cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

New accounts try to sync to AD account and not the AAD account

SC-Benny
Occasional Contributor

‎Nov 20 2019 08:55 AM

‎Nov 20 2019 08:55 AM

New accounts try to sync to AD account and not the AAD account

I'm beginning preparations to roll out Edge across our company but ran into a problem with our test group

 

Our laptops are AD-joined and when you first open Edge and import your settings from Chrome its importing this into an AD account which isn't sync capable. We need the default experience to be to prompt the user for their work account and to then set up the import and sync from there

 

Presumably this isn't a problem for AAD-joined devices as they could already reference that account by default but we're not in a situation to switch over just yet unfortunately

2,142 Views
0 Likes
10 Replies
Reply
10 Replies
HotCakeX

‎Nov 23 2019 05:42 AM - edited ‎Nov 23 2019 05:45 AM

‎Nov 23 2019 05:42 AM - edited ‎Nov 23 2019 05:45 AM

Re: New accounts try to sync to AD account and not the AAD account

Hi,
Which Edge insider channel/version have you tried?

I'm asking because as far as I remember, the beta channel has a flag related to "AAD" that needs to be enabled before AAD accounts are able to sync. on Edge canary that I'm checking now, it's not available because that feature is now built into the browser by default.

0 Likes
Reply
SC-Benny

‎Nov 25 2019 01:53 AM

‎Nov 25 2019 01:53 AM

Re: New accounts try to sync to AD account and not the AAD account

@HotCakeX: I'm using the Beta channel, AAD sync is working as anticipated. However that is only when you create a new profile

 

If I set up a test user and open Edge, I'm prompted to import from Chrome and that initial user it sets up and imports everything into is the AD account which is not capable of syncing. I can create a new profile and then import again and that is then importing into the AAD account as seen below

 

Accounts on Edge.png

1 Like
Reply
HotCakeX

‎Nov 25 2019 03:01 AM

‎Nov 25 2019 03:01 AM

Re: New accounts try to sync to AD account and not the AAD account

So the problem happens only in hybrid configurations where both AAD and AD are present on user's system?
you could try Canary channel too and see if the result is different
1 Like
Reply
SC-Benny

‎Nov 25 2019 04:06 AM

‎Nov 25 2019 04:06 AM

Re: New accounts try to sync to AD account and not the AAD account

@HotCakeX: Correct. I was hoping there would be a flag I could set somewhere, or a setting via GPO to prevent creating the default user as the AD account and instead prompt for an AAD login

 

I'll run a test and feedback on here

1 Like
Reply
SC-Benny

‎Nov 26 2019 02:44 AM

‎Nov 26 2019 02:44 AM

Re: New accounts try to sync to AD account and not the AAD account

@HotCakeX: Same behaviour unfortunately on Canary (v80.0.344.0). Presumably this feature is checking whether the user account is AD or AAD and then uses that rather than checking the presence of a Work Account which would be the more desirable behaviour

 

image.png

1 Like
Reply
best response confirmed by SC-Benny (Occasional Contributor)
HotCakeX

‎Nov 26 2019 03:10 AM

‎Nov 26 2019 03:10 AM

Solution

Re: New accounts try to sync to AD account and not the AAD account

Thanks for checking anyway, hopefully one of the devs will see this and fill a bug report for it
0 Likes
Reply
VladimirK

‎Dec 30 2019 07:52 AM

‎Dec 30 2019 07:52 AM

Re: New accounts try to sync to AD account and not the AAD account

@SC-Benny  We have the same issue here. Are you workstations Azure joined? 

0 Likes
Reply
SC-Benny

‎Dec 30 2019 08:01 AM

‎Dec 30 2019 08:01 AM

Re: New accounts try to sync to AD account and not the AAD account

@VladimirK They are Hybrid Azure Joined devices. However I've kept an eye on the change summaries from recent releases and this issue was resolved in version 80.0.361.5 that was released on December 17th. I'd recommend setting that up for a test user and seeing if that resolves it for you as well. At the time I tested with a new user on the Canary branch and was correctly prompted to set everything up for the AAD user over the AD user

 

Relevant link: https://techcommunity.microsoft.com/t5/Discussions/Dev-channel-update-to-80-0-361-5-is-live/m-p/1070...

 

Fixed an issue where Edge installations on Azure Active Directory domain-joined machines get signed into the wrong account on first run.
0 Likes
Reply
dmcaylor

‎Dec 30 2019 11:49 AM

‎Dec 30 2019 11:49 AM

Re: New accounts try to sync to AD account and not the AAD account

@SC-Benny I had the same issue and just found the solution in GPO. Use a combination of the following  Edge policies:

 

Configure whether a user always has a default profile automatically signed in with their work or school account - Disabled
Enable Proactive Authentication - Enabled
Restrict which accounts can be used as Microsoft Edge primary account - .*@yourdomain.com

 

0 Likes
Reply
Henno_Keers

‎Feb 12 2020 06:00 AM - edited ‎Feb 12 2020 06:15 AM

‎Feb 12 2020 06:00 AM - edited ‎Feb 12 2020 06:15 AM

Re: New accounts try to sync to AD account and not the AAD account

@SC-Benny We have this problem aswell. But...

It does not work on Windows 10 1803 when logging with user@han.nl or staff\user. Edge will try to logon with staff\user, and fails.

It works on Windows 7 when logged on with staff\[account] somehow it "finds" a account with user@han.nl.

That is with the same version of Edge, stable, 80.0.361.50, and user based GPO settings.

It seems that it is platform dependent.

And, the suggested settings do not resolve the issue.

 

reg, Henno

 

0 Likes
Reply