exchange%20server%20if%20you%20are%20still%20synching%20accounts%20from%20on-prem%20A.D.%2C%20but%20with%20no%20details%20on%20which%20attributes%20we%20would%20care%20about.%26nbsp%3B%20Another%20ticket%20asking%20about%20licensing%20for%20a%20server%20with%20no%20remaining%20email%20accounts%20got%20a%20response%20that%20we%20should%20just%20retire%20the%20on-prem%20server.%3C%2FP%3E%3CP%3EAny%20insights%20on%20what%20specific%20functions%20are%20still%20needed%20from%20an%20on-prem%20Exchange%20server%20at%20the%20end%20of%20the%20hybrid%20migration%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-283121%22%20slang%3D%22en-US%22%3ERe%3A%20Retiring%20our%20hybrid%20Exchange%20Server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-283121%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20I%20was%20curious%20how%20this%20went%3F%20Any%20documentation%20on%20the%20process%20of%20properly%20removing%20the%20on-prem%20Exchange%20server%20from%20the%20mix.%20I%20know%20it%20isn't%20just%20shut%20it%20off.%20I%20still%20have%20a%20Windows%20Server%202008%20R2%20running%20Exchange%202010%20that%20I%20want%20to%20get%20rid%20of%20but%20I%20want%20to%20make%20sure%20I%20don't%20break%20anything%20in%20the%20process.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-14392%22%20slang%3D%22en-US%22%3ERe%3A%20Retiring%20our%20hybrid%20Exchange%20Server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-14392%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%26nbsp%3Bconsulting%20with%20some%20Exchange%20experts%2C%20we%20have%20decided%20to%20go%20ahead%20and%20decommission%20our%20Exchange%20Server%20on-premise%20as%20soon%20as%20we%20get%20the%20last%20few%20email%20accounts%20moved%20to%20the%20Cloud.%26nbsp%3B%20We%20will%20add%20a%20SMTP%20service%20to%20another%20existing%20server%20for%20relaying%20emails%20to%20the%20Office%20365%20Exchange%20Server.%26nbsp%3B%20The%20main%20step%20we%20were%20told%20we%20needed%20was%20to%20update%20Azure%20AD%20Connect%20to%20the%20latest%20version.%26nbsp%3B%20Then%20we%20should%20be%20able%20to%26nbsp%3Bperform%20pretty%20much%20any%20actions%20we%20need%20to%20do%20using%20the%20Exchange%20Admin%20Center%20and%20Power%20Shell.%26nbsp%3B%20One%20of%20the%20reasons%20we%20moved%20to%20Office%20365%20was%20to%20eliminate%20the%20need%20to%20maintain%20on-premise%20servers.%26nbsp%3BWe're%20following%20through%20on%20that%20goal.%26nbsp%3B%20Thanks%20for%20the%20responses.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-9436%22%20slang%3D%22en-US%22%3ERe%3A%20Retiring%20our%20hybrid%20Exchange%20Server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-9436%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3BIt%20looks%20like%20we%20may%20wait%20to%20retire%20the%20on-prem%20Exchange%20Server%20altogether%2C%20leaving%20a%20scaled%20down%20server%20for%20now%20to%20maintain%20attributes%20that%20can't%20be%20maintained%20online.%26nbsp%3B%20We%20can't%20convert%20the%20mailboxes%20totally%20to%20online%20since%20we%20still%20need%20the%20Active%20Directory%20accounts%20for%20access%20to%20other%20applications%20via%20AD%20security%20groups.%26nbsp%3B%20We%20are%20looking%20at%26nbsp%3Bconverting%20Distribution%20Lists%20to%20Office%20365%20Groups%20to%20remove%20a%20level%20of%20dependency%2C%20but%20are%20still%20working%20through%20Office%20365%20Groups%20governance%20(different%20topic).%26nbsp%3B%20We%20really%20do%20want%20to%20get%20rid%20of%20every%20possible%20extra%20server%20to%20reduce%20the%20maintenance%20load%20on%20our%20staff%20-%20one%20of%20the%20reasons%20we%20went%20to%20Office%20365.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-9332%22%20slang%3D%22en-US%22%3ERe%3A%20Retiring%20our%20hybrid%20Exchange%20Server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-9332%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20simply%20left%20an%20Exchange%20CAS%20server%20on-prem%20in%20our%20environment.