Decommission Exchange Server 2010 after Microsoft 365 Migration


Organization has moved all their mailboxes to the Exchange Online from On-Premise Exchange 2010 server. MX Record is cutover to Microsoft 365 (inbound and outbound mail flow is moved to Microsoft 365). Active Directory Synchronization is being used for Syncing the users to Azure Active Directory using Entra Connect.


Decommission Exchange 2010 server from the environment while keeping the Active Directory Synchronization through Entra connect running.


You may have used Hybrid Configuration Wizard (HCW) or Third party Tools to migrate the mailboxes to the cloud or you may have moved to higher version of exchange. Most of the steps given in this article will remain the same.

However, This article will be based on one Exchange 2010 server with all exchange roles on it without DAG and without HCW configuration. You can use this article as a guidance and create a plan for decommissioning exchange server as per your organization requirements.

Also Read: Email Migration from GoDaddy to Microsoft 365 using Bittitan Migrationwiz (Step-by-Step)

Important Note:
Please note Microsoft recommends not to fully decommission the last Exchange Server specially when Azure AD Connect is in use to sync the users to the cloud. If you still go ahead with Exchange server decommissioning, then most of the mail attributes needs to be managed via on-premise using Active Directory Schema Editor Snap-in or Third Party Tools or Powershell which is something not supported by Microsoft. (“MS recommendation: Remove all Exchange servers with the exception of the servers you will retain for user management and creation. Two servers should be sufficient for user management, although you could possibly get by with one server. In addition, there is no need to have a Database Availability Group or any other high availability options.”)  
decommission Exchange Server 2010

1. Take Backup of mail Attributes from AD

Taking backup of important email attributes is not mandatory but its always a best practices to take the backup / export before the start of this activity. This can be used later for verifying the email attributes to make sure that mail attributes are populated correctly as per requirement.

Backup mail, mailNickName and proxyaddresses

Get-ADUser -Filter * -Properties proxyaddresses, mailNickName, Mail | Where { ($_.Enabled -eq $True) -and ($_.proxyaddresses -ne $null) } | Select-Object Name, Mail, mailNickName, @{ L = "ProxyAddresses"; E = {($_.ProxyAddresses | Where-Object {$_ -like "*smtp:*" }) -join ';'} } | Export-Csv -Path "c:\temp\UsersMailAttributes.csv" –NoTypeInformation

Backup X400 Addresses

Get-ADUser -Filter * -Properties proxyaddresses | Where { ($_.Enabled -eq $True) -and ($_.proxyaddresses -ne $null) } | Select-Object Name, @{ L = "ProxyAddresses"; E = {($_.ProxyAddresses | Where-Object {$_ -like "X400*" }) -join ';'} } | Export-Csv -Path "c:\temp\X400.csv" –NoTypeInformation

Backup X500 Addresses

Get-ADUser -Filter * -Properties proxyaddresses | Where { ($_.Enabled -eq $True) -and ($_.proxyaddresses -ne $null) } | Select-Object Name, @{ L = "ProxyAddresses"; E = {($_.ProxyAddresses | Where-Object {$_ -like "X500*" }) -join ';'} } | Export-Csv -Path "c:\temp\X500.csv" –NoTypeInformation

Other Commands for Reference (optional)

  • csvde -f c:\DLs.txt -r “(&(objectCategory=group)(proxyAddresses=*))”
  • csvde -f c:\Users.txt -r “(&(objectCategory=user)(proxyAddresses=*))”

2. Disable Entra Connect Synchronization

Logon to the server where Entra Connect is installed and Disable the Entra Sync using below command.

Set-ADSyncScheduler -SyncCycleEnabled $false

3. Remove Service Connection Point (SCP)

Next, Remove the Service Connection Point (SCP) value on your Exchange Servers. SCP value is used for automatically configure outlook client. When you remove the Service connection point, the client will use the DNS method for autodiscover.

For Exchange 2010 Server:

Get-ClientAccessServer | fl AutoDiscoverServiceInternalUri

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri $Null
Remove Service Connection Point (SCP)

Exchange 2016 Server or later:

Get-ClientAccessService | Set-ClientAccessService -AutoDiscoverServiceInternalUri $Null

If you are unable to remove the Service Connection Point using Powershell. You can open ADSIEdit and delete the Service connection Point manually.

