If you use Exchange 2016 Hybrid, but only for cloud mailbox management and outbound relay, is it "worth" swapping in an Exchange 2019 Hybrid host instead?
More details: A while back, someone helped us initially set up Azure AD Connect and an Exchange 2016 Hybrid, used for cloud mailbox setup and relay outbound from copiers and legacy apps. No clients or services have ever accessed the hybrid host except for SMTP Auth (and again it is all internal outbound to EXO). We have no public folders or anything else that someone coming from prior on-prem Exchange hosting might have. (We do manage distribution lists internally, but that syncs through AADConnect). That person is gone, and I have been keeping up the Cumulative Updates and keeping both AADConnect and EX2016 hybrid running smoothly, as is.
Exchange 2016 extended support ends October 2025. Now that Exchange 2019 CU12 has a free hybrid license and supports Windows 2022 Server, I cannot tell if it is worth the risk of swapping this in for future-proofing protection.
Since I did not directly set up the initial environment, I'm concerned I'm over-simplifying what would be needed. My understanding of the process is as follows:
- Leave EX2016 alone: On a separate host, install Windows 2022 and Exchange 2019 CU12 - this process obviously involves extending the AD schema for EX2019
- Run the latest online Hybrid Configuration Wizard ("HCW") just long enough to get the free license
- Configure 3rd party SSL cert, (re)create receive connectors, test relay out from internal apps
- Re-run HCW, continue through to transfer the connection to this new EX2019 host versus EX2016 one
Things I don't know:
- Whether we must export the certificate(s) from 2016 and import to 2019 manually, or does HCW handle using the current cert on the 2019 box
- Whether HCW pulls in prior receive connector or any other useful settings from EX2016 to EX2019
- Whether we need to re-run the separate AADConnect setup again after the hybrid host changes
- Which MS entity handles support? Exchange Online support does not include Hybrid questions (even though we are only using a Hybrid box for EXO relay and cloud mailbox connectivity). Since we don't host on-prem Exchange, that team also does not handle support.
If anyone has performed "the swap" from 2016 to 2019, please let me know how far off base I am.
I know I have time - and the other obvious plan is to reduce any need for internal relay over the next two years while more and more legacy apps and devices start to catch up with changes to SMTP Auth (e.g. OAuth). Thanks!
You may need to import the certificates to Ex2019 as HCW needs a third-party certificate to work. (self-signed certificate won't be trusted)
HCW will configure it for you if you select the new EX2019 server during configuration.
No.There is no need to re-run AADConnect.
It may depend on what kind of issue you are actually dealing with, and the cause of this issue is on which side.
Here is also a thread from Microsoft Q&A forum which may be helpful:
On-perm Exchange Upgrade when hybrid setup already done with O365
In addition, have you considered installing EX2019 management tools instead of an EX2019 server?
It can also keep you in a supported situation for mailboxes management. (If SMTP relay is not that necessary...)
More detailed are introduced in the following Exchange blogs:
Released: 2022 H1 Cumulative Updates for Exchange Server (refer to the Exchange Management Tools Update part)
Removing Your Last Exchange Server FAQ