OneDriveMapper automatically map your OneDrive for Business upon login

This script maps your Onedrive / Sharepoint / Teams document libraries to driveletters (or shortcuts). It can be used in any environment (VDI, RemoteApp, w10 etc).

 
 
 
 
 
4.6 Star
(116)
76,916 times
Add to favorites
Office 365
2/3/2019
E-mail Twitter del.icio.us Digg Facebook
  • Script Speed Question
    4 Posts | Last post February 21, 2017
    • Hi Jos... great script! I have this working 100% in RDS (Active Directory, 2012 R2), Windows 10 AAD, and Amazon Workspace(Windows 7, Workgroup). 
      In Windows 7 on AWS, it takes about 5 minutes to run despite on fast internet. It connects very reliably, but the initial processing seems to take a long time.
      Any ideas on making it quicker?
    • I'd assume the Windows 7 workspace is rebuilt each time? And then I'd further assume its IE that is taking a long time starting up the first time....the log is timestamped and should show where the longest delay is.
      
      I'm working on a version that no longer requires IE and natively authenticates to AzureAD.
    • Jos, not rebuilding... here is the log section that shows the delay: - 3 minutes -
      02/20/2017 06:16:57 | INFO | -----02/20/2017 06:16:57 OneDriveMapper v2.53 - tspvs1 on IP-C0A889D3 starting-----
      02/20/2017 06:16:58 | INFO | Script elevation level: User
      02/20/2017 06:17:02 | INFO | NOTICE: you are running the latest (v2.53) version of OnedriveMapper
      02/20/2017 06:17:02 | INFO | You are running on Windows 6 with IE 11
      02/20/2017 06:20:13 | INFO | NOTICE: HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security HKLM only not found in registry, your zone configuration could be set on both levels
    • odd, the script doesn't do anything between those two entries....the last one is just a registry key check, perhaps something is holding/delaying registry access? No clue there, it's definitely not the script itself as there is no 'action' in those 3 minutes that could take a long time.
  • error 224
    3 Posts | Last post February 13, 2017
    • Hi
      Great script and its what we are looking for, but no matter what I do it will not map the drive.
      
      All goes great through in debug but errors at the mapping stage..
      IE settings are all set
      Enable protection mode is off
      Trusted sites are all set (ie *.sharepoint.com etc)
      
      I have tried manually adding trusted sites and via gpo yet same error...
      Any help would be great.
      Thanks
      
    • 02/13/2017 12:10:01 | INFO | NOTICE: pennthorpeschool-my.sharepoint.com found in IE Trusted Sites on user level
      02/13/2017 12:10:01 | INFO | NOTICE: pennthorpeschool.sharepoint.com found in IE Trusted Sites on user level
      02/13/2017 12:10:01 | INFO | NOTICE: *.microsoftonline.com found in IE Trusted Sites on user leve
      
      
      System error 224 has occurred. 
       Access Denied. Before opening files in this location, you must first add the web site to your trusted sites list, browse to the web site, and select the option to login automatically.
    • I fixed by setting $AzureAADConnectSSO to $True
      
      As we are using AADConnect
      
      
  • 2-factor authentication
    1 Posts | Last post January 21, 2017
    • I haven't been able to map with 2-factor authentication enabled. Here is what I see in the log:
      
      01/20/2017 19:47:58 | ERROR | Failed to find the correct controls at https://login.microsoftonline.com/login.srf?client-request-id=53aec715-a9a9-4dac-813b-1a7e176a3d7c to log in by script, check your browser and proxy settings or check for an update of this script (2). The element cred_keep_me_signed_in_checkbox was not found (2) or had no tagName
      
      This is the 2.53 script. I get the "Approve / Deny" on my device while the script is trying to login. The error comes up as soon as I click Approve. Is there a setting I'm missing?
      
      Also thanks for the great tools - works fine with 2-factor off. Very nice!
      
