Forum Discussion
Silently configure OneDrive using Windows 10 or domain credentials
I'm on the exact same page you'r stuck at.
Our config:
ADFS internal, Netscaler as WAP external
Internal clients have recieve internal ADFS IP from DNS
STS is in trusted zone
I got the population working by starting:
"C:\Program Files\internet explorer\iexplore.exe" odopen://sync?useremail=<email>
because using %LocalAppdata%\Microsoft\OneDrive\OneDrive.exe odopen://sync?useremail=<email> does not populate
Still users are required to hit the login button.... that's where i'm stuck
What i got sofar, SSO working
Got adsync running sso enabled for Office..
Computer\Policies\Administrative Templates\Onedrive
|
Allow syncing OneDrive accounts for only specific organizations |
||
|
State |
Enabled |
|
|
Tenant GUID |
<removed> |
|
|
Enable OneDrive Files On-Demand |
||
|
State |
Enabled |
|
|
Prevent OneDrive from generating network traffic until the user signs in to OneDrive |
||
|
State |
Enabled |
|
|
Silently configure OneDrive using the primary Windows account |
||
|
State |
Enabled |
|
|
The maximum size of a user's OneDrive for Business before they will be prompted to choose which folders are downloaded |
||
|
State |
Enabled |
|
|
Tenant Path |
<removed> |
|
|
Value |
50000 |
|
User\Policies\Administrative Templates\Onedrive
|
Coauthoring and in-app sharing for Office files |
|
|
State |
Enabled |
|
Delay updating OneDrive.exe until the second release wave |
|
|
State |
Enabled |
|
Prevent users from changing the location of their OneDrive folder |
|
|
State |
Enabled |
|
Tenant Path |
<removed> |
|
Value |
1 |
|
Prevent users from synchronizing personal OneDrive accounts |
|
|
State |
Enabled |
|
Prevent users from using the remote file fetch feature to access files on the computer |
|
|
State |
Enabled |
|
Set the default location for the OneDrive folder |
|
|
State |
Enabled |
|
Tenant Path |
<removed> |
|
Value |
%UserProfile% |
|
Users can choose how to handle Office files in conflict |
|
|
State |
Enabled |
Sts-adfs in trusted zone. EnableADAL off (0)
Configuration in ADFS
"/adfs/services/trust/13/windowstransport": Enabled
However this is only internal, external this is disabled
The users use a different UPN Suffix than the Domain Name.
The email address is populated, When I start Onedrive with:
"C:\Program Files\internet explorer\iexplore.exe" odopen://sync?useremail=<email>
The email address is not populated, When I start Onedrive with:
%LocalAppdata%\Microsoft\OneDrive\OneDrive.exe odopen://sync?useremail=<email>
However, still the users need to hit the Login button. Anyone stuck, feel free to duplicate my settings and try to fix the Login automation.
Hello,
you need to run GPRESULT with admin rights. Launch a command prompt with administrator rights, and in the cmd window launch your GPRESULT command (including the option "/scope computer" if you only want to report on the GPO affecting the computer)
Michel
I would like to know this too. We don't have ADFS, will this work without it?
Does anybody know if we need an Azure AD Sync with an ADFS infrastructure or if Azure AD Sync with Password Sync will work as well? I'm still not able to get this working ...
Hi,
anyone have the idea why the GPO not applied on the registry?
I tried to run gpresult /H result.html and seems the gpo applied to the machine. but not applied in registry.
