Exchange 2016 Hybrid for AD management only

History - 2010 Exch used to migrate all mailbox to O365 in 2013. Been 100% Exchange online since 2013. No mailboxes on prem, no shared mailboxes, no nothing. CAS attritubute set to Null. No SMTP. Nothing.

Everything synced from on-prem to O365 with ADConnect tool.

Exch2010 box was only used to create account because it allowed you to interact with Exch attributes in AD that the default ADUC UI doesn't, e.g., Hide from GAL, alias/proxy addresses/etc.

I decommission the 2010 server because EOL. Turned it off. Had helpdesk just use ADUC to create accounts. AD connect synced those accounts to O365, then assigned a license in O365 and moved on with life. I know this is technically unsupported, but worked.

Today - Helpdesk is crying about complexity of having to manage custom AD attributes for above mentioned features. They want a management GUI back. I've looked into 2016 hybrid, but everything I'm reading seems very convoluted. It's expecting there are mailboxes to migrate from on prem, or that CAS roles need to be configured for mailflox.

I just want a box that can manage the on-prem AD attritubtes with a gui, and then have ADconnect sync to O365. I don't want a real "hybrid" box I don't think. No mailboxes on prem. No mailflox on prem. MX records only point to O365 directly. I don't want any connectivity to this box. Just want to give my helpdesk a GUI they don't have today.

Any way to do this?

As of Exchange 2019 CU 12, you no longer need an Exchange server. You can install just the Management Tools on a server, and then uninstall all of your old Exchange servers. But don't delete the organization!

I ended up installing exch 2016 with mailbox only roll. It complained about a cert a one point and followed some articles to resolve that. It then complained about "external url for CAS access". I just posted some bogus info in there. Don't want external access.

I was able to manage existing on-prem AD users and mailbox attributes but when selecting "new mailbox" in the recipients tab I did not have the "Office365 Mailbox" option like I was expecting via screenshots on web.

I went the the "hybrid" tab in the exchange console and ran the hybrid wizard. I select the recommend "minimal" deployment and the "Modern" option for deployment type. There was an option to "license now" and it authenticated with my companies creds and granted a license. Mostly did next next next through the wizard. Rebooted server and had the "Office365 Mailbox" option when selecting new mailbox now.

Create test mailbox and all appears to be working as intended.

If you've completed your mailbox migration to Office 365 then you no longer need the Exchange Hybrid. You can install Exchange 2016 in your environment and then uninstall Exchange 2010. The Exchange 2016 server is simply for the management of email attributes for objects synced to Office 365 by Azure AD Connect. You don't need to run the Hybrid wizard on the Exchange 2016 server (though you could if you so desired).