6

I've just installed build 10130 of the Windows 10 Insider Preview on my desktop, and after joining my domain, I noticed that the usual option to link my domain user account to a Microsoft account seems to be missing from my account settings. I've installed Windows 10 on my laptop previously (though it wasn't build 10130), and was able to do this without any issues.

Note the below screenshots:

enter image description here enter image description here

As far as I can tell, there are no group policy rules preventing me from doing this. I'm using Windows Server 2012R2, and have the "Block Microsoft accounts" Group Policy set as Not Defined.

Improve this question
0

3 Answers 3

Reset to default
3

Microsoft removed the ablity for domain joined user to sync with their Microsoft Account.

Here is a work around

  1. Create a new local/non-domain Microsoft Account
    • Go to Settings -> Accounts -> Other Users.
    • Click Add someone else to this PC.
    • Enter your Microsoft.
    • Login with your Microsoft account and enable sync.

  2. Copy registry settings

    • open RegEdit, navigate to HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities

      you should find your Microsoft Account email address.

    • Under the registry key for your Microsoft Account email address, you should find the Security Identifier (SID) for your local user logged in with Microsoft Account. Change this SID to to your Active Directory Domain User's SID.

      • To find the SID of your account, use this command wmic useraccount get name,sid. Or, if your domain has too many users, wmic useraccount where name="USERNAME" get name,sid. Replace USERNAMEwith your domain username.
    • Logout and log back in to your Domain User. You should find Sync your settings section no longer greyed out and showing Sync your settings to other devices using ____

You do not need to login as a separate Local User to perform the registry edits. It does not matter.

It took more than 10 minutes for me to see passwords synced. So be patient. You can see the results by going to Credential Manage

Improve this answer
2

As it turns out, the method I had to use (though I don't know if this is the only way going forward) is to set up Cortana. Doing so made me link my account and choose my sync settings.

I was tipped off by a post at the following url: http://forums.windowscentral.com/windows-10-technical-preview/359824-connecting-domain-account-microsoft-account.html

All I had to do was select the search bar in the taskbar, and follow the steps to opt-in to using Cortana. I was eventually asked to sync to a Microsoft account.

Improve this answer
1
  • 1
    Can you provide more details?
    – Ramhound
    Commented Jun 21, 2015 at 17:41
2

This problem arises from the circumstance where you have a domain-joined Windows 10 computer running Windows version 1703 aka the Creator's Update.

The answer is because Microsoft chose to remove this functionality. Of course, without informing users, without updating the messages on their Sync your settings screen, without updating online documentation, and without informing their own support desk. If you are an insider, info about this can be found on here.

By the way there are a couple of workarounds:

  1. if you can, perform a clean install of Microsoft Windows 10 build 1607, set up your sync settings, then upgrade. Testing shows this feature successfully remains if you have it in place before upgrading to the Creator's Update.

  2. if you have a computer that still has this sync enabled,

    • open RegEdit, navigate to HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities. You should find your Microsoft account listed as an entry under this, and under that, the Security Identifier - or SID - for your domain-joined account. Export the entire Microsoft account registry branch under StoredIdentities.
    • Move this to your new computer, then import into your registry. Double-check your SID is correct, though provided you've signed in with the same Active Directory account, then it should be. You can confirm by browsing further down the registry under HKEY_USERS and noting the SID there.
    • Open Settings/Accounts/Sync your Settings again and this time it is all open, enabled and manageable.

You will not be able to sync passwords until you verify your identity on the new computer but that's a trivial exercise.

Improve this answer
1
  • Thanks a lot for this solution! Finally got my settings to sync while using domain account. There is no need to do a clean install. I Tried to edit your answer but got rejected because of "drastic changes" so I had to post my own based mostly on your work
    – fjch1997
    Commented Dec 24, 2018 at 3:10

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .