Microsoft releases ability to remove last Exchange server from hybrid environments

To stay in a supported state, even organizations that moved all their mailboxes to Exchange Online, have been required to keep at least one Exchange Server running in the Classic AD environment for as long as the directory synchronization to Azure AD is running. The purpose of this Exchange server is to handle the management of Exchange recipients and Exchange-owned attributes.

Microsoft underlined in a clear support statement, that using third-party tools, including ADSIEDIT, is not supported:

The Exchange Management Console, the Exchange admin center (EAC), and the Exchange Management Shell are the only supported tools that are available to manage Exchange recipients and objects.”

So, organizations have effectively been prevented from managing synchronized Exchange recipients directly in Azure AD or Exchange Online, which causes the dependency of a local Exchange Server.

In addition to the Exchange recipient management, running an Exchange Server in a classic environment can provide inherited benefits, including easier and cheaper SMTP Relaying as well as bulk mail routing. For some organizations, these benefits just do not justify the added overhead and complexity of keeping an Exchange Server running, and a cloud-only service would provide a much more optimal solution.

Now, with the release of Exchange Server 2019 H1 2022 Cumulative Update (or higher) follows the long waited ability to remove the last Exchange server.

Included in the new Exchange update is an updated Exchange Management Tools role designed specifically to address the case where the last Exchange server is only running due to the recipient management requirement.

The new Management Tools role does not require a running Exchange server for recipient management, but can be installed on a domain-joined workstation, and enable recipient management using Windows PowerShell.

The following list of conditions must all be true, to allow the last Exchange server to be removed.
The organization must:

  • Have migrated all mailboxes and public folders to Exchange Online.
  • Use Classic AD for account management and Azure AD Connect for synchronization.
  • Not require the on-premises Exchange Admin Center or Exchange Role-Based Access Control (RBAC).
  • Be comfortable with using only Windows PowerShell for recipient management.
  • Not require auditing or logging of recipient management activity.
  • Currently run only one Exchange server and only use this for recipient management purposes.
  • Want to manage recipients without running any Exchange servers.

If these conditions are true, and the organization have verified that the Exchange Management Tools can run without an Exchange Server, the organization may start Installing the Exchange management tools on an domain-joined computer.

Currently, the supported operating systems for the Exchange Management Tools are:

  • Windows Server 2022
  • Windows Server 2019
  • Windows 10

Note:

Installing the updated Exchange Management Tools in an environment with only Exchange Server 2013 and/or Exchange Server 2016 will upgrade the Exchange organization to Exchange Server 2019, and will perform an AD schema update.

After the updated Exchange Management Tools is deployed on a separate computer, the organization may continue and permanently shut down the last Exchange Server.

Do not Uninstall the Exchange Server !
Uninstalling the server removes critical information from Active Directory that breaks the ability of the management tool package to manage Exchange attributes.”

The removal of the last Exchange server may be finalized with cleaning up the Active Directory using the CleanupActiveDirectoryEMT.ps1 script, which is included with the Management Tools installation.

Note:
The Active Directory Clean up cannot be undone and should only be performed if the organization never intent to run an Exchange Server again.

Bonus:

The Exchange Server CU12 includes a change to the Exchange Server License Terms which add a free product key for Exchange 2019 hybrid servers, which was previously only available for Exchange 2010, Exchange 2013, and Exchange 2016.
The Hybrid Configuration wizard has been updated to support this change.

References:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.