Josh Pusateri
asked on
Uninstall Exchange 2010 after Hybrid migration keeping DirSync
I've exhausted my googling on this topic and hoping someone has experience doing something similar!
I just finished an Exchange 2010 to 365 Hybrid migration. We are using DirSync and plan on keeping it running. I want to now stop the hybrid and uninstall Exchange 2010. I know the steps to remove the hybrid connection, the problem comes when uninstalling Exchange. I have heard it will remove the proxyaddress and other key mail-related AD attributes.
How can I remove Ex2010 while keeping these attributes? Will installing Exchange 2013 help at all (and then uninstall it)? I think I read somewhere a hybrid Ex2013 can handle an uninstall while keeping these attributes.
Thanks!
I just finished an Exchange 2010 to 365 Hybrid migration. We are using DirSync and plan on keeping it running. I want to now stop the hybrid and uninstall Exchange 2010. I know the steps to remove the hybrid connection, the problem comes when uninstalling Exchange. I have heard it will remove the proxyaddress and other key mail-related AD attributes.
How can I remove Ex2010 while keeping these attributes? Will installing Exchange 2013 help at all (and then uninstall it)? I think I read somewhere a hybrid Ex2013 can handle an uninstall while keeping these attributes.
Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It doesn't, at least when the "supported" scenario is concerned. As noted in the article above, the only supported way to manage Exchange related attributes is via the Exchange management tools. Again, this doesn't mean that it will not work otherwise. And yes, I know how crazy it sounds, dont shoot the messenger :)
Question - are you using ADFS for authentication?
Vasil is correct.....you won't be in a truly supported configuration, IF you remain on 2010.
Here's the reason:
When you setup Hybrid, your AD is on premise, and dirsync is copying your AD info up to Azure AD.
When you setup a brand new tenant without hybrid, you are using AD in Azure, and you would manage your users in Azure AD as opposed to managing them on premise.
Microsoft considers a hybrid deployment to be an on-premise deployment of Exchange with a side of Office 365 Exchange Online added as an option.
So, any time you open a case and you have O365 Hybrid setup, you'll likely be routed to the Exchange On premise team first to make sure there is not an issue with your on premise infrastructure.
I would STRONGLY advise you to upgrade your on-premise Exchange environment from 2010 to 2013 (and soon, 2016) and do as Vasil suggests to use the Hybrid license key (which means you don't have to pay for a license as long as you don't host mailboxes on premise). This will be MUCH better for you in the long run, in my opinion, purely fomr a management standpoint (it also gives you an easy out if you EVER decide to move back to on-premise for any crazy reason). This will also make it easier for any SMTP relay needs you have (like multi-function printers that do scan to email, and any other systems that need to send alerts and messages via SMTP - UPSes, cooling and environmental systems, storage systems, etc).
That being said.....if you upgrade your on-premise server to 2013, as you asked, it is possible and supported to completely remove your on-premise server and tear down your hybrid deployment. Personally, I wouldn't. If you are dead set on decommissioning the on-premise deployment, here's the article you need (which, now that I am going back and reading, is the same one that Vasil provided):
MS TechNet: How and when to decommission your on-premises Exchange servers in a hybrid deployment
Hope this helps,
Jonathan
Vasil is correct.....you won't be in a truly supported configuration, IF you remain on 2010.
Here's the reason:
When you setup Hybrid, your AD is on premise, and dirsync is copying your AD info up to Azure AD.
When you setup a brand new tenant without hybrid, you are using AD in Azure, and you would manage your users in Azure AD as opposed to managing them on premise.
Microsoft considers a hybrid deployment to be an on-premise deployment of Exchange with a side of Office 365 Exchange Online added as an option.
So, any time you open a case and you have O365 Hybrid setup, you'll likely be routed to the Exchange On premise team first to make sure there is not an issue with your on premise infrastructure.
I would STRONGLY advise you to upgrade your on-premise Exchange environment from 2010 to 2013 (and soon, 2016) and do as Vasil suggests to use the Hybrid license key (which means you don't have to pay for a license as long as you don't host mailboxes on premise). This will be MUCH better for you in the long run, in my opinion, purely fomr a management standpoint (it also gives you an easy out if you EVER decide to move back to on-premise for any crazy reason). This will also make it easier for any SMTP relay needs you have (like multi-function printers that do scan to email, and any other systems that need to send alerts and messages via SMTP - UPSes, cooling and environmental systems, storage systems, etc).
That being said.....if you upgrade your on-premise server to 2013, as you asked, it is possible and supported to completely remove your on-premise server and tear down your hybrid deployment. Personally, I wouldn't. If you are dead set on decommissioning the on-premise deployment, here's the article you need (which, now that I am going back and reading, is the same one that Vasil provided):
MS TechNet: How and when to decommission your on-premises Exchange servers in a hybrid deployment
Hope this helps,
Jonathan
ASKER
Thanks guys, I am just trying to get a clear answer and hopefully hear from someone who has done this before!
