0

I have a client that is wanting me to help finish up an Office 365 migration, more specifically: decommissioning their Exchange 2010 Environment.

What has me baffled, I've never done a 365 Migration, is what do I leave?

DirSync is running on its own VM. The client does say they are managing in O365, and would like to keep Password Synchronization.

Do I leave the CAS server? I'm so baffled, I do believe they have over 100 users, so Server Essential won't work.

Nathan Stotts
  • 1
  • Microsoft has a number of detailed migration guides for exchange to Office 365. What have you read; what have you completed; what do you have questions on. Please reference the guides you followed. – Appleoddity Sep 23 '19 at 19:59
  • I've read every guide. What's not clear is, what, if anything, do I leave? The client can and is managing all boxes and details through Exchange, the only thing that is requested is to leave DirSync. So, can I pull the whole legacy exchange environment? Do I have to leave a piece in place? –  Sep 23 '19 at 20:06
  • Obviously this is a complex subject. It’s hard to answer your question(s) with so few details. Do you plan on running a hybrid environment? Do you plan on running all Office 365? This is why I’m saying there are specific documents that cover these topics depending on your needs. What is left behind depends on what you are trying to accomplish. It sounds like you’ve come on in the middle of a migration and don’t really know what your end result looks like. – Appleoddity Sep 23 '19 at 20:10
  • I came on post migration. The migration is complete. The client, ideally, would like to remove Exchange from the environment. The only thing they want is to be able to sync Passwords, that's it. No hybrid from the traditional sense. –  Sep 23 '19 at 20:11
  • Then if everything is moved to Office 365 you will ultimately decommission all of exchange and uninstall it. You make mention “the client is managing boxes through exchange..” well that would require exchange to be installed and a hybrid environment. Mailboxes are managed through the office 365 admin portal. I’m concerned, by your description, that there may still be dependencies that you’re not aware of. If all mail is flowing through office 365, Outlook is connected to office 365, and mailboxes are all managed through exchange online, then it’s time to uninstall exchange. – Appleoddity Sep 23 '19 at 20:15
  • That’s called a “cutover” migration and you should review the documentation for that to see how to properly decommission exchange and complete the cutover. – Appleoddity Sep 23 '19 at 20:15
  • This question is not a good fit for SuperUser.com. Please take it to the site for admins: ServerFault –  Sep 23 '19 at 20:17
  • Appleoddity: Sorry, they manage through Exchange Online (O365). I wasn't sure, everything I read pointed me both ways. The biggest problem is: I came in post migration... teylyn, I was sent here from one of the other million sites that Stack Exchange has...I miss the good ole days of one site. –  Sep 23 '19 at 20:31

1 Answers1

0

Microsoft recommends maintaining a small foot print Exchange Server for managing mail related attributes, as these can't fully be managed solely from Office 365. This is because with directory synchronization the on premises directory is the source of authority for object attributes and these attributes must be managed from on premises.

When directory synchronization is enabled for a tenant and a user is synchronized from on-premises, most of the attributes cannot be managed from Exchange Online and must be managed from on-premises. This is not due to the hybrid configuration, but it occurs because of directory synchronization. In addition, even if you have directory synchronization in place without running the Hybrid Configuration Wizard, you still cannot manage most of the recipient tasks from the cloud.

https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange#why-you-may-not-want-to-decommission-exchange-servers-from-on-premises

Another reference for you:

Another key scenario where you are likely to need a Hybrid licence is after you have completed your migration from Exchange Server 2010 to Office 365. After moving your final mailboxes and if you have them, Public Folders, you will decommission Exchange Server 2010. Most organizations will keep Azure AD Connect in place after the migration completes, which means Hybrid Identity (where AD remains the master) is in place. You will therefore require require Exchange Server to manage those attributes – and potentially to relay SMTP email, too. This of course is a great use of an Exchange 2016 or higher server.

Finally – and it comes as a surprise to some organizations – if you have never had Exchange within the organization then you might need to install Exchange Hybrid servers for attribute management within the local AD. As mentioned above – if you use Azure AD Connect, you will have Hybrid identity in place. Many organizations running Domino today and migrating to Office 365 find they need to install an Exchange Hybrid server (or two) and utilize the free Hybrid licence.

https://practical365.com/exchange-server/how-to-licence-exchange-hybrid-servers/

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • I’m not sure if I would say they explicitly recommend it. They suggest it as a possible requirement. This answer isn’t wrong but it also suggests that exchange is needed for some reason on-premise. And it isn’t. There is almost nothing necessary to manage on-premise and the couple of attributes you might want to change is easily done by simply extending the AD schema. If you already had exchange installed then the schema is already extended and so there is nothing left to do. I haven’t worked with an Office 365 client yet that needed to maintain an on-prem exchange footprint. – Appleoddity Sep 23 '19 at 23:52
  • Highlighting this: `When directory synchronization is enabled for a tenant and a user is synchronized from on-premises, most of the attributes cannot be managed from Exchange Online and must be managed from on-premises.` - I haven't encountered an environment to this point that had directory synchronization and was able to manage Exchange attributes from Office 365. – joeqwerty Sep 24 '19 at 00:27
  • If you're saying that you don't need an on premises Exchange server then that's technically true. The point that I'm making is that you cannot manage Exchange related attributes for an on premises synced user in Office 365. The on premises object is the source of authority for those attributes and they can only be managed from on premises. If you don't have an Exchange server on premises than you need to use ADSIEdit to manage those attributes. – joeqwerty Sep 24 '19 at 00:33
  • So you can use ADSIEdit... but it's much easier to manage with an on premises Exchange server. This is exactly why Microsoft makes available a free Exchange Server license for this exact scenario. – joeqwerty Sep 24 '19 at 00:36
  • Your experience is different than mine. I’m curious which exchange attributes you need to regularly manage? It is true there are attributes you can’t manage from Office 365. It is NOT true that exchange is required to do that. These are just AD attributes. They can be changed from the user properties screen or adsiedit but the need to change them is rare. No way would I keep an on-prem exchange server for something used so rarely and not required. Ok. I see your follow up comments. I think we agree but choose different paths. :) – Appleoddity Sep 24 '19 at 00:40
  • Yes I agree. `ProxyAddresses` is the only attribute I ever adjust. With the rare exception of hiding an address from the address book. I keep advanced settings turned on in AD U&C and simply click the “attributes” tab of the user properties screen. That’s just how I’ve always done it. – Appleoddity Sep 24 '19 at 00:55
  • This is what has me so befuddled. Naturally, I don't want to steer this client down the wrong path and I want them to be supported if they need it from Microsoft. I don't think they'll have a problem keeping a minimal footprint, and I know that they don't manage any other attributes. The client is aware that a piece may be left behind. So, now the next question: Where do I find this free license? And if I continue with the active install, do I leave the mailbox role on the CAS server? – Nathan Stotts Sep 24 '19 at 13:34
  • The free license would be needed if you wanted to deploy a new Exchange 2016 server for the purposes of the Hybrid. My suggestion would be to just keep one of the existing, already licensed Exchange servers on premises. It doesn't matter which server you leave nor which Exchange roles it has. It's only used for the purposes of managing Exchange related attributes. I normally leave the mailbox server on premises. – joeqwerty Sep 24 '19 at 22:29