OneDriveMapper automatically map your OneDrive for Business upon login

This script maps your Onedrive / Sharepoint / Teams document libraries to driveletters (or shortcuts). It can be used in any environment (VDI, RemoteApp, w10 etc).

 
 
 
 
 
4.6 Star
(113)
67,220 times
Add to favorites
Office 365
2/3/2019
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Mapping cannot continue because we could not log in to office365
    2 Posts | Last post March 02, 2017
    • Hi Jos,
      
      we are using a third party samlproxy in our adfs "O365" Relying party trusts.
      we receive error message "Mapping cannot continue because we could not log in to office365"
      on powershell we receive following:
      ERROR | For some reason we're not at the logon page, even though we tried to browse there, we'll probably fail now but let's try one final time. URL: https://login.microsoftonline.com/login.srf
      INFO | Detected running explorer process
      INFO | Login attempt at Office 365 signin page
      ERROR | failed to use Azure AD SSO for Workplace Joined devices
      INFO | Failed to find signin element type 1 on Office 365 login page, trying next method. Error details: Could not complete the operation due to error 80700009.
      INFO | Failed to find signin element type 2 on Office 365 login page, trying next method. Error details: Could not complete the operation due to error 80700009.
      ERROR | Failed to find signin element type 3 at https://login.microsoftonline.com/login.srf. You may have to upgrade to a later Powershell version or Install Office. Attempting to log in anyway, this will likely fail. Error details: Could not complete the operation due to error 80700009.
      INFO | attempting to trigger a redirect to SSO Provider using method 1
      ERROR | Failed to find the correct controls at https://xxx-my.sharepoint.com/personal/yyy_domain_com/_layouts/15/onedrive.aspx to log in by script, check your browser and proxy settings or check for an update of this script. Exception from HRESULT: 0x800A01B6
      INFO | autoProtectedMode is set to True, reverting to old settings
      INFO | Setting zone 0 back to 3
      INFO | Setting zone 1 back to 3
      INFO | Setting zone 2 back to 3
      INFO | Setting zone 3 back to 0
      INFO | Setting zone 4 back to 0
      INFO | Automatically added aadg.windows.net.nsatc.net to intranet sites for this user
      INFO | Automatically added autologon.microsoftazuread-sso.com to intranet sites for this user
      INFO | OnedriveMapper has finished running
       
    • Change this line: 
      
      if($userLookupMode -le 3){
      
      to 
      
      if($userLookupMode -eq 3){
  • One drive mapper will close the internet explorer
    2 Posts | Last post March 01, 2017
    • one drive will close the internet explorer and also will check for the later version
      can we disable these two item?
    • of course, version check is fully optional, closing internet explorer prevents certain issues, but you can try and see if it works for you.
  • Sharepoint http load when finished
    7 Posts | Last post February 28, 2017
    • Hi Jos,
      
      Would it be possible to log into and display Sharepoint through the default web browser as the last action in the script?
    • You could use the urlopenafter parameter, that would use IE though, but the code to use another browser would be super easy to do.
      
      If you use another browser, the script won't have logged in for you.
    • Hi Jos,
      
      Thanks for replying. Unfortunately while I can add the url to our Sharepoint page, it still asks the user to sign in to their account, even in IE.
    • Is the URL you're opening an URL you're mapping? A cookie does have to be present, the script only sets cookies for URLs you map.
      
      Otherwise you might need some custom coding, I know it is theoretically possible to inject cookies into chrome and Firefox too.
    • Hi Jos,
      
      Lets say our domain is company.com and the sharepoint site is companygroup.sharepoint.com.
      
      Please find current settings below:
      
      $configurationID       = "00000000-0000-0000-0000-000000000000" 
      $domain                = "company.com"
      $driveLetter           = "O:"
      $redirectMyDocs        = $False
      $redirectMyDocsName    = "Documents"
      $driveLabel            = "OneDrive"
      $O365CustomerName      = "companygroup"
      $logfile               = ($env:APPDATA + "\OneDriveMapper_$version.log")
      $pwdCache              = ($env:APPDATA + "\OneDriveMapper.tmp")
      $loginCache            = ($env:APPDATA + "\OneDriveMapper.tmp2")
      $dontMapO4B            = $False
      $debugmode             = $False
      $userLookupMode        = 1 
      $AzureAADConnectSSO    = $True
      $lookupUserGroups      = $False
      $forceUserName         = ''
      $forcePassword         = ''
      $restartExplorer       = $False
      $autoProtectedMode     = $True 
      $adfsWaitTime          = 0
      $libraryName           = "Documents"
      $autoKillIE            = $True
      $abortIfNoAdfs         = $False
      $adfsMode              = 1
      $displayErrors         = $True
      $buttonText            = "Login"
      $adfsLoginInput        = "userNameInput"
      $adfsPwdInput          = "passwordInput"
      $adfsButton            = "submitButton"
      $urlOpenAfter          = "https://companygroup.sharepoint.com/SitePages/Home.aspx"
      $showConsoleOutput     = $False
      $showElevatedConsole   = $True
      $sharepointMappings    = @()
      $sharepointMappings    += "https://companygroup.sharepoint.com/SitePages/Home.aspx"
      $showProgressBar       = $True
      $versionCheck          = $True 
      
