New accounts try to sync to AD account and not the AAD account

SC-Benny · ‎Nov 20 2019

I'm beginning preparations to roll out Edge across our company but ran into a problem with our test group

Our laptops are AD-joined and when you first open Edge and import your settings from Chrome its importing this into an AD account which isn't sync capable. We need the default experience to be to prompt the user for their work account and to then set up the import and sync from there

Presumably this isn't a problem for AAD-joined devices as they could already reference that account by default but we're not in a situation to switch over just yet unfortunately

HotCakeX · ‎Nov 23 2019

Hi,
Which Edge insider channel/version have you tried?

I'm asking because as far as I remember, the beta channel has a flag related to "AAD" that needs to be enabled before AAD accounts are able to sync. on Edge canary that I'm checking now, it's not available because that feature is now built into the browser by default.

SC-Benny · ‎Nov 25 2019

@HotCakeX: I'm using the Beta channel, AAD sync is working as anticipated. However that is only when you create a new profile

If I set up a test user and open Edge, I'm prompted to import from Chrome and that initial user it sets up and imports everything into is the AD account which is not capable of syncing. I can create a new profile and then import again and that is then importing into the AAD account as seen below

HotCakeX · ‎Nov 25 2019

So the problem happens only in hybrid configurations where both AAD and AD are present on user's system?
you could try Canary channel too and see if the result is different

SC-Benny · ‎Nov 25 2019

@HotCakeX: Correct. I was hoping there would be a flag I could set somewhere, or a setting via GPO to prevent creating the default user as the AD account and instead prompt for an AAD login

I'll run a test and feedback on here

SC-Benny · ‎Nov 26 2019

@HotCakeX: Same behaviour unfortunately on Canary (v80.0.344.0). Presumably this feature is checking whether the user account is AD or AAD and then uses that rather than checking the presence of a Work Account which would be the more desirable behaviour

SC-Benny · ‎Nov 26 2019

Thanks for checking anyway, hopefully one of the devs will see this and fill a bug report for it

VladimirK · ‎Dec 30 2019

@SC-Benny We have the same issue here. Are you workstations Azure joined?

SC-Benny · ‎Dec 30 2019

@VladimirK They are Hybrid Azure Joined devices. However I've kept an eye on the change summaries from recent releases and this issue was resolved in version 80.0.361.5 that was released on December 17th. I'd recommend setting that up for a test user and seeing if that resolves it for you as well. At the time I tested with a new user on the Canary branch and was correctly prompted to set everything up for the AAD user over the AD user

Relevant link: https://techcommunity.microsoft.com/t5/Discussions/Dev-channel-update-to-80-0-361-5-is-live/m-p/1070...

Fixed an issue where Edge installations on Azure Active Directory domain-joined machines get signed into the wrong account on first run.

dmcaylor · ‎Dec 30 2019

@SC-Benny I had the same issue and just found the solution in GPO. Use a combination of the following Edge policies:

Configure whether a user always has a default profile automatically signed in with their work or school account - Disabled
Enable Proactive Authentication - Enabled
Restrict which accounts can be used as Microsoft Edge primary account - .*@yourdomain.com

Henno_Keers · ‎Feb 12 2020

@SC-Benny We have this problem aswell. But...

It does not work on Windows 10 1803 when logging with user@han.nl or staff\user. Edge will try to logon with staff\user, and fails.

It works on Windows 7 when logged on with staff\[account] somehow it "finds" a account with user@han.nl.

That is with the same version of Edge, stable, 80.0.361.50, and user based GPO settings.

It seems that it is platform dependent.

And, the suggested settings do not resolve the issue.

reg, Henno

SC-Benny · ‎Nov 26 2019

Thanks for checking anyway, hopefully one of the devs will see this and fill a bug report for it

View solution in original post

New accounts try to sync to AD account and not the AAD account

New accounts try to sync to AD account and not the AAD account

Re: New accounts try to sync to AD account and not the AAD account

Re: New accounts try to sync to AD account and not the AAD account

Re: New accounts try to sync to AD account and not the AAD account

Re: New accounts try to sync to AD account and not the AAD account

Re: New accounts try to sync to AD account and not the AAD account

Re: New accounts try to sync to AD account and not the AAD account

Re: New accounts try to sync to AD account and not the AAD account

Re: New accounts try to sync to AD account and not the AAD account

Re: New accounts try to sync to AD account and not the AAD account

Re: New accounts try to sync to AD account and not the AAD account

Re: New accounts try to sync to AD account and not the AAD account

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

New accounts try to sync to AD account and not the AAD account