Fluid_Imagery
asked on
Uninstall Exchange 2010 after Hybrid / Remove Move Migration. AD Sync already moved to a new AD server.
I need some assistance removing Exchange 2010 after a Remote Move / Hybrid Migration from SBS2011 before decommissioning the server and just leaving O365 in the cloud. I might be overthinking the situation.
Original Setup - SBS2011 / Exchange2010
New Setup - Server 2016 Standard / Office365 Business - 80 mailboxes
AD Sync is currently setup on the Server 2016 box and working just fine. All I want to be able to do is Sync AD Users and Passwords between the 2016 Server and O365 Business. I no longer need Hybrid Exchange setup. User gets setup in Local AD, creates the object in AzureAD - I assign the O365 license, setup the email address and go. Future password changes stay synced between the Mailbox and local AD.
This is the first time I'm doing a Hybrid migration - I'm used to just doing a cutover style migration - once everyone is good in O365 I follow this guide to uninstall exchange - it's worked time and time again. - https://www.itpromentor.com/sbs-remove-exchange/
He does have another article with what appears to be my situation https://www.itpromentor.com/remove-hybrid-keep-sync/ but it sounds like some supported frameworks might have changed since. Currently the SBS2011 box I have doesn't serve any function currently.
Is it safe to just uninstall exchange 2010 like I normally do following the cutover migration?
Original Setup - SBS2011 / Exchange2010
New Setup - Server 2016 Standard / Office365 Business - 80 mailboxes
AD Sync is currently setup on the Server 2016 box and working just fine. All I want to be able to do is Sync AD Users and Passwords between the 2016 Server and O365 Business. I no longer need Hybrid Exchange setup. User gets setup in Local AD, creates the object in AzureAD - I assign the O365 license, setup the email address and go. Future password changes stay synced between the Mailbox and local AD.
This is the first time I'm doing a Hybrid migration - I'm used to just doing a cutover style migration - once everyone is good in O365 I follow this guide to uninstall exchange - it's worked time and time again. - https://www.itpromentor.com/sbs-remove-exchange/
He does have another article with what appears to be my situation https://www.itpromentor.com/remove-hybrid-keep-sync/ but it sounds like some supported frameworks might have changed since. Currently the SBS2011 box I have doesn't serve any function currently.
Is it safe to just uninstall exchange 2010 like I normally do following the cutover migration?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the replies. The link didn't work can you try resending? Do you have a documented way to install Exchange 16 for management purposes. My local exchange install knowledge expired in version 2010 when I began upgrading everyone to hosted exchange.
Sounds like my options are:
1 - Fire up a Server 2016 instance and install Exchange '16 for management purposes - supported
2 - Basically just turn off SBS2011 box and leave orphaned Mail Attributes in AD then use 3rd party utility or ADSI - Not supported
3 - Seems like a pain - but run the MSOL command to kill the AD Sync and put the Mailboxes back "in cloud" would need to re-add any aliases and distribution groups. Then set new passwords and have users attempt to reset them back to their original.
If I uninstall Exchange 2010 currently it will most likely nuke the Office365 environment when AD syncs again post removal.
Sounds like my options are:
1 - Fire up a Server 2016 instance and install Exchange '16 for management purposes - supported
2 - Basically just turn off SBS2011 box and leave orphaned Mail Attributes in AD then use 3rd party utility or ADSI - Not supported
3 - Seems like a pain - but run the MSOL command to kill the AD Sync and put the Mailboxes back "in cloud" would need to re-add any aliases and distribution groups. Then set new passwords and have users attempt to reset them back to their original.
If I uninstall Exchange 2010 currently it will most likely nuke the Office365 environment when AD syncs again post removal.
1 is best, 2 is fine but remember that any new users you will need to create on premise so you would have to create those attributes manually using ADSIEdit and allow for those attributes to sync to cloud.