      I've removed mapping Sharepoint to a drive as we don't want users having explorer access to it. I've added the sharepoint url itself back in to that field (sans a drive letter) just to see if this would make a difference to being automatically signed in IE. Unfortunately that didn't help either.
    • Yeah that wouldn't do much, because the script normally only signs you in to URL's that you defined to map, the URLOpenAfter parameter was added for a consultancy customer who had a GPO that automaticallly opens sharepoint for their employees. When they deployed OnedriveMapper, that GPO had to be disabled, or Onedrivemapper would kill IE. So, what you're asking could be done, but it would require changes to the script.
    • Thanks for the response Jos. If you accept idea suggestions then I would definitely submit this as one but otherwise thanks for this clever script, it's working perfectly in our organisation.
  • Better /persistent:no ?
    2 Posts | Last post February 28, 2017
    • Hi Jos,
      
      I just rolled this out to a few small business customers... I found that since the mapping does not last forever and you need to re-map (I have put into startup), it makes more sense to map persistent:no to avoid having an old (broken) mapping.
      I changed this in the code... and it now works fine, but would it not be better to have as the default or at least have as a parameter?
      
      Regards, Andrew
    • Hi Andrew,
      
      I guess that could be a matter of preference, as the script takes a little while, some would prefer if most of the time it'd still be mapped. But I guess I can add a parameter so it is easier to choose between both options.
  • Failed to Load Signin Element Type 1
    3 Posts | Last post February 23, 2017
    • Hi Jos,
      
      I have an issue at the moment where I receive:
      
      "INFO | Detected running explorer process
      INFO | Login attempt at Office 365 signin page
      INFO | Failed to find signin element type 1 on Office 365 login page, trying next method. Error details: Method invocati
      on failed because [System.__ComObject] does not contain a method named 'IHTMLDocument3_getElementById'.
      INFO | Failed to find signin element type 2 on Office 365 login page, trying next method. Error details: Method invocati
      on failed because [System.__ComObject] does not contain a method named 'IHTMLDocument3_getElementById'."
      
      I'm running this on a server as I need to map our SharePoint library (hosted on Office 365) to the local S Drive. As such, I don't have Office installed. Is there any way of getting this working on a server? 
      
      Regards,
      
      Rob
    • Hi Rob,
      
      you could try replacing all instances of IHTMLDocument3_getElementById with getElementById, the older function that is pre-office.
      
      Or wait till the next version, it'll have a totally IE free auth setting.
    • Thanks, Jos! Very much appreciated :) 
  • Script Speed Question
    4 Posts | Last post February 21, 2017
    • Hi Jos... great script! I have this working 100% in RDS (Active Directory, 2012 R2), Windows 10 AAD, and Amazon Workspace(Windows 7, Workgroup). 
      In Windows 7 on AWS, it takes about 5 minutes to run despite on fast internet. It connects very reliably, but the initial processing seems to take a long time.
      Any ideas on making it quicker?
    • I'd assume the Windows 7 workspace is rebuilt each time? And then I'd further assume its IE that is taking a long time starting up the first time....the log is timestamped and should show where the longest delay is.
      
      I'm working on a version that no longer requires IE and natively authenticates to AzureAD.
    • Jos, not rebuilding... here is the log section that shows the delay: - 3 minutes -
      02/20/2017 06:16:57 | INFO | -----02/20/2017 06:16:57 OneDriveMapper v2.53 - tspvs1 on IP-C0A889D3 starting-----
      02/20/2017 06:16:58 | INFO | Script elevation level: User
      02/20/2017 06:17:02 | INFO | NOTICE: you are running the latest (v2.53) version of OnedriveMapper
      02/20/2017 06:17:02 | INFO | You are running on Windows 6 with IE 11
      02/20/2017 06:20:13 | INFO | NOTICE: HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security HKLM only not found in registry, your zone configuration could be set on both levels
    • odd, the script doesn't do anything between those two entries....the last one is just a registry key check, perhaps something is holding/delaying registry access? No clue there, it's definitely not the script itself as there is no 'action' in those 3 minutes that could take a long time.
  • error 224
    3 Posts | Last post February 13, 2017
    • Hi
      Great script and its what we are looking for, but no matter what I do it will not map the drive.
      
