07 May 2022

To migrate Azure AD-joined Windows profile

Suggestions for moving an Azure-AD joined PC from one tenancy to another tenancy and minimising Windows profile impact for the user.

The user's web browser will lose its saved passwords during the change. You can export them before the change, and import afterwards, but best to make sure the user also knows all saved passwords to be safe.

You'll need a local administrator account.

You may wish to back up the PC to be safe.

ForensiT's User Profile Wizard will be used to adjust the user's Windows profile to work with the new tenancy.

  1. On your own PC, generate the XML file for User Profile Wizard which contains the Azure AD object IDs. To do this, run the Save-AzureADUser.ps1 PowerShell script against the new tenancy and note the resulting XML file.
  2. On the user's PC, take note of the default applications (as these will often be reset during the process).
  3. Export user's browser passwords to file.
  4. Log in as the local administrator.
  5. Disconnect it from the current tenancy: Settings > Accounts > Access work or school > Disconnect. Enter the local administrator credentials, and restart the PC, when prompted.
  6. Log in as the local administrator.
  7. Join it to the new tenancy: Settings > Accounts > Access work or school > Connect.
  8. Install User Profile Wizard on the PC. Copy the XML file into the same directory as the main application executable.
  9. Run User Profile Wizard. When prompted to enter the domain, enter the name of the company per tenancy e.g. "My Business" and tick Azure AD. When prompted to enter the account name, enter the user's username in the new tenancy e.g. joe@mybusiness.com (it will display an error if it can't find this user in the XML file).
  10. The PC will restart after the wizard has finished.
  11. Log in with the local administrator, log out.
  12. Log in with the user's new-tenancy account e.g. joe@mybusiness.com. May be prompted to set up Windows Hello e.g. PIN to log in.
  13. Verify that it is using the existing profile - the user's documents etc. should be present.
  14. Set the default applications to what they were previously.
  15. Import user's browser passwords from file. If user was syncing their browser data to an online account, they may need to re-sign into the browser or re-set it up.
  16. Check Outlook, Teams, and OneDrive functionality, and Office activation status.
  17. Check Windows Credential Manager, browser saved passwords, and remove any references to the old tenancy account.
  18. Sometimes BitLocker on the C drive will be paused - resume it if necessary.
Filed under:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)