Jan 09 2018 02:32 PM
Jan 09 2018 02:32 PM
I currently have a scenario where there is a Hybrid Exchange environment with 1 server. All my mailboxes have been migrated online.
I would like to completely remove dependency on local AD and I do not care about AD synchronization.
How do I "tell" the O365 tenant not function on it's own so that I can manage 100% from 365 Administration?
I do understand that my MX and other DNS records will need to be changed.
Are there any solid guides out there on decommissioning the on premise exchange server. I want to do this with the least impact on users.
Apr 20 2020 05:59 AM
@Jeremy Bradshaw I would like to get rid of Exchange completely, I don't want it. I don't want to have to manage certificates, patches, CUs and upgrades every couple of years. I am paying Microsoft for a service and I don't want to duplicate it myself.
Apr 20 2020 05:59 AM
Apr 20 2020 06:00 AM
Sorry Jeremy, but I still don't get your point. While it makes perfect sense to put AAD Connect on the same server as Exchange, why buy an OS license just for AAD Connect? That's rather absurd since AAD Connect is not required to be on a separate server, only recommended. Exchange is REQUIRED to be on a separate server. The whole point of getting rid of Exchange is to get rid of another server to manage. There's no point in keeping a separate server around just for AAD Connect.
Apr 20 2020 06:02 AM
Apr 20 2020 06:02 AM
The whole 'issue' is centred around the fact that if you have got a hybris and move a mailbox to the cloud, the Azure AD has attributes to this fact.
The Azure AD is NOT Authoritative Directory Source for the account that has been Synchronised to Azure AD from the Local AD.
Therefore the ANSWER lies in changing the Authoritative Source of the User Attributes in the Azure Active Directory.
By stopping AADSync from local to the cloud, you stop replication of attributes and switch the Authoritative Source to the Azure AD for the accounts. Read up on SourceAnchor attribute
Apr 20 2020 06:05 AM
Right - Its Covid-19 lockdown here in Scotland And the the sun is shinning for a change - so I am off out for fresh air and excercise @Richard_Pettigrew
Apr 20 2020 06:06 AM
Apr 20 2020 06:12 AM
@Jeremy Bradshaw Not really, this is a high tech manufacturing environment so enormous CAD design files that just do not work online. Heavy loaded ERP. No extra licenses. And above all don't want the costs and unpredictability of Exchange maintenance. Locally manufacturing equipment. Quality Control. It is not going in the cloud. I just want to get rid of Exchange and simplify. Licenses are all used and I don't want Exchange on an ERP system or on a heavily loaded mission critical file server.
Apr 20 2020 06:16 AM
Apr 20 2020 06:20 AM
Swiss lake, sounds lovely. Enjoy and good luck.
I still feel you should undo exchange hybrid connectors with exchange, remove AADSync, uninstall Exchange, then to keep password sync, re-instate ADDSync for purely password-hash only.
Or do not install AADSync and maintain local AD credentials seperately...
Apr 20 2020 06:32 AM
@Richard_Pettigrew I don't really want Azure to be the authoritative source. Many objects will only exist in the local AD. I just want to let O365 manage the Exchange bit. I am never going to bring Exchange back on-prem. (if anyone else wants to I will be retired by then).
create an account on prem
put it in the sync group so AAD sync syncs if it needs to get email
assign a mailbox license in O365 if needed
Apr 20 2020 07:04 AM - edited Apr 20 2020 07:09 AM
@Carol Chisholm We are an IT service provider and have moved a number of clients to Office 365 over the years. Most have been through methods other than a Hybrid Deployment (cut-over, staged, PST import, 3rd party tools, etc.); however, some have been via Hybrid Deployment. I was directly involved (years ago) with the migration (using a Hybrid Deployment) for two clients, one with 17 mailboxes and one with 122 mailboxes. In both scenarios we left an Exchange Server in the environment.
While I'm no longer involved with management of the mail environment for these customers, when I saw this conversation heat back up I asked our Director of Services during a call this morning if we still have the Exchange Servers in these customer environments, and if so, what do we use them for? He said we do still have them in the environment; however, he couldn't think of a single task we perform on the Exchange Server for day-to-day management. He said everything is done in either AD (with some attribute editing required) or Office 365. I asked if we did anything on the Exchange Servers when a employee is hired/terminated, and he said "no".
While it may just be my mind playing tricks on me (or old age), years ago I recall Microsoft somewhat promoting a Hybrid Deployment as a preferred migration method. Additionally, I seem to recall articles using terminology such as "Hybrid Migration" not "Hybrid Deployment". It seems "Hybrid" has been positioned as more of a state than means to an end. Or stated another way, there may never be a Microsoft provided solution for decommissioning all on-prem Exchange Servers once in a Hybrid Deployment. This may be because Microsoft doesn't view a Hybrid Deployment as many often do; as a way to easily move to Office 365 and get rid of on-prem Exchange.
Apr 20 2020 11:10 AM
To reiterate my older comments here, on my previous job we have decommissioned on-prem Exchange and used it this way for 2 years when i was still working there and for 2 next years i haven't heard from my ex-mates about any problems with that either. We even did it first as it was recommended by the official MS partners who helped with migration to O365 and EXO. They never warned us about this setup not being a supported one (which i now know is not supported). They showed us how to work with ADUC and some stuff we learned on our own (editing attributes, adding aliases, etc.). So with such a small userbase and limited resources i would just pull the plug on Exchange on-prem.
Btw, this obviously was the most popular question during Ignite 2019 and in blog post they promise (again) some solution in a year or so. https://techcommunity.microsoft.com/t5/exchange-team-blog/faqs-from-exchange-and-outlook-booths-at-2...
Apr 20 2020 01:08 PM - edited Apr 20 2020 01:09 PM
Hello to all,
please allow me to share with you the following article, it seems that it will be soon possible to remove the old Exchange server and stay supported from Microsoft :
Apr 20 2020 02:07 PM
Apr 23 2020 12:33 PM
I opened a case... Here are some screenshots for your information. I have asked for validation that this is a supported scenario, but since I have step by step instructions I think there might be some validity.
Apr 23 2020 12:49 PM
Yes. Some validity. Don't know if MS will be pressured by these screenshots if they later refuse to provide support :) But i don't know who can provide a definitive answer here.
Apr 23 2020 12:51 PM
I think the case handler is quite new, But after a lot of clarification the instructions are pretty clear...
Apr 23 2020 01:03 PM
Interesting...these steps would seem to concur with my intial thinking and steps I suggested.
1. Means you can keep the current o365 tenant
2. Means you can remove Exchange Hybridr setup
3. Means you can Uninstall Exchange
4. Means you can reconfig AADSync for only Password Sync or discontinue if you choose to eventially do away with any on-prem DC in the future.