The Hybrid Exchange Server Dilemma

This article is for anyone who is struggling and thinking how to get rid of the On Premises Exchange Server now all the mailboxes have been migrated to the cloud and no need of coexistence, federation and mail flow required. As you may already know (maybe) Microsoft recommends us to keep the last Exchange Server leave in the environment but NOT to be removed as it will remove the Exchange related attributes from the schema and after that managing the users will be impossible when it comes to Exchange related matters. Yes ADSI can be a life saver, but hold on! playing with ADSI edit is not a good idea and again, not recommended and supported by Microsoft.

The only scenario where Microsoft recommends to remove the last Exchange Server is if you are planning to go fully cloud based by not depending on on the on-prem AD with no Azure AD Sync and no Password managing via local AD. In most of the cases where you have a larger organization and a lot of resources are depending on the On Prem AD, it’s hard to achieve and requires a lot of planning and preparation.

Hence the Exchange Server 2016 Hybrid Edition. I will discuss the pointers where you need to work on so you’ll be back on track on a supported environment and then can migrate to Exchange Server 2016 Hybrid Edition.

Exchange Server Hybrid Edition
This is not a seperate setup where you can download and install, but the same Exchange Server version where you install as you normally do. The specialirity is, according to the current Exchange Server version license, you can get the license for the new server free of charge and after licensing the server, it will be acting as a Hybrid Server, purely as a middle man between Exchange Online and On-premises.
The hybrid edition will give you the opportunity to manage the on-prem users and it’s exchange needs which has been already synced to Office 365 via the Azure AD Sync tool.

Server Supportability Matrix
Why I wanted to stress the supportability matrix is that we need to understand the latest and the greatest server version we can go for in this situation.

Please follow this article for more details on the supporability matrix.

What you may have been doing so far
It’s highly likely that you or the helpdesk team were creating users by using the ADUC console and then adding the proxyaddresses attribute.

As we already know although this looks like a plan, Microsoft does not support or recommend this scenario. ADSI Edit tool is very delicate and should not be played with. Also there can be third party tools which can create AD users and add the attributes. Again, as far as I know, this is not recommended.

When you create the users in the above manner, the AD Object will lack few essential attributes which is required in a hybrid deployment.

Eg – mailnickname (alias in Exchange world), targeraddress (external smtp address or the remote routing address), very hard to manage if the user requires Online Archive and basically room for error is very high when you start editing attributes from ADSI Edit tool.

Simply put, the idea is, in a hybrid exchange environment, the migrated exchange mailboxes should show as Remote Mailboxes and that should be managed via the Exchange Management console.

Making the AD created users visible in Exchange Console as Remote mailboxes
This process is done by powershell and will fill in the mailnickname and targetaddess AD attributes.
mailnickname – this is the Alias attribute in Exchange
targetaddress – this is the external address or the remote routing address in Exchange in a Hybrid deployment

Per user
Get-ADUser username -Properties mailnickname, targetaddress | Set-ADUser -Replace @{mailnickname=”mailnickname” ;
targetaddress=” username@tenantname.mail.onmicrosoft.com”}

Batch of users

import-csv <filepath\filename.csv |foreach{Get-ADUser -identity $_.username -Properties mailnickname, targetaddress | Set-ADUser -Replace @{mailnickname=$_.mailnickname;targetaddress=$_.targetaddress}}

And this will now visible as a Mail User in the Exchange On-Prem Console.
However, to manage a user in the correct way from the Exchange Management Console, that user needs to be a Remote Mailbox.

When this process is done, you can now fire up the Exchange On-prem Powershell to enable the above Mail User as a Remote Mailbox and this will enable the msExch- attributes to be managed and to be synced to the Office 365 mailbox.

Enable-remotemailbox <user.name> -remoteRoutingAddress user.name@tenantname.mail.onmicrosoft.com

Set-remotemailbox <user.name> -emailpolicyenabled $false

Things to look at (default address policy in particular)
When you reinstating the users back as a Remote Mailbox, the Email Address Policy will be activated and will be applied to the user automatically. This will change the user’s primary SMTP as per the Address Policy.
If you have setup a different primary email address, chances are the new primary SMTP will get synced to the O365 mailbox.

My advice is – best thing is to run a report against all Office 365 mailboxes and extract the primary SMTPs before enabling as Remote Mailboxes so you know what to change back of you have different SMTPs setup.

Install the new Exchange 2016 Server (mailbox role)
You can simply install the prerequisites and the mailbox role of the Exchange Server 2016 for this task. The server doesn’t have to be a high-spec’ed machine. It can be a VM running on Azure or in your On-Prem.
*You might need to update the Virtual Directories and the SCP to reflect the new servername.
*Autodiscovery with the new server name if you are still using on-prem autodiscovery services

Licensing the new server
If your hybrid deployment is eligible for this upgrade, you will get a free key to license the new Exchange 2016 server as a Hybrid Server.
You need to run the HCW on the new server until the point it says “Licence this server now” as per below screenshot.
Simply grab the key from that panel > go to the Exchange Admin Console > Servers > Select the sever > General > Enter the product key > Save

HCWkey1
hybrid-licensekey1

Also HCW again in Minimum Config Option and add the New Server
This to add the new Exchange 2016 server in to the Hybrid World.
To enable this feature, re-run the HCW and select Minimum Hybrid Config option as it will only enable the Hybrid Connection between On-prem and O365 without any additional features (co-existence, cross premises mail flow and eDiscovery, mail connectors, federation and free/ busy sharing and etc)
To download the latest HCW, please check this link

This image has an empty alt attribute; its file name is image-1.png

Last but not least, retire the old Exchange 2010 server
After making sure everything can be managed by the new Exchange 2016 server and no more dependencies with the old server, you can simply uninstall the server software and eventually remove the server from the environment.
And when everything is done, you can start managing the users from the Exchange Server 2016 EAC.

feature image: https://blog.usejournal.com/the-employee-shareholder-dilemma-100ba17a1a07

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.