I have written an article about “OneDrive GPO: Configure team site libraries to sync automatically” and I must update this article.
First, and that is important: If we are looking inside the OneDrive Group Policies, you will see, there is a Group Policy in both parts (Machine and User) with the same name
Configure team site libraries to sync automatically
I have described the GPO, which is a Machine policy. But there are other Scenario’s with more than one user and Microsoft has decided, to have the same Group Policy also in the Users Section.
The name is the same. The group Policy looks like the same. The Functionality is the same. Only the Key in the Regedit is different
Machine
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive\TenantAutoMount] "LibraryName"="LibraryID"
User
[HKCU\Software\Policies\Microsoft\OneDrive\TenantAutoMount]"LibraryName"="LibraryID"
Why Microsoft decided to have the same Group Policy in the Users section?
Its very easy, because if you look for devices, where different people from different departments will login, then there is the answer. If you have a machine policy, you are only may connect to team sites, where all possible users have the rights. Changing that to a User Policy, you may have to rollout several different GPOs, that will only work with this subset of AD.
Other questions received me, thank you, and I try to give you the right answer:
Why do we have the limit of 1000 devices?
We have to know, how OneDrive is working. Microsoft uses Windows Push Notification Services (WNS) to sync files in real time. The main important part is: WNS informs the sync client whenever a change actually happens, eliminating redundant polling and saving on unnecessary computing power. So on the Server side:
- A change occurs in Office 365.
- WNS alerts the OneDrive sync client of the change.
- OneDrive adds it to the Internal Server Changes Queue.
- – Any metadata changes happen immediately, like renaming or deleting files.
- – Downloading content also starts a specific session with the client.
- Office 365 has metadata pointers directing it through Microsoft Azure.
- The changes are processed in the order they are received.
The previous OneDrive for Business sync client (Groove.exe) used a polling service to check for changes on a predetermined schedule. Polling can lead to system lag and slowness because it requires a lot of computing power. Using WNS is a significant enhancement.
Now back to our question: WNS has one limit: 1000.
This is the current limit of devices that can subscribe through the WNS pipeline to get notifications from the service about file changes. After that limit is reached, the remaining clients will go into polling mode, which means they will poll the service every few minutes to see if there are any changes.
Why does take up to 8 hours, until the client machine receives the files?
This is because of the potential spike of requests of mounting a team site both on the customer’s network as well as on the backend service.
This Group Policy is in Preview. Microsoft will see on telemetry data, how this Group policy will be used. In other words. It could be change in the future
I don’t see you mentioned another limitation and that is 5000 file/folders per library. https://docs.microsoft.com/en-us/onedrive/use-group-policy#AutoMountTeamSites
LikeLike
No, why? Thats one of other limitationa and has nothing to do with the description of this group policy
LikeLike
Mr. Brender,
Do you know, can I add many Sharepoint sites with the different access lists into one GPO in order to apply it to the group of the local users with the different access rights to each site? May it cause any problem with the network performance, denial of service, or lock the users because of the continious tries to sync the forbidden site?
Thank you.
LikeLike
Yes, You can specify different document libraries into the GPO. But
1) It may take up to 8 hours
2) You must be aware of the max 1000 devices for each doc lib
3) To access the data, the user must be a member of the doc lib
better do it, have different departments of the User in Azure AD, and deploy the right doc libs to the right users
LikeLike
I have followed your post but I am not seeing the “TenantAutoMount” folder get created under “HKLM\SOFTWARE\Policies\Microsoft\OneDrive” or “HKCU\Software\Policies\Microsoft\OneDrive” what am I missing?
LikeLike
I can confirm the GP is running, after running a gpupdate /force I run GPRESULT /H GPReport.html and in the report, I see my policy run.
Also, I am assuming if this runs on a user that does not have access to the document library nothing will sync?
LikeLike
sure, that makes no sense
LikeLike
You have to wait up to 8 hours
LikeLike
hi
and how it looks in explorer does it map as G:\ our? our under the Intranet House
LikeLike
No, you find it in the explorer, jast as any other regular doc lib, you have synced manually
LikeLike
Hallo Hans, gibt es das ganze auch für Intune OMA uri oder GPO in Preview?
LikeLike
Kann ich leider nicht sagen.
LikeLike