Home

Azure AD joined to Azure hybrid joined - can I maintain current user profiles?

%3CLINGO-SUB%20id%3D%22lingo-sub-363083%22%20slang%3D%22en-US%22%3EAzure%20AD%20joined%20to%20Azure%20hybrid%20joined%20-%20can%20I%20maintain%20current%20user%20profiles%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-363083%22%20slang%3D%22en-US%22%3EI%20have%20multiple%20Surface%20books%20which%20are%20joined%20to%20Azure%20AD.%20Users%20sign%20into%20this%20devices%20with%20their%20Azure%20AD%20account%20information.%20On-prem%20AD%20is%20also%20configured%2C%20and%20AD%20Connect%20is%20used%20to%20sync%20AD%20to%20AAD.%20Recently%2C%20I%20used%20AD%20connect%20and%20this%20blog%20post%20(%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fmicroscott%2Fsetting-up-windows-hello-for-business-with-intune%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Fmicroscott%2Fsetting-up-windows-hello-for-business-with-intune%2F%3C%2FA%3E)%20to%20configure%20Windows%20Hello%20For%20Business%20with%20automatic%20Azure%20AD%20Device%20Registration%2C%20in%20order%20to%20allow%20for%20Azure%20Hybrid%20joined%20computers.%20Note%2C%20I%20am%20not%20using%20InTune%2C%20just%20GPO's.%20When%20joining%20computers%20to%20the%20on-prem%20domain%2C%20everything%20works%20exactly%20as%20expected%20-%20the%20computer%20device%20is%20automatically%20registered%20in%20Azure%2C%20and%20the%20machine%20is%20joined%20to%20on-prem%20domain.%20Now%2C%20I'm%20trying%20to%20find%20out%20if%20there%20is%20a%20way%20to%20get%20the%20Surface%20books%20which%20are%20already%20joined%20to%20Azure%20AD%20to%20join%20to%20on-prem%20%2F%20hybrid%20join%20without%20having%20to%20migrate%20the%20existing%20user's%20profile.%20So%20far%2C%20the%20only%20way%20I%20have%20been%20able%20to%20move%20the%20computers%20to%20on-prem%20is%20to%20remove%20them%20from%20Azure%20AD%20by%20disconnecting%20the%20account%2C%20then%20joining%20to%20on-prem.%20This%2C%20of%20course%2C%20creates%20a%20new%20profile%20when%20I%20sign%20in%20as%20the%20original%20user%20of%20the%20device.%20Any%20insight%20%2F%20help%20is%20appreciated.%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-363083%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%20Join%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Hybrid%20Join%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EProfile%20Migration%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-363402%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20joined%20to%20Azure%20hybrid%20joined%20-%20can%20I%20maintain%20current%20user%20profiles%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-363402%22%20slang%3D%22en-US%22%3Eyeah%20going%20from%20Domain%20join%20to%20hybrid%20join%2C%20I%20think%20going%20backwards%20doens't%20quiet%20work.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-363392%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20joined%20to%20Azure%20hybrid%20joined%20-%20can%20I%20maintain%20current%20user%20profiles%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-363392%22%20slang%3D%22en-US%22%3EThanks%2C%20Chris.%20I%20have%20used%20that%20in%20the%20past%20as%20well%2C%20but%20an%20implementation%20advisor%20from%20Microsoft%20seemed%20to%20think%20there%20was%20a%20method%20for%20hybrid%20joining%20a%20device%20which%20was%20already%20azure%20ad%20joined%20without%20the%20need%20to%20migrate%20any%20profiles.%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-363352%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20joined%20to%20Azure%20hybrid%20joined%20-%20can%20I%20maintain%20current%20user%20profiles%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-363352%22%20slang%3D%22en-US%22%3EI%E2%80%99ve%20always%20used%20profwiz%20works%20well%20for%20migrating%20domains%20and%20using%20same%20profiles.%3C%2FLINGO-BODY%3E
aghabheegy
New Contributor
I have multiple Surface books which are joined to Azure AD. Users sign into this devices with their Azure AD account information. On-prem AD is also configured, and AD Connect is used to sync AD to AAD. Recently, I used AD connect and this blog post (https://blogs.technet.microsoft.com/microscott/setting-up-windows-hello-for-business-with-intune/) to configure Windows Hello For Business with automatic Azure AD Device Registration, in order to allow for Azure Hybrid joined computers. Note, I am not using InTune, just GPO's. When joining computers to the on-prem domain, everything works exactly as expected - the computer device is automatically registered in Azure, and the machine is joined to on-prem domain. Now, I'm trying to find out if there is a way to get the Surface books which are already joined to Azure AD to join to on-prem / hybrid join without having to migrate the existing user's profile. So far, the only way I have been able to move the computers to on-prem is to remove them from Azure AD by disconnecting the account, then joining to on-prem. This, of course, creates a new profile when I sign in as the original user of the device. Any insight / help is appreciated.
3 Replies
I’ve always used profwiz works well for migrating domains and using same profiles.
Thanks, Chris. I have used that in the past as well, but an implementation advisor from Microsoft seemed to think there was a method for hybrid joining a device which was already azure ad joined without the need to migrate any profiles.
yeah going from Domain join to hybrid join, I think going backwards doens't quiet work.
Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies