One of the biggest complaints I get from clients and readers alike is keeping a hybrid Exchange server running for a long time, even after all of your mailboxes are transferred into the Cloud. Microsoft's official stance on hybrid environments is: If you eliminate the previous legacy Exchange server from your domain within a hybrid environment, you must also delete Azure Active Directory Connect (your capability to synchronize passwords with Cloud).
It's insane. It's because Azure AD Connect comes with numerous excellent features! For instance, many SMBs do not wish to be deprived of the capability to sync local AD passwords and allow automatic password changes. Some organizations prefer to retain Azure AD Connect to enable authentic single sign-on (SSO) in conjunction with Active Directory Federated Services (ADFS).
What do we do? You have two options. Suppose all you're interested in is synchronizing your passwords, and you've got less than 100 people in your company. In that case, you could look into changing onto Windows Server Essentials Experience and the Windows Server Essentials Experience password synchronization feature instead. If this doesn't be a good fit for your needs, I have a different alternative to recommend:
Upgrade your old Exchange server for Exchange 2016. I know it's a bit of a stretch, but you'll require an Exchange server in place. But what do you know? It doesn't have to do anything-it's essentially a UI for managing your data that is placed on any server that is a member and can be integrated into an existing Domain Controller (note that it is technically supported, however, not advised). A few customers have chosen to go to this configuration unless Microsoft comes up with a solution to remove Exchange servers that are on-prem for good but maintain the directory Synchronization (or we'll transfer AD/DNS to the Cloud, too). ...).