Advertisement
We have 100 staff all over the UK that are joined to an AD domain, but because of the way of working has changed we are moving to AZure ad instead. Those staff laptops cant see a DC for a very long time unless they come to the office, and thats not often for many.<\/p>\n
My question is, Can we get existing users signed into azure ad and dis-join the AD server even if the laptop cant see the domain controller.<\/p>","upvoteCount":6,"answerCount":5,"datePublished":"2022-07-19T07:21:03.000Z","author":{"@type":"Person","name":"goody-83","url":"https://community.spiceworks.com/u/goody-83"},"suggestedAnswer":[{"@type":"Answer","text":"
We have 100 staff all over the UK that are joined to an AD domain, but because of the way of working has changed we are moving to AZure ad instead. Those staff laptops cant see a DC for a very long time unless they come to the office, and thats not often for many.<\/p>\n
My question is, Can we get existing users signed into azure ad and dis-join the AD server even if the laptop cant see the domain controller.<\/p>","upvoteCount":6,"datePublished":"2022-07-19T07:21:04.000Z","url":"https://community.spiceworks.com/t/move-devices-from-ad-joined-to-azure/931379/1","author":{"@type":"Person","name":"goody-83","url":"https://community.spiceworks.com/u/goody-83"}},{"@type":"Answer","text":"
Current Scenario?<\/p>\n
→ Are they joined to Azure AD or Joined to Domain.<\/p>\n
→ What would you like to achieve?<\/p>","upvoteCount":0,"datePublished":"2022-07-19T07:49:18.000Z","url":"https://community.spiceworks.com/t/move-devices-from-ad-joined-to-azure/931379/2","author":{"@type":"Person","name":"jitensh","url":"https://community.spiceworks.com/u/jitensh"}},{"@type":"Answer","text":"
They are currently AD joined only. We need to do a remote session with staff to get them signed into azure ad. This will create them a new local profile.<\/p>\n
We want the laptops on azure only as AD will be going at some point.<\/p>\n
Do they need to be dropped back to a workgroup? If so can this be done without DC viability?<\/p>","upvoteCount":0,"datePublished":"2022-07-19T08:15:02.000Z","url":"https://community.spiceworks.com/t/move-devices-from-ad-joined-to-azure/931379/3","author":{"@type":"Person","name":"goody-83","url":"https://community.spiceworks.com/u/goody-83"}},{"@type":"Answer","text":"
Step 1 Import devices into AzureAD
\nStep 2 Mark machines as corporate owned
\nStep 3 Remove all machines from Local AD, joining machines to WorkGroup in the process
\nStep 4 Sign in user under Accounts > Access work or school, with AzureAD Sign-in UPN
\nStep 5 Deploy policies using Intune<\/p>","upvoteCount":0,"datePublished":"2022-07-19T11:53:05.000Z","url":"https://community.spiceworks.com/t/move-devices-from-ad-joined-to-azure/931379/4","author":{"@type":"Person","name":"spiceuser-2x5mo","url":"https://community.spiceworks.com/u/spiceuser-2x5mo"}},{"@type":"Answer","text":"
Hi, but under step 3 of your list if the laptop cant see a domain controller, will it allow me to demote it to a workgroup as i assume it will want to write back to ad the changes to domain membership.<\/p>","upvoteCount":0,"datePublished":"2022-07-19T11:56:37.000Z","url":"https://community.spiceworks.com/t/move-devices-from-ad-joined-to-azure/931379/5","author":{"@type":"Person","name":"goody-83","url":"https://community.spiceworks.com/u/goody-83"}}]}}