Forum Discussion
Silently configure OneDrive using Windows 10 or domain credentials
Hi Priyanka
I added EnabaleADAL manually as well as import registry.
I am not sure how to do tracing, please advise and let me know what I need to trace.
Have you tested using MFA and ADFA, because we are using MFA with ADFS. I am not sure ADFS will support or not for Silent Auto Configuration.
Avian
Hi Avian,
Yes my environment is setup with ADFS. I do not have any second factor of authentication set up though.Just curios what are you using for MFA?
Fiddler captures network traffic, so basically when you launch the onedrive client, with the silent auto config, there should be some https traffic to get the user signed in... Hopefully if it is failing at anypoint, the fiddler traces would give you an idea about it.
You can just google for fiddler and download it first.
The link below shows you how to "decrypt https traffic".
Once its all set up, launch fiddler start capturing(F12) and then launch the onedrive client and check the traffic.
Thanks,
Priyank
We are using two group policies, one for computer, and one for user settings.
The User policy sets the "default location for the OneDrive folder," and includes the tenant GUID of our OneDrive. It also "prevents users from changing the location of their OneDrive folder" (which also includes the tenant GUID). This policy also contains a preference to set the EnableADAL registry value (DWORD:0x1) in HKCU\Software\Microsoft\OneDrive.
The Computer policy sets the "Silently configure OneDrive using the primary Windows account," sets the "Allow synching OneDrive Accounts for only specific organizations" (includes the tenant GUID), and also sets the "maximum size of a user's OneDrive" (and also includes the tenant GUID).
You should check the version of the OneDrive policy templates you are using to ensure they are also as recent as the OneDriveSetup.exe. Earlier versions did not incorporate the tenantGUID in the policy editor.
Hi Tom
Just changes in the registry and copy the OnedriveSetup.exe in C:\Windows\SysWOW64 not working, I might be missing some steps.
Can you please share the steps to which you implement?
I am using latest client Build. 17.3.1076.1026.
Avian
- The first thing i tried was to use latest onedrivesetup, from Oct 2017, in my image build. Still no automation occured.
We were advised that the version of OneDriveSetup.exe must be at least 17.3.7073.1013 or later (10/26/2017) in order for the silent configuration to work. We have been upgrading the OneDriveSetup.exe in C:\Windows\SysWOW64 in order to force this to work, and it has. We are searching for more effective ways to include the updated setup in our image.
After setting the ADAL registry key as noted in the original deployment article, and setting the silentaccountconfig reg key, I can ONLY get this to work if my domain users perform "Add a work or school account" first.
If I remove the work account from this domain computer, the silentconfig of onedrive is now broken, and useless.
The entire feature is actually useless if all users need to manually perform the "add work account" process. This process so far.... is not actually silent until we can truly simply use the domain credential, or if there is a way to automate the "add work account" process.
Priyank
Whenever user enter his UPN on any office 365 site(OWA/SP/OneDrive), it redirects to siteminder to validate authentication and then validate and logged in automatically. I think here is the problem, after installing Onedrive, it is not automatically logging so probably not getting any endpoint.
I am attaching fiddler screenshot for your reference.
Can you please share the screenshot of your machine registry if possible? I want to compare with my registry,may be I am missing something
Let me know what else I need to check.Avian 1 I forgot the link sorry, https://www.fiddlerbook.com/fiddler/help/httpsdecryption.asp