      All goes great through in debug but errors at the mapping stage..
      IE settings are all set
      Enable protection mode is off
      Trusted sites are all set (ie *.sharepoint.com etc)
      
      I have tried manually adding trusted sites and via gpo yet same error...
      Any help would be great.
      Thanks
      
    • 02/13/2017 12:10:01 | INFO | NOTICE: pennthorpeschool-my.sharepoint.com found in IE Trusted Sites on user level
      02/13/2017 12:10:01 | INFO | NOTICE: pennthorpeschool.sharepoint.com found in IE Trusted Sites on user level
      02/13/2017 12:10:01 | INFO | NOTICE: *.microsoftonline.com found in IE Trusted Sites on user leve
      
      
      System error 224 has occurred. 
       Access Denied. Before opening files in this location, you must first add the web site to your trusted sites list, browse to the web site, and select the option to login automatically.
    • I fixed by setting $AzureAADConnectSSO to $True
      
      As we are using AADConnect
      
      
  • 2-factor authentication
    1 Posts | Last post January 21, 2017
    • I haven't been able to map with 2-factor authentication enabled. Here is what I see in the log:
      
      01/20/2017 19:47:58 | ERROR | Failed to find the correct controls at https://login.microsoftonline.com/login.srf?client-request-id=53aec715-a9a9-4dac-813b-1a7e176a3d7c to log in by script, check your browser and proxy settings or check for an update of this script (2). The element cred_keep_me_signed_in_checkbox was not found (2) or had no tagName
      
      This is the 2.53 script. I get the "Approve / Deny" on my device while the script is trying to login. The error comes up as soon as I click Approve. Is there a setting I'm missing?
      
      Also thanks for the great tools - works fine with 2-factor off. Very nice!
      
      
  • map user security groups to Sharepoint Sites
    10 Posts | Last post January 20, 2017
    • Hi,
      
      First of all, I'm amazed by your script - well done. 
      
      In testing, we are unable to map SharePoint libraries based on security group membership. Everything is synchronized, and we are able to access libraries in the web browser however when the script is launched, it will only map OneDrive home directory and skip SharePoint Mapping.
      
      In my understanding, line 117 ($lookupUserGroups) should be set to $True, lines 135 and 136 ($sharepointMappings) should be left with defaults, and then we should copy and edit lines 193 - 198 and specify security group name in "$group" variable, and add URL, Label and Drive Letter in "$sharepointMapping" variable. 
      
      I have also ran the following command, to ensure that we put in the right security group name, which returned the correct output.
      $groups = ([ADSISEARCHER]"samaccountname=$($env:USERNAME)").Findone().Properties.memberof -replace '^CN=([^,]+).+$','$1'
      
      I will attach log from %appdata% in a separate message, as the message doesn't permit to paste everything in this post.
    • 01/20/2017 11:15:01 | INFO | -----01/20/2017 11:15:01 OneDriveMapper v2.53 - <username> on <hostname> starting-----
      01/20/2017 11:15:01 | INFO | cached user group membership because lookupUserGroups was set to True
      01/20/2017 11:15:01 | INFO | Script elevation level: User
      01/20/2017 11:15:01 | INFO | NOTICE: you are running the latest (v2.53) version of OnedriveMapper
      01/20/2017 11:15:01 | INFO | You are running on Windows 10 with IE 11
      01/20/2017 11:15:02 | INFO | NOTICE: HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security HKLM only not found in registry, your zone configuration could be set on both levels
      01/20/2017 11:15:02 | INFO | NOTICE: *.microsoftonline.com found in IE Trusted Sites on user level
      01/20/2017 11:15:02 | INFO | NOTICE: <tenant-domain>-my.sharepoint.com found in IE Trusted Sites on machine level (through GPO)
      01/20/2017 11:15:03 | INFO | NOTICE: <tenant-domain>.sharepoint.com found in IE Trusted Sites on machine level (through GPO)
      01/20/2017 11:15:03 | INFO | userLookupMode is set to 1 -> checking Active Directory UPN
      01/20/2017 11:15:03 | WARNING | Maximum file upload size is set to 954 MB
      01/20/2017 11:15:03 | INFO | Adding to mapping list: Z: (\\<tenant-domain>-my.sharepoint.com@SSL\DavWWWRoot\personal\)
      01/20/2017 11:15:03 | INFO | Z: is not yet mapped
      01/20/2017 11:15:03 | INFO | Automatically removed autologon.microsoftazuread-sso.com from intranet sites for this user
      01/20/2017 11:15:03 | INFO | Automatically removed aadg.windows.net.nsatc.net from intranet sites for this user
      01/20/2017 11:15:03 | INFO | Base URL: https://<tenant-domain>-my.sharepoint.com 
      
