Restrict OneDrive to sync only with Domain Joined PC’s

28 Feb

In the OneDrive admin centre there is an option under Sync for “Allow syncing only on PCs joined to specific domains.

This won’t affect the web based version or any mobile OneDrive clients, it purely stops the automatic sync on any machine which isn’t a member of any the domains entered.

It’s worth noting that it’s not a simple as just entering the domain name, you instead need to enter the GUID of your domain(s).

PowerShell will get this easily for you:

import-module ActiveDirectory 
$domains = (Get-ADForest).Domains; foreach($d in $domains) {Get-ADDomain -Identity $d | Select ObjectGuid}

Take you GUID, enter it and you’re done. A bit more secure.