      
  • map user security groups to Sharepoint Sites
    10 Posts | Last post January 20, 2017
    • Hi,
      
      First of all, I'm amazed by your script - well done. 
      
      In testing, we are unable to map SharePoint libraries based on security group membership. Everything is synchronized, and we are able to access libraries in the web browser however when the script is launched, it will only map OneDrive home directory and skip SharePoint Mapping.
      
      In my understanding, line 117 ($lookupUserGroups) should be set to $True, lines 135 and 136 ($sharepointMappings) should be left with defaults, and then we should copy and edit lines 193 - 198 and specify security group name in "$group" variable, and add URL, Label and Drive Letter in "$sharepointMapping" variable. 
      
      I have also ran the following command, to ensure that we put in the right security group name, which returned the correct output.
      $groups = ([ADSISEARCHER]"samaccountname=$($env:USERNAME)").Findone().Properties.memberof -replace '^CN=([^,]+).+$','$1'
      
      I will attach log from %appdata% in a separate message, as the message doesn't permit to paste everything in this post.
    • 01/20/2017 11:15:01 | INFO | -----01/20/2017 11:15:01 OneDriveMapper v2.53 - <username> on <hostname> starting-----
      01/20/2017 11:15:01 | INFO | cached user group membership because lookupUserGroups was set to True
      01/20/2017 11:15:01 | INFO | Script elevation level: User
      01/20/2017 11:15:01 | INFO | NOTICE: you are running the latest (v2.53) version of OnedriveMapper
      01/20/2017 11:15:01 | INFO | You are running on Windows 10 with IE 11
      01/20/2017 11:15:02 | INFO | NOTICE: HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security HKLM only not found in registry, your zone configuration could be set on both levels
      01/20/2017 11:15:02 | INFO | NOTICE: *.microsoftonline.com found in IE Trusted Sites on user level
      01/20/2017 11:15:02 | INFO | NOTICE: <tenant-domain>-my.sharepoint.com found in IE Trusted Sites on machine level (through GPO)
      01/20/2017 11:15:03 | INFO | NOTICE: <tenant-domain>.sharepoint.com found in IE Trusted Sites on machine level (through GPO)
      01/20/2017 11:15:03 | INFO | userLookupMode is set to 1 -> checking Active Directory UPN
      01/20/2017 11:15:03 | WARNING | Maximum file upload size is set to 954 MB
      01/20/2017 11:15:03 | INFO | Adding to mapping list: Z: (\\<tenant-domain>-my.sharepoint.com@SSL\DavWWWRoot\personal\)
      01/20/2017 11:15:03 | INFO | Z: is not yet mapped
      01/20/2017 11:15:03 | INFO | Automatically removed autologon.microsoftazuread-sso.com from intranet sites for this user
      01/20/2017 11:15:03 | INFO | Automatically removed aadg.windows.net.nsatc.net from intranet sites for this user
      01/20/2017 11:15:03 | INFO | Base URL: https://<tenant-domain>-my.sharepoint.com 
      
