- Consolidating Group Policy, part 3: Loopback policy processing and folder redirection - Wed, Aug 25 2021
- Consolidating Group Policy, part 2: GPOZaurr - Thu, Aug 19 2021
- Consolidating Group Policy, part 1: Get-GpoReport and Advanced Group Policy Management (AGMC) - Wed, Aug 18 2021
As Microsoft’s Enterprise File Share and Sync (EFSS) implementation, OneDrive is rapidly gaining traction within many sectors. Delivered as part of the Office 365 suite, OneDrive offers up to 1TB of free storage space and an easy way for users to access, share, and collaborate on data files across a plethora of different platforms.
One challenge for enterprises in adopting OneDrive is determining how to migrate users to OneDrive seamlessly and effectively. In many environments, users have saved data and documents to many different areas, and migrating these into OneDrive without intervention can prove difficult. However, Microsoft is addressing this issue by providing policies that can help take the sting out of the migration process; one of the most pertinent ones is the Known Folder Move (KFM) feature.
Known Folder Move ^
KFM currently operates on the Documents, Pictures, and Desktop folders only. I hope that Microsoft will allow more system folders to be added in the future or even allow for custom folders. However, currently having the Desktop folder included is very useful as users commonly store shortcuts and data there when possible. It’s also very useful for nonpersistent environments where users rely on network-stored profiles; for example, if a user’s profile is deleted, the data the user has stored on the desktop are not lost but are instead synchronized back down when the user signs in to OneDrive.
To enable KFM, you need to use the OneDrive Sync Client with build 18.111.0603.0004 or later. If you’re on a lower version, you’ll only be able to synchronize empty folders into the OneDrive client, which really defeats what we’re trying to achieve here!
If you plan to supplement OneDrive KFM with the Files On-Demand feature (and I recommend that you do), then you also need to be on Windows 10 version 1709 or higher, or on Windows Server 2019 for Remote Desktop Session Host systems.
Ideally, your users should be logging on to the client device with the credentials they use to access Office 365 so that if they move to a new device or lose their profile, they can access their synchronized data without having to sign in to OneDrive manually. It’s not a major blocker because the synchronization will occur after they sign in, but it simply makes the process much smoother and more seamless. Most environments use the same sets of credentials, but if you don’t, note that you may have to inform your users that they need to sign in to OneDrive with a different username/password combination.
If you have the Documents, Pictures, and Desktop folders redirected using Folder Redirection (either via GPO or another method), note that you’ll need to disable this at some point to complete the KFM. This means that your Folder Redirection policies should be configured to copy the data back locally when the policy is removed, as shown below.
You’ll also need to know your Office 365 tenant ID before beginning to enable KFM. If you don’t know it offhand, simply input your domain name into https://www.whatismytenantid.com/ to find out.
It’s a good idea to target specific batches of users for the OneDrive migration so you don’t get inundated with support calls if problems arise. In a recent project, we prepped groups of 250 users per day to be migrated across to OneDrive.
The first step was to disable any Folder Redirection in place so that the users had the data copied back locally ahead of the migration. Don’t forget, Folder Redirection GPO changes can’t be processed during the user session—the user must log out and back in before the changes are applied. So, not only must the target users pick up the policy changes, they must also log out and back in to activate them.
Subscribe to 4sysops newsletter!
The second step was to deploy the OneDrive Sync Client onto the target devices and apply the corresponding policies. In my next post, I will explain the main Known Folder Move Group Policy settings.