Remove On Premises exchange Hybrid and go fully Online

Copper Contributor

Hello,

 

I currently have a scenario where there is a Hybrid Exchange environment with 1 server. All my mailboxes have been migrated online.

 

I would like to completely remove dependency on local AD and I do not care about AD synchronization.

 

How do I "tell" the O365 tenant not function on it's own so that I can manage 100% from 365 Administration?

 

I do understand that my MX and other DNS records will need to be changed.

 

Are there any solid guides out there on decommissioning the on premise exchange server. I want to do this with the least impact on users.

 

Thanks,

 

Keith

123 Replies

I'm getting ready to migrate my Exchange Server 2013 to Exchange Online in about 8 weeks.  What if I don't implement Azure AD Connect, and simply manually configure the passwords online to match the passwords in on-premises AD?  With only about 30 users, it would be easier for me to simply configure the same passwords in Azure AD manually (for the convenience of my users) than it would be to have AD Connect take care of that, but then have to continue maintaining the on-premises Exchange Server.  Do I have to implement Azure AD Connect for some reason?  And if not, and I don't, can I then do all my email admin (e.g. aliases, email addresses, hide from address book, distro groups, etc.) online?

Well, the whole reason to have passwords is that they are secret and admins shouldn't know them, because then you can't prove if something was done by a user or ad admin who knew the password. That being said, 10 years ago i knew passwords of every user in my company :) But we have long ago moved away from that practice. If you want, you can do that. I suppose you also want to manually export and import all the emails as well (PST or something). This will take some time, but with 30 users maybe not so long, especially if they don't have tons of emails (with manual migrating they would have to wait for the moving, this is disruptive). And then you may ask them to change their passwords. But then you will have two passwords for every user, one in local AD and one in Azure AD. Unless you plan to get rid of local AD along with Exchange 2013.
Are you keeping your on premises AD?

@DeepakRandhawa 
You had post a link for how to license a Exchange Hybrid Server. The License now is offered in the HCW (Hybrid Configuration Wizard). So I have to finish the HCW and implement a hybrid Exchange Organisation. Is it not possible to install the Exchange Server only for Management and without a hybrid Installation?

you don't have to configure hybrid, just run the HCW, license the server and close the wizard.

@adam deltinger 

Yes, we will keep on premises AD.  I would keep Exchange Server on premises except given our size and the new hardware requirements for Exchange 2019, and our upgrade cycle, it's now more cost-effective to move Exchange to the cloud.

Thanks @wroot-- good to know.  

 

I'm actually doing a cutover migration for the mailboxes.  There are only 30 or so, but the cutover migration seems the more efficient/less painful approach.

Ok! Just do as Said above or do a cut over migration! Keep ad connect for synvinkel users, but keep in mind you Will run in a nån supported mode
In his first message he mentioned that he doesn't want AD Connect and rather would set passwords manually in Azure AD. But if local AD is left in place (i assume for some legacy apps), then without AD Connect he will have to manage same user twice in local AD and in Azure AD. Same goes with the passwords. I don't think this is feasible to have users to reset passwords themselves (as they would have to do this twice and also understand the difference). So all secrecy management will be in one person's hands. Not ideal, but hey, it's your company :) In that case running a non-supported mode without local Exchange is the least problem. And one can argue (i had a fierce back and forth recently with one allegedly working with MS in the past person, who claimed MS is not really enforcing non-supported policy in any way when investigating cases, but i'm not sure if you can trust someone on the internet claiming something). I have this unsupported version for a few years and Ms never asked me about it or declined support. Granted, we didn't have any critical issues.

Also, i haven't used cutover migration, so i don't know if it can work this way (without identity sync between local AD and Azure AD), but from i have read about cutover, it must be done quickly all in one run and there can be delays with emails, when staged can be spread to weeks and months and you can move mailboxes in small batches without almost any disruption to users.

This seems like a great discussion to jump into:).. It's a debate that has been around for so long, and that will last forever (until Microsoft release the official answer someday as promised at Ignite 2017).

 

Most people in the camp of removing the last server like Dominik on this thread, have small environments that they manage either all by themselves or with a small crew who are all quite savvy.

 

As soon as your environment scales up, the ADSI Edit / Attribute Editor tab, other manual alternatives to EAC/EMC/ECP seem pretty burdensome.  Once you introduce a 3rd party tool, you're pretty much just as bad off as you would be with a single Exchange server, but less all of the benefits (such as Email Address Policies, super EASY SMTP relay server, EAC, super EASY offboard plan ready to go).

 

Since AAD Connect is not a bother for most, the final Exchange server (with complimentary Hybrid product key) can just go onto the AAD Connect box.  If you wouldn't be using the SMTP relay capabilities, or anything else other than recipient administration, you could spec the server just based on AAD Connect and not even worry about Exchange server performance.