      01/20/2017 11:15:06 | INFO | autoKillIE enabled, stopping IE processes
      01/20/2017 11:15:06 | INFO | Stopped process with handle 6160
      01/20/2017 11:15:06 | INFO | Stopped process with handle 4928
      01/20/2017 11:15:06 | ERROR | autoProtectedMode is set to False, IE ProtectedMode will not be disabled temporarily
    • 01/20/2017 11:15:09 | INFO | Starting logon process at: https://login.microsoftonline.com/login.srf?msafed=0
      01/20/2017 11:15:09 | INFO | Detected running explorer process
      01/20/2017 11:15:09 | INFO | Login attempt at Office 365 signin page
      01/20/2017 11:15:09 | INFO | detected SSO option for OnedriveMapper through AzureAD, attempting to login automatically
      01/20/2017 11:15:11 | INFO | Found sign in elements type 1 on Office 365 login page, proceeding
      01/20/2017 11:15:11 | INFO | Found sign in elements type 2 on Office 365 login page, proceeding
      01/20/2017 11:15:11 | INFO | attempting to trigger a redirect to SSO Provider using method 1
      01/20/2017 11:15:11 | INFO | Signin Option persistence selected
      01/20/2017 11:15:14 | INFO | Waited 0 of 10 seconds for SSO redirect. While looking for userNameInput at https://login.microsoftonline.com/login.srf?wa=wsignin1.0&rpsnv=4&ct=1484910914&rver=6.7.6640.0&wp=MCMBI&wreply=https%3a%2f%2fportal.office.com%2flanding.aspx%3ftarget%3d%252fdefault.aspx%253fwa%253dwsignin1.0&lc=2057&id=501392&msafed=0&client-request-id=e0cf3d01-690b-4547-a526-73a4e3bb516e. If you're not using SSO this message is expected.
    • 01/20/2017 11:15:15 | INFO | Waited 0.5 of 10 seconds for SSO redirect. While looking for userNameInput at https://login.microsoftonline.com/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dOsiiNBl5sIJWvOMOanfajd4a7L0s30QYkTkYARhjtgfiXAo8Q0_9sedarSn_VkU25gcyhIQMy0tBiv-CFWB12-zJNqJiEz5dZaJ03VYGFFY8gutt7tjfOLBR_FIIFAX42-oh6llzOaONZLxnWDkGqpWITvhRXOsYJOy9l0SxLwVG7P3ir6vJAsV_Qgv5NGIoeueOUHj97iNghHKvLdl6N-K0eMnEqieTn4c1lTAa0McHJoc5feWNoZE8LJgnRGp0LmwVb7x5EwRU7dax12_Zc5Jnuae-Z3KccHeGLnjV2PzbOhYz78LgYSDeolA-cfPV&nonce=636205077157814003.NGVhNDFlMGItMzdkNi00ZjliLWI2NWQtNzdiNDQzYTViNWJkYjBjMGNkYzktN2QxYi00ODkwLTk3MTMtOTNhYmQzNzBjMDll&redirect_uri=https%3a%2f%2fwww.office.com%2flanding&msafed=0&ui_locales=en-GB&mkt=en-GB&client-request-id=e0cf3d01-690b-4547-a526-73a4e3bb516e. If you're not using SSO this message is expected.
      01/20/2017 11:15:15 | INFO | Detected an url that indicates we've been signed in automatically: https://www.office.com/1?auth=2&home=1&from=PortalLanding&client-request-id=e0cf3d01-690b-4547-a526-73a4e3bb516e
    • 01/20/2017 11:15:16 | INFO | login detected, login function succeeded, final url: https://www.office.com/1?auth=2&home=1&from=PortalLanding&client-request-id=e0cf3d01-690b-4547-a526-73a4e3bb516e
      01/20/2017 11:15:19 | INFO | Detected user: <username>_<tenant-domain>_net
      01/20/2017 11:15:19 | INFO | Onedrive cookie generated, mapping drive...
      01/20/2017 11:15:19 | INFO | Mapping target: \\<tenant-domain>-my.sharepoint.com@SSL\DavWWWRoot\personal\<username>_<tenant-domain>_net\Documents
      01/20/2017 11:15:19 | INFO | A drive label has been specified, attempting to set the label for Z:
      01/20/2017 11:15:19 | INFO | Label has been set to OneDrive Documents
      01/20/2017 11:15:19 | INFO | Z: mapped successfully
    • 01/20/2017 11:15:20 | INFO | Current location: https://<tenant-domain>-my.sharepoint.com/personal/<username>_<tenant-domain>_<tenant-domain-end>/_layouts/15/onedrive.aspx
      01/20/2017 11:15:21 | INFO | Automatically added aadg.windows.net.nsatc.net to intranet sites for this user
      01/20/2017 11:15:21 | INFO | Automatically added autologon.microsoftazuread-sso.com to intranet sites for this user
      01/20/2017 11:15:21 | INFO | OnedriveMapper has finished running
      01/20/2017 11:15:22 | WARNING | restartExplorer is set to False, if you're redirecting My Documents, it won't show until next logon
    • ps. I also set $restartExplorer       = $True however this didn't help.
    • Hi JG,
      
