Link to home
Get AccessLog in
Avatar of total123
total123Flag for United Kingdom of Great Britain and Northern Ireland

asked on

Can i run roaming profiles with Azure AD and a local AD server

hi, I have a client who had an sbs 2008 server, we moved them to office 365 for the mail.
Someone came into the client and moved the local pc's from the local AD to the azure AD for O365 a year or so ago.

The sbs is now just a file server, no exchange. there is a database running off of it, which needs to stay local.

The client has asked if they can use roaming profiles.

Would it be possible to demote the 2008 server and add it to the azure AD, then have it store the roaming profiles ?

If not, is there another solution, such as, format the server to run server 2012/2016 ?
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image

1) No. Azure AD is not like on-premises AD and roaming profiles cannot be set.  Windows 10 roams modern settings, but it isn't like the old roaming profile experience.

2) SBS cannot be demoted and continue to run. Full stop.

3) You can format the server and install a newer version of windows, but since it can't host roaming profiles, I don't think you'll get what you want going that route.
Avatar of total123

ASKER

cheers cliff

can't you sync the azure ad with windows 2016, so there is an on-prem AD, then have the on-prem AD store the profiles with out it having to go to the cloud ?
My understanding of SBS is that it has to be the only AD DC on the network. It will not function as a secondary DC, nor will it operate as a member server. With that in mind your setup is a bit confusing. Did the person responsible for moving AD for the client to Azure, create a new AD domain name? Otherwise the clients would most likely only authenticate with SBS.

To the real question. I've never used Azure, but I would think that you can setup roaming profiles no problem. It would be best to use a local file server to host the profiles, otherwise your Internet connection might get overloaded. Don't forget to have some form of backup for the profiles setup as well.

If you are after hosting the profiles in the cloud, a better option might be CItrix XenApp/XenDesktop. That way only display, mouse and keyboard data are sent across the Internet connection.

Unless they have a 100Mb Internet connection. I would not recommend placing roaming profiles in the cloud. But in the end it is your decision.

Enjoy!
Roger
I've hosted FSLogix Profile Containers (which are just essentially roaming profile VHDs) in an Azure storage account without any need for a file server

http://www.htguk.com/cloud-based-roaming-profiles-in-azure-with-fslogix-profile-containers/ 

I reckon you could do the same with roaming profiles quite easily
ASKER CERTIFIED SOLUTION
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image

Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access
SOLUTION
Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access
Thanks everyone. Lots to think about and put to the client
UPD/FSLogix still has dependencies on user accounts being centralized.  I'll repeat: Azure Active Directory is *not* active directory!  While it provides authentication, the accounts on the machines are *LOCAL* accounts. That means unique SIDs that are *not* persistent across machines.  Enterprise State Roaming is not really like roaming profiles either.  It requires AAD Premium, and roams a very specific subset of settings (far fewer than roaming profiles) and doesn't roam files or most win32 settings at all.