I actually did not know this was unsupported, so good to know that.. but I'm still interested in finding out how it can be done. (sorry microsoft :))
You mentioned it is supported to fully uninstall Exchange 2013.. I couldn't see where that article talks about that specifically while keeping DirSync. Will uninstalled 2013 not remove the proxyaddress and other attributes? That's what I am most concerned about.
We are not using ADFS is this instance, though if we were I'm not sure how much different it would be. Also when I gave the example of using a new tenant, I meant also using DirSync there so we would be in the same end environment I am trying to create (using on-premise AD > Dirysnc > 365)
I know with a staged migration, you would convert the users to MEU and then remove Exchange from the environment, so that is also what I am trying to accomplish, just with a later version of Exchange.
I actually did not know this was unsupported, so good to know that.. but I'm still interested in finding out how it can be done. (sorry microsoft :))
You mentioned it is supported to fully uninstall Exchange 2013.. I couldn't see where that article talks about that specifically while keeping DirSync. Will uninstalled 2013 not remove the proxyaddress and other attributes? That's what I am most concerned about.
We are not using ADFS is this instance, though if we were I'm not sure how much different it would be. Also when I gave the example of using a new tenant, I meant also using DirSync there so we would be in the same end environment I am trying to create (using on-premise AD > Dirysnc > 365)
I know with a staged migration, you would convert the users to MEU and then remove Exchange from the environment, so that is also what I am trying to accomplish, just with a later version of Exchange.
You can convert to MEUs (though again not *supported*), just use a script that stores the attributes from the mailbox and assign them to the MEU. Much like it's done in this example by Mike Crowley: https://mikecrowley.wordpress.com/2010/12/09/converting-a-mailbox-to-a-mailuser-and-not-loosing-attributes/
Question - how many mailboxes and/or users do you have to manage?
I do not believe you can do what it is you are trying to do. (maintain dirSync while decommissioning your on-premise Exchange servers - you'll need to keep at least one, according to Microsoft).
In the link that both Vasil and I provided, read Scenario 2:
"Issue: My organization has been running in a hybrid configuration for about a year now and have finally moved my last mailbox to the cloud. I plan to keep Active Directory Federation Services (AD FS) for user authentication of my Exchange Online mailboxes. (This scenario would apply to any customer that is planning on keeping directory synchronization).
Solution: Since the customer is planning on keeping AD FS, they will also have to keep directory synchronization since it is a prerequisite. Because of that, they cannot fully remove the Exchange servers from the on-premises environment. However, they can decommission most of the Exchange servers, but leave a couple of servers behind for user management. Keep in mind that the servers that are left running can be run on virtual machines since the workload is almost completely shifted to Exchange Online."
As for managing user attributes without using ADSIEdit, you could use one of these. I have personally not used any of them, but they do exist. I know Kaseya has been around for years, so they at least have a track record (this app used to be MessageOps and seems to have ome really high ratings). ManageEngine has been around for years as well. I've used some of their tools, but not this one.
Kaseya 365 Command Active Directory Extensions - 365 Command
Manage Engine AD Manager Plus - MS Office 365 Management and Reporting
Hope this helps,
Jonathan
In the link that both Vasil and I provided, read Scenario 2:
"Issue: My organization has been running in a hybrid configuration for about a year now and have finally moved my last mailbox to the cloud. I plan to keep Active Directory Federation Services (AD FS) for user authentication of my Exchange Online mailboxes. (This scenario would apply to any customer that is planning on keeping directory synchronization).
Solution: Since the customer is planning on keeping AD FS, they will also have to keep directory synchronization since it is a prerequisite. Because of that, they cannot fully remove the Exchange servers from the on-premises environment. However, they can decommission most of the Exchange servers, but leave a couple of servers behind for user management. Keep in mind that the servers that are left running can be run on virtual machines since the workload is almost completely shifted to Exchange Online."
As for managing user attributes without using ADSIEdit, you could use one of these. I have personally not used any of them, but they do exist. I know Kaseya has been around for years, so they at least have a track record (this app used to be MessageOps and seems to have ome really high ratings). ManageEngine has been around for years as well. I've used some of their tools, but not this one.
Kaseya 365 Command Active Directory Extensions - 365 Command
Manage Engine AD Manager Plus - MS Office 365 Management and Reporting
Hope this helps,
Jonathan
ASKER
I will try the MEU script! Didn't know that worked for Ex2010 after a hybrid migration.
I'm still hoping that 2013 supports the uninstall while keeping the necessary attributes.
There are 300 users, so I don't want to have to manually re-enter all the attributes.
I understand this is unsupported but I don't see how this is different than having a 365 account with dirsync where Exhcange never existed. In that case, users are still managed in AD and through attribute editor (for proxyaddress, etc)
I'm still hoping that 2013 supports the uninstall while keeping the necessary attributes.
There are 300 users, so I don't want to have to manually re-enter all the attributes.
I understand this is unsupported but I don't see how this is different than having a 365 account with dirsync where Exhcange never existed. In that case, users are still managed in AD and through attribute editor (for proxyaddress, etc)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
found this out my doing it first hand
ASKER
I don't think there is a way to convert to MEU for 2010? At least not with a hybrid migration.