Remove On Premises exchange Hybrid and go fully Online

Occasional Contributor



I currently have a scenario where there is a Hybrid Exchange environment with 1 server. All my mailboxes have been migrated online.


I would like to completely remove dependency on local AD and I do not care about AD synchronization.


How do I "tell" the O365 tenant not function on it's own so that I can manage 100% from 365 Administration?


I do understand that my MX and other DNS records will need to be changed.


Are there any solid guides out there on decommissioning the on premise exchange server. I want to do this with the least impact on users.





123 Replies

@Jeremy Bradshaw I would like to get rid of Exchange completely, I don't want it. I don't want to have to manage certificates, patches, CUs and upgrades every couple of years. I am paying Microsoft for a service and I don't want to duplicate it myself.

A big part (by my measure) of the fuss here is the writeback from EXO to on-premises, of certain attributes, including proxyAddresses. The legacyExchangeDN from EXO is written back as an X500 on-premises. That is handy for future offboarding. Yes agreed, to do that step manually if/when required would be simple, but having it done automatically is nice.

@Jeremy Bradshaw 


Sorry Jeremy, but I still don't get your point. While it makes perfect sense to put AAD Connect on the same server as Exchange, why buy an OS license just for AAD Connect? That's rather absurd since AAD Connect is not required to be on a separate server, only recommended. Exchange is REQUIRED to be on a separate server. The whole point of getting rid of Exchange is to get rid of another server to manage. There's no point in keeping a separate server around just for AAD Connect.

This a 15 user environment. I am not worried about offboarding. I want simplicity. I don't want Exchange onprem.


@Carol Chisholm @Jeremy Bradshaw


The whole 'issue' is centred around the fact that if you have got a hybris and move a mailbox to the cloud, the Azure AD has attributes to this fact.


The Azure AD is NOT Authoritative Directory Source for the account that has been Synchronised to Azure AD from the Local AD.


Therefore the ANSWER lies in changing the Authoritative Source of the User Attributes in the Azure Active Directory.


By stopping AADSync from local to the cloud, you stop replication of attributes and switch the Authoritative Source to the Azure AD for the accounts. Read up on SourceAnchor attribute

Right - Its Covid-19 lockdown here in Scotland And the the sun is shinning for a change - so I am off out for fresh air and excercise @Richard_Pettigrew 

I am going to have to agree that you have a point... if your environment is right down to this level of cleanup for savings.

At that point though, it seems like you are getting close to just being able to decom AD altogether and go pure AAD. If you need DC's, I feel like there is an extra server license available in there somewhere. Maybe I'm being unrealistic?

@Jeremy Bradshaw Not really, this is a high tech manufacturing environment so enormous CAD design files that just do not work online. Heavy loaded ERP. No extra licenses. And above all don't want the costs and unpredictability of Exchange maintenance. Locally manufacturing equipment. Quality Control. It is not going in the cloud. I just want to get rid of Exchange and simplify. Licenses are all used and I don't want Exchange on an ERP system or on a heavily loaded mission critical file server. 

Sounds like a good idea, I am going to swim in my Swiss lake, pretty sure I told AAD Connect to manage the source anchor for me.

@Carol Chisholm 

Swiss lake, sounds lovely. Enjoy and good luck.

I still feel you should undo exchange hybrid connectors with exchange, remove AADSync, uninstall Exchange, then to keep password sync, re-instate ADDSync for purely password-hash only.


Or do not install AADSync and maintain local AD credentials seperately...

@Richard_Pettigrew I don't really want Azure to be the authoritative source. Many objects will only exist in the local AD. I just want to let O365 manage the Exchange bit. I am never going to bring Exchange back on-prem. (if anyone else wants to I will be retired by then). 

Ideally -

create an account on prem

put it in the sync group so AAD sync syncs if it needs to get email

assign a mailbox license in O365 if needed



@Carol Chisholm 

I would concur with that!

@Carol Chisholm We are an IT service provider and have moved a number of clients to Office 365 over the years. Most have been through methods other than a Hybrid Deployment (cut-over, staged, PST import, 3rd party tools, etc.); however, some have been via Hybrid Deployment. I was directly involved (years ago) with the migration (using a Hybrid Deployment) for two clients, one with 17 mailboxes and one with 122 mailboxes. In both scenarios we left an Exchange Server in the environment.


While I'm no longer involved with management of the mail environment for these customers, when I saw this conversation heat back up I asked our Director of Services during a call this morning if we still have the Exchange Servers in these customer environments, and if so, what do we use them for? He said we do still have them in the environment; however, he couldn't think of a single task we perform on the Exchange Server for day-to-day management. He said everything is done in either AD (with some attribute editing required) or Office 365. I asked if we did anything on the Exchange Servers when a employee is hired/terminated, and he said "no".


While it may just be my mind playing tricks on me (or old age), years ago I recall Microsoft somewhat promoting a Hybrid Deployment as a preferred migration method. Additionally, I seem to recall articles using terminology such as "Hybrid Migration" not "Hybrid Deployment". It seems "Hybrid" has been positioned as more of a state than means to an end. Or stated another way, there may never be a Microsoft provided solution for decommissioning all on-prem Exchange Servers once in a Hybrid Deployment. This may be because Microsoft doesn't view a Hybrid Deployment as many often do; as a way to easily move to Office 365 and get rid of on-prem Exchange.

To reiterate my older comments here, on my previous job we have decommissioned on-prem Exchange and used it this way for 2 years when i was still working there and for 2 next years i haven't heard from my ex-mates about any problems with that either. We even did it first as it was recommended by the official MS partners who helped with migration to O365 and EXO. They never warned us about this setup not being a supported one (which i now know is not supported). They showed us how to work with ADUC and some stuff we learned on our own (editing attributes, adding aliases, etc.). So with such a small userbase and limited resources i would just pull the plug on Exchange on-prem.


Btw, this obviously was the most popular question during Ignite 2019 and in blog post they promise (again) some solution in a year or so.

Hello to all,


please allow me to share with you the following article, it seems that it will be soon possible to remove the old Exchange server and stay supported from Microsoft :


Have fun!


Have you read that this was April's 1 joke? If this was possible it would be screamed at every corner :)

I opened a case... Here are some screenshots for your information. I have asked for validation that this is a supported scenario, but since I have  step by step instructions I think there might be some validity. 

Your comments? 


case 1.pngcase 2.pngcase 3.pngcase 4.png

Yes. Some validity. Don't know if MS will be pressured by these screenshots if they later refuse to provide support :) But i don't know who can provide a definitive answer here.

I think the case handler is quite new, But after a lot of clarification the instructions are pretty clear... 

@Carol Chisholm 


Interesting...these steps would seem to concur with my intial thinking and steps I suggested.


1. Means you can keep the current o365 tenant 

2. Means you can remove Exchange Hybridr setup

3. Means you can Uninstall Exchange

4. Means you can reconfig AADSync for only Password Sync or discontinue if you choose to eventially do away with any on-prem DC in the future.