Recreating Distribution Lists in Microsoft 365 while Retaining On-Premises AD as the Source of Authority

Audience	Hybrid Exchange / Microsoft 365 administrators
Scenario	Decommissioning the last on-premises Exchange server while keeping on-premises Active Directory and directory synchronization
Use Case	Client communication regarding whether synced distribution lists must be deleted and recreated in Exchange Online

Executive Summary. If on-premises Active Directory remains authoritative and directory synchronization continues, the normal and supported design is to keep synchronized distribution lists on-premises and manage them with Exchange recipient management tools. In most cases, there is no requirement to delete and recreate those lists directly in Exchange Online simply to retire the last Exchange server.

Overview

When a customer moves mailboxes to Exchange Online but keeps on-premises AD as the primary source of authority, synchronized distribution groups normally remain on-premises-managed objects. Microsoft states that distribution groups created through directory synchronization must be managed in the on-premises environment unless the organization intentionally changes the group's source of authority.

Microsoft now supports a management-tools-only model for these environments. That means the last Exchange server can usually be shut down after prerequisites are met, while recipient objects such as distribution groups continue to be managed from a domain-joined management workstation or server using Exchange Management Tools and PowerShell.

Direct Answer

No - in the normal case, you do not need to delete the local on-premises distribution lists from AD and recreate them in Microsoft 365 just to remove the Exchange server.

Recommended position: Keep AD authoritative, continue synchronization, and manage synchronized distribution groups with Exchange Management Tools only. Recreate a list in Exchange Online only when there is a deliberate reason to make that specific list cloud-managed.

When Recreating a List in Exchange Online Might Be Appropriate

• The business intentionally wants that specific list to become a cloud-managed Exchange Online object.
• Membership or workflow requirements depend on cloud-only objects or cloud-side administration.
• The organization is deliberately changing the group's source of authority rather than merely retiring server infrastructure.

This is an exception and design choice, not the standard requirement for retiring the last on-premises Exchange server.

Specific Note Regarding zfirmcontactssync

Because the client already deleted the on-premises synchronized distribution list "zfirmcontactssync" and recreated it in Exchange Online, that object should now be treated as a cloud-managed exception. It should be documented clearly so administrators know that future changes to that list are not made from the on-premises side. The rest of the still-synchronized lists can remain under on-premises authority.

Recommended  Approach

Option	Use When	Guidance
Option A	AD remains authoritative and sync continues	Preferred. Keep distribution groups on-premises and manage them with Exchange Management Tools only.
Option B	A specific list must become cloud-managed	Use selectively. Recreate or convert only the justified list, not the whole environment.
Option C	Group SOA is being evaluated	Pilot first. Test carefully because distribution lists remain Exchange-oriented objects.

Step-by-Step Process

Phase 1 - Confirm Readiness

• Verify that all user mailboxes and public folders that need to be migrated are already in Exchange Online.
• Confirm that on-premises AD will remain the authoritative identity source and that Microsoft Entra Connect Sync or Cloud Sync will remain in place.
• Inventory all distribution groups and classify them as: keep on-prem authoritative, convert to cloud-managed, or retire.

Phase 2 - Preserve On-Premises Authoritative Distribution Groups

• Leave the on-premises AD distribution groups in place.
• Install Exchange Server Management Tools on a supported domain-joined workstation or server.
• Install RSAT and configure the permissions required for Recipient Management EMT if needed.
• Use Exchange Management Tools PowerShell cmdlets to create, modify, and maintain distribution groups and membership after the Exchange server is retired.

Phase 3 - Decommission the Last Exchange Server Properly

• Validate that recipient management works through the management-tools-only model before shutting down the server.
• Shut down the final Exchange server after validation is complete.
• If the organization never plans to run Exchange Server on-premises again, use Microsoft's CleanupActiveDirectoryEMT.ps1 script only after reviewing the consequences carefully.
• Do not uninstall the last Exchange server. Microsoft warns that uninstalling removes Active Directory information needed by the management tools. If the server is being retired permanently, erase or reformat it instead of uninstalling Exchange from it.

Phase 4 - Handle Exceptions Such as zfirmcontactssync

• Document any groups that have already been recreated directly in Exchange Online.
• Review primary SMTP addresses, aliases, and legacy addressing requirements so continuity is preserved when a group object is replaced.
• Train administrators on which lists are cloud-managed and which remain synchronized from on-premises AD.

Exceptions and Caveats

• Synchronized distribution groups are normally read-only in Exchange Online and must be managed on-premises.
• Dynamic distribution group memberships are not synchronized in the same way as regular distribution groups and need separate design consideration.
• Group Source of Authority is newer and should be piloted before broad production use for mail-enabled groups.
• After shutdown and AD cleanup, traditional Exchange RBAC no longer functions the same way, so permissions planning is important.

Tools and Software Needed

Tool / Component	Purpose
Microsoft Entra Connect Sync or Cloud Sync	Maintains synchronized identities and group objects between on-premises AD and Microsoft 365.
Exchange Server Management Tools	Supported method for managing on-premises authoritative recipients without a running Exchange server.
RSAT	Provides the supporting AD administration components needed on the management workstation or server.
Exchange Management Shell / PowerShell	Used to manage distribution groups and membership after the Exchange server is retired.
Graph tools for Group SOA evaluation	Optional for pilot testing when the organization is intentionally converting specific groups to cloud ownership.

Bottom line: If the client is decommissioning the last on-premises Exchange server but keeping on-premises AD as the primary source of authority, the standard answer is no - do not broadly delete and recreate all distribution lists in Microsoft 365. Keep synchronized groups in AD, continue synchronization, and manage them with Exchange Management Tools only. Recreate or convert only those specific groups that have a documented business reason to become cloud-managed.

Microsoft References

• Manage recipients in Exchange Hybrid environments using Management tools
• How and when to decommission your on-premises Exchange servers in a hybrid deployment
• Cloud-based management of Exchange attributes for Remote Mailboxes in hybrid environments
• Configure Group Source of Authority (SOA)
• Convert Group Source of Authority to the cloud
• Guidance for using Group Source of Authority (SOA)
• Owners of an on-premises distribution group synced to O365 cannot manage the distribution group in Exchange Online
• Microsoft Entra Connect Sync: understanding users, groups, and contacts
• Install the Exchange management tools