How to decommission on-premises exchange servers and move completely to O365

Copper Contributor

We are currently using Exchange server 2013 in a hybrid setup with centralised mailflow through our on-premises servers.
All our mailboxes are in O365.
Following outbound connectors exist in O365:-
Office365 to Mimecast Journaling
Name RecipientDomains SmartHosts
---- ---------------- ----------
Office365 to Mimecast Journaling {journal.ourdomain.com.au} Mimecast Journaling Servers
Outbound to OnPremisesServerGUID {*} {OnPremisesServer.ourdomain.com.au}

Following send connectors exist on the on-premises exchange server with transport role:-
Identity AddressSpaces Enabled
-------- ------------- -------
Exchange On-Premise to Mimecast {SMTP:*;50} True
Outbound to Office 365 {smtp:OurO365TenantName.mail.onmicrosoft.com;1} True

We want to decommission the on-premises servers or may just retain 1 server for allowing relay from on-premises applications.
What will be the next step to decommission the on-premises servers?

I am thinking of following steps:-
1. Set up a connector in O365 to Mimemcast with "*" as the recipient domains and disabling the "Outbound to OnPremisesServerGUID" connector.
And then running the Hybrid configuration wizard to remove the centralised mail flow setting.
This should make the email flow from O365 directly to mimecast instead of going through on premises server.
I need to ensure that O365 spf is included in our spf.

2. Find out which applications are relaying through our on-premises exchange server and then make then relay through O365 using option 1 or 3 described in following article:-
https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-dev...

3. Change Mimecast to route mail to OurO365TenantName.mail.onmicrosoft.com rather then our on-premises servers.

Is that plan correct and what testing should be done at each stage?

9 Replies

Hi @m_c_7,

 

If you remove your exchange server you are in an unsupported configuration, please read more here https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange?redirectedfrom=MSDN

 

Best Regards,
Nuno Árias Silva 

@m_c_7 

 

The only way that you will remain supported when removing your final on-premises Exchange Server is by breaking the synchronisation between AD and Azure AD, and adopting a cloud only identity.  You will be missing out on the benefits of Seamless Sign Sign on if you do that however.

 

As already stated, leaving at least one Exchange Management server in place when your mailboxes are in Exchange Online, but the source of authority is on-premises AD is the supported position.  Gives you greater control of those on-premises attributes, and also allows you to use that Exchange Server for SMTP relay for your multi-function devices and any software which needs to send emails.

@PeterRising @Nuno Silva 

Thanks Peter and Nuno.

Based on this I am thinking of following revised plan:-

1. Set up a connector in O365 to Mimemcast with "*" as the recipient domains and disabling the "Outbound to OnPremisesServerGUID" connector.
And then running the Hybrid configuration wizard to remove the centralised mail flow setting.
This should make the email flow from O365 directly to mimecast instead of going through on premises server.
I need to ensure that O365 spf is included in our spf (for all our domains).

2. Leave current exchange server that relays mail on-premises. Does that only need the CAS role (exchange 2013)?

3. Change Mimecast to route mail to OurO365TenantName.mail.onmicrosoft.com rather then our on-premises servers.
4. Remove following connector from on-premises server to make it route mail through O365:
Identity AddressSpaces Enabled
-------- ------------- -------
Exchange On-Premise to Mimecast {SMTP:*;50} True

Do you see any problems with this plan.

@m_c_7 

 

The plan sounds good yes. Only other suggestion I would have is to install a new Exchange 2016 Server to be the hybrid management server.  If you have O365 Enterprise licences in your tenant you will be eligible for a free Exchange 2016 hybrid licence key (on the condition that no mailboxes are hosted on that server).  Running the HCW on the new Exchange 2016 server will detect this eligibility when you sign in to O365 and assign the licence.

 

Not an essential step, but it gives you the current supported hybrid configuration.  Once you have the Exchange 2016 server installed, you can move the arbitration and discovery management mailboxes etc over to it, and create a connector for SMTP relay.  Then you will be free to decommission the older Exchange Servers (assuming you have no remaining on-premises mailboxes of course).

Hi @m_c_7,

 

The process seems good for your scenario.

 

Best Regards,
Nuno Árias Silva 

@PeterRising @Nuno Silva 

Thanks Peter and Nuno.

thanks ...we might move the internal apps to O365 smtp relay to allow redundancy (as a single exchange server will not have redundancy)

But keep 1 server for mailbox management purposes.
Also, does this single exchange server (that we need to keep on-prem) need to have the CAS and mailbox server roles....or we can install the console only on this server for mailbox mgmt purposes only?

I am trying to see if MTA can be removed from the one server that needs to be left there.

@m_c_7 

 

You will need to install the mailbox role.  You can't install Exchange 2016 without it.  Exchange 2016 consolidates roles from previous versions into only two roles which are Mailbox and Edge Transport.

Hi @m_c_7,

 

As @PeterRising said, you will need to install the mailbox role to have a full exchange installed and supported.

 

Best Regards,
Nuno Árias Silva 

@PeterRising 

At the moment we will be keeping 1 exchange 2013 server (may upgrade later to 2016 and license it using HCW as per your advise). So I guess I will need both CAS and mailbox roles on it?

So is there no way to get rid of MTA on it?