Share via

Removing the last Exchange 2019 server in client's organization

Paulschnack 31 Reputation points
2022-11-09T02:07:34.137+00:00

Following the instructions here https://learn.microsoft.com/en-gb/Exchange/manage-hybrid-exchange-recipients-with-management-tools to turn of my client's last Exchange 2019 server. On step 3, under Permanently shutting down your last Exchange Server, when I run Remove-FederationTrust "Microsoft Federation Gateway" I get the error:

Can't remove federation trust "Microsoft Federation Gateway" It's in use by the following organization(s):
CN=Federation,CN=XXXXX,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=XXXXXXXXX,DC=local

  • CategoryInfo : InvalidOperation: (Microsoft Federation Gateway:ADObjectId) [Remove-FederationTrust], Or
    gsStillUsingThisTrustException

All previous steps in the article have completed successfully.

What do I need to do to complete the cleanup before turning off (not uninstalling) their last server?

Exchange | Exchange Server | Management
Exchange | Exchange Server | Management
The administration and maintenance of Microsoft Exchange Server to ensure secure, reliable, and efficient email and collaboration services across an organization.
Exchange | Hybrid management
Exchange | Hybrid management
The administration of a hybrid deployment that connects on-premises Exchange Server with Exchange Online, enabling seamless integration and centralized control.
0 comments
Answer accepted by question author
  1. LilyLi2-MSFT 1,981 Reputation points
    2022-11-10T06:44:08.653+00:00

    Hi @Paulschnack ,

    Welcome to our forum.

    When Remove-FederationTrust fails because it is in use by some listed organizations. And the federation trust cannot be removed by any method, it is recommended that you manually remove the Federation trust from ADSI Edit.
    Please note: Deleting ADSI is risky, in order to prevent any errors, please back up ADSI before using ADSI.

    The object to remove is CN=Microsoft Federation Gateway,CN=Federation Trusts,CN=OrgName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=domain.

    Please refer to the similar thread: problem-removing-a-exchange-federation-trust

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amit Singh 5,321 Reputation points
    2022-11-09T11:07:31.043+00:00

    This issue can occur if outdated or obsolete registry entries are present in Active Directory Domain Services (AD DS), and these registry entries point to deleted instances.
    For example, this issue can occur if you run the Hybrid Configuration Wizard on Exchange 2013 after a previous Exchange 2010-based federation trust was incorrectly or incompletely removed.

    Check this article for more help - https://learn.microsoft.com/en-us/exchange/troubleshoot/hybrid-configuration-wizard-errors/running-hybrid-configuration-wizard-fails

    0 comments
  2. Amit Singh 5,321 Reputation points
    2022-11-10T04:47:07.783+00:00
    0 comments
  3. Paulschnack 31 Reputation points
    2022-11-13T06:22:34.387+00:00

    Hi @LilyLi2-MSFT and @Amit Singh ,

    Thank you for your help. Deleting the entry through ADSI did indeed fix the issue, so I could complete the rest of the steps. Appreciate the help.

    /Paul

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.