Open ADSIEdit -> Configuration Partition -> Services -> Microsoft Exchange -> CN = <Exchange Organization> -> Administrative Groups -> Servers -> <Exchange Server Name> ->Protocols -> Autodiscover-> Under this folder you will see serviceConnectionPoint. Delete this manually. However, I will prefer the Powershell command option as its easier and less complex than using ADSIEdit.

Remove Service Connection Point (SCP)

4. Delete offline Address Books (OAB’s)

Remove the offline Address Books (OAB’s) using Powershell or manually using the Exchange management console (EMC). Please find both the methods below and use the one preferable to you.

Using Powershell

Get-OfflineAddressBook | Remove-OfflineAddressBook
Delete offline Address Books (OAB's)

Using GUI Method

Open Exchange Management Console -> Organization Configuration -> Mailbox -> offline Address Book -> Select All the Offline Address Books and Right click Select Remove.

Delete offline Address Books (OAB's)
Delete offline Address Books (OAB's)

5. Migration of Public Folders

  • Launch Powershell as adminmistrator
  • Execute Get-OrganizationConfig |fl PublicFoldersEnabled and ensure that it is not set to remote

If it is set to remote and you want to continue to access the public folders, you would need to migrate them to Exchange Online. If you have already migrated Public Folders to Exchange Online, Please proceed to the next section for Delete Public Folders.

Delete Public Folders

Before deleting the Public Folders, Please open the Exchange Management Console -> Toolbox -> Open Public Folder Management Console. Please check the existence of Public Folders on this console.

Delete Public Folders

Use below command to delete all public folders.

Get-PublicFolder -Server ExchangeServerHostName “\” -Recurse -ResultSize:Unlimited | Remove-PublicFolder -Server ExchangeServerHostName -Recurse -ErrorAction:SilentlyContinue

Once all the Public Folders are deleted. Open the Public folder management console again to verify the deletion (as shown in below screenshot).

Delete Public Folders

Delete Public Folder Database

Now, you can Delete the Public Folder Database from the Exchange Management console (However, if you receive an error message as shown below, please follow the given steps to fix the error).

Delete Public Folder Database
The public folder database “Public Folder Database” contains folder replicas. Before deleting the public folder database, remove the folders or move the replicas to another public folder database. For detailed instructions about how to remove a public folder database, see
Delete Public Folder Database

You can check the replicas using below command:

Get-PublicFolder -Recurse | ft name,parentpath,replicas
Delete Public Folder Database

You will find folder replicas are still there for the Public Folder Database. To get around this issue, follow below steps:

  • Dismount the Public folder database
  • Move Public folder database folder contents to a New directory (which includes database and log files, if your log file’s location is different than the database location, go to the log file folder and move its contents as well)
  • Mount the Public folder database again and Delete it.

I’ll guide you through how I resolved this error and offer some alternative methods to fix it. If you want to skip ahead to an alternative method that I haven’t personally tested, please check the ‘Alternate Fix for Replica Error’ in the next section.

a) Dismount the Public Folder Database(s)

Dismount-Database -Identity PublicFolderDatabaseName
Dismount the Public Folder Database

b) Note Public Folder database and log file paths Information

You can also check this information by right clicking the Public Folder Database and click properties -> General Tab.

Get-PublicFolderDatabase | fl name, *Path*
Dismount the Public Folder Database

c) Move the Contents of EdbFilepath and LogFolderPath Folder to another new Folder.

I created a new folder movePFcontents in I:\ drive. You can create the folder in any drive provided you have enough free space to move the Public Folder Database and Log Folder Contents. You can also manually move the data using GUI tools, I have used move command to move the contents.

Dismount the Public Folder Database

d) Mount the Public Folder Database

 Mount-Database -identity publicfolderdatabasename
ount the Public Folder Database

e) Delete Public Folder database

You can now try to delete the Public Folder database at this stage. However, If you receive below error message then please follow further guidance to fix the issue.

The public folder database ‘PublicFolderDatabaseName’ cannot be deleted.

Public folder database “PublicFolderDatabaseName” is the default public folder database for the following mailbox database(s):


. Before deleting the public folder database, assign a new default public folder database to the mailbox database(s).

Error Message when trying to delete the public folder database


The public folder database ‘PublicFolderDatabaseName' cannot be deleted.


First we need to check the default public folder associated for each mailbox database. Run the command Get-MailboxDatabase | ft name, publicfolderdatabase. You can see that mailbox database(s) are having association with public folder database. We need to remove this association to fix this issue so that that mailbox database will not be able to use the public folder DB.

Get-MailboxDatabase | ft name, publicfolderdatabase

Deleting this association by using Set-Mailboxdatabase command didn’t work in my case, so I have used the ADSI Edit to delete the associations manually.

