Jan 09 2018 02:32 PM
Hello,
I currently have a scenario where there is a Hybrid Exchange environment with 1 server. All my mailboxes have been migrated online.
I would like to completely remove dependency on local AD and I do not care about AD synchronization.
How do I "tell" the O365 tenant not function on it's own so that I can manage 100% from 365 Administration?
I do understand that my MX and other DNS records will need to be changed.
Are there any solid guides out there on decommissioning the on premise exchange server. I want to do this with the least impact on users.
Thanks,
Keith
Nov 26 2019 09:44 PM
Feb 21 2020 12:25 PM
Feb 22 2020 03:44 AM
Well, I found answer to my query at this link - scenario 3 is the answer.
https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange?redirectedfrom=MSDN
Apr 20 2020 04:32 AM
Final stages question
Objective:
Manage all mailboxes and email functions in O365
On-prem Domain for local file shares
Password and ID sync for SSO
What I have so far
Exchange 2013 on prem
Hybrid config in Exchange
AAD Connect with Hybrid Exchange selected
Only users with mailboxes synced to O365 (all in one group)
All mailboxes in O365
SMTP connectors sorted
DNS directed to O365
No traffic on on-prem Exchange
What I thought I might do
Remove the Exchange Hybrid from AAD Connect
Remove the Hybrid config in Exchange
Remove the Hybrid connectors
Uninstall Exchange 2013
Your comments please?
Apr 20 2020 05:02 AM
Apr 20 2020 05:15 AM
Hi,
In my opinion, please do not remove your Hybrid Exchange completely instead keep its small footprint in your infrastructure.
Going forward, you should upgrade your Hybrid Exchange from Exchange 2013 to Exchange 2019 Hybrid. for this you can get Exchange Hybrid key from your Microsoft Account Manager or local Microsoft Licensing person (they can help you on this).
By upgrading your Exchange 2019, you would remain in supported state as referred in this post, scenario 3: https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange?redirectedfrom=MSDN
Let me know, how you go forward or need more assistance. Thanks.
Apr 20 2020 05:20 AM
@M. Sheeraz Ansari. we really do not want to have to maintain Exchange on prem.. not any version.
It is a very small site, we want to simplify. The onprem server is doing nothing at all.
So my question is about having moved everything to O365 and having nothing happening on the onprem server.
Can I
1. remove the "Exchange Hybrid" in AAD Connect
2. remove the hybrid and connectors in Exchange
3. Uninstall the onprem Exchange 2013
Apr 20 2020 05:28 AM
@Joe Wichowski Hi Joe, Thanks for your clear information. I am trying to get to your solution. I have got all my mailboxes moved, found all the funny SMTP connectors for devices, got al my DNS pointing to O365, nothing is happening on the onprem server.
I have tested everything ana as you say creating a local user works fine and they can get a mailbox once they are synched to the O365. If I chose not to sync a user that does not need a mailbox it can exsist locally (for managing a device say)
I have the latest AAD connect which has options for Hybrid exchange and Public folders selected.
I ma trying to acertain the order for removing stuff (the Exchange option in AAD Connect, the Exchange Hybrid stuff, and the on prem server), and ideas?
Apr 20 2020 05:28 AM
I've been fighting with this for over 2 years for the same reasons. The short answer is, Yes, you can, but you shouldn't. If you do remove Exchange and there is a problem with attributes not getting synced to Azure AD because Exchange has been removed, Microsoft will not support you if they determine that the problem is due to no on-prem Exchange in a hybrid environment. While MS is gracious enough to supply an Exchange license, they do not supply the OS license and supporting infrastructure. That's how Microsoft keeps keeps making money on an OS license that sits there and does almost nothing. Yet we now have countless lost hours of production and revenue to support a server that we can't get rid of.
Apr 20 2020 05:36 AM
Apr 20 2020 05:37 AM - edited Apr 20 2020 05:39 AM
Hi Carol, I understand your dilema. I have seen MANY people advise to retain an On-Premise Hybrid of Exchange Server so that User Mailbox attributes can be managed correctly. This is *technically* the correct thing to do.
However, as you indicate, you want to simplify. If you are happy to alter the AAD Sync to only a fileterd subset of attributes, you can probably go-ahead with your decommisioning plan.
You would want to set the AADsync to purely do a Password Hash Sync from Local to Cloud account based on a common attribute (email address/upn suffix) for example.
I beleive part of the issue is that in the Azure AD, the user account attribute which maintains which directry is authoritative for the attributes is set as your local AD. This needs switched to be the cloud instead.
This is what I am going to try in my lab:
Switch of AAD Sync completely and uninstall it fully, so that no attributes are sync-removed from cloud accounts by changes to local AD accounts, then remove Exchange Server from the local side. This I understand will force the Authoritative Source for account attributes to the Cloud Accounts and keep their Online Exchange attributes intact.
Next, remove Exchange as cleanly as possible (Use of ADSIEdit may be needed).
The Local AD accounts will have their Exchange attributes removed from the local AD doing this.
Finally, when you have cleaned up you only local server, re-instate Azure ADSync and configure for purely Password-Hash Sync to align credentials if needed.
In the project I am working on, there will be NO on-prem server providing any directory or fileshare facilities. All client computers will be directly joined to the Azure AD instead and a policy no local file storage implemented.
I hope this helps give you something to go on?
Apr 20 2020 05:40 AM
It is NOT recommended but still if you want to do that, follow these steps.
1. Remove the hybrid and connectors in Exchange - wait for couple of days if there is any issue - let us know or > if all good, go to step 2.
2. Uninstall the onprem Exchange 2013
3. Remove the "Exchange Hybrid" in AAD Connect
Apr 20 2020 05:44 AM
Apr 20 2020 05:48 AM
Apr 20 2020 05:48 AM
How do you figure that solves the OS license problem? The Exchange server still needs it's own OS so it still requires an OS license, no way to get around that since you cannot install Exchange on a DC. AAD Connect can be installed on a DC even though it's not recommended.
Apr 20 2020 05:50 AM
@Jeremy Bradshaw I can see that but you still have to do maintenance. Change certs every so often, apply CUs, mess around when updates don't work.
Has anyone done a comparison of these problematic attributes: what exactly is different between:
A. domain user (no exchange in domain) synched to O365 and given a mailbox there
b. user with on-prem mailbox hybrid migrated to O365?
At least we would know what to look out for! If it is just proxyaddress then what is all the fuss about?
Apr 20 2020 05:51 AM
Apr 20 2020 05:52 AM
Apr 20 2020 05:55 AM