Identity-based authentication over SMB (Server Message Block) is held via domain services. Two area offerings are;
- Azure Active Directory Domain Services (Azure AD DS) :
- On-premises Active Directory Domain Services (AD DS).
Enabling access of AD DS authentication for Azure files share permits you to confirm your Azure file share along with your on-prem AD DS credentials. Allowing you to sync identities from on-prem AD DS to Azure AD with AD Connect. You will be able to manipulate the share level with identities synced to Azure AD with on-prem AD DS credentials while overseeing the files
An illustration of the workflow of azure files can be described in the over the chart.
Enable on-prem AD DS authentication for your account
Empowering on-prem AD DS authentication over SMB for Azure files, as you will be able to design property on azure storage accounts by means of utilizing Azure portal or Azure PowerShell and Azure CLI. But, configuring this property implicate “domain joins” within the azure storage account with the related on-prem ADDS deployment. Moreover, the on-prem AD DS authentication over SMB is enabled for all new and current documents shares inside the azure storage account.
Requirements of Deploy
Now I’m utilizing my own on-prem Active Directory which is accessible via site-to-site VPN
1- Create an Azure storage account via PowerShell:
First, we will connect Azure subscription to Azure
At that point, enter your Azure subscription credentials in the following wizard that will emerge as
2- Create the Azure Resource Group:
We require a resource group that will be created by running the next command.
Here a new resource group called “SolutionviewsDemo” is created in location “East US’’
3-Create an Azure Storage account:
We need a storage account after creating resource group which can either be an existing account or new one. I’m going to create a modern on-prem ADDS storage account.
We try this by running the underneath script.
The Azure storage account is created in a resource group that was designed earlier and is placed in the same region as before and indicated it to be locally-redundant storage (LRS).
4: Add the Azure Storage Account to Active Directory
AZfilesHybrid PowerShell module can be downloaded from this URL. Its better to prefer the latest one
Extract the downloaded module for example in c:\azfileshybrid
To unblock importing AzFilesHybrid.psm1 module, change the execution policy
click on Yes to All
See where AzFilesHybridis unzipped and stored. Duplicate the files in your path.
Import PowerShell AzFilesHybrid module
An identity can be generated representing either service Logon Account or Computer Account, depending upon AD permissions you have got were given and desired. Here I will use a computer account.
After completing above steps, storage account is added to the on-prem active directory.
Now have a look into the Azure storage account configuration tab from the Azure portal. Azure storage account is associated with on-prem active directory domain.
I’m sure this will assist you to begin with Azure storage identity-based authentication.
