Can i run roaming profiles with Azure AD and a local AD server

hi, I have a client who had an sbs 2008 server, we moved them to office 365 for the mail.
Someone came into the client and moved the local pc's from the local AD to the azure AD for O365 a year or so ago.

The sbs is now just a file server, no exchange. there is a database running off of it, which needs to stay local.

The client has asked if they can use roaming profiles.

Would it be possible to demote the 2008 server and add it to the azure AD, then have it store the roaming profiles ?

If not, is there another solution, such as, format the server to run server 2012/2016 ?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
1) No. Azure AD is not like on-premises AD and roaming profiles cannot be set.  Windows 10 roams modern settings, but it isn't like the old roaming profile experience.

2) SBS cannot be demoted and continue to run. Full stop.

3) You can format the server and install a newer version of windows, but since it can't host roaming profiles, I don't think you'll get what you want going that route.
total123Author Commented:
cheers cliff

can't you sync the azure ad with windows 2016, so there is an on-prem AD, then have the on-prem AD store the profiles with out it having to go to the cloud ?
My understanding of SBS is that it has to be the only AD DC on the network. It will not function as a secondary DC, nor will it operate as a member server. With that in mind your setup is a bit confusing. Did the person responsible for moving AD for the client to Azure, create a new AD domain name? Otherwise the clients would most likely only authenticate with SBS.

To the real question. I've never used Azure, but I would think that you can setup roaming profiles no problem. It would be best to use a local file server to host the profiles, otherwise your Internet connection might get overloaded. Don't forget to have some form of backup for the profiles setup as well.

If you are after hosting the profiles in the cloud, a better option might be CItrix XenApp/XenDesktop. That way only display, mouse and keyboard data are sent across the Internet connection.

Unless they have a 100Mb Internet connection. I would not recommend placing roaming profiles in the cloud. But in the end it is your decision.

Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

James RankinCommented:
I've hosted FSLogix Profile Containers (which are just essentially roaming profile VHDs) in an Azure storage account without any need for a file server 

I reckon you could do the same with roaming profiles quite easily
Cliff GaliherCommented:
While Azure has an optional sync component, not all AD properties are synced.  The roaming profile path is *not* synced.  Equally importantly, roaming profiles are synced using a component that the *device* runs and the *device* must be joined to Active Directory.  "Azure Active Directory" is *NOT* Active Directory in the traditional sense. There are no Group Policies, and the client side extension responsible for syncing roaming profiles would never know it is supposed to run.  

Unless you are willing to go through and disjoin all devices from AAD, rejoin then to your on-premises domain, and then have users sign in using domain credentials (which makes the AAD sync part of your follow-up question moot), you can't roam profiles.  AAD Joined machines can't use roaming profiles, regardless where they are stored.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
James RankinCommented:
Didn't realize these were specifically AAD-joined.

In this case, if they're Windows 10, you could use a bit of a hack to enable User Profile Disks on the client -

You could use Enterprise State Roaming, but in my experience this is still a bit sub-par.

Alternatively, you could buy FSLogix Profile Containers, which is like UPD on steroids.

Any of these would approximate the "roaming" requirement possibly, although I haven't tested any of these on AAD clients so would need a full and thorough pilot.
total123Author Commented:
Thanks everyone. Lots to think about and put to the client
Cliff GaliherCommented:
UPD/FSLogix still has dependencies on user accounts being centralized.  I'll repeat: Azure Active Directory is *not* active directory!  While it provides authentication, the accounts on the machines are *LOCAL* accounts. That means unique SIDs that are *not* persistent across machines.  Enterprise State Roaming is not really like roaming profiles either.  It requires AAD Premium, and roams a very specific subset of settings (far fewer than roaming profiles) and doesn't roam files or most win32 settings at all.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Office

From novice to tech pro — start learning today.