Forum Discussion
OneDrive auto setup
Ok, finally got OneDrive to work correctly, whether the device is showing in Azure AD, or not. The fix is, in addition to setting the Admin Template settings to what MS says, is also to set HKCU\Software\Microsoft\OneDrive\EnableADAL to a data value of 2. OneDrive creates it with a data value of 1. Once I changed it to 2 (any number other than 1 may work), OneDrive immediately started working correctly. No more user prompts, interruptions, or failures. It just loads and syncs. As a side note, I started running OneDriveSetup.exe with the /allusers switch to only have one installation of OneDrive.exe. The /allusers switch puts it under a new program files (x86)\Microsoft OneDrive folder. Just be aware that if you do the /allusers, anyone with OneDrive already installed and working, will get a Sign in error. All they need to do is click the "OK" button and it resigns them in. This is a one-time resign in.
Since we have a smattering of 1709, 1803 and 1809 systems in my test environment, I manually removed some from Azure as I got double entries for the first test Hybrid Azure AD join. The rest I removed before trying to join them. Most no longer show in Azure AD, as they won't re-register and they won't join. A couple did Hybrid Azure AD join, though (and now I can't un-join them, either deleting them from Azure AD or running the dsregcmd /leave command. They always come back). The rest won't join, or register. Ran additional tests on the 1809, as that version is suppose to remove the Azure AD registered entry before joining. However, that doesn't seem to work either. So far, we haven't got one thing to work right while trying to setup silent sign in to OneDrive.
Ok, finally got OneDrive to work correctly, whether the device is showing in Azure AD, or not. The fix is, in addition to setting the Admin Template settings to what MS says, is also to set HKCU\Software\Microsoft\OneDrive\EnableADAL to a data value of 2. OneDrive creates it with a data value of 1. Once I changed it to 2 (any number other than 1 may work), OneDrive immediately started working correctly. No more user prompts, interruptions, or failures. It just loads and syncs. As a side note, I started running OneDriveSetup.exe with the /allusers switch to only have one installation of OneDrive.exe. The /allusers switch puts it under a new program files (x86)\Microsoft OneDrive folder. Just be aware that if you do the /allusers, anyone with OneDrive already installed and working, will get a Sign in error. All they need to do is click the "OK" button and it resigns them in. This is a one-time resign in.
OneDrive silent/auto login update: I haven't been able to push the GPO to any other users in the organization, until today. Unfortunately, it no longer works. I believe the issue is that we moved away from ADFS, and now go through BIG-IP. Azure AD Connect still runs on our DC, and is fully functional. This is the note from Microsoft's site: "If you federate your on-premises Active Directory with Azure AD, you must use AD FS to enable this feature." Anyway, if anyone has had this issue, I'd appreciate knowing what you did to fix it. Thanks.
You could switch over to Pass-Through Authentication for Office365/OneDrive
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start
Microsoft perform the authentication via the Azure AD Connect client installed on premise instead of ADFS, works with SSO,
We've not had any issues after switching,
Chris.
