Exchange Server 2016, RTM as of October 2015, is still very much freshly baked having just come out of the oven from Redmond. Two recent projects that I’ve worked on have required me to consider deploying it as the “Hybrid” server (not an actual role- I’ll get to that later) for integration and coexistence with Office 365 Exchange Online.

With anything new there is a learning curve as to how the new product now works (not that dissimilar from previous versions of Exchange Server) and what will work with the existing environment to not compromise service.

There is an unwritten assumption that is made in our hybrid guidance that you have already properly deployed and completed the coexistence process with the current versions of Exchange in your on-premises environment.

– The Exchange Team

Exchange Server Hybrid is confusing!?!

Back when Exchange Server Hybrid was first introduced in Exchange Server 2010, there is a special Office 365 Hybrid key that is required to license the server. This is the first confusing part of the Exchange Server Hybrid world. This special key does not mean that you need any additional licenses. It’s simply a special and FREE key that the Office 365 team provide to allow for hybrid connectivity to Office 365 / Exchange Online.

The second confusing part about Exchange Server Hybrid Edition is that in Exchange 2010 there was a EMC checkbox to enable “Exchange Server Hybrid” on that server. What this simply did, and has always done on all version of Exchange Server “Hybrid” (2010, 2013 and now 2016), is run a wizard (the Hybrid Configuration Wizard or HCW) which ask users for CAS and Mailbox servers to run some magic background config wizardry on. The reason that it asks for the CAS is so that the receive connectors on these servers can be configured. Then the reason it asks for the Mailbox is to ensure that we properly configure the send connectors. Selecting those servers is not selecting your “Hybrid” servers as such, rather, it is just for mail flow control as well as management tools and integration with Office 365 / Exchange Online.

Therefore the Exchange Hybrid server is nothing more than a standard Exchange server with some select roles required and installed (usually HUB+CAS multi-role deployment in Exchange 2010, CAS+MBX multi-role deployment in Exchange 2013 and MBX in Exchange 2016). There isn’t any real or specialised version of Exchange Server Hybrid at all!

Now that I understand Exchange Hybrid, should I upgrade my Exchange Server 2010 or 2013 to Exchange Server 2016 Hybrid?

Different consultants or professionals look at this in several ways and usually come up with answers like “it depends” or its on a “per circumstance basis”. When I get asked this question I look at one of two scenarios and every other decision is based on this question:will my organisation keep Exchange Server Hybrid in-place on-premises for long term, either for feature requirements or to be the last Exchange Server required for cloud resource management? 

So, what does that mean? Exchange Server Hybrid is really necessary for coexistence between on-premises and Exchange Online, smooth transition and migration to Exchange Online from on-premises, as well as managing Exchange Online resources from on-premises while AADConnect is enabled. Apart from that, Exchange Hybrid can be de-commissioned and Exchange Server itself in a very small footprint can be left on-premises in the scenario where AADConnect will be in-place.

Going back to the question, if the organisation I was helping transition to Exchange Online had a requirement that Office 365 Exchange Online resources be managed from on-premises, and there were requirements for things like secure mail or even to keep a handful of mailboxes on-premises, then YES it’s important to upgrade Exchange Server Hybrid to Exchange Server 2016.

The migration is not simply to have the latest and greatest as thats the best version. As the snowball effect starts, it begins with Microsoft Support. Microsoft currently have an official N -1 support structure for Exchange Server versions. Snowball that further and that includes direct compatibility with Exchange Server 2016. Exchange Server 2016 will only integrate with Exchange Server 2013 (the hybrid configuration wizard allows for N -2 as well as Exchange Server 2016 itself, supporting Exchange Server 2013 and 2010).

For a long term investment into Exchange Online, so far means, we’ll need to maintain a reasonably up to date version of Exchange on-premises (N -1) to keep up with the evergreen Exchange Online. As I mentioned earlier, this could be left as the Hybrid server or simply a small footprint of standard Exchange servers.

Lets flip the coin and look at the other scenarios. Exchange Server Hybrid has been implemented to facilitate a smooth transition to Exchange Online. On-premises administrators love Exchange Online and have no issues with using a web console and remote powershell to conduct all administrative tasks. There is also no requirement for AADConnect moving forward.

