Download
1 / 11
140 likes | 176 Views
Understand why keeping an Exchange Server on-premises is vital for an Identity Hybrid setup when transitioning to the cloud. Learn about the benefits, considerations, and implications of removing the last Exchange Server.
E N D
Why do we need to keep an Exchange Server on-premises when we move to the cloud? Brian Reid (Office 365 MVP and Exchange MCM) THR2145
What Is Identity Hybrid We are all familiar with the idea of Exchange Hybrid Exchange mailboxes for the organization are in Exchange Online and Exchange Server with a shared namespace, shared address book and free-busy coexistence etc. As Exchange Server stores object attributes in Active Directory, we need to sync directories to Azure AD to support Exchange Online Hybrid When all our mailboxes have moved to Exchange Online we still have a directory sync requirement, and therefore we have “Identity Hybrid” Its all to do with “source of authority”
Identity Hybrid ExchangeOnline Azure ActiveDirectory EXODS All Office 365diagrams need acloud ExchangeServer ActiveDirectory AADConnectServer
What happens if we uninstall our last Exchange Server We still have Identity Hybrid – that is unrelated to our last Exchange Server With directory sync in place (AADConnect) the majority of Azure AD attributes are read-only in Azure AD – they need to be changed in Active Directory We now do not have a supported way to change these attributes, if we even know what these attributes are We need to resort to ADSIEdit etc. and we don’t even have a good script engine to help with consistent and bulk edits
Attribute Considerations Important Attributes msExchMailboxGUID msDsConsistencyGuid proxyAddresses Email Address Policies > not an attribute, but Exchange Server ensures uniqueness and consistency of proxyAddresses legacyExchangeDN (and X500 addresses in proxyAddresses) Exceptions to the rule UserPrincipalName and Mobile Number
What Do I Really Need Exchange Management Shell and Exchange Control Panel require an Exchange Server install They do not require lots of disks and RAM Therefore they are a "management server" and very easy to virtualize Exchange tools update AD in a supported way And there are nine attributes that write all the way back from Exchange directory (EXODS) to AD (need to configure this in AADConnect)
So Can I Remove The Last Exchange Server Yes, if you remove directory synchronization first – this makes all the objects editable in the cloud and unrelated to Active Directory But, an on-premises Exchange Server can act as a mail relay for all your on-premises applications and devices that need to send email So you might not want to – there are considerable benefits with directory synchronization
What Do I Gain Accurate recipient and associated object management Staying supported Easier offboarding and mergers and acquisition scenarios Easier to upgrade Exchange Server to latest version when all the server is doing is management roles https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange for the details we have covered here
Please evaluate this sessionYour feedback is important to us! Please evaluate this session through MyEvaluations on the mobile appor website. Download the app:https://aka.ms/ignite.mobileApp Go to the website: https://myignite.techcommunity.microsoft.com/evaluations