Open ADSI Editor -> Configuration Partition -> CN=Services -> CN=Microsoft Exchange -> CN=(<your organization name>) -> CN=Administrative Groups -> CN=Exchange Administrative Group (<group name>) -> CN=Databases.

Right click on each mailbox database for which you noted the association with public folder databases and Click Properties -> Attributes Editor. Search for msExchHomePublicMDB attribute and clear the value.

Repeat for all other Mailbox databases and then check the association of mailbox database with public folder again to make sure that you have removed all association(s). Use the same command which was used earlier.

Get-MailboxDatabase | ft name, publicfolderdatabase

Now, try to delete the Public Folder Databases. As you can see from below screenshot, Public folder database is now removed.

Get-PublicFolderDatabase | Remove-PublicFolderDatabase

Alternate Fix for Replica Error [Not Tested]

If you’ve encountered a pop-up displaying the error message below, you can use the provided commands to resolve it. I haven’t personally tested these methods, so I can’t guarantee their effectiveness.

Error: The public folder database “Public Folder Database” contains folder replicas. Before deleting the public folder database, remove the folders or move the replicas to another public folder database. For detailed instructions about how to remove a public folder database, see

Set-OrganizationConfig -PublicFolderMigrationComplete $True
Remove-PublicFolderDatabase "Public Folder Database" -RemoveLastAllowed

6. Disable and Delete Mailboxes

The next step is to disable all mailboxes. When you disable a user mailbox using either the Exchange Management Console or Exchange Management Shell, mail-related attributes are removed from the On-Premises Active Directory for that user.

To handle this, we need to convert the disabled user mailbox to a Mail User, as demonstrated in the next section. It’s crucial to ensure that Entra Connect sync is stopped by running the ‘Set-ADSyncScheduler -SyncCycleEnabled $false’ command.

If Entra sync is not paused and you disable a mailbox, it will remove the mail-related attributes from the On-Premises Active Directory user. Once the AD Sync runs, it will convert the users’ email addresses to ‘’ addresses in Microsoft 365.


Below mail attributes are removed from user when you disable a user mailbox.

  • EmailAddress
  • legacyExchangeDN
  • mailNickname
  • mail  
  • msExchHomeServerName
  • textEncodedORAddress
  • showInAddressBook
  • proxyAddresses
  • msExchUserAccountControl
  • msExchVersion
  • msExchMailboxSecurityDescriptor
  • msExchRBACPolicyLink
  • msExchPoliciesIncluded
  • homeMDB
  • homeMTA 
  • mDBUseDefaults        

6.1 Disable Mailbox and Convert User Mailbox to Mail User

For One User

  1. Launch Powershell on the Azure AD Connect Server
  2. Import-Module ADSync
  3. Set-ADSyncScheduler -SyncCycleEnabled $false

Before disabling a user mailbox, please ensure you take a backup of the user’s email aliases. Converting a user to a mail user will not automatically restore the aliases; only the primary SMTP address is restored after the conversion.

To restore or add user aliases, follow these steps:

  1. Go to Active Directory.
  2. Access the user account properties.
  3. Navigate to ‘Attribute Editor.’
  4. Locate ‘proxyAddresses.’
  5. Type the aliases in the format ‘smtp:<user email alias>’ (e.g., smtp:[email protected]).
  6. Use ‘Uppercase SMTP:’ for the primary SMTP email address and ‘lowercase smtp:’ for all user email aliases.”
  1. Open Exchange Management Console -> Recipient configuration -> Mailbox -> Select User Mailbox -> Right Click on it and select disable.
  1. If you are using Powershell (Exchange management shell), you can use the command. Disable-Mailbox -Identity <user’s unique Identifier e.g. Name, Alias etc>

If you’ve disabled a user mailbox and don’t see it immediately appear in the Disconnected Mailbox folder when checking the Exchange Management Console, you can force it to appear there. Use the command ‘Get-Mailboxdatabase | Clean-mailboxdatabase,’ then return to the EMC and refresh the Disconnected Mailbox Folder.”

6.1.1 Convert User Mailbox to Mail User

Before converting a User Mailbox to a Mail User, it’s important to determine the ‘externalEmailAddress’ value. You can provide this value explicitly, for example, ‘[email protected],’ or you can use ‘userprincipalname’ or ‘samAccountName’ as a reference to populate the value.

