Forum Discussion
Silently configure OneDrive using Windows 10 or domain credentials
Hi Priyank
First I uninstalled the onedrive from my machine. Then set ENABLEADAL and silentconfig and as you suggested I changed HKCU\Software\Microsoft\OneDrive\ClientEverSignedIn to 0 earlier it was 1.
Rebooted machine, but no luck.
In your last post you mentioned GPO that distributes the registry key for SilentConfig - ENSURE that the this is linked to the OU that has Computer objects in it. Can you please explain more about this?
I am attaching screenshot for your reference, let me know If I am still missing anything
Can you share screenshot of onedrieve related registry and GPO settings of your machine?
Avian
I was also having this problem and it sounds like my environment is similar to yours (ADFS and MFA) In addition to setting the GPOs you have set and setting the reg value "ClientEverSignedIn" to 0, I also had to set "SilentBusinessConfigCompleted" to 0.
Once that was done, it began to work when OneDrive is launched.
It's a requirement that all my users be logged into OneDrive whether they want to or not, so I've created another GPO to check if the user is configured and reset the above reg keys to 0 if they are not.
OneDrive creates a new key in the format of Business<digit> under "HKCU\Software\Microsoft\OneDrive\Accounts" for any business accounts that have been logged into OneDrive. Under that key, you can use "ConfiguredTenantID" to check that they're configured for your tenant and "UserFolder" to see where it is configured to sync to.
Also, if OneDrive does not start in the foreground, it will not configure using ADAL. The OneDrive startup reg key has the "/backgroud" parameter set, so my GPO checks to see if the user is configured and if they are not, it adds a RunOnce entry without the "/background" parameter.
It would seem HTM files are not allowed to be attached, so I've attached a screenshot of my GPO report.
The HTML can also be found here if you'd prefer that:
https://pastebin.com/1ebujuU5
- Does this method eliminate the need for user interaction or does the user still have to click something?
- We have been kicking the around for a couple weeks. We still have a lot of folks on Office 2013 and the old Groove client. We are looking to migrate them to 2016 and seamlessly move them over to OneDrive. We were seeing very inconsistent test results. After adding the ADAL and SilentAccountConfig keys some machines were switching over to OneDrive without prompting for login and others were prompting. Although we are using the current version from the Office portal it seems the version of OneDrive which initially comes down is a bit older. 17.3.6743.1212. I suppose if we were patient it would eventually update to a newer version but that isn't an option.
We are now getting consistent results if we run %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe, wait for it to finish, then launch OneDrive and it logs in with Modern Auth (No prompting)
Hope this helps. This thread was extremely helpful!I have almost all working on latest client 18.151.0729.0012 apart from the actual "Silently redirect Windows known folders to OneDrive"
I have it enabled with tenant ID & show notification YES, but instead this happening on the client I have "... a reminder notification will appear in the activity center until they move all known folders."
If I click Protect these folders it work fine, but I do NOT want my users to have any input!
Seb
edit
I see it now, it is VERSION number that needs to change!
https://docs.microsoft.com/en-us/onedrive/use-group-policy#OptInNoWizard
Use this policy with the sync client build 18.171.0823.0001 or later to move your users' known folders to OneDrive without user interaction. (You can choose to display a notification to users after their folders have been redirected.)
EDIT 2
That is NOT true at all, as I have it working even on current version fine following my own setup:
If this method auto signs the current window domain user into onedrive, can it be set to auto login to any office 365 deployed apps locally installed on the machine? I'm using shared computer activation method for o365 deployment. All domain users have o365 accounts, we are deploying o365 apps onto images for rollout throughout school district. Once the user logs into the computer with their domain account, I'd like them to be able to launch any of the installed o365 apps and be auto logged in. I'm wondering if some variation of this onedrive technique would work. Right now users are still getting prompted to sign in to activate office, so it can pull a shared license key from o365.
I have not tried setting it up for other office apps.
From here:
https://support.office.com/en-us/article/How-modern-authentication-works-for-Office-2013-and-Office-2016-client-apps-e4c45989-4b1a-462e-a81b-2a13191cf517
It looks like it should be enabled in Office 2016 by default.
You may also want to look here:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso
As it explains some of the other pre-reqs for ADAL auth if you're syncing with on-prem.