 

I'm thinking (and this is where I change into speculation mode) Microsoft will introduce a new server role or new installation package for Exchange (or some awesome ClickOnce app like the HCW) that puts in place some kind of middle ground solution that will prevent every new wave of EXO customers from having this last-server-required-?!?! revelation and panicking about having to still keep Exchange alive.

 

As a final point (so many points have been made in this thread, both good and bad :) ), I think there is no reason to feel any kind of shock that a final server will still be required after migrating all your mailboxes to the cloud.  The truth is that Exchange is a one of kind product that has continuously beat out the competition globally forever (in email land).  It has several unique characteristics, and most of all for this topic, Exchange Online integrates with on-premises AD like nothing else.  It's not Gmail, which has no such on-premises equivalent that over time had to be transformed into a cloud product (while still also being an on-premises product).  The hoops that Microsoft would have had to jump through to get Exchange to where it is.... I think trump the hoop of having to keep a single Exchange server around.

Exchange hybrid scenario has been in existence for a while. It is high time for MS to support on-cloud only office 365 instead of hybrid. The whole point of managed PAAS solution goes for a toss, if we have to upgrade and maintain on exchange everytime version it expires. Upgrade and maintenance becomes nightmare if you have DAG. I would really prefer moving to cloud, even, if it includes buying license for Azure AD premium and managing AD directly from cloud, considering I dont have much of group policy hierarchy for MAC user and single tree group policies for servers.

 

Only reason I am keeping hybrid is the campaign mailbox which blast almost 2500 mails during the ad campaign for clients which is not supported by office365 as it considers it spam. I am planning to divide that to three of four mailbox as source campaign and workaround this.

If you have a DAG, and mailboxes on it, then you're keeping Exchange servers on-premises for reasons above and beyond the topic of this thread.

If you migrate all mailboxes, and no longer have any 'need' to have Exchange installed, that is this topic.
Let’s consider DAG as hypothetical scenario. Considering the growing PAAs solution on GCD, Azure to eradicate on premise footprint. Keeping and maintaining exchange server internally still defeats the purpose of paying license for manage solution and the license for internal exchange and windows server and hardware upkeep and still being worried about CU update or version compatibility of keep up sync with dynamically changing cloud version. Specifically, considering single oncloud solution for mobility, pstn on teams, collaboration, content management, digital data management office365 has come a long way for enterprise or small business to rely on single solution except this small snag of maintaining internal exchange server and support person
Let’s consider DAG as hypothetical scenario. Considering the growing PAAs solution on GCD, Azure to eradicate on premise footprint. Keeping and maintaining exchange server internally still defeats the purpose of paying license for manage solution and the license for internal exchange and windows server and hardware upkeep and still being worried about CU update or version compatibility of keep up sync with dynamically changing cloud version. Specifically, considering single oncloud solution for mobility, pstn on teams, collaboration, content management, digital data management office365 has come a long way for enterprise or small business to rely on single solution except this small snag of maintaining internal exchange server and support person kind of defeat the purpose of going cloud solution and eradicating local data room
Let’s consider DAG as hypothetical scenario. Considering the growing PAAs solution on GCD, Azure to eradicate on premise footprint. Keeping and maintaining exchange server internally still defeats the purpose of paying license for manage solution and the license for internal exchange and windows server and hardware upkeep and still being worried about CU update or version compatibility of keep up sync with dynamically changing cloud version. Specifically, considering single oncloud solution for mobility, pstn on teams, collaboration, content management, digital data management office365 has come a long way for enterprise or small business to rely on single solution except this small snag of maintaining internal exchange server and support person kind of defeat the purpose of going cloud solution and eradicating local data room

@Prasant Chettri I don't know if you know this but if you are paying for E3 monthly via Billing. Then your Exchange on-premise license is free. If you are only running Exchange Server for email infrastructure in your organization - then you need to pay for the Exchange License. Ask your Microsoft Licensing individual that is assigned to your organization. This model was adopted since 2018 and onwards.

Thanks for the info. I will reach out to MS to migrate and update on prem license from exchange 13 to newer version

@Keith Caines 

 

Just wondering how you got on with this?

 

I have to work out how to do this for a customer who has a very aging SBS2011 server with a Hybrid (exch2010<>o365) config. AAD is running also. Thus, is both an SBS 2011 Server Decommsion excercise and Hybrid-Removal because, the customer wishes to do away with the on-prem server and Local Active Directory ENTIRELY and go forward with Azure AD joined computers instead and Office 365 only, with no local AD Domain Servers or Windows Server at all.

Thanks

I beleive these actions can be completed with a powershell command or two!

@Joe Wichowski Are you uninstalling Exchange from these environments, or ghosting it? In our experience, when Exchange is uninstalled (single server environments); attribute values (such as proxyAddresses) were removed. We had to manually add the proxyAddresses back in.