In the last Exchange 2019 Hybrid In the previous article, we discussed the migration of Exchange on-prem mailboxes to Microsoft 365. This last article is about ending hybrid mode and uninstalling the last on-prem Exchange server. Once all mailboxes have been migrated to Microsoft 365 and the synchronization of the local Active Directory accounts with Azure Active Directory has been completed, the on-prem Exchange server can be uninstalled.
Check settings
Before exiting hybrid mode, you should check once again to make sure that no more mailboxes are stored on the local Exchange server. The following commands should therefore no longer return any results:
Get-MailboxDatabase | get-mailbox
Get-MailboxDatabase | get-mailbox -Archive
If public folders were in use, this command should also no longer display mailboxes:
Get-MailboxDatabase | get-mailbox -PublicFolder
The MX entry for the email domain must also point to MX from Microsoft 365. Before the on-prem Exchange server is uninstalled, the message tracking logs should also be checked over a longer period of time. This ensures that no local devices are sending emails via Exchange on-prem. It is often the case that one or two devices are still sending status mails or similar via the on-prem Exchange.
Exit Exchange Hybrid Mode
Only a few steps are required to exit Exchange Hybrid Mode. First, the DNS entries on the local DNS server can be adjusted. As a rule, split-split DNS was used for Exchange on-prem. The DNS entries for the local Exchange server can now be deleted here or adjusted for Autodiscover:
In my case, the entry "outlook.frankysweblab.de" is no longer required, as all clients already connect to Microsoft 365. However, the entry for Autodisocver "autodiscover.frankysweblab.de" is still required. The HOST-A entry "autodiscover.frankysweblab.de" can be seen in the previous screenshot. The Host-A for Autodiscover can be deleted and replaced by a CNAME entry with a reference to "autodiscover.outlook.com":
After the DNS settings have been adjusted, the On-Prem Autodiscover and the IntraOrganization Connector can be deactivated. To do this, the following commands can be executed in the Exchange Admin Shell:
Get-ClientAccessService | Set-ClientAccessService -AutoDiscoverServiceInternalUri $Null
Get-IntraOrganizationConnector | Set-IntraOrganizationConnector -Enabled $false
The send connectors can now be deleted in the Exchange Admin Center. As the Exchange on-prem server is to be uninstalled, all send connectors can be deleted here. The on-prem Exchange server is therefore no longer able to deliver emails:
The connectors can now also be deleted in the Exchange Online Admin Center, Exchange Online then no longer routes mails via the local Exchange server:
The configuration for the free/busy information can also be deleted:
Deactivate and uninstall Azure AD Connect
Before uninstalling AAD Connect, it is advisable to carry out one last synchronization:
Start-ADSyncSyncCycle -PolicyType Delta
Now the synchronization with AAD Connect is switched off in the Exchange Online Shell:
MSOnline import modules
Connect-MsolService
Set-MsolDirSyncEnabled -EnableDirSync $false
AAD Connect can already be uninstalled now:
The ImmutableID of the user is now deleted in the Exchange Online Shell. The ImmutableID is the objectGUID of the on-prem Active Directory user. Using the ImmutableID, AAD Connect has linked the onPrem AD user with the Azure AD user. As synchronization between AD and AAD no longer takes place, the ImmutableID is no longer required:
Get-MsolUser | where {$_.ImmutableID -ne $NULL} | Set-MsolUser -ImmutableID "$null"
In the Microsoft 365 Admin Center, the users are now displayed as "Cloud Only" users:
Exchange Online and Exchange on-Prem are now separate worlds again, which also means that there are now 2 user accounts for each user: The local AD account and the Azure AD account. The two accounts must therefore be managed separately from each other from now on (AzureAD and onPrem AD).
Uninstall Exchange Server
When uninstalling the last Exchange Server, the following error message will appear:
Uninstall can't continue. Errors:
This mailbox database contains one or more mailboxes, mailbox plans, archive mailboxes, public folder mailboxes or arbitration mailboxes, audit mailboxes. To get a list of all mailboxes in this database, run the command Get-Mailbox -Database . To get a list of all mailbox plans in this database, run the command Get-MailboxPlan. To get a list of archive mailboxes in this database, run the command Get-Mailbox -Database -Archive. To get a list of all public folder mailboxes in this database, run the command Get-Mailbox -Database -PublicFolder. To get a list of all arbitration mailboxes in this database, run the command Get-Mailbox -Database -Arbitration. To get a list of all Audit mailboxes in this database, run the command Get-Mailbox -Database -AuditLog. To disable a non-arbitration mailbox so that you can delete the mailbox database, run the command Disable-Mailbox . To disable an archive mailbox so that you can delete the mailbox database, run the command Disable-Mailbox -Archive. To disable a public folder mailbox so that you can delete the mailbox database, run the command Disable-Mailbox -PublicFolder. To disable an Audit mailbox so that you can delete the mailbox database, run the command Get-Mailbox -AuditLog | Disable-Mailbox. Arbitration mailboxes should be moved to another server; to do this, run the command New-MoveRequest . If this is the last server in the organization, run the command Disable-Mailbox -Arbitration -DisableLastArbitrationMailboxAllowed to disable the arbitration mailbox. Mailbox plans should be moved to another server; to do this, run the command Set-MailboxPlan -Database . It was running the command 'Remove-MailboxDatabase 'CN=Mailbox Database 1102940717,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=FrankysWebLab,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=frankysweblab,DC=en' -whatif'.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.UnwillingToRemoveMailboxDatabase.aspx
The problem at this point is the arbitration mailboxes which are still stored in the mailbox database:
In this case, the associated Active Directory users can be deleted:
The uninstallation of the last Exchange server should now run successfully:
