Azure File Share and On-Premises Active Directory

Glad it helped!

@@techhelpfornonprofits showed the script was copy-pasted to client's PowerShell to create Z: drive. Is their an easier way? I have 600+ client (most companies have 1000s of employees) and do I need to repeat 600 times?. Thanks.

@@SA-zx8zj You could do this in a number of ways. If you have Active Directory you could push this out using Group Policy or you could use a third party app like www.fasttrackscript.com/

Glad this video helped you!

Thank you

Thank you Alexander. I'm using Windows 10 to access the Azure portal.

Thanks Taofik. I would start by looking at roles for storage in AZ. learn.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access?tabs=portal

@camundson3 Thanks for the comment.

aizat27 - great questions. There is an option to add a directory, but I haven't messed with changing permissions at that level (th-cam.com/video/0ZQVjhp8g4s/w-d-xo.html.) As for contributor permissions, yes the user would be able to modify the storage account. Here is the list of RBAC roles and their permissions (docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles)

@milminer6006 thanks for the comment. You will need your local AD to sync to Azure AD to use the azure modules. As long as you're running the commands from a domain joined computer with proper permissions you should be good. No need to run from a DC. (requirements at 11:43 in video)

@@techhelpfornonprofits Thanks man. I appreciate your response. I didn't have a domain join machine, so I ran it on the DC and got it to work. The storage account now says 'configured' for active directory. My problem is connecting to the file share with a hybrid identity from a windows computer using a point to site VPN. Do you have any content that shows how to do that? MSFT documentations are not very clear.

@@milkminer6006 your P2S VPN connection should already be using your AD credentials to authenticate. Are you not able to use those creds to access the file share?

@@techhelpfornonprofits Thanks for your response. No, when I authenticate with the Azure AD hybrid identity and try to map the drive that would've been attached to a private endpoint it doesn't work. I am yet to find a video that does everything right through for the active directory configured approach.

Mahavir - Can you tell me where on the timeline you're referring to?

Hey Chris, I found same issue on a post. Hope it helps. docs.microsoft.com/en-us/answers/questions/782818/azure-storage-file-access-security-issue-on-ad-joi.html

How about this docs.microsoft.com/en-us/answers/questions/782818/azure-storage-file-access-security-issue-on-ad-joi.html

@Marcel-dt5du If using a private endpoint you would still need a way to sync your AD to Azure.

@@techhelpfornonprofits thanks. And what a coincidence, today I was working with our admin getting this done. We are getting network credentials errors when trying to mount the drive. I was thinking that maybe we should use the internal IP instead of the hostname when registering the storage account in the AD? Public connectivity is disabled for that storage account

@@Marcel-dt5du That shouldn't make a difference, but who knows. Did it work?

@@techhelpfornonprofits I can only try again next week. Will post an update to it

@phil8894 If you're getting prompted for a username/password that makes me think your Active Directory is not syncing to Azure AD. You'll need to make sure that's working first.

How about this activedirectorypro.com/map-network-drives-with-group-policy/

@@techhelpfornonprofits Thank you, but what's the syntax for the path to the drive/folder in this case? The link you sent is to deal with a folder inside a local file server. The address of a Azure File Share has a syntax up to the file storage account, like: FileStorageAccountName.file.core.windows.net. And that doesn't point to the file share nor a folder inside a file share.

@dpeluzzo it's assumed that you already have active directory syncing to Azure so no you won't need to open ports on active directory server if you have that setup.

Good question Jonnathan. Your PC/laptop doesn't have to be domain joined, but it does have to be able to talk to the domain controller. Using a domain joined computer does allow for single sign-on. Here is more info about requirements. docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable

You can create and active directory test environment using this Github repository github.com/pluralsight/PS-AutoLab-Env

is this solution available for migrating files from on prem to azure file share?

@@TiteufMela After you've mapped your azure file share locally you should be able to copy any on prem files to that share.

@@techhelpfornonprofits thank you, last question please , to copy the file and folders we should one of solution and if i am using robocopy how can i do that? thare are some consideration to take ? Can put me a link as a demo?
thank you so much

@@TiteufMela Sorry so late in responding. Yes, I would suggest robocopy. There are a ton of posts on syntax. After you copy I would verify the permissions.

You mean Join-AzStorageAccountforAuth? th-cam.com/video/0ZQVjhp8g4s/w-d-xo.html

i do facing the same issue, not where was the issue

Definitely Soukaina. Just skip the steps after testing from client. azure.microsoft.com/en-us/services/storage/files/#features

@JamesWBurns take a look at this post jotelulu.com/en-gb/support/tutorials/deploy-powershell-script-using-gpo/

@@techhelpfornonprofits thanks

@BruceSa I didn't create a PowerPoint. If you're talking about the Powershell commands they are here for connecting to Azure learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable and they are autogenerated when you setup the file share for connecting to the share.

I don't believe that's possible since it needs AD permissions to allow access to the share in Azure.

Assert-IsDomainJoined : The cmdlet, script, or module must be run in a domain-joined environment.