Sunday, November 29, 2020

Maintaining user profile when moving from on premise AD to Azure AD

So your company has moved to Azure AD and you want to move the end point as well but disjoining from on premise AD and then joining Azure AD will create a new user profile which the users will curse you for.

While you can purchase software that does this, you can do it for free too. However, it will only work IF the username for AD and Azure are exactly similar (which it should, unless for technical reason because if not, then your design sucks) 

Here are the steps

1. Take note of the current user profile folder and HKEY_USERS key string in registry. 

2. Create a temporary local admin account on the system (if it do not already have one)

3. Unjoin the system from domain and restart

4. Login with a local admin account and rename the original user profile folder to something else (eg from bill.gates to bill.gates.ori)

5. Join the system to Azure AD with user account and restart

6. Login as user and open the just renamed current user profile (for rights). Log out once you are able to get in the folder.

7. Login as local admin again and 

a) rename the newly created profile (eg from bill.gates to bill.gates.tmp) and 

b) rename back the original user profile to what it was before (eg from bill.gates.ori to bill.gates) 

8. Go to the tmp profile folder. Show hidden files and copy ntuser.dat from temp profile to original user profile folder. It will replace the old ntuser.dat file. Log out

9. Copy the new HKEY_USERS key string and then rename it with a suffix (eg with .tmp)

10. Rename the original user HKEY_USERS key string with the new user profile key string

11. Login as user and remove temp local admin account and profile.