Check out this link, gives more detail on how to obtain the license key: https://blogs.technet.microsoft.com/exchange/2018/07/20/hybrid-configuration-wizard-and-licensing-of-your-on-premises-server-used-for-hybrid/
Installing Exchange would be the same as if you were installing it full bore, except you don't have to concern so much about setting DNS records and such. Also, migrating mailboxes should be excluded because you already have them in cloud, but you may have to migrate the system mailboxes and arbitration mailboxes that are likely still on your 2010 server. Probably the best write up for 2010 to 2016 is here: https://www.kerneldatarecovery.com/blog/step-by-step-guide-for-migrating-exchange-server-2010-to-2016-part-1/
One tip I can give you is that when 2016 is up you'll probably want to set the Autodiscover service URL on prem to null to avoid your clients reaching out to the on-prem server by running the following command:
Set-ClientAccessServer –Identity “SERVERNAME” –AutoDiscoverServiceIntern
Check out this link, gives more detail on how to obtain the license key: https://blogs.technet.microsoft.com/exchange/2018/07/20/hybrid-configuration-wizard-and-licensing-of-your-on-premises-server-used-for-hybrid/
Installing Exchange would be the same as if you were installing it full bore, except you don't have to concern so much about setting DNS records and such. Also, migrating mailboxes should be excluded because you already have them in cloud, but you may have to migrate the system mailboxes and arbitration mailboxes that are likely still on your 2010 server. Probably the best write up for 2010 to 2016 is here: https://www.kerneldatarecovery.com/blog/step-by-step-guide-for-migrating-exchange-server-2010-to-2016-part-1/
One tip I can give you is that when 2016 is up you'll probably want to set the Autodiscover service URL on prem to null to avoid your clients reaching out to the on-prem server by running the following command:
Set-ClientAccessServer –Identity “SERVERNAME” –AutoDiscoverServiceIntern
ASKER
Thanks. I'm on the fence - I would like to get away from any local dependency of Exchange all together. I feel like Microsoft is going to release some other supported way to do this instead of either leaving the SBS2011 or migrate Exchange 2010 to a new VM with 2016.
I'm 75% on the #2 route approach of just turning off or uninstalling Exchange 2010.
- What will happen if I uninstall Exchange 2010 on the SBS2011 server as I would typically with a cutover migration?
When I create a new user now - I just create them in local AD and let it sync - then assign the O365 license in the cloud along with any alias addresses etc. I don't ever open EMC to create a mailbox. When I look in the console as it is now none of the mailboxes are there, only the ones I didn't migrate over because they aren't needed.
Reading through this - https://techcommunity.microsoft.com/t5/Office-365/Remove-On-Premises-exchange-Hybrid-and-go-fully-Online/td-p/143255
It doesn't seem like it's going to effect the cloud environment at all. But then I've read on other sites that if I remove Exchange it will clear the Mail Attributes in ADUC and nuke the exchange mailboxes in O365.
I'm 75% on the #2 route approach of just turning off or uninstalling Exchange 2010.
- What will happen if I uninstall Exchange 2010 on the SBS2011 server as I would typically with a cutover migration?
When I create a new user now - I just create them in local AD and let it sync - then assign the O365 license in the cloud along with any alias addresses etc. I don't ever open EMC to create a mailbox. When I look in the console as it is now none of the mailboxes are there, only the ones I didn't migrate over because they aren't needed.
Reading through this - https://techcommunity.microsoft.com/t5/Office-365/Remove-On-Premises-exchange-Hybrid-and-go-fully-Online/td-p/143255
It doesn't seem like it's going to effect the cloud environment at all. But then I've read on other sites that if I remove Exchange it will clear the Mail Attributes in ADUC and nuke the exchange mailboxes in O365.
The Exchange EMC can be used to create Mail Enabled Users or Remote Mailbox Users rather than just Mailbox Users.
How are you creating the user AD? Do you set any of the mail or msExch attributes?
What attributes do your existing AD user have, that have Office 365 accounts?
How are you creating the user AD? Do you set any of the mail or msExch attributes?
What attributes do your existing AD user have, that have Office 365 accounts?
ASKER
If I click over to the Attribute Editor tab on ADUC
Check the most recent user I've added - post initial migration
None of the msExch... attributes are set.