In the command below, I’ve used ‘userprincipalname’ because the primary SMTP address of my Exchange users matches the ‘userprincipalname’ in Active Directory.”

Once you have identified the externalEmailAddress value, you can run below command against one user to convert disabled User to Mail User.

Important Note:
Please note that I am assuming users Entra ID UPN matches the Primary SMTP Address. If not, you can use a script to match UPN to the primary SMTP address (pSMTP). If you prefer not to match UPN to pSMTP, you can use the ‘samAccountname’ parameter instead of ‘userprincipalname’ or copy the ‘externalmailaddress’ for each user in a CSV file and modify the command below according to your specific requirements.
$userlist = get-user -Identity "Username"
$userlist | foreach {Enable-MailUser $_ -externalEmailAddress “$($_.userprincipalname)” }
Convert User Mailbox to Mail User

If you want to use samAccountName instead of userprincipalname, use below commands:

$userlist = get-user -Identity "Username"
$userlist | foreach { Enable-MailUser $_ -externalEmailAddress “$($_.samaccountname)@DOMAIN.COM” }

Now the user has been converted to Mail User, you can check in on-premise Active Directory, Users email attributes are added / updated again. Below email attributes are added / updated to the on-premise user:

1. EmailAddress
2. InternetEncoding
3. legacyExchangeDN
4. mail
5. mailNickname
6. msExchPoliciesIncluded
7. msExchRecipientDisplayType
8. msExchRecipientTypeDetails
9. msExchVersion
10. proxyAddresses
11. showInAddressBook
12. targetAddress
13. textEncodedORAddress

6.1.2 Resume Entra Connect Sync

Set-ADSyncScheduler -SyncCycleEnabled $true
  • Test email Flow for this mail user.
  • Purge the disabled/disconnected user mailbox
  • Check the mailboxes which are in disconnected state or in disabled state. Note Down the mailbox guid of the user which you want to purge from database.
Get-ExchangeServer | Where-Object {$_.IsMailboxServer –eq $true} | ForEach-Object { Get-MailboxStatistics –Server $_.Name | Where-Object {$_.DisconnectDate –notlike ‘’}} | select displayname, mailboxguid, database

If you want to purge a specific disconnected or disabled mailbox, use the ‘mailboxguid‘ noted above and replace it in the command below. This command will capture the disconnected user matching the mailbox guid in the ‘$mailboxes’ variable.

$mailboxes = Get-ExchangeServer | Where-Object {$_.IsMailboxServer –eq $true} | ForEach-Object { Get-MailboxStatistics –Server $_.Name | Where-Object {($_.DisconnectDate –notlike ‘’) -and ($_.Mailboxguid -eq '87b867e5-b0ol-4jj2-b0d9-13a3n78933e49')}} | select displayname, mailboxguid, database

Purge the mailbox which is captured / stored in $mailboxes variable.

$mailboxes | ForEach { Remove-Mailbox -Database $_.Database -StoreMailboxIdentity $_.MailboxGuid -confirm:$false }

Verify that the disconnected or disabled mailbox have been purged.

Get-ExchangeServer | Where-Object {$_.IsMailboxServer –eq $true} | ForEach-Object { Get-MailboxStatistics –Server $_.Name | Where-Object {$_.DisconnectDate –notlike ‘’}} | select displayname, mailboxguid, database

For All Users

When you want to disable all users at once and convert it to mail users, you can follow below procedure. Most of the process will be same as applied for one user. The only difference is that the commands will run against all Mailboxes.

  1. Pause Entra Connect Sync
  • Launch Powershell on the Entra Connect Server
  • Import-Module ADSync
  • Set-ADSyncScheduler -SyncCycleEnabled $false

Before disabling a user mailbox, make sure to back up the user’s email aliases. Converting a user to a mail user will not automatically restore the aliases; only the primary SMTP address is restored after the conversion.

To restore or add user aliases, follow these steps:

  1. Go to Active Directory.
  2. Access the user account properties.
  3. Navigate to ‘Attribute Editor.’
  4. Locate ‘proxyAddresses.’
  5. Type the aliases in the format ‘smtp:<user email alias>’ (e.g., smtp:[email protected]).
  6. Use ‘Uppercase SMTP:’ for the primary SMTP email address and ‘lowercase smtp:’ for all user email aliases.
  1. Disable All mailboxes
Get-Mailbox -Resultsize Unlimited | Disable-Mailbox
Convert User Mailbox to Mail User
  1. Once the Mailboxes are disabled, convert each disabled user to mail User using below commands.
$userlist = Get-user -Filter { RecipientType -eq “user” } 
$userlist | foreach {Enable-MailUser $_ -externalEmailAddress “$($_.userprincipalname)” }

