We are going through a merger, and as part of that must migrate our users from TenantA to TenantB. Currently we have separate AD domains and SSO platforms, though there is some federation (I'm not 100% clear on the details). We have a fair number of users who have not yet gotten on board with OneDrive, so rather than get them setup in TenantA, we'd like to push them over to TenantB right off the bat. If I go to tenantb-my.sharepoint.com and sign-in with my user@domainA.com credentials, I am able to view my OneDrive in TenantB (this was setup on our independent authentication SSO system and works fine).
The problem we're facing however is to force the user to connect to TenantB via the OneDrive client. If they use user@domainB.com on the "Sign in to OneDrive" window, we get an authentication error that we need to sign in with domainA credentials. If I use user@domainA.com, then it tries (and fails) to setup the OneDrive in TenantA (which is blocked by the "only allow certain tenants" GPO, mentioned below).
I've tried using the various GPO settings to force the OD client to only connect to TenantB. I've tried onedrive.exe /configure_business:tenantB-GUID, set EnableADAL (why isn't this a GPO option yet, btw!), Silent AutoConfig (with the requisite max OD size configured), but no matter what I do, OD always pops up with the "Enter your email address". Is there some other way to call onedrive.exe so that it suppresses the sign-in dialog, something like:
onedrive.exe /configure_business:tenantGBuid /useremail:user@domainA.com /silent /URL:https://tenantb-my.sharepoint.com
Am I maybe just coming up against a limitation of the OD client and how it can be manipulated to login to a specific tenant? I'm even tried pre-creating a Business1 account entry at HKCU\Software\Microsoft\OneDrive\Accounts\Business1\ with various fields pre-configured, like UserEmail = user@domainA.com or something (though that didn't work either; OD trashed the Business1 key and created it fresh when it tried to sign in).