      01/20/2017 11:15:06 | INFO | autoKillIE enabled, stopping IE processes
      01/20/2017 11:15:06 | INFO | Stopped process with handle 6160
      01/20/2017 11:15:06 | INFO | Stopped process with handle 4928
      01/20/2017 11:15:06 | ERROR | autoProtectedMode is set to False, IE ProtectedMode will not be disabled temporarily
    • 01/20/2017 11:15:09 | INFO | Starting logon process at: https://login.microsoftonline.com/login.srf?msafed=0
      01/20/2017 11:15:09 | INFO | Detected running explorer process
      01/20/2017 11:15:09 | INFO | Login attempt at Office 365 signin page
      01/20/2017 11:15:09 | INFO | detected SSO option for OnedriveMapper through AzureAD, attempting to login automatically
      01/20/2017 11:15:11 | INFO | Found sign in elements type 1 on Office 365 login page, proceeding
      01/20/2017 11:15:11 | INFO | Found sign in elements type 2 on Office 365 login page, proceeding
      01/20/2017 11:15:11 | INFO | attempting to trigger a redirect to SSO Provider using method 1
      01/20/2017 11:15:11 | INFO | Signin Option persistence selected
      01/20/2017 11:15:14 | INFO | Waited 0 of 10 seconds for SSO redirect. While looking for userNameInput at https://login.microsoftonline.com/login.srf?wa=wsignin1.0&rpsnv=4&ct=1484910914&rver=6.7.6640.0&wp=MCMBI&wreply=https%3a%2f%2fportal.office.com%2flanding.aspx%3ftarget%3d%252fdefault.aspx%253fwa%253dwsignin1.0&lc=2057&id=501392&msafed=0&client-request-id=e0cf3d01-690b-4547-a526-73a4e3bb516e. If you're not using SSO this message is expected.
    • 01/20/2017 11:15:15 | INFO | Waited 0.5 of 10 seconds for SSO redirect. While looking for userNameInput at https://login.microsoftonline.com/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dOsiiNBl5sIJWvOMOanfajd4a7L0s30QYkTkYARhjtgfiXAo8Q0_9sedarSn_VkU25gcyhIQMy0tBiv-CFWB12-zJNqJiEz5dZaJ03VYGFFY8gutt7tjfOLBR_FIIFAX42-oh6llzOaONZLxnWDkGqpWITvhRXOsYJOy9l0SxLwVG7P3ir6vJAsV_Qgv5NGIoeueOUHj97iNghHKvLdl6N-K0eMnEqieTn4c1lTAa0McHJoc5feWNoZE8LJgnRGp0LmwVb7x5EwRU7dax12_Zc5Jnuae-Z3KccHeGLnjV2PzbOhYz78LgYSDeolA-cfPV&nonce=636205077157814003.NGVhNDFlMGItMzdkNi00ZjliLWI2NWQtNzdiNDQzYTViNWJkYjBjMGNkYzktN2QxYi00ODkwLTk3MTMtOTNhYmQzNzBjMDll&redirect_uri=https%3a%2f%2fwww.office.com%2flanding&msafed=0&ui_locales=en-GB&mkt=en-GB&client-request-id=e0cf3d01-690b-4547-a526-73a4e3bb516e. If you're not using SSO this message is expected.
      01/20/2017 11:15:15 | INFO | Detected an url that indicates we've been signed in automatically: https://www.office.com/1?auth=2&home=1&from=PortalLanding&client-request-id=e0cf3d01-690b-4547-a526-73a4e3bb516e
    • 01/20/2017 11:15:16 | INFO | login detected, login function succeeded, final url: https://www.office.com/1?auth=2&home=1&from=PortalLanding&client-request-id=e0cf3d01-690b-4547-a526-73a4e3bb516e
      01/20/2017 11:15:19 | INFO | Detected user: <username>_<tenant-domain>_net
      01/20/2017 11:15:19 | INFO | Onedrive cookie generated, mapping drive...
      01/20/2017 11:15:19 | INFO | Mapping target: \\<tenant-domain>-my.sharepoint.com@SSL\DavWWWRoot\personal\<username>_<tenant-domain>_net\Documents
      01/20/2017 11:15:19 | INFO | A drive label has been specified, attempting to set the label for Z:
      01/20/2017 11:15:19 | INFO | Label has been set to OneDrive Documents
      01/20/2017 11:15:19 | INFO | Z: mapped successfully
    • 01/20/2017 11:15:20 | INFO | Current location: https://<tenant-domain>-my.sharepoint.com/personal/<username>_<tenant-domain>_<tenant-domain-end>/_layouts/15/onedrive.aspx
      01/20/2017 11:15:21 | INFO | Automatically added aadg.windows.net.nsatc.net to intranet sites for this user
      01/20/2017 11:15:21 | INFO | Automatically added autologon.microsoftazuread-sso.com to intranet sites for this user
      01/20/2017 11:15:21 | INFO | OnedriveMapper has finished running
      01/20/2017 11:15:22 | WARNING | restartExplorer is set to False, if you're redirecting My Documents, it won't show until next logon
    • ps. I also set $restartExplorer       = $True however this didn't help.
    • Hi JG,
      
