First off, All credit goes to Jos Lieben for the developing the script that this article is based on. We have used v2.53 during this article/lab testing.
For testing in this Article Lab environment i will be using the following:
- My Office 365 small business subscription
- Use prompt username/password for mapping (although ADFS/Azure AD Joined Windows) option within script
- Windows Server 2016 Standard (Desktop Experience), with XenApp 7.12
- Citrix Profile Manager for roadming profiles
Preparing Windows Server 2016 for Script
Out of the box, windows 2016 does not have WebDav Redirector enabled which is required for the script to run successfully.
Step 1: Enable WebDAV Redirctor
Server Manager / Manage / Add Roles & Feature / Next (4 times until Features appears)
NOTE: A reboot of the server will be required.
Step 2: Ensure WebDAV client file locking is disbaled
VALUE NAME: SupportLocking
VALUE DATA 0 (0 disabled the file locking)
Step 3: Adding O365 URL’s to trusted sites
This will be done by the OneDriveMapper Script, but can be added to GPO and detailed here for that purpose.
Step 4: Ensure IE Protectmode is disabled in Trusted Sites.
Untick Enable Protected Mode, as per below image
Step 5: Disable OneDrive In-built Application in Windows Server 2016
As the script is mapping a Nework Drive we want to hide all other options to OneDrive in Windows. This setting will remove it from Windows Explorer
COMPUTER – Administrative Templates\Windows Components\OneDrive – Enabled Prevent the usage of OneDrive for file storage.
Step 5: Disable OneDrive Options in Office 2016
By default , Office has OneDrive Option during Save/Save As which is linked to the Desktop Application. As the script is mapping a Nework Drive we want to hide all other options to OneDrive in Office
USER – Administrative Templates\Microsoft Office 2016\Miscellaneous – Disable Show OneDrive Sign In
Option is office is now gone within Office.
Preparing the script
Line104 – Changed $Domain to “WILKYIT.COM” – My domain name in Office365
Line105 – Changed $driveletter to “H:” – My preference homedrive letter
Line108 – Changed $drivelabel to “OneDrive – Personal” – My preference homedrive letter
Line109 – Changed $O365customername to “Wilky” – My Office365 organisational name
Line115 – Changed $UserlookupMode to “4” – Prompt for Username/password
Line113 – Changed $showConsoleOutput to “false” – hide any powershell output (info/errors)
Line114 – Changed $showElevatedConsole to “false” – hide any console from end user
Line138 – Changed $versionCheck to “false” – stop checking if script is the latest version
Add OneDriveMapper Script to Log on Script/GPO
USER Windows Settings\Scripts\Logon – Copy Powershell Login Script worked on above to the “show files” section of Logon Script and Add the OneDriveMapper_v2.53.ps1 so that it runs on logon.
Login to test OneDriveMapper
Step1: After Desktop shows during login, the bottom right will start the below (when it disappears this means script has completed successfully)
Step 2: After a short period,the username and then the password prompted will be presented
NOTE: This appears as we have chosen 4 in $UserLookupMode, ADFS can be used to authentication without user intervention.
Step 3: Opening File Explorer will now show the H:\ drive mapping to OneDrive for Business.
Step 4: Logging Off, back on again re-runs the script but as it has been run before the username/password and cookie for website have all been saved in profile and run’s within 10-15 seconds.