If you want to use samAccountName instead of userprincipalname. Use below commands:

$userlist = Get-user -Filter { RecipientType -eq “user” }
$userlist | foreach { Enable-MailUser $_ -externalEmailAddress “$($_.samaccountname)@DOMAIN.COM” }
Convert User Mailbox to Mail User
  1. Resume Entra Connect sync.
Set-ADSyncScheduler -SyncCycleEnabled $true
  1. Test email Flow for few random users to confirm the mail flow.
  1. Now, Check all the disconnected/disabled mailboxes.
Get-ExchangeServer | Where-Object {$_.IsMailboxServer –eq $true} | ForEach-Object { Get-MailboxStatistics –Server $_.Name | Where-Object {$_.DisconnectDate –notlike ‘’}} | select displayname, mailboxguid, database
Convert User Mailbox to Mail User
  1. Run below command to store all the disconnected mailboxes in a variable:
$mailboxes = Get-ExchangeServer | Where-Object {$_.IsMailboxServer –eq $true} | ForEach-Object { Get-MailboxStatistics –Server $_.Name | Where-Object {$_.DisconnectDate –notlike ‘’}} | select displayname, mailboxguid, database
  1. Purge all mailboxes
$mailboxes | ForEach { Remove-Mailbox -Database $_.Database -StoreMailboxIdentity $_.MailboxGuid -confirm:$false }
  1. Verify if all the mailboxes are now purged:
Get-ExchangeServer | Where-Object {$_.IsMailboxServer –eq $true} | ForEach-Object { Get-MailboxStatistics –Server $_.Name | Where-Object {$_.DisconnectDate –notlike ‘’}} | select displayname, mailboxguid, database

7. Disable Arbitration mailboxes

  1. Get a list of Arbitration/system mailboxes.
Get-Mailbox -Arbitration
Disable Arbitration mailboxes
  1. Disable the Arbitration Mailboxes using below command:
Get-mailbox -Arbitration | Disable-Mailbox -Arbitration -DisableLastArbitrationMailboxAllowed
Disable Arbitration mailboxes
  1. Once arbitration mailboxes are disabled. Make sure you do not see any Arbitration Mailboxes when you run Get-Mailbox -Arbitration command:
Get-Mailbox -Arbitration

8. Delete SystemMailbox objects from Active Directory

Open Active Directory Users and Computers -> Search for System Mailbox accounts and right click on them -> Select Delete.

Delete SystemMailbox objects from Active Directory

9. Remove Send and Receive Connectors

You can use Exchange Management Console (EMC) or Powershell to remove the send connectors. I have used Powershell command as shown below.

  1. Remove Send Connector.
Get-SendConnector | Remove-SendConnector
Remove Send and Receive Connectors
  1. Remove Receive Connector.
Get-ReceiveConnector | Remove-ReceiveConnector
Remove Send and Receive Connectors

10. Delete Mailbox Import Requests

Run below command to check if there are mailbox import requests in the queue.

Delete Mailbox Import Requests
  1. Remove MailboxImport Requests.
Get-MailboxImportRequest | Remove-MailboxImportRequest
Delete Mailbox Import Requests
  1. Make sure all Mailbox Import Requests are deleted

11. Uninstall Microsoft Exchange 2010 from the server

Before starting this process, Please make sure Exchange Management Shell (EMS) window is closed, Else you will receive an error about Powershell has open files.

  1. Go to Start -> Run -> Appwiz.cpl
  2. Select Microsoft Exchange Server 2010 -> Right click -> Uninstall

12. Test Email Flow

  • Check Inbound / outbound email flow
  • Check Azure AD Sync Health Status
  • Login on office365 admin portal to check the users accounts and make sure there are no issues / errors.

13. Uninstall Other Softwares from Exchange server

Uninstall other software(s) from exchange server like Anti-Virus, Backup Software, Veritas backup exec agent, or any other third party tools to cleanup the meta-data and release the licenses (if any).

14. Unjoin Exchange Sever from domain

Now, you can remove the server from domain. Please make sure to create local admin account on the server so that you can login on the server if required. Delete the meta-data of the Exchange Server(s) like computer account in AD etc.

15. Power down Exchange Server

Now, you can Power down the Exchange server and remove it from monitoring systems if it was added to monitoring systems.