      It seems to cache the groups fine, that it isn't matching any must mean it isn't configured properly. You can run this command in Powershell to see which groups it detects for a user:
      
      ([ADSISEARCHER]"samaccountname=$($env:USERNAME)").Findone().Properties.memberof -replace '^CN=([^,]+).+$','$1'
      
      And then you'd need a code block for each group you want to map, like this:
                  $group = $groups -match "DLG_West District School A - Sharepoint"
                  if($group){
                     $sharepointMappings += "https://ogd.sharepoint.com/district_west/DocumentLibraryName,West District,Y:"
                     log -text "adding a sharepoint mapping because the user is a member of $group"
                  } 
      
      The latter is probably where things are going wrong, but I'd have to see both output and config to help you further. I wouldn't advise posting that on a public forum though, the previous question has my email in it.
    • Hey Jos,
      
      Thanks for your reply.
      
      So it does indeed detect the right group, and the config that you've specified is indeed configured with the right group name collected from your command.
      
      I can't seem to work out what your e-mail address actually is, however I've added you on LinkedIn? Could you provide it to me on there?
      
      Thanks
    • Everyone,
      
      After support from Jos, it comes out that my security group had / within the name, which is obviously taken as a regex while using "-matches" option within the script.
      
      This is simply resolved by changing -matches to -contains.
      
      Thanks for your help Jos!
  • ADFS Issue
    4 Posts | Last post January 19, 2017
    • In testing we are having an issue with SSO.  We are currently testing the script by manually running the PS.  Everything goes smoothly until the login.  No matter what I do, I always get prompted for my credentials.  With all the debugging and console information showing I can see it go to the Office 365 login page where it redirects to the organization sign in page.  It is there is pops up for credentials.  Here is what the log shows:
      
      INFO | Starting logon process at: https://login.microsoftonline.com/login.srf?msafed=0
      INFO | Detected running explorer process
      INFO | Login attempt at Office 365 signin page
      INFO | detected SSO option for OnedriveMapper through AzureAD, attempting to login automatically
      INFO | Found sign in elements type 1 on Office 365 login page, proceeding
      INFO | Found sign in elements type 2 on Office 365 login page, proceeding
      INFO | attempting to trigger a redirect to SSO Provider using method 1
      INFO | Signin Option persistence selected
      INFO | Waited 0 of 30 seconds for SSO redirect. While looking for userNameInput at https://login.microsoftonline.com/login.srf?msafed=0#. If you're not using SSO this message is expected.
      
      We are using Shibboleth as our SSO provider along with ADFS, so I am wondering if this is where the issue lies.
      
      Thanks
      
      Ed
      
      
    • Hi Ed,
      
      I haven't tested with Shibboleth, so I can't really provide any advice right now without learning more about your environment, sorry :(
      
      Jos.
    • Thanks Jos.
      
      I have approval to go with the Pro version of OneDriveMapper.  Once I send payment, what is the best way to proceed to discuss our environment?
      
      Thanks
      
      Ed
      
      
    • Hi Ed, 
      
      Email is probably easiest, josliebennu, add the right characters between sl and nn
  • Webdav File Locking Question
    4 Posts | Last post January 17, 2017
    • Hi, I was wondering what happens if two users unknowingly open the same file (i.e. an excel spreadsheet) while webdav file locking is disabled? Which users' changes are saved and is anyone warned that someone else has the file open or anything along those lines?
      
