You’re at that point where you’ve finished migrating all your mailboxes to Office 365, you’ve significantly reduced all your on-premises footprint, but you’ve been told you can’t remove the last Exchange server…..
What’s going on, I hear you say. How can I get rid of the last server?
Let’s rewind a few steps. One of the first tasks during a usual Office 365 deployment is to install the main turnkey component, Azure Active Directory Connect (AAD Connect).
The role of AAD Connect is to:
- Synchronise all the users/groups/devices and contact objects from your local on-premises Active Directory to Office 365’s Azure Active Directory
- Provide the features of password sync, and/or capability to integrate with an on-premises Active Directory Federation Services (ADFS)
Now back to where we left off.
You’ve migrated your mailboxes from on-premises Exchange to Office 365 Exchange Online. End users are happy because their mailbox limits have grown exponentially from the measly 100MB you decided to allocate them, and administrators are happy because they don’t need to worry about capacity planning of the mailbox databases, high availability and most importantly angry users asking for more space.
All that said, there are unfortunately some trade-offs you’ve had to absorb. End users are no longer able to manage the distribution group membership, and administrators cannot add/change proxy address (or even display name) to existing distribution groups directly from Exchange Cloud.
These trade-offs are the by-product of AADConnect, not Exchange hybrid or the Exchange Online environment. By design, AADConnect marks MOST of the cloud attributes in Azure AD to READ only. The reason for this is that Microsoft currently uses a “Master Management” approach where the object must be managed where it is born/created.
This takes us back to the headline of this blog. At this point in time, Microsoft continues to recommend one Exchange server for management purposes, allowing administrators and end users to still have the ability to address the two trade-offs mentioned earlier. As technical consultants, we call that server a Hybrid Exchange server. Fortunately, Microsoft has kindly donated the license key for these types of deployments and classes it as an “Exchange Hybrid Edition”, provided you don’t use it to host any on-premises mailboxes. By the way you can get the licence key here.
Now don’t forget, just because it’s called a Hybrid Exchange server, this server doesn’t actually need to hold any hybrid configurations. This TechNet article lists hybrid features you may or may not require. This type of environment is also the only Microsoft recommended approach when you have AADConnect within your environment, which is nearly all cases…
Lastly, what about those guys that are adamant your last exchange server should be removed? The simple Microsoft answer is yes you can, but it’s un-supported J
In my next blog I’ll be writing about other 3rd party and creative ways for those who are adamant they want to kill off that last Exchange Server!