Domain Join Storage Account

I wrote previously about the options for storing container workloads such as fslogix containers in azure one of them being native domain joined storage accounts.

Domain join storage account. In the azure portal go to your existing storage account or create a storage account. The domain user account should be enabled to join computers to the domain. Once you ve enabled active directory domain services ad ds authentication on your storage account you must configure share level permissions in order to get access to your file shares.

Overview on premises active directory domain services authentication over smb for azure file shares 09 13 2020 5 minutes to read 5 in this article azure files supports identity based authentication over server message block smb through two types of domain services. On premises active directory domain services ad ds and azure active directory domain services azure ad ds. About press copyright contact us creators advertise developers terms privacy policy safety how youtube works test new features.

Join azstorageaccountforauth resourcegroupname resource group name name storage account name domainaccounttype computeraccount organizationalunitname ou friendly name when the string ran successfully you will see the following computer account named as your azure storage account created in your active directory ad environment. For on premises ad ds authentication you must set up your ad domain controllers and domain join your machines or vms. The identity you want to access azure file share resources with must be a hybrid identity that exists in both ad ds and azure ad.

In the settings section select configuration. For example you can use the domain administrator account or an account with delegated permissions to join computers to the domain. Having the ability to active directory domain join adds an azure storage account has changed the game for many organizations deploying file service into azure.

To join a computer to the domain the user account must be granted the create computer object permission in active directory. Portal powershell azure cli to enable azure ad ds authentication over smb with the azure portal follow these steps. Either way your domain joined clients must have line of sight to the domain service so they must be within the corporate network or virtual network vnet of your domain service.

You can host your domain controllers on azure vms or on premises. The script uses the cmdlet to create a computer account in your ad domain.