total123
asked on
Can i run roaming profiles with Azure AD and a local AD server
hi, I have a client who had an sbs 2008 server, we moved them to office 365 for the mail.
Someone came into the client and moved the local pc's from the local AD to the azure AD for O365 a year or so ago.
The sbs is now just a file server, no exchange. there is a database running off of it, which needs to stay local.
The client has asked if they can use roaming profiles.
Would it be possible to demote the 2008 server and add it to the azure AD, then have it store the roaming profiles ?
If not, is there another solution, such as, format the server to run server 2012/2016 ?
Someone came into the client and moved the local pc's from the local AD to the azure AD for O365 a year or so ago.
The sbs is now just a file server, no exchange. there is a database running off of it, which needs to stay local.
The client has asked if they can use roaming profiles.
Would it be possible to demote the 2008 server and add it to the azure AD, then have it store the roaming profiles ?
If not, is there another solution, such as, format the server to run server 2012/2016 ?
ASKER
cheers cliff
can't you sync the azure ad with windows 2016, so there is an on-prem AD, then have the on-prem AD store the profiles with out it having to go to the cloud ?
can't you sync the azure ad with windows 2016, so there is an on-prem AD, then have the on-prem AD store the profiles with out it having to go to the cloud ?
My understanding of SBS is that it has to be the only AD DC on the network. It will not function as a secondary DC, nor will it operate as a member server. With that in mind your setup is a bit confusing. Did the person responsible for moving AD for the client to Azure, create a new AD domain name? Otherwise the clients would most likely only authenticate with SBS.
To the real question. I've never used Azure, but I would think that you can setup roaming profiles no problem. It would be best to use a local file server to host the profiles, otherwise your Internet connection might get overloaded. Don't forget to have some form of backup for the profiles setup as well.
If you are after hosting the profiles in the cloud, a better option might be CItrix XenApp/XenDesktop. That way only display, mouse and keyboard data are sent across the Internet connection.
Unless they have a 100Mb Internet connection. I would not recommend placing roaming profiles in the cloud. But in the end it is your decision.
Enjoy!
Roger
To the real question. I've never used Azure, but I would think that you can setup roaming profiles no problem. It would be best to use a local file server to host the profiles, otherwise your Internet connection might get overloaded. Don't forget to have some form of backup for the profiles setup as well.
If you are after hosting the profiles in the cloud, a better option might be CItrix XenApp/XenDesktop. That way only display, mouse and keyboard data are sent across the Internet connection.
Unless they have a 100Mb Internet connection. I would not recommend placing roaming profiles in the cloud. But in the end it is your decision.
Enjoy!
Roger
I've hosted FSLogix Profile Containers (which are just essentially roaming profile VHDs) in an Azure storage account without any need for a file server
http://www.htguk.com/cloud-based-roaming-profiles-in-azure-with-fslogix-profile-containers/
I reckon you could do the same with roaming profiles quite easily
http://www.htguk.com/cloud-based-roaming-profiles-in-azure-with-fslogix-profile-containers/
I reckon you could do the same with roaming profiles quite easily
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks everyone. Lots to think about and put to the client
UPD/FSLogix still has dependencies on user accounts being centralized. I'll repeat: Azure Active Directory is *not* active directory! While it provides authentication, the accounts on the machines are *LOCAL* accounts. That means unique SIDs that are *not* persistent across machines. Enterprise State Roaming is not really like roaming profiles either. It requires AAD Premium, and roams a very specific subset of settings (far fewer than roaming profiles) and doesn't roam files or most win32 settings at all.
2) SBS cannot be demoted and continue to run. Full stop.
3) You can format the server and install a newer version of windows, but since it can't host roaming profiles, I don't think you'll get what you want going that route.