Mail attribute is set to the email address
UserPrincipalName is set to the email address
A user that existed in AD during migration has:
legacyExchangeDN set to - /o=First Organization/ou=External (asdfasdfasdfasdf)/cn=Reci
Mail set to email
msExchMailboxGuid - set to characters string
msExchMobileMailboxFlags - 1
msExchangePoliciesIncluded
msExchRecipientDisplayType
msExchRecipientTypeDetails
msExchRemoteRecipientTYpe - 4
msExchSafeSendersHash - \F8\34\29\18
msExchTextMessagingState - set to numbers
msExchUMDtmfMap - set to emailAddress: numbers firstname / lastname
msExchUserAccountControl - 0
msExchVersion - 44220983382016
msExchWhenMailboxCreated - set to date string
ProxyAddresses set to his local and x500 addresses
targetAddress set to built in .onmicrosoft.com address
Check the most recent user I've added - post initial migration
None of the msExch... attributes are set.
Mail attribute is set to the email address
UserPrincipalName is set to the email address
A user that existed in AD during migration has:
legacyExchangeDN set to - /o=First Organization/ou=External (asdfasdfasdfasdf)/cn=Reci
Mail set to email
msExchMailboxGuid - set to characters string
msExchMobileMailboxFlags - 1
msExchangePoliciesIncluded
msExchRecipientDisplayType
msExchRecipientTypeDetails
msExchRemoteRecipientTYpe - 4
msExchSafeSendersHash - \F8\34\29\18
msExchTextMessagingState - set to numbers
msExchUMDtmfMap - set to emailAddress: numbers firstname / lastname
msExchUserAccountControl - 0
msExchVersion - 44220983382016
msExchWhenMailboxCreated - set to date string
ProxyAddresses set to his local and x500 addresses
targetAddress set to built in .onmicrosoft.com address
That seems reasonable. Before completely removing Exchange. I would make sure you have an up to date backup of AD database on the DC.
See these scenarios that may help:
https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange
See these scenarios that may help:
https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange
"I feel like Microsoft is going to release some other supported way to do this instead of either leaving the SBS2011 or migrate Exchange 2010 to a new VM with 2016." - here's hoping. I feel they need to.
"When I create a new user now - I just create them in local AD and let it sync - then assign the O365 license in the cloud along with any alias addresses etc. I don't ever open EMC to create a mailbox. When I look in the console as it is now none of the mailboxes are there, only the ones I didn't migrate over because they aren't needed." - This is not the correct way to do this. Typically the process would be to create the user in AD, then run the powershell "Enable-RemoteMailbox" command. By doing it that way you are likely to have problems (see: https://support.microsoft.com/en-us/help/3129334/users-in-a-hybrid-deployment-can-t-access-a-shared-mailbox-that-was-cr for example)
Here's some good documentation from Microsoft on this: https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange
"When I create a new user now - I just create them in local AD and let it sync - then assign the O365 license in the cloud along with any alias addresses etc. I don't ever open EMC to create a mailbox. When I look in the console as it is now none of the mailboxes are there, only the ones I didn't migrate over because they aren't needed." - This is not the correct way to do this. Typically the process would be to create the user in AD, then run the powershell "Enable-RemoteMailbox" command. By doing it that way you are likely to have problems (see: https://support.microsoft.com/en-us/help/3129334/users-in-a-hybrid-deployment-can-t-access-a-shared-mailbox-that-was-cr for example)
Here's some good documentation from Microsoft on this: https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Accept: 'Peter Hutchison' (https:#a42780351)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Accept: 'Peter Hutchison' (https:#a42780351)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
Microsoft will give you an Exchange 2016 license for this, see here: https://support.microsoft.com/en-us/help/2939261/how-to-obtain-an-exchange-hybrid-edition-product-key-for-your-on-premi
There are documented ways around this with ADSIEdit, but you may run into support issues if you go down that route. I'd suggest firing up a small VM with Exchange 2016 on it before retiring your 2010 server.