In this scenario, whatever version of Exchange Server Hybrid is in-place, that is perfectly fine to stay there until transition is completed to Exchange Online*. Notice the * ? There is a small catch in that the only other consideration on this point is that of timing. It is all well and good to say that an organisation does not intend to keep Exchange Server Hybrid in-place more than it’s necessary, it’s another thing putting that in-practice.

From my experiences in transitioning organisations from SMB to large enterprise to Office 365, the timing is key. A two year transition process for large enterprise (yes I’ve been involved in lengthy transitions like that) can cause problems with evergreen Office 365 where Office 365 upgraded to a backend based on Exchange Server 2013 over the previous Exchange Server 2010 based backend.  Timing shouldn’t be that much of a burden, but, it can come into play for those longer running larger projects.

Other considerations?

I thought I’d take a quick side step before wrapping up for now and rapid fire some other considerations that I’ve come across that may well be helpful in deciding to upgrade to Exchange Server 2016 Hybrid:

  • New Features – Newer version = newer features that may be wanted or required by the organisation
  • Cost – project cost, time cost etc. Do these align with desired outcome
  • Complexity – mixing various Exchange Server versions added to complexity that can be unnecessary
  • Internal support – I mentioned Microsoft supporting the design and implementation, but, there is also the internal support of the environment that would need up-skilling to support

Final words

Every client and environment is different and every case should be considered. Breaking down a large problem into smaller and easier chunks through is key to a positive decision. I like to do this process and have come up with my simple and single question to kick start the process on to or not to upgrade Exchange Server Hybrid.

In the coming weeks I will be putting together a series of blog posts on Exchange Server 2016. The latest and greatest in enterprise messaging platforms has grown up allot and is even easier to transition to than ever before.

If there’s any questions or other considerations that I may have left out, feel free to mention those in the comments bellow.


Exchange, Office 365
, , ,

Join the conversation! 11 Comments

  1. Hi,

    Excellent post. I wonder if you could clear some confusion for me? I work in a school and we currently have Exchange 2013 on premise in hybrid mode with students on Office 365 and staff on premise. Are we able to completely remove the on premise once everyone is moved? From what I’ve read we need to keep the on premise servers but once everyone is moved we can scale down the size of the on premise servers.

    • Hey Simon,
      If you have a federated identity (users are synced from on-premises via Azure AD Connect or equivalent) and want to have that common username and password credential design, you’ll need Exchange Server on-premises forever (in some flavour or another). When you have a federated identity design, most of the attributes in the cloud are “read only”. This means you’ll need a “write” source from on-premises to complete most administrative tasks, then sync that information to Office 365.

      • Hi Lucian,
        Just querying the need for a onPrem server post migration. We have notes, and will be migrating to 365 in a federated enviroment, We are setting up 2 x Exchange 2016 servers to run as hybrid servers in a NLB. once the migration is complete we had intended to use AD tools and powershell to manage the users, groups, contacts etc. However from this you advise we will need to keep an exchange server to admin tasks. Will the hybrid exchange servers suffcie or do we need to purchase a seperate exchange server license to manage the environment?


      • Hi Steve,

        Keeping ‘hybrid’ is a hotly contested topic as the wording can be ‘open to interpretation’.
        You can certainly decommission all Exchange servers on-prem and simply user powershell only and some 3rd party tools to manage federated (AADConnect + ADFS) users.
        However, I feel that it’s easy to over complicate or over architect the solution.

        Keeping Exchange on-premises without any mailboxes, in a small footprint, will do the job of remote mailbox/mail-user management quite easily.
        You can certainly use the two “hybrid” servers going forward for that and de-com all other Exchange/Notes servers.

      • Hey Lucian, Thanks for clearing that up. Much appreciated

  2. Hi Lucian,

    Can you please help me. My setup is;
    2 x Exchange 2010 servers in a DAG.
    Exchange 2010 Hybrid environment
    Running ADConnect for ADFS
    I have migrated all mailboxes to the clould and changed Autodiscover and DNS to point to Office 365, mail flow is working fine.

    I would like to continue using ADFS and install a single VM Exchange 2016 server only for administration of mailboxes and decommission the Exchange 2010 servers.

    Can you please advise me on the best way i could achieve this?