16. Monitoring and Deletion of Exchange Server from the disk

You can monitor the server after power down and then if its a virtual server, delete it from disk if there are no issues reported.

17. Update Documentation

Update the documentation related to Exchange Server where applicable.

Exchange 2010 end of support roadmap

How and when to decommission your on-premises Exchange servers in a hybrid deployment | Microsoft Learn

41 thoughts on “Decommission Exchange Server 2010 after Microsoft 365 Migration”

  1. Thank you for this. It is exactly what i needed. I ran a cutover migration, and enabled DirSync too soon before decomming the Exchange server. Ended up in the Oh no now you can remove Exchange forever issue

  2. I’ve ready to many different ways to handle this and I’m just going to give in and ask…

    All mailboxes are migrated to 365 and working for ~4 months.
    to make sure I fix all apps and relays.. I logged for a month, then unplugged the nic for a week, then disabled all connectors. (I’m using a different non-Exchange server for mail relay)

    Because I have 2 users that are allowed to manage addresses, mailing groups, and lists, I’d like to install Exchange 2016 to continue using exchange management tools..

    I’m unsure what to do..

    I’ve been told:
    op1: install 2016 first, uninstall 2010, then run HCW
    op2: install 2016 first, run HCW, then uninstall 2010
    op3: run HCW (disabling), uninstall 2010, install 2016, then run HCW
    op4: uninstall 2010, install 2016, then run HCW

    I’ve been told a mixture of both and not to run HCW
    Of course been told to ditch exchange and teach the users how to use PS, ADUC attrib, ADSIEdit (lol)

    op2 is what I had planned from the start but I’ve spent to much time looking for the best way to handle it…


    • @Mark You need to install 2016 first, practically I followed these steps

      Prepare Active Directory for Exchange 2016
      Build Exchange 2016
      Run HCW
      Move Resources to Exchange 2016 (if any)
      Decommission Exchange 2010
      Hope this helps.


      • @Mark

        On Below query:
        Of course been told to ditch exchange and teach the users how to use PS, ADUC attrib, ADSIEdit (lol) >>>>> We have completely removed the Exchange 2010 Server for several customers and just using Active Directory Attributes Editor when creating new users or modifying existing users. Only three attributes needs to be updated in the Active Directory attributes editor 1) mail 2) mailnickname 3) ProxyAddress. In that case, IT Admin team should be able to update it or a PS script can be created for the same.

        To make the management of users easier, you can leave an exchange server running as per your Plan and as Hari mentioned.

        • That’s how I’ve added new users recently..

          Hopefully, one day…. the 365 team allows us to manage everything from 365.. its been their goal for what 5 years now? lol — I’m guessing they just haven’t figured out how to make money off it.. :p

          Anyways thank you for the help.

  3. Can I decommission Exchange Server with MailUsers in it and without disabling mailusers? If yes, what would happen to attributes of those mail users after decommissioning Exchange Server?

    • Confirmed that we do not need to disable MailUsers and Mail Contacts to decommission the Exchange on-premises server. The mail attributes for Mail users and mail contacts stay “as-is” after clean decommissioning of Exchange server.

      • Hi RNDMaster, Thanks for providing the insight on this. Can you please advise how did you perform a clean decommissioning of Exchange Server ? Was it your last Exchange server ? Did you simply uninstalled the Exchange Server without first disabling the mailboxes and deleting the databases ?

  4. After uninstalling exchange 2010, what happens to Distribution and Security groups created within EMC and their attributes (such as manager, members, email address, message approval, etc…)

    • If you are moving completely into Cloud (Azure AD) then you will have to export the Distribution groups & import them in Cloud (re-creating them) but if you are running in a Hybrid mode then no changes are required as the authoritative identity manager is still On-Premises Active Directory

      • The current solution is O365 with Azure AD Connect for AD object sync. There is an on-prem exchange 2010 that we want to get rid of. We only want to keep Azure AD Connect for SSO and completely remove that. If security and DLs created through on-prem exchange will stay intact after uninstalling of exchange then is fine! thanks

        • Hi Haris, There should not be any impact on the DL’s and Security groups. However, I will advise you to take the backup of DL’s Proxy Addresses just in case required. I have performed the decommissioning of Exchange Server exactly as shown in this blog post. We are no longer using Exchange Server 2010 and have Azure AD Connect Synced users to Azure AD. hope this helps.

  5. Thanks for the handy guide. In trying to decommission an Exchange 2010 in preparing for an SBS2011 – 2019 move, I got stuck on the Public Folder Replicas error. No amount of moving, remounting and deleting would work it. Thankfully the Alternate Fix did the trick!