      Thanks in advance
    • Both files will be saved, the last one saved becomes the most current version, unless you explicitly disabled versioning on the library (which is enabled by default). Previous versions are accessible through the web UI.
    • Ok. And are the changes merged into the latest version if two users are working at the same time? Also, does it work this way whether you have Office 2010, 2013 or 2016?
    • I don't think the Office version matters that much, those that support co-authoring online will do so and merge the changes, they'll actually bypass the drivemapping altogether because the latest Office clients have their own builtin onedrive/sp client.
  • Suggestion : user config file
    4 Posts | Last post January 16, 2017
    • Hi Jos.
      
      Congrats for your great job. 
      
      One little suggestion : why not provide an access to a config file to store the users additionnals libraries, one for each user. The  trick with the ad groups is good but at each udapte of your script, whe have to modify it. 
      A last comment : this file should be a .ini rather than a xml. We use RES (like many people), and RED can modify .ini files and append keys dynamically.
      
      Thanks
      
      Chris
      
      
    • Hi Chris,
      
      that's already on my roadmap, and it'll be web based. So, you'll build configs (as many as you like) in a web portal, and onedrivemapper can then be distributed as MSI with a single extra parameter (the config ID). 
      
      Hope to have that testable this month or early february. You can then opt to host configs yourself, or pay me to do it for you.
    • very good new . Can't wait. 
      
      But, Why not combine this with a little bit more intelligence in you usergroups logic. you could for exemple, lookup for one or 2 futher properties of the Group Class and determine if they should be treated and wich will be the Sharepointmapping, the label and the letter and then do all the stuff automatically. 
      
      I think this could be done easy in you existing script.
      
      This functionality and the web configs togteher can cover allmost all needs.
      
      Chris
      
      
    • Good idea, I will :)
  • logs in but wont connect drives
    2 Posts | Last post January 12, 2017
    • Using the script on RDS server 2016. Trying to map the user's onedrive folder in sharepoint to a drive letter. The script logs in ok, and in debug mode we can see it logging into O365 correctly.  
      
      However even though its logged in it wont map the drives.
      Keeps retrying at "attempting to connect username at https://{mydomain}-my.sharepoint.com/SitePages/Home.aspx and then gives up saying failed to detect username from URL for over 62 seconds. 
        
      Thing is the URL is wrong, because it should be the URL for the onedrive folder, not sitepages.
    • Hmm, did you set up a custom home page? When you browse to https://yourdomain-my.sharepoint.com, do you end up at your Onedrive for Business? Because that is what the script attempts to get to Onedrive so it can parse the username from the URL, as this doesn't always match the UPN (some people seem to somehow get divorced or married :)).
  • Impersonation
    5 Posts | Last post January 11, 2017
    • Hello Jos,
      
      Very nice script indeed. I was wondering if the script can handle impersonation. Use case: a customer of mine want to archive old data from MyDocs to users' OneDrive location. A central server would map user's OneDrive and archive files. We want to do this serverside to make it more manageable. Clientside would mean that the archivation tasks would be done by clients..
      
      Any help would be greatly appreciated!
      
      Anthony.
    • We setup impersonation by creating a Service Account and granting it access to all OneDrive Site Collections: https://campus.barracuda.com/product/backup/article/BBS/OneDriveAdminPermissions/.
      
      So in essence we want to map a user's OneDrive using the Service Account credentials.
    • Yes, that is certainly possible with a few small modifications. Since it is the svc account logging in, it would need to know the onedrive url's of the users you're archiving to and map those, instead of the svc account's onedrive url. The subdomain (xx-my.sharepoint.com) is the same so no additional cookie needed.
    • How should I put the parameters in my Use Case. I tried some different things, but am kinda stuck.
    • You can email josliebennu for support, or in this case, a customized version (add the right characters between sl and nn).
  • THANKS!!
    1 Posts | Last post December 27, 2016
    • Just wanted to say thanks for this awesome script. warnings/errors led me to the right configuration easily and now I can work with ODfB as I've always wanted. Great work.
111 - 120 of 197 Items