Azure File Share and On-Premises Active Directory

Thank you

Glad it helped!

@@techhelpfornonprofits showed the script was copy-pasted to client's PowerShell to create Z: drive. Is their an easier way? I have 600+ client (most companies have 1000s of employees) and do I need to repeat 600 times?. Thanks.

@@SA-zx8zj You could do this in a number of ways. If you have Active Directory you could push this out using Group Policy or you could use a third party app like www.fasttrackscript.com/

Glad this video helped you!

Thanks Taofik. I would start by looking at roles for storage in AZ. learn.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access?tabs=portal

@camundson3 Thanks for the comment.

Thank you Alexander. I'm using Windows 10 to access the Azure portal.

aizat27 - great questions. There is an option to add a directory, but I haven't messed with changing permissions at that level (czcams.com/video/0ZQVjhp8g4s/video.html.) As for contributor permissions, yes the user would be able to modify the storage account. Here is the list of RBAC roles and their permissions (docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles)

Mahavir - Can you tell me where on the timeline you're referring to?

How about this activedirectorypro.com/map-network-drives-with-group-policy/

@@techhelpfornonprofits Thank you, but what's the syntax for the path to the drive/folder in this case? The link you sent is to deal with a folder inside a local file server. The address of a Azure File Share has a syntax up to the file storage account, like: FileStorageAccountName.file.core.windows.net. And that doesn't point to the file share nor a folder inside a file share.

@milminer6006 thanks for the comment. You will need your local AD to sync to Azure AD to use the azure modules. As long as you're running the commands from a domain joined computer with proper permissions you should be good. No need to run from a DC. (requirements at 11:43 in video)

@@techhelpfornonprofits Thanks man. I appreciate your response. I didn't have a domain join machine, so I ran it on the DC and got it to work. The storage account now says 'configured' for active directory. My problem is connecting to the file share with a hybrid identity from a windows computer using a point to site VPN. Do you have any content that shows how to do that? MSFT documentations are not very clear.

@@milkminer6006 your P2S VPN connection should already be using your AD credentials to authenticate. Are you not able to use those creds to access the file share?

@@techhelpfornonprofits Thanks for your response. No, when I authenticate with the Azure AD hybrid identity and try to map the drive that would've been attached to a private endpoint it doesn't work. I am yet to find a video that does everything right through for the active directory configured approach.

Hey Chris, I found same issue on a post. Hope it helps. docs.microsoft.com/en-us/answers/questions/782818/azure-storage-file-access-security-issue-on-ad-joi.html

How about this docs.microsoft.com/en-us/answers/questions/782818/azure-storage-file-access-security-issue-on-ad-joi.html

@phil8894 If you're getting prompted for a username/password that makes me think your Active Directory is not syncing to Azure AD. You'll need to make sure that's working first.

Good question Jonnathan. Your PC/laptop doesn't have to be domain joined, but it does have to be able to talk to the domain controller. Using a domain joined computer does allow for single sign-on. Here is more info about requirements. docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable

@dpeluzzo it's assumed that you already have active directory syncing to Azure so no you won't need to open ports on active directory server if you have that setup.

@Marcel-dt5du If using a private endpoint you would still need a way to sync your AD to Azure.

@@techhelpfornonprofits thanks. And what a coincidence, today I was working with our admin getting this done. We are getting network credentials errors when trying to mount the drive. I was thinking that maybe we should use the internal IP instead of the hostname when registering the storage account in the AD? Public connectivity is disabled for that storage account

@@Marcel-dt5du That shouldn't make a difference, but who knows. Did it work?

@@techhelpfornonprofits I can only try again next week. Will post an update to it

I don't believe that's possible since it needs AD permissions to allow access to the share in Azure.

i do facing the same issue, not where was the issue

Definitely Soukaina. Just skip the steps after testing from client. azure.microsoft.com/en-us/services/storage/files/#features

@JamesWBurns take a look at this post jotelulu.com/en-gb/support/tutorials/deploy-powershell-script-using-gpo/

@@techhelpfornonprofits thanks

You mean Join-AzStorageAccountforAuth? czcams.com/video/0ZQVjhp8g4s/video.html

You can create and active directory test environment using this Github repository github.com/pluralsight/PS-AutoLab-Env

is this solution available for migrating files from on prem to azure file share?

@@TiteufMela After you've mapped your azure file share locally you should be able to copy any on prem files to that share.

@@techhelpfornonprofits thank you, last question please , to copy the file and folders we should one of solution and if i am using robocopy how can i do that? thare are some consideration to take ? Can put me a link as a demo?
thank you so much

@@TiteufMela Sorry so late in responding. Yes, I would suggest robocopy. There are a ton of posts on syntax. After you copy I would verify the permissions.

@BruceSa I didn't create a PowerPoint. If you're talking about the Powershell commands they are here for connecting to Azure learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable and they are autogenerated when you setup the file share for connecting to the share.

Assert-IsDomainJoined : The cmdlet, script, or module must be run in a domain-joined environment.