      It seems to cache the groups fine, that it isn't matching any must mean it isn't configured properly. You can run this command in Powershell to see which groups it detects for a user:
      
      ([ADSISEARCHER]"samaccountname=$($env:USERNAME)").Findone().Properties.memberof -replace '^CN=([^,]+).+$','$1'
      
      And then you'd need a code block for each group you want to map, like this:
                  $group = $groups -match "DLG_West District School A - Sharepoint"
                  if($group){
                     $sharepointMappings += "https://ogd.sharepoint.com/district_west/DocumentLibraryName,West District,Y:"
                     log -text "adding a sharepoint mapping because the user is a member of $group"
                  } 
      
      The latter is probably where things are going wrong, but I'd have to see both output and config to help you further. I wouldn't advise posting that on a public forum though, the previous question has my email in it.
    • Hey Jos,
      
      Thanks for your reply.
      
      So it does indeed detect the right group, and the config that you've specified is indeed configured with the right group name collected from your command.
      
      I can't seem to work out what your e-mail address actually is, however I've added you on LinkedIn? Could you provide it to me on there?
      
      Thanks
    • Everyone,
      
      After support from Jos, it comes out that my security group had / within the name, which is obviously taken as a regex while using "-matches" option within the script.
      
      This is simply resolved by changing -matches to -contains.
      
      Thanks for your help Jos!
  • ADFS Issue
    4 Posts | Last post January 19, 2017
    • In testing we are having an issue with SSO.  We are currently testing the script by manually running the PS.  Everything goes smoothly until the login.  No matter what I do, I always get prompted for my credentials.  With all the debugging and console information showing I can see it go to the Office 365 login page where it redirects to the organization sign in page.  It is there is pops up for credentials.  Here is what the log shows:
      
      INFO | Starting logon process at: https://login.microsoftonline.com/login.srf?msafed=0
      INFO | Detected running explorer process
      INFO | Login attempt at Office 365 signin page
      INFO | detected SSO option for OnedriveMapper through AzureAD, attempting to login automatically
      INFO | Found sign in elements type 1 on Office 365 login page, proceeding
      INFO | Found sign in elements type 2 on Office 365 login page, proceeding
      INFO | attempting to trigger a redirect to SSO Provider using method 1
      INFO | Signin Option persistence selected
      INFO | Waited 0 of 30 seconds for SSO redirect. While looking for userNameInput at https://login.microsoftonline.com/login.srf?msafed=0#. If you're not using SSO this message is expected.
      
      We are using Shibboleth as our SSO provider along with ADFS, so I am wondering if this is where the issue lies.
      
      Thanks
      
      Ed
      
      
    • Hi Ed,
      
      I haven't tested with Shibboleth, so I can't really provide any advice right now without learning more about your environment, sorry :(
      
      Jos.
    • Thanks Jos.
      
      I have approval to go with the Pro version of OneDriveMapper.  Once I send payment, what is the best way to proceed to discuss our environment?
      
      Thanks
      
      Ed
      
      
    • Hi Ed, 
      
      Email is probably easiest, josliebennu, add the right characters between sl and nn
101 - 110 of 192 Items