Lately, Microsoft is advocating moving away from the Hybrid Azure AD Join model to the Azure AD Join model, leaving the traditional domain-join model behind.
Microsoft feels it’s time to leave ye ol’ Active Directory behind, but a lot of settings, preferences, files and folders are still part of this legacy. They are part of the profile.
How does an organization cope with transitioning that data to make the transition from a traditional domain-joined device or a hybrid Azure AD-joined device to a cloud all-in Azure AD-joined device?
About join types
Many organizations are embracing Hybrid Identity, where Active Directory and Azure AD are working together, but where Active Directory remains in the lead. Microsoft is turning the table towards Modernized Identity, where Azure AD fulfills some of the roles typically assigned to Active Directory.
One of these roles is joining of devices. Today, we have four join types:
- Active Directory domain-join
- Hybrid Azure AD Join
- Azure AD Join
- Register with Azure AD
For organizational devices running Windows 10, only the first three types apply. The latter join type applies to personal devices and devices running iOS and Android.
In the past few years, we’ve seen organizations expand on the traditional domain-join with Hybrid Azure AD Join. This way, AD-joined devices were made known in Azure AD and made aware of Azure AD and its seamless authentication stack towards cloud applications.
Now, Microsoft tells us it’s time to take the Azure AD Join route.
The trouble with profiles
When a device performs its Azure AD Join, it creates a new profile and doesn’t reference any existing profile.
This means, a person in your organization starts with a fresh clean profile. Sometimes, this is a good thing. Most of the times, however, people will miss their Start Menu lay-out and choices in desktop backgrounds, mouse cursors and sounds at first glance.
In terms of productivity, they will also miss their browser favorites, stored browser passwords, recently-used lists, Outlook settings, custom spell check settings and other application settings. When data is stored in local profiles, email messages, pictures and documents would go missing, too.
Getting a profile across
For typical profile migration purposes, Microsoft long ago introduced the User State Migration Tool (USMT). However, Microsoft has abandoned further development. USMT does not support profiles on Azure AD-joined devices.
To get a profile across from a traditional domain-joined device or a hybrid Azure AD-joined device to an Azure AD-joined device, you can use Thomas Ehler’s USMT GUI.
Thomas is a system specialist from Denmark. He writes tools for IT Pro’s. Originally, he wrote a Graphical User Interface (GUI) for Microsoft’s USMT tool, but he has iterated further. Going beyond the functionality of USMT, his USMT GUI tool can migrate profiles to Azure AD-joined devices.
Unfortunately, the cheapest license that includes USMT GUI’s ‘Migrate local profile to logged in Azure user’ and ‘Restore User profile to logged in Azure user’ options is the Corporate license. It sets your organization back USD 300…
Yet, for many organizations this is a small price to pay to get productivity flowing on newly deployed devices fast.