  6. $userlist = Get-user –Filter { RecipientType -eq “user” }

    This command won’t work for me ????I can only do per user not for all of them in 1 command..

    any help?

    • Hi Bobby, Please check if the variable $userlist contains the data. If its working for one user, it should work for all the users when you use foreach loop. Can you post the error message / screenshot.

      • Not sure if my previous reply made it through so I apologize if this is a double post.

        I am having the same issue with that command. Here is a screensot

        • Hi Tom,
          Have you disabled the mailboxes as per the section “Disable All Mailboxes” ? Link: b) Disable All mailboxes before running this command ? To be on safe side, you can fist try to disable one test user mailbox and then run this command to see if it captures that user. You can follow the “For One user” Section in this article. Link:
          I have divided this section in two parts. If you are testing with One user

          > Try to run get-user -Filter {recipienttype -eq “user”} to see if you get any results. I have run this command on my exchange 2010 test environment and its working fine. [Please see the attached screenshot]. It could be that you have not disabled the mailboxes or could be powershell version issue as i have explained below.

          > Please also check the version of Powershell. I am using below PS version.
          You can try to change the version of powershell using a command and then try again. [Please see the attached screenshot].

          [PS] C:Windowssystem32>$psversiontable
          Name              Value
          —-              —–
          CLRVersion           2.0.50727.8813
          BuildVersion          6.1.7600.16385
          PSVersion           2.0
          WSManStackVersion       2.0
          PSCompatibleVersions      {1.0, 2.0}
          PSRemotingProtocolVersion   2.1

          Note: There is only one screenshot covering attached to this comment.

          • Hi Jatin,

            Yes, I have disabled the mailboxes already. I am running version 2 of Powershell. I have test with the For One User and that works fine.

            Through some more testing, I found that I need to use single quotes instead of double quotes to get the command to work. So the command for me is: Get-user -Filter { RecipientType -eq ‘user’ }.

            That brings me to another question though. The command returns a long list of users not all of which are Exchange users and some are system users like the IWAM user, etc. Will executing the second command that converts the users to MailUsers have a negative effect on those non-Exchange and system user accounts?

          • Thanks Tom, its good to see single quotes turned out to be the solution for this.

            Regarding your second question, I can suggest you to capture the output of all the users in a txt file and filter out the non-exchange accounts which you do not want to convert to mail user. Use get-content to read the file into a variable and then convert the users which are in txt file to mail users.

            Let me know how it goes.

          • Hi Jatin,

            Thanks for the suggestions. I am still having problems though. I did as you suggested and created a txt file with the output and edited down the appropriate users to convert. I used get-content to add the list to the $userlist variable. When I execute the command to convert the users though I get these errors. Using the “for one user” commands still work fine as I tested them on another user again.

          • @Tom, I am not sure if this is fixed for you yet. I will check it again to see why there are issues when the command is used with all users. Let me know the current status.

  7. Thank you for sharing such detailed instructions for this task. Our organization went through a “Cutover” migration to Microsoft 365 from Exchange 2010 on-prem but AD Sync was established before we did the migration. As I understand it, after reading countless articles on the web, this means our transition was more like a Hybrid migration rather than a Cutover migration so, bummer.

    I have been trying to determine how our organization is going to get out of the state we are in. Of course we are not unique here but we seem to be stuck in an even more interesting state compared to all articles on the web that provide guidance/insight/help that I have been able to find. We have the unfortunate luck to have our Exchange 2010 installation be on a Windows Server 2008 NON-R2 virtual machine. What this means is the highest build number supported for this Exchange 2010 installation, is Update Rollup 8 for Exchange Server 2010 SP1 released in December of 2012. We are unable to introduce Exchange 2016 with the intent to perform user management with it (so we stay in a Microsoft recommended supported state) so we can decom the 2010 because Exchange 2016 will not install until the 2010 version is on a much newer build.

    I don’t feel confident moving forward with any option. I wonder if we just limp along until perhaps Microsoft releases new guidance for ripping out Exchange 2010 or even a wizard based application that decommissions it but who knows if that would ever come.

    • No Problem Bren. Yes, you can keep it running for now or plan to decommission it completely and use ADSIEdit to manage mail attributes of users. I have worked with a lot of clients and decommissioned their Exchange 2010 On-Prem servers after migration to Office365. I understand its easier to manage the mail attributes when exchange server is in place. But its actually not too difficult to manage mail attributes using Attributes Editor in Active Directory.

      I make sure mail, mailNickname and proxyAddresses is populated as per request when creating any new user and sync it to Azure AD using Azure AD Connect.

      • Thank you for your help, tips, and information. Your response certainly makes me feel a lot better about moving forward. I do have two follow up questions – if I may ask.

        1. When I am at the stage of converting a disabled user to a mail user, do I understand you to state that those attributes that were removed when disabled are automatically restored when converted to a mail user?
        2. When I stop AD Sync to begin this project, do all of the Microsoft 365 accounts continue to work as if nothing changed? In other words, does it impact the addresses and change them to until AD Sync is restored?

        Thanks again.

        • No Problem Bren, Happy to help.You can try creating a test mailbox -> check mail attributes in AD -> disable that mailbox -> check mail attributes in AD again. It will be removed. Therefore, convert it to mail user first and then disable the mailbox to retain the mail attributes.

          Feel free to let me know if there are more queries.

          #1 When you convert a user to mail user and then disable the mailbox, it will retain the mail related attributes in Active Directory. I have just disabled a mailbox and got below pop-up message. (as shown in screenshot attached) After it was disabled, all mail related attributes from Active Directory were removed that’s why we need to convert a user to a mail user.

          #2 Stop the sync temporarily should not have any impact on the accounts already synced to office365. General Advice on it is Stop the Sync Cycle temporarily, make changes and then start the sync again. I generally plan the decommissioning work out of office hours or over a weekend.

  8. It appears that this works, however, after I disable the user mailbox and then convert it to a mail user, it appears that any additional proxyAddresses that were set are lost. Is this expected?

    I guess I will need to backup the aliases and then restore them.

    • Hi Matt, Yes that’s right. Only Primary SMTP is restored back when a user mailbox is disabled and then converted to a mail user. As the command for enabling a user to mail user is using user principal name, Its restoring only Primary SMTP email address of the user which matches the user principal name value in Active Directory. User email aliases will need to be backed up and restored after a user is converted to a mail user. I have updated the guide to include this.

  9. What about the exchange 2010 groups where it says groups are managed only on premised. Do i have to migrate this before to the cloud then i could start the process. MY environment already has exchange mx to the cloud. I just realized the groups are not manage. How do i proceed?

    1. Migrate groups from 2010 exchange to cloud – ( i guess i have to re-create every group? )
    2. Use your guide to remove final exchange completely- ?

    I really need some help , been struggling with this.

  10. I did a remote move migration, so there are no mailboxes left. So I guess that the conversion to mail users is not necessary, right?

    • Hi, I am also in this situation as Phillip.
      Exchange 2010 was setup in hybrid and we performed remote move requests to lift the mailboxes from on-prem to Exchange Online.
      All users are now in Exchange Online.
      AD Sync is in place for password synchronisation.
      We have several mailbox databases but they are now empty except for the Arbitration Mailboxes
      The users that have been moved from on-premise to Exchange Online are referenced in EMC here – Recipient Configuration > Mail Contact. They are listed as recipient type Remote User Mailbox.
      If we uninstall Exchange will it strip the Exchange attributes from a Remote User Mailbox?
      My understanding is that Mail Contacts are not effected by uninstalling Exchange and I am wondering if Remote User Mailboxes are treated in the same way.

      • For completeness and to answer the question – If we uninstall Exchange will it strip the Exchange attributes from a Remote User Mailbox? The answer in our scenario was no, all attributes and their values remained after completely uninstalling Exchange 2010. It seems that remote user mailboxes are treated like contacts and uninstalling Exchange doesn’t change any of their values.
        We followed the above article and it was a great help, except we didn’t need to convert the users to Mail Users.
        We tested the uninstallation of Exchange in a test Hyper V environment with a copy of the Exchange server that we P2Vd and a DC with all the FSMO roles before proceeding in the real world

  11. Dear All,

    Thanks for this step by step document. Actually we had same scenario like exchange 2010 with DAG and more than 500 users. We have migrated all users to O365 and changed the connector also. Its working fine from more than 3 months.
    There is no any mailbox available in Exchange 2010. We have shutdown the servers from last 3 months.
    Its working fine but when we create a new user in AD, we have to add proxy address manually which is sync through AD connect to O365.

    So my question is , it is till required to removed the Exchange 2010? after shutdown its also working fine.

    Please help me to understand.


Leave a Comment

Discover more from TechPress

Subscribe now to keep reading and get access to the full archive.

Continue reading