Map Home-Directory attribute UNC path for locally connected azure-ad joined shared devices.

Copper Contributor

We have an on-premises Active Directory (AD) environment connected to Azure AD via AD Connect. We’ve successfully joined our devices to Azure AD using Azure AD Join (MEJ) through Autopilot. We also, using Passthrough Authentication (PTA) for Authentication and we have 3 PTA agents (Including AAD Connect) on-premises.

 

Now, we want to grant users access to an on-premises file share (File server) while they are physically connected to the local network at the office. Each user has an individual Home Drive (H:) defined in their On-premises "Home-Directory attribute" (HomeDirectory), and we want to make this H drive accessible for any users who sign-in to a locally connected shared AADJ devices at the office (We don't want these H drives to be available for remote users). Our shared AADJ devices currently have access to on-premises share files when they’re locally connected at the office, but they don’t have access to user's home drive now.

 

In summary, we want to map Home-Directory attribute UNC path for locally connected azure-ad joined shared devices for any individual users who sign in to these devices. 

12 Replies
I just need to understand it correctly.
Are you looking for a solution, that can map your drives on Azure AD joined devices?

@NicklasOlsen Correct, but we have different paths for each individual user accounts which are their personal drive (We call it Home Drive). These paths are available on "Home Directory" Attributes on Active Directory. When I connect Azure joined devices to a local network, all shared drives and home Drives are accessible, but they are not Mapped for users as a Drive.  they should get the path for Shared Drive and Home Drive and open it via the explorer.

Hi Gordon,

It's fairly simple to map your drive mappings through Intune. In regards to the home directory, this is also possible to map. How have you named the home folders for your users? Do you use %USERNAME%?

This blog post might help you along the way:
https://www.learnintune.net/the-future-of-drivemapping/
Thank you, Nick, for your response.

We have several servers for Home Drives, and we’ve named them based on the username and the group they are assigned to. For instance, group members of X need access to \\Server01\%USERNAME%, while members of Y require a mapped drive to \\Server02\%USERNAME%, and so on.

I’ve used a method to map two other drives that need to be available for all users. While it worked with some customizations, unfortunately, it didn’t work with %USERNAME%. I even tried mapping the Home Drive for a test user using this method, and it worked for that specific user, but it doesn’t seem to work consistently for various users, and various shared servers.

https://github.com/nicolonsky/IntuneDriveMapping
Hi Gordon,

Hm, I think I understand the question; otherwise, please correct me 😊.
You can create a configuration profile for each drive and assign it to specific users.

Otherwise, you have the option to utilize this tool and use the security filtering. However, this creates a scheduled task on the device.

https://intunedrivemapping.azurewebsites.net/
Nick,

We're using this method and it's working good for non-variable address (for example "\\sharedserver\publicfolder", or "\\server02\JohnDoe"), but when I tried to address any user who logs in, it doesn't create the home drive (Personal Share Drive) for that specific user. I try to address multiple file server following %USERNAME% and it didn't work (For example I used "\\server02\%USERNAME%", and it didn't work).
Ah, now I understand.
The home folder would have to exist, before the drive mapping can map it. If it doesn't exist, it can't map the homefolder unfortunately.

@NicklasOlsen 

 

The paths already exist on our file servers and are accessible to each user based on their username. We need to devise a method to link the existing folders to the respective usernames (%username%) so that it becomes their Home Drive. This Home Drive will serve as their profile on any device they log into. I think, I’ll likely need to write a script that get the HomeDirectory attribute on-premises and map that path folders for each user.

I have it working with the %username%.
How do you configure your configuration profile?

@NicklasOlsen

 

I tried using %username%, and it seems to be working for the ADMX method. Thank you for mentioning that! However, we have several file servers based in different locations, and we need to map specific file servers and folders based on the location of each user. Unfortunately, none of the available solutions address our scenario. I attempted to expand the script provided by intunedrivemapping.azurewebsites.net, but I haven’t been successful yet. I’ll keep this post updated if I find a solution. Thanks, Nick!

Hi Gordon,

You're welcome, let me know, if you have any questions.
I think it will be hard for you, to map a specific file server based on a location. Is it on group basis, or is it automatically, when the user switch location?
Just wondering... but how are you mapping those drive letters? And in which context ...are you using PowerShell scripts or the admx solution?
WIth powershell script you need to make sure you are deploying that script in the user context... otherwise the %username% cant be resolved..
I know that with the admx option, you need to change a couple of things but the username variable works with this option... we use it everywhere 🙂
https://call4cloud.nl/2021/03/willy-wonka-and-the-drive-letter-factory/#part6