Syncing only on PCs joined to specific domains is not working

Iron Contributor

I've checked the box in the new OneDrive admin portal to allow syncing only on PCs joined to specific domains and I've entered the GUID of my domain but I'm still able to sync from my personal machines.  Is there any troubleshooting I can do or should I open a ticket?

12 Replies
How long did you wait before testing again? It might take some time to activate and lock down.
Also are the machines that can sync ones that already were previously, or new?

If you had an existing sync relationship before configuring the setting, it will keep on uploading files. Also, it doesnt affect Mac users. Details are here:

Thanks but at what point does that existing relationship expire?  I disconnected my account and successfully reconnected it.  Will it never block it on that machine now?

No idea, the way I read it, it should (try to) create new one after you disconnected the account.

The way I read it, is that uploads will continue forever, but changes in the browser won't be pushed/synced back to the workstation.

@Kevin Hoyt I activated this setting and I'm getting inconsistent behavior. We have one account that can no longer sync when not on the network and others that can. Very weird.


Have you been able to run any more tests?

I haven't.  I was going to open a ticket with Microsoft this week.

I added the GUID for our domain, and the Sync screen shows a second GUID of all zeroes,  i.e, myguid, 00000000-0000-0000-0000-000000000000. I just removed the 000's and then they came back. Are you seeing the same thing?

No, I only see the GUID for my domain that I added.  I removed and re-added it but still only see that GUID, no GUID with zeros.

FYI, it appears to now be working for me.  At least I can't recreate the issue anywhere to open a ticket. On the machines where it was not taking effect and I had set up syncing I now get a message box that says OneDrive can no longer sync my folder because my "IT Department requires that you use a computer that is joined to an approved domain to sync this folder."  This is the expected behavior.  On a laptop where I had not yet set up syncing it says "Sorry, OneDrive can't add your folder right now.  Please contact support".

Thanks. I'm seeing the same thing as you on of my computers but the others are behaving differently. I just used powershell to Set-SPOTenantSyncClientRestriction and the 000s still show when I run Get-SPOTenantSyncClientRestriction, very weird. I'm going to open a support ticket with MS

Hi I know this was a while ago but did you get a resolution to this problem.