Dismantling an Office 365 Hybrid Deployment

Dismantling an Office 365 Hybrid Deployment

Recently we dismantled an Office 365 Hybrid Deployment. In this scenario, we had a hybrid with SSO deployed but hadn’t started migrating users. We were signed up in the v14 tenant and wanted to start deploying Exchange 2013 in our organization, but that’s not a compatible configuration. The solution was to remove the association between Office 365 and our on-premises Exchange servers so we could do the upgrade. We had to take this route because MS could not commit to any time frames to have our tenant upgraded to v15 but only suggested that we would receive notice in advance of any upgrades. Being a partner, I would have hoped for a better answer than that! Anyways, moving on…

Why Remove A Hybrid Configuration?

There may be other reasons to remove a hybrid configuration. Most commonly it may have been implemented as part of a larger staged migration that had requirements to take advantage of Hybrid features until the migrations were completed, or maybe you weren’t satisfied with the service and want to bring everything back on-premises, among other things…

There isn’t much documentation on how to remove a hybrid configuration on the web and it certainly has not been released by MS. In any case, if you understand all the elements of a hybrid implementation really all you have to do is a reverse engineer. There is no single point of reference, and as a result, I’ve written this blog to share my experiences from a high-level perspective. Here are the steps I had to take, followed by some linkage to other articles that provided some level of technical detail.

Critical Steps

First things first! Make sure all MX and other DNS records are configured to route email and connections to Office 365 if your migration is completed or point them back to your on-premises environment if you’re pulling back from O365.

  • Remove Organization Relationship
  • Also, remove the Send & Receive Connectors that were created as part of the Hybrid Configuration Wizard.
  • Federation Trust from Exchange – remove
  • Domains that were added to the Email Address Policies – remove
  • Remove remote domains created by the Hybrid Configuration Wizard
  • Accepted domain namespaces that were created as part of the hybrid configuration wizard – remove
  • Remove hybrid configuration object using Exch 2013 shell. If you don’t have any Exchange 2013 servers you’ll need to use ADSIEdit.

Planning to manage your users from On-prem AD and utilize SSO?  And are you not using any other MS Cloud services with your on-premises user accounts?  If that is the case, proceed with the next steps:

  • Remove Hybrid Connectors from Federated domains in FOPE or EOP
  • Disable on-premises DirSync services
  • Convert federated domains to managed
  • Disable Dirsync in your tenant portal
  • Convert Users from Federated to Standard
  • Delete Users in Azure Ad
  • Delete Distribution Groups and Security Groups in Azure AD
  • Remove Domains from MSOL
  • Uninstall ADFS Proxy & ADFS Backend Servers
  • Uninstall DirSync

All steps don’t necessarily have to be in that order, but this order seemed to make sense to me.

Office 365 Hybrid Deployment Conclusion

I hope this article has been helpful. Happy migration and if there is anything that Oakwood can do please let us know!

Helpful References

“You don’t have sufficient permissions” error when you try to remove or make a change to a distribution group

Use the EMC to remove a federation trust

Decommissioning your Exchange 2010 servers in a Hybrid Deployment


Next Steps

Review our case studies and engagements where we helped companies just like yours solve a variety of business needs.

Contact Oakwood today to get started!


About Oakwood

Since 1981, Oakwood has been helping companies of all sizes, across all industries, solve their business problems.  We bring world-class consultants to architect, design and deploy technology solutions to move your company forward.   Our proven approach guarantees better business outcomes.  With flexible engagement options, your project is delivered on-time and on budget.  11,000 satisfied clients can’t be wrong.

Like what you've read? Please spread the word!

Leave a Reply

Your email address will not be published. Required fields are marked *