Preauthenticate Office 365 (SharePoint and Exchange) for Internal Users
May 15, 2014 4 Comments
Using ADFS for Single Sign On does not leverage a full Single Sign On Experience for the users. People will often see the Office 365 and need to fill in their email/upn, before Single Sign On will happen.
Thanks to a very nice OneDrive CodePlex project (http://office365drivemap.codeplex.com/), which you should visit too, I was able to write the following PowerShell script which you can use to preauthenticate Office 365 when you use ADFS.
Run the following powershell script after login (see http://msdn.microsoft.com/en-us/library/jj130675.aspx to configure the script to run after login)
$domain = "contoso.com"; # your Federated domain $ie = new-object -com InternetExplorer.Application $ie.navigate("https://login.microsoftonline.com/login.srf") $ie.visible = $true #Uncomment this for debugging # Wait for the page to finish loading do {sleep 1} until (-not ($ie.Busy)) # We have to click the remember me checkbox before logging in, we also have to have IE be automated for this to work try { $ie.document.GetElementById("_link").click() do {sleep 1} until (-not ($ie.Busy)) } catch {$null} try { $ie.document.GetElementById("cred_userid_inputtext").value = "dummy@"+$domain $ie.document.GetElementById("cred_keep_me_signed_in_checkbox").click() do {sleep 1} until (-not ($ie.Busy)) $ie.document.GetElementById("cred_sign_in_button").click() do {sleep 1} until (-not ($ie.Busy)) }catch {$null} sleep -seconds 15 # give plenty of time to redirect $ie.Quit()
For exchange it is quite easy to create a auto-login just with some DNS modification. You just need to create a CNAME to outlook.com.
e.g. webmail.contoso.com => outlook.com
I am using your script and then creating a shortcut to ODFB on the desktop. It works fine for someone who is an Admin on the computer but a standard user account it does not Pre-authenticate. Any ideas?
Thank you!
I have only tested it as part of the windows login script. Do You know which like is problematic?
It opens IE but it doesn’t click in any of the boxes to enter the credentials and then move on.
Unfortunately, if UAC is enabled the scripts does not work 😦