%20It's%20a%20Virtual%20Machine%20and%20takes%20little%20resources%20and%20still%20allows%20us%20to%20edit%20Exchange%20attributes.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-9222%22%20slang%3D%22en-US%22%3ERe%3A%20Retiring%20our%20hybrid%20Exchange%20Server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-9222%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Drew%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20assume%20you're%20talking%20about%20this%20article%3B%20%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdn931280(v%3Dexchg.150).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdn931280(v%3Dexchg.150).aspx%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESupport%20is%20right%20in%20saying%20that%20while%20you%20have%20directory%20syncronisation%20turned%20on%2C%20it%20makes%20it%20difficult%20to%20remove%20the%20Hybrid.%20This%20is%20because%20the%20on-premises%20system%20is%20the%20%22source%20of%20truth%22.%20For%20more%20detailed%20information%20there%20is%20a%20MS%20blog%20article%20here%3B%20%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fexchange%2F2012%2F12%2F05%2Fdecommissioning-your-exchange-2010-servers-in-a-hybrid-deployment%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Fexchange%2F2012%2F12%2F05%2Fdecommissioning-your-exchange-2010-servers-in-a-hybrid-deployment%2F%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you're%20not%20hosting%20any%20production%20mailboxes%20in%20the%20environment%2C%20and%20do%20not%20have%20licenses%2C%20then%20you%20might%20be%20entitled%20to%20a%20license%20if%20you%20need%20to%20maintain%20Hybrid%20servers%3B%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fkb%2F2939261%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fkb%2F2939261%3C%2FA%3E%20however%2C%20i%20would%20confirm%20this%20with%20your%20licensing%20team%20and%20support%20staff.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-8457%22%20slang%3D%22en-US%22%3ERe%3A%20Retiring%20our%20hybrid%20Exchange%20Server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-8457%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20i%20understand%20it%2C%20retiring%20that%20Hybrid%20server%20is%20a%20one-way%20move%20that%20is%20fine%20if%20you%20never%20need%20it%20again.%26nbsp%3B%20i%20believe%20that%20at%20this%20time%20there%20are%20still%20many%20reasons%20to%20keep%20it%2C%20reporting%2C%20configuration%2C%20and%20%22horseshoes%22.%26nbsp%3B%20%22Horseshoes%22%20are%20those%20good%20luck%20charms%20that%20you%20keep%20in%20your%20pocket%20for%20miracles.%26nbsp%3B%20Aquistions%2C%20divestitures%2C%20new%20partners%2C%20and%20%22stuff%22%20that%20Exchange%20online%20just%20hasn't%20thought%20of%20yet.%26nbsp%3B%20Your%20Hybrid%20provides%20that%20opportunity%20for%20the%20unknown.%26nbsp%3B%20At%20least%20that%20is%20and%20has%20been%20my%20view%20so%20far.%26nbsp%3B%20Is%20Microsoft%20closing%20the%20gap%20quickly%20and%20removing%20the%20unknown%3F%26nbsp%3B%20Yes.%26nbsp%3B%20Just%20not%20quite%20there%20yet%20-%20David%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-8063%22%20slang%3D%22en-US%22%3ERe%3A%20Retiring%20our%20hybrid%20Exchange%20Server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-8063%22%20slang%3D%22en-US%22%3EYou%20can't%20edit%20any%20Exchange%20related%20attributes%20without%20on-premises%20Exchange%20admin%20tools.%20You%20can%20see%20when%20you%20try%20and%20edit%20some%20fields%20in%20Office%20365%20admin%20portal%20that%20you%20will%20get%20an%20error%20advising%20that%20the%20objects%20are%20synced%20from%20on-premises%20AD%2C%20and%20you%20will%20need%20to%20edit%20them%20on-premises.%20The%20only%20supported%20method%20of%20doing%20that%20is%20using%20Exchange%20tools%20(ie%20EAC).%20You%20can%20edit%20these%20attributes%20with%20ADSIEdit%2C%20but%20this%20is%20not%20supported%20by%20Microsoft.%3C%2FLINGO-BODY%3E
Drew Van Houten
Occasional Contributor

