none
On-Prem Active Directory integration with Azure File Share? RRS feed

  • Question

  • Hello all,

    We are moving more and more services into Azure.

    We are now preparing on moving a file server and was hoping to use an Azure File Share instead of creating an IaaS VM and hosting a fileserver.

    However the azure file share would have to be able to allow user to perform SSO to the files using their current on-prem AD account. When looking up info on this, I see a lot of articles around AAD DS for kerberos authentication but we don't want to deploy a new directory as we already have everything setup in our on-prem environment.

    Is it supported to use the traditional on-prem AD DS to authenticate to an Azure File Share?

    If so, how do you do this?

    thanks

    Thursday, November 28, 2019 9:35 AM

All replies

  • Azure AD DS authentication for SMB access is not supported for Active Directory domain-joined machines. In the interim, consider using Azure File Sync to start migrating your data to Azure Files and to continue enforcing access control by using Active Directory credentials from your on-premises Active Directory domain-joined machines.

    If you plan to "lift and shift" your application to the cloud, replacing traditional file servers with Azure Files, then you may want your application to authenticate with Azure AD credentials to access file data. Azure Files supports using Azure AD credentials to access Azure Files over SMB from Azure AD DS domain-joined Windows VMs. You can also choose to sync all of your on-premises Active Directory objects to Azure AD to preserve usernames, passwords, and other group assignments.

    Kindly let us know if the above helps or you need further assistance on this issue.
    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

    Thursday, November 28, 2019 10:33 AM
    Moderator
  • Hi,

    Thanks for your reply.From where will our users be accessing the data?
    We want to eliminate on-prem servers.

    If I read this correctly, then Azure file sync will first sync the data from OLDFILESERVER1 to an Azure File Share; but then we need a NEWCACHESERVER1 on-premise to act as a cache?

    Thursday, November 28, 2019 10:48 AM
  • @SC FTH Since you have mounted the Azure file sync, you will be accessing the data through particular folder.
    Monday, December 2, 2019 2:04 PM
    Moderator
  •  Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    Wednesday, December 4, 2019 5:45 AM
    Moderator