Join Log in
Score:2
tb1 avatar Server

Replacing Exchange 2016 Hybrid with Exchange 2019 Hybrid

jp flag
tb1

If you use Exchange 2016 Hybrid, but only for cloud mailbox management and outbound relay, is it "worth" swapping in an Exchange 2019 Hybrid host instead?

More details: A while back, someone helped us initially set up Azure AD Connect and an Exchange 2016 Hybrid, used for cloud mailbox setup and relay outbound from copiers and legacy apps. No clients or services have ever accessed the hybrid host except for SMTP Auth (and again it is all internal outbound to EXO). We have no public folders or anything else that someone coming from prior on-prem Exchange hosting might have. (We do manage distribution lists internally, but that syncs through AADConnect). That person is gone, and I have been keeping up the Cumulative Updates and keeping both AADConnect and EX2016 hybrid running smoothly, as is.

Exchange 2016 extended support ends October 2025. Now that Exchange 2019 CU12 has a free hybrid license and supports Windows 2022 Server, I cannot tell if it is worth the risk of swapping this in for future-proofing protection.

Since I did not directly set up the initial environment, I'm concerned I'm over-simplifying what would be needed. My understanding of the process is as follows:

  1. Leave EX2016 alone: On a separate host, install Windows 2022 and Exchange 2019 CU12 - this process obviously involves extending the AD schema for EX2019
  2. Run the latest online Hybrid Configuration Wizard ("HCW") just long enough to get the free license
  3. Configure 3rd party SSL cert, (re)create receive connectors, test relay out from internal apps
  4. Re-run HCW, continue through to transfer the connection to this new EX2019 host versus EX2016 one

Things I don't know:

  • Whether we must export the certificate(s) from 2016 and import to 2019 manually, or does HCW handle using the current cert on the 2019 box
  • Whether HCW pulls in prior receive connector or any other useful settings from EX2016 to EX2019
  • Whether we need to re-run the separate AADConnect setup again after the hybrid host changes
  • Which MS entity handles support? Exchange Online support does not include Hybrid questions (even though we are only using a Hybrid box for EXO relay and cloud mailbox connectivity). Since we don't host on-prem Exchange, that team also does not handle support.

If anyone has performed "the swap" from 2016 to 2019, please let me know how far off base I am.

I know I have time - and the other obvious plan is to reduce any need for internal relay over the next two years while more and more legacy apps and devices start to catch up with changes to SMTP Auth (e.g. OAuth). Thanks!

121
1 + 0
Score:1
Kael avatar Server
pl flag
Kael

Whether we must export the certificate(s) from 2016 and import to 2019 manually, or does HCW handle using the current cert on the 2019 box

You may need to import the certificates to Ex2019 as HCW needs a third-party certificate to work. (self-signed certificate won't be trusted)

Whether HCW pulls in prior receive connector or any other useful settings from EX2016 to EX2019

HCW will configure it for you if you select the new EX2019 server during configuration.

Whether we need to re-run the separate AADConnect setup again after the hybrid host changes

No.There is no need to re-run AADConnect.

Which MS entity handles support? Exchange Online support does not include Hybrid questions (even though we are only using a Hybrid box for EXO relay and cloud mailbox connectivity). Since we don't host on-prem Exchange, that team also does not handle support.

It may depend on what kind of issue you are actually dealing with, and the cause of this issue is on which side.

Here is also a thread from Microsoft Q&A forum which may be helpful:

On-perm Exchange Upgrade when hybrid setup already done with O365

In addition, have you considered installing EX2019 management tools instead of an EX2019 server?

It can also keep you in a supported situation for mailboxes management. (If SMTP relay is not that necessary...)

More detailed are introduced in the following Exchange blogs:

Released: 2022 H1 Cumulative Updates for Exchange Server (refer to the Exchange Management Tools Update part)

Removing Your Last Exchange Server FAQ

+ 1
tb1 avatar
jp flag
tb1
Thanks Kael! At the moment internal relay is still vital: We do use SMTP AUTH client submission in many places, but it is too unpredictable with the 30 message per minute throttle for some devices or use cases, and Direct Send is impractical / too much to maintain outside M365 itself. We're hoping over the course of the next year to reduce these. I was kind of hoping MS would spin up a relay similar to the On-Prem Data Gateway. Could you imagine? Install an On-Prem Relay, authenticate with M365, light setting config through the admin portal? :D Truly appreciate the detailed answers!!!
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.