Can't Enable AADDS authentication for Azure Files

Question

This is the error I get when attempting to enable it

Failed to update storage account 'testfileshare'. Error: Unable to locate active AAD DS for AAD tenant Id ******** associated with the storage account. For more information, see - https://aka.ms/storagefilesaad

Azure AD DS has been setup already and we have VMs joined to the domain so I am unsure what is causing the issue, search online only leads to this single post that doesnt have a clear answer on the fix:

https://social.msdn.microsoft.com/Forums/en-US/f4c8cac5-132b-4222-af3a-9d1f7af1b6ed/have-azure-active-directory-but-cannot-add-ad-authentication-to-storage-account?forum=WindowsAzureAD

Anyone experience this?

Answer 1

Have you followed the suggestions mentioned in this article: https://aka.ms/storagefilesaad

And did you have created also AADDS, as its one of the prerequisites of the feature?

Are your Azure AD Domain services is set up on a Classic V-net? Unfortunately, migrating VNETs containing AADDS from classic to ARM is not supported, as per https://docs.microsoft.com/en-us/azure/virtual-machines/windows/migration-classic-resource-manager-overview

You may also refer to the suggestion mentioned in this GitHub link, which give provides more idea on this issue.

Overview of Azure Files Azure Active Directory Domain Service (Azure AD DS) Authentication Support for SMB Access

Hope this helps! 

Kindly let us know if the above helps or you need further assistance on this issue.
------------------------------------------------------------------------------------------

Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

Answer 2

@CLGR01 Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Answer 3

It is on a classic vnet, would that affect my ability to setup a storage account with aadds authentication? does that require a newer vnet/ARM to work?

I tried via the cli

az storage account create -n testfileshare -g FileShareTest --enable-files-aadds $true

but got the same error.

Answer 4

Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.
Can I enable Azure AD Domain Services in a Classic virtual network?

Classic virtual networks aren't supported for new deployments. Existing managed domains deployed in Classic virtual networks continue to be supported.

Can I enable Azure AD Domain Services in an Azure Resource Manager virtual network?

Yes. Azure AD Domain Services can be enabled in an Azure Resource Manager virtual network. Classic Azure virtual networks are no longer supported for when you create a new managed domain.

Hope this helps! 

Kindly let us know if the above helps or you need further assistance on this issue.
------------------------------------------------------------------------------------------

Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

Answer 5

Is there any update on the issue?

If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

Answer 6

Is there any update on the issue?

If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

Answer 7

Following up to see if the above suggestion was helpful. And, if you have any further query do let us know. If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members