Forum Discussion

SamE's avatar
SamE
Copper Contributor
Jan 22, 2025

Entra Connect - Access to onsite Server Shares

Will setting up Entra Connect and syncing AD IDs with Entra IDs provide access to on Prem Windows server shares?

We are planning for our migration to the cloud and have a bunch of Windows server shares that users currently access with their Active Directory accounts. Setting up Entra Connect and syncing the AD accounts to Entra ID Accounts provide the same access to these shares?

Migrating the file shares to Entra ID is a bigger migration project probably further down the road.

 

I found this article but it's the other way around, Hybrid identities accessing Azure shares:

https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-hybrid-identities-enable?tabs=azure-portal%2Cintune

 

active direcory
connect
entra id

3 Replies

  • Matthias-Braun's avatar
    Matthias-Braun
    Brass Contributor
    Jan 23, 2025

    Hi SamE 

    Setting up Entra Connect and syncing AD accounts with Entra ID can help in managing identities, but it won't directly provide access to on-premises Windows server shares.

    The synchronization primarily ensures that user identities are consistent across on-premises and cloud environments, but access to file shares still relies on the on-premises Active Directory (AD) infrastructure.

     

    Here are some useful articles and that delve into this topic:

    1. https://learn.microsoft.com/en-us/entra/identity/hybrid/accounts: This article provides detailed information on the accounts required for integrating Active Directory with Microsoft Entra ID, which is crucial for understanding the synchronization process.
    2. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/reference-connect-accounts-permissions: This resource outlines the permissions and accounts needed for Entra Connect, helping you understand the setup and synchronization process.

    For your scenario, maintaining access to on-premises shares will require continued reliance on your existing AD infrastructure. 

     

    If you follow the advice from Kidd_Ip and there is a direct connection (Site-to-Site VPN), the access should technically work.

     

    If you have any more questions or need further assistance, feel free to ask!

     

    Regards, Matthias

    • SamE's avatar
      SamE
      Copper Contributor
      Jan 