• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 230
  • Last Modified:

Can i run roaming profiles with Azure AD and a local AD server

hi, I have a client who had an sbs 2008 server, we moved them to office 365 for the mail.
Someone came into the client and moved the local pc's from the local AD to the azure AD for O365 a year or so ago.

The sbs is now just a file server, no exchange. there is a database running off of it, which needs to stay local.

The client has asked if they can use roaming profiles.

Would it be possible to demote the 2008 server and add it to the azure AD, then have it store the roaming profiles ?

If not, is there another solution, such as, format the server to run server 2012/2016 ?
0
total123
Asked:
total123
  • 3
  • 2
  • 2
  • +1
2 Solutions
 
Cliff GaliherCommented:
1) No. Azure AD is not like on-premises AD and roaming profiles cannot be set.  Windows 10 roams modern settings, but it isn't like the old roaming profile experience.

2) SBS cannot be demoted and continue to run. Full stop.

3) You can format the server and install a newer version of windows, but since it can't host roaming profiles, I don't think you'll get what you want going that route.
0
 
total123Author Commented:
cheers cliff

can't you sync the azure ad with windows 2016, so there is an on-prem AD, then have the on-prem AD store the profiles with out it having to go to the cloud ?
0
 
rojiruCommented:
My understanding of SBS is that it has to be the only AD DC on the network. It will not function as a secondary DC, nor will it operate as a member server. With that in mind your setup is a bit confusing. Did the person responsible for moving AD for the client to Azure, create a new AD domain name? Otherwise the clients would most likely only authenticate with SBS.

To the real question. I've never used Azure, but I would think that you can setup roaming profiles no problem. It would be best to use a local file server to host the profiles, otherwise your Internet connection might get overloaded. Don't forget to have some form of backup for the profiles setup as well.

If you are after hosting the profiles in the cloud, a better option might be CItrix XenApp/XenDesktop. That way only display, mouse and keyboard data are sent across the Internet connection.

Unless they have a 100Mb Internet connection. I would not recommend placing roaming profiles in the cloud. But in the end it is your decision.

Enjoy!
Roger
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
James RankinCommented:
I've hosted FSLogix Profile Containers (which are just essentially roaming profile VHDs) in an Azure storage account without any need for a file server

http://www.htguk.com/cloud-based-roaming-profiles-in-azure-with-fslogix-profile-containers/ 

I reckon you could do the same with roaming profiles quite easily
0
 
Cliff GaliherCommented:
While Azure has an optional sync component, not all AD properties are synced.  The roaming profile path is *not* synced.  Equally importantly, roaming profiles are synced using a component that the *device* runs and the *device* must be joined to Active Directory.  "Azure Active Directory" is *NOT* Active Directory in the traditional sense. There are no Group Policies, and the client side extension responsible for syncing roaming profiles would never know it is supposed to run.  

Unless you are willing to go through and disjoin all devices from AAD, rejoin then to your on-premises domain, and then have users sign in using domain credentials (which makes the AAD sync part of your follow-up question moot), you can't roam profiles.  AAD Joined machines can't use roaming profiles, regardless where they are stored.
0
 
James RankinCommented:
Didn't realize these were specifically AAD-joined.

In this case, if they're Windows 10, you could use a bit of a hack to enable User Profile Disks on the client - https://4sysops.com/archives/user-profile-disks-on-windows-10/.

You could use Enterprise State Roaming, but in my experience this is still a bit sub-par.

Alternatively, you could buy FSLogix Profile Containers, which is like UPD on steroids.

Any of these would approximate the "roaming" requirement possibly, although I haven't tested any of these on AAD clients so would need a full and thorough pilot.
0
 
total123Author Commented:
Thanks everyone. Lots to think about and put to the client
0
 
Cliff GaliherCommented:
UPD/FSLogix still has dependencies on user accounts being centralized.  I'll repeat: Azure Active Directory is *not* active directory!  While it provides authentication, the accounts on the machines are *LOCAL* accounts. That means unique SIDs that are *not* persistent across machines.  Enterprise State Roaming is not really like roaming profiles either.  It requires AAD Premium, and roams a very specific subset of settings (far fewer than roaming profiles) and doesn't roam files or most win32 settings at all.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now