    Do i still require a Hybrid setup if i am only using Exchange 2016 for admin purposes?

    • Jason, for sure, that is possible. If you can manage to get some downtime with minimal requests for new or existing mail object changes, 1) if all your mailflow (mx delegation) is directed to EXO and EX10 on-orem is confirmed just there for hybrid functionality now – decom that environment. Remove it altogether. 2) Run through the standard process to install a single multi-role Exchange 2016 server. 3) Run the hybrid connectivity wizard to re-establish connectivity to EXO. job done. Thats overly simplified, but, if all your email workload is essentially in the cloud, on-prem can be changed or updated without impacting the cloud. Obviously there is Exchange design to go through and schema extensions to ADDS on-prem, but, think of it just like upgrading EX10 to EX16. They’re not compatible together, so you have to go through the process of removing one and adding in another. The hybrid config wizard is the easiest part at the end. Oh, and dont forget to install Azure + O365 powershell modules on that EX16 box for easy remote PS management….

  3. Hi Lucian,

    I’ve got a question about Exchange 2013 and 2016 co-existence and HCW. We have an organization that has only Exchange 2013 servers and wan’t to use a hybrid configuration where most of the mailboxes will stay on premise. I read that the creation and viewing of meetings is only supported from Exchange 2016 CU3 and above (

    How does this work when I add Exchange 2016 servers to the Exchange 2013 environment and run the HCW on one of the 2016 servers. Do I get all of the functionality that comes with Exchange 2016CU3 or above? Or doesn’t it work like that?

    Thanks in advance!


    • Hi Nick, when you introduce a newer version of Exchange server to an environment, the CAS role from the newer needs to be become the lead CAS for the environment. Your clients, O365 and other service interaction like Teams (as you referenced in that article) would connect to EX13 via EX16. So its more of a broader design decision to introduce EX16 as your CAS roles will be impacted.

  4. Hi Lucian, I really appreciate your answers and this forum in general.

    We currently have 4 Exchange 2013 Hybrid server on Prem.
    All recipients (MBXs,DGs,SMB,ResourceMBXs) are now migrated to o365.
    We now need to decom all servers which includes the exchange servers from onprem, but obviously because of the dependencies of recipient management and AD synced Identities we need to build and host a new instance of AD and Exchange 2016 in AWS, maybe AADconnect later.

    My task is to design a solution for the Exchange installation of 2016 and the decom of Exchange 2013. Do not worry about AWS, AD part of it- But if you have any input I will be grateful-

    First and for most we need to ensure that all integration between the current onprem AD, DNS, Firewalls, o365, okta etc is established and connectivity is working in the AWS.

    When this is achieved then I will plan Exchange installation and decom tasks will include the following.

    After doing all the due diligence and planning in the current AD and Exchange 2013 environment, I plan to introduce the 2 Exchange 2016 into the environment in AWS, transfer all https (Virdir services) to Exchange 2016. Export 3rd party certification from Exchange 2013 to be used on the Exchange 2016 in AWS. Also there are some line of business apps relaying to Exchange 20123 so this has to be configured on Exchange 2016.

    Make the relevant DNS changes, Then ran the HCW again- Exchange 2016 adding these two servers so the are part of the transport and CAS.
    After this do my due-diligence and again to decom the Exchange 2013 from the environment..

    We will also probably change the MX and autodiscovery records to point o365.

    Question: I’m I on the right track or what do you suggest- what would you do differently?

    Is my proposal and re-running HCW again valid?

    How would you implement the new AAD connect in the AWS environment – do you recommend a staged approach?

    I hope to hear from you soon,

    • John, i think you’re pretty much spot on. Newer Exchange proxies to legacy Exchange, so deploy that first and uplift connectivity to those instances. Once done, decom legacy Exchange. My only suggestion is that Exchange 2019 will likely be be available come MS Ignite at the end of this month. So leave in some time in your project to consider deploying that to future proof yourself for some time. Regarding your questions – yes, re-run the HCW on the new Exchange instances after all networking is good to go and connectivity to O365 is available. AADConnect is also a tricky one. If you dont have sync’ed identity now, it’s not too difficult to do, but, requires more thought and planning than doing it before the fact. Staging for sure is recommended as you can compare what you’re merging. However, see this document about merging identities for some more info:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: