Removing the last Exchange 2019 server in client's organization

Paulschnack 26 Reputation points

Following the instructions here to turn of my client's last Exchange 2019 server. On step 3, under Permanently shutting down your last Exchange Server, when I run Remove-FederationTrust "Microsoft Federation Gateway" I get the error:

Can't remove federation trust "Microsoft Federation Gateway" It's in use by the following organization(s):
CN=Federation,CN=XXXXX,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=XXXXXXXXX,DC=local

  • CategoryInfo : InvalidOperation: (Microsoft Federation Gateway:ADObjectId) [Remove-FederationTrust], Or

All previous steps in the article have completed successfully.

What do I need to do to complete the cleanup before turning off (not uninstalling) their last server?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,426 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,950 questions
0 comments No comments
{count} votes

Accepted answer
  1. LilyLi2-MSFT 1,981 Reputation points

    Hi @Paulschnack ,

    Welcome to our forum.

    When Remove-FederationTrust fails because it is in use by some listed organizations. And the federation trust cannot be removed by any method, it is recommended that you manually remove the Federation trust from ADSI Edit.
    Please note: Deleting ADSI is risky, in order to prevent any errors, please back up ADSI before using ADSI.

    The object to remove is CN=Microsoft Federation Gateway,CN=Federation Trusts,CN=OrgName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=domain.

    Please refer to the similar thread: problem-removing-a-exchange-federation-trust

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. Amit Singh 4,861 Reputation points

    This issue can occur if outdated or obsolete registry entries are present in Active Directory Domain Services (AD DS), and these registry entries point to deleted instances.
    For example, this issue can occur if you run the Hybrid Configuration Wizard on Exchange 2013 after a previous Exchange 2010-based federation trust was incorrectly or incompletely removed.

    Check this article for more help -

    0 comments No comments

  2. Amit Singh 4,861 Reputation points
    0 comments No comments

  3. Paulschnack 26 Reputation points

    Hi @LilyLi2-MSFT and @Amit Singh ,

    Thank you for your help. Deleting the entry through ADSI did indeed fix the issue, so I could complete the rest of the steps. Appreciate the help.


    0 comments No comments