Forum Discussion

jdseymour1978's avatar
jdseymour1978
Brass Contributor
Apr 26, 2021

Edge sync - AD vs Microsoft Account

Hello,

 

I have some questions regarding Microsoft Edge sync, and specifically the precedence of AD Sync vs Azure AD Sync, given some issues that we are currently experiencing.

 

Our environment:

Windows 7 workstations (I know!) with ESU Year 2

Windows 10 laptops - version 1909 enterprise X64

Citrix RDS multi-user servers, running on Windows Server 2016 (LTSB)

 

Most of our users have a Microsoft Office 365 licence, but not all (for various reasons...). I have configured group policies to enable on-premises sync, but even for my own user account, I am seeing the 'sign-in' account for MS Edge being either:

 

email.address@ourdomain.com (UPN)

or

<NT Domain name>\samAccountName 

 

This means that the profile sync is different; "cloud" or %AppData%\Microsoft\Edge\User Data\profile.pb

 

It is strange that on different devices, my own account is configured differently on login. 

 

How is the sync priority for the profile for a user determined?

What settings control this?

Is there any way - via script or policy - to switch profiles for users?

 

Thanks,

 

Jonathan

  • jdseymour1978 Hi Jonathan!  Have you tried the RestrictSigninToPattern policy (https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#restrictsignintopattern)?  

     

    We've had some other conversations with customers and in addition to the ConfigureOnPremisesAccountAutoSignIn and RoamingProfileSupportEnabled policies, they configured the RestrictSigninToPattern policy so it can be used to force on-premise sign in.

     

    Thanks! 

     

    -Kelly

    • jdseymour1978's avatar
      jdseymour1978
      Brass Contributor
      Thank you for your reply Kelly_Y

      I tried your suggestion of the RestrictSigninToPattern policy setting, setting it to

      AB\*
      or
      AB\{user_name}

      (where AB is our NT domain name)

      And Edge just got stuck at the Profile1 selection screen at first run with a new profile on a Windows 10 endpoint.

      I'm running out of ideas to be honest. Windows 10 just seems to only want ot pick up the firstname.lastname@ourdomain.com UPN type login name, and perform a AAD type login (according to edge://sync-internals)
      • Kelly_Y's avatar
        Kelly_Y
        Icon for Microsoft rankMicrosoft

        jdseymour1978 Sorry to hear about the issues!  

         

        Couple of tips for the RestrictSigninToPattern policy that I've seen others mention: 

        The required pattern is here "DOMAIN\\.*" (without quotation marks and here DOMAIN is to be replaced with your specific AD domain). Also, reminder that the regex pattern is case sensitive.

         

        Also, if you are still having issues you can reach out to Support and they can work with you directly to troubleshoot your specific case.  https://microsoftedgesupport.microsoft.com/hc/en-us

         

        Thanks! 

         

        -Kelly

Resources