SOLVED

OneDrive auto setup

Brass Contributor

First, we are in a hybrid mode and we use ADFS for SSO.  What we need/want for our users is for OneDrive to get setup without any user interaction on a new computer. They should not have to click any "Next" or "OK" or enter any email/username or password. When they sign on to a new Windows 10 computer, it needs to auto setup/configure OneDrive with the user's email, password, create the OneDrive - <organization> under their user profile, and sync default files/folders with no user interaction. Can this be done? Thanks.

12 Replies

Hi, Vasil Thanks for the quick reply. Yes, I know about that doc, and have tried everything in it. The GPO works as far as setting the registry, etc, and silently logs in AFTER the first time use. It's the first time use setup we wish to automate. The only auto thing I can do during this first time use setup, is use PowerShell to pre-populate the users email address. But the user still has to click Next, fill in their password on the SSO screen, and continue clicking the rest of the way through the setup. That's what we're trying to avoid. Another thing I've noticed, is that it looks like the credentials in the credential manager, and the OneDrive - <organization>, aren't created until the last click of the setup.@Vasil Michev 

Ok, one other thing I'm leaning toward:  We use Azure AD Connect but do not have Hybrid Azure AD Join configured.  We sync computers, but they aren't Azure AD Registered until we do something requiring an O365 login and sync, such as setting up OneDrive.  Could this by my issue?

Hi Paul,

What version of OneDrive are you trying with? We've been having problems with the more recent versions not performing silent setup until after something has been put into the setup screen. In the "Enter your email address" box, we can put anything, click sign in and then cancel the logon screen that follows, the onedrive client will then close, the next time we load the onedrive client, silent config will run correctly.

It's really puzzling as you can repeatedly open and close the client and it will not run the silent setup until after a first time attempt at manual. I've tried running process monitor and repeating all of the files / registry settings before running the one drive client for the first time on a new user and it makes no difference.

We had it working in 19.002.0107.0008 and I'm now trying to find a way back to that for testing, unfortunately that's older than the new per machine install we also want to use!

Chris.

@ChrisShearing I've tried both 19.043.0304.007 and 19.086.0502.006 of OneDriveSetup.exe.  Neither start the auto setup of OneDrive. Since we have OneDrive updating automatically, after any manual OneDrive setup, the OneDrive.exe version is 19.086.0502.006

Update: I added registry settings to my test client and to the ADFS servers, via GPO, to manually set a SCP.  After AD Connect synchronized the system, my test computer showed up in Azure as Hybrid Azure AD Joined.  However, silent OneDrive setup still does not work.

Since we have a smattering of 1709, 1803 and 1809 systems in my test environment, I manually removed some from Azure as I got double entries for the first test Hybrid Azure AD join.  The rest I removed before trying to join them.  Most no longer show in Azure AD, as they won't re-register and they won't join. A couple did Hybrid Azure AD join, though (and now I can't un-join them, either deleting them from Azure AD or running the dsregcmd /leave command.  They always come back).  The rest won't join, or register.  Ran additional tests on the 1809, as that version is suppose to remove the Azure AD registered entry before joining.  However, that doesn't seem to work either.  So far, we haven't got one thing to work right while trying to setup silent sign in to OneDrive.

best response confirmed by Paul Long (Brass Contributor)
Solution

Ok, finally got OneDrive to work correctly, whether the device is showing in Azure AD, or not. The fix is, in addition to setting the Admin Template settings to what MS says, is also to set HKCU\Software\Microsoft\OneDrive\EnableADAL to a data value of 2.  OneDrive creates it with a data value of 1.  Once I changed it to 2 (any number other than 1 may work), OneDrive immediately started working correctly.  No more user prompts, interruptions, or failures.  It just loads and syncs. As a side note, I started running OneDriveSetup.exe with the /allusers switch to only have one installation of OneDrive.exe.  The /allusers switch puts it under a new program files (x86)\Microsoft OneDrive folder. Just be aware that if you do the /allusers, anyone with OneDrive already installed and working, will get a Sign in error.  All they need to do is click the "OK" button and it resigns them in.  This is a one-time resign in.

OneDrive silent/auto login update: I haven't been able to push the GPO to any other users in the organization, until today. Unfortunately, it no longer works.  I believe the issue is that we moved away from ADFS, and now go through BIG-IP.  Azure AD Connect still runs on our DC, and is fully functional.  This is the note from Microsoft's site: "If you federate your on-premises Active Directory with Azure AD, you must use AD FS to enable this feature."  Anyway, if anyone has had this issue, I'd appreciate knowing what you did to fix it.  Thanks.

@Paul Long 

 

You could switch over to Pass-Through Authentication for Office365/OneDrive

 

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start

 

Microsoft perform the authentication via the Azure AD Connect client installed on premise instead of ADFS, works with SSO,

 

We've not had any issues after switching,

 

Chris.

@ChrisShearing Thanks for the information.  We have now removed federation from our tenant, but are still using password-hash. Anyway, even moving away from federation did not fix the issue of no silent first-time login into OneDrive.  I doubt we'll be able to change over to pass-through anytime soon, though, so cannot try your solution.

Hey PAul,

Ever get this to work? At one company, I added a value for local intranet to Site zone assignment, and it has been working since:

sts.<<tenant>>.com

I have tried doing the same steps in a new company, but it does not work. One would think that Microsoft would provide better documentation to resolve these issues as well as have the technical within to assist in resolving what should be a fairly straightforward issue.

1 best response

Accepted Solutions
best response confirmed by Paul Long (Brass Contributor)
Solution

Ok, finally got OneDrive to work correctly, whether the device is showing in Azure AD, or not. The fix is, in addition to setting the Admin Template settings to what MS says, is also to set HKCU\Software\Microsoft\OneDrive\EnableADAL to a data value of 2.  OneDrive creates it with a data value of 1.  Once I changed it to 2 (any number other than 1 may work), OneDrive immediately started working correctly.  No more user prompts, interruptions, or failures.  It just loads and syncs. As a side note, I started running OneDriveSetup.exe with the /allusers switch to only have one installation of OneDrive.exe.  The /allusers switch puts it under a new program files (x86)\Microsoft OneDrive folder. Just be aware that if you do the /allusers, anyone with OneDrive already installed and working, will get a Sign in error.  All they need to do is click the "OK" button and it resigns them in.  This is a one-time resign in.

View solution in original post