We are almost done migrating all of our Exchange on-premise mailboxes to Office 365 and want to retire the on-prem Exchange Server.  In previous posts in the Yammer IT Pro group some said that this should not be done because some attributes for synched on-prem Active Directory accounts cannot be managed via the Office 365 Admin console.  However, I could not find details on which attributes.

We opened two tickets with Microsoft. One pointed us to a technet article that in general terms says you should not retire the on-prem Exchange server if you are still synching accounts from on-prem A.D., but with no details on which attributes we would care about.  Another ticket asking about licensing for a server with no remaining email accounts got a response that we should just retire the on-prem server.

Any insights on what specific functions are still needed from an on-prem Exchange server at the end of the hybrid migration?

7 Replies
You can't edit any Exchange related attributes without on-premises Exchange admin tools. You can see when you try and edit some fields in Office 365 admin portal that you will get an error advising that the objects are synced from on-premises AD, and you will need to edit them on-premises. The only supported method of doing that is using Exchange tools (ie EAC). You can edit these attributes with ADSIEdit, but this is not supported by Microsoft.

As i understand it, retiring that Hybrid server is a one-way move that is fine if you never need it again.  i believe that at this time there are still many reasons to keep it, reporting, configuration, and "horseshoes".  "Horseshoes" are those good luck charms that you keep in your pocket for miracles.  Aquistions, divestitures, new partners, and "stuff" that Exchange online just hasn't thought of yet.  Your Hybrid provides that opportunity for the unknown.  At least that is and has been my view so far.  Is Microsoft closing the gap quickly and removing the unknown?  Yes.  Just not quite there yet - David

Hi Drew,

 

I assume you're talking about this article; https://technet.microsoft.com/en-us/library/dn931280(v=exchg.150).aspx

 

Support is right in saying that while you have directory syncronisation turned on, it makes it difficult to remove the Hybrid. This is because the on-premises system is the "source of truth". For more detailed information there is a MS blog article here; https://blogs.technet.microsoft.com/exchange/2012/12/05/decommissioning-your-exchange-2010-servers-i...

 

If you're not hosting any production mailboxes in the environment, and do not have licenses, then you might be entitled to a license if you need to maintain Hybrid servers; https://support.microsoft.com/en-us/kb/2939261 however, i would confirm this with your licensing team and support staff.

We simply left an Exchange CAS server on-prem in our environment. It's a Virtual Machine and takes little resources and still allows us to edit Exchange attributes.

 It looks like we may wait to retire the on-prem Exchange Server altogether, leaving a scaled down server for now to maintain attributes that can't be maintained online.  We can't convert the mailboxes totally to online since we still need the Active Directory accounts for access to other applications via AD security groups.  We are looking at converting Distribution Lists to Office 365 Groups to remove a level of dependency, but are still working through Office 365 Groups governance (different topic).  We really do want to get rid of every possible extra server to reduce the maintenance load on our staff - one of the reasons we went to Office 365.

After consulting with some Exchange experts, we have decided to go ahead and decommission our Exchange Server on-premise as soon as we get the last few email accounts moved to the Cloud.  We will add a SMTP service to another existing server for relaying emails to the Office 365 Exchange Server.  The main step we were told we needed was to update Azure AD Connect to the latest version.  Then we should be able to perform pretty much any actions we need to do using the Exchange Admin Center and Power Shell.  One of the reasons we moved to Office 365 was to eliminate the need to maintain on-premise servers. We're following through on that goal.  Thanks for the responses.

Hi, I was curious how this went? Any documentation on the process of properly removing the on-prem Exchange server from the mix. I know it isn't just shut it off. I still have a Windows Server 2008 R2 running Exchange 2010 that I want to get rid of but I want to make sure I don't break anything in the process.