Removing the Exchange 2010 SP2 Hybrid Configuration after you have created it…

Before I get into this it is VERY important to point out that this article is NOT supported by Microsoft in any way shape of form.

If you have run the Exchange 2010 Service Pack 2 Hybrid Configuration Wizard and therefore setup a configuration – you are NOT supposed to remove it.

If you have created a Hybrid Configuration, but not made use of its features – this will not affect the functionality of Exchange 2010 SP2 at all.

I have performed this process in a LAB – not in production, and I have posted it purely as a proof of concept as it came up on the MVP mailing list, and I was curious if it could be done, and therefore thought that I would share my findings, but it has not been tested for wider ramifications ~ you have been warned.


OK, like me, some of you just out of curiosity might have executed the “Hybrid Configuration” wizard just to see what happens – just to let you in on the secret – what you will end up with by using the single step Configuration Wizard is a Hybrid Configuration entry within Exchange, a federation trust and a Self Signed SSL certificate for Federation on your Exchange servers (of course there is a lot more to it if you choose to actually use a Hybrid configuration) – see below;

Hybrid Configuration:


Federation Trust:


Federation Self Signed SSL:


The next thing that you will notice is that you cannot via either the Exchange Management Console, or Exchange Management Shell remove the Hybrid Configuration (mumble, mumble).

Therefore I have come up with the following process (again to reiterate that is NOT supported by Microsoft) that will remove the configuration and associated elements.

Step 1:

From within the Exchange Management Console – navigate to the “Organization Configuration” node and from the Organization configuration details window select the “Federation Trust” tab. Using the right hand mouse button – select the “Microsoft Federation Gateway” entry and from the context menu that appears choose “Remove Federation Trust” – see below


Step 2:

Navigate to the “Server Configuration” Node within the Exchange Management Console and select each server within your environment. You will see a list of certificates within the “Exchange Certificates” window – select the entry for “Exchange Delegation Federation” with the right hand mouse button and from the context menu that appears choose “Remove” – see below:


Step 3:

Open ADSI edit on your server (typically located within [ Start –> Programs –> Administrative Tools –> ADSI Edit ]) and make a connection to the “Configuration” Partition. You will need to navigate to [ Configuration –>Services->Microsoft Exchange –><Organisation Name>->Hybrid Configuration] – see below


The details pane will change to show you a “Hybrid Configuration” entry – using the Right hand mouse button – select this entry and from the context menu that appears choose “Delete” – see below


Step 4:

You will need to restart the Microsoft Exchange Service Host (MSExchangeServiceHost) service from the Services Manager on each of your Exchange Servers, and wait for AD replication to take place (if you have more than 1 domain controller) after which when you navigate back to the “Organization Configuration –> Hybrid Configuration” you will now see that the entry has gone.


  1. Hi,

    I had followed all steps… on exchange 2010… there is no hybrid config..

    but when I try to install exchange 2016 for migration from 2010 to 2016 it says Hybrid config detected… and asks for the user name and password..

    How to remove Hybrid config.. I dont want Office365 anymore… gave lot of pains…

    am i missing here anything… any pointers how to fully remove hybrid… I have even uninstalled Azure Directory sync, etc etc… till no luck

    Thanks in advance..

    1. Hi Vickey,

      I was wondering if you were able to get out of the hybrid configuration with office 365 as I am having doubts that I would still be able to remove office 365 from my system and roll back to my on-premise server completely.



  2. Thanks for the excellent guide. The only problem with this guide is that once you break off the Hybrid setup you cannot create another one. The HCW will always fails.
    In order to be able to create another Hybrid configuration (very unlikely but I needed to do this in order to separate my on-premises mailboxes to two independent O365 tenants) you need to open ADSIEdit and recreate the Hybrid Configuration container (right-click ->New Object ->container and name it Hybrid Configuration). After that the HCW should be able to complete successfully.

  3. Hi,
    thanks for your test … I have tried to use your guide to remove Hybrid configuration on an Exchange 2010 SP3 server where HCW has failed. On this server I have find all objects described on your guide but on “Step 1” I receive an error when procedure try to execute “Remove-FederatedDomain -DomainName xxx.xx” becouse “domain is not reserved” …
    can someone help me to complete procedure for removing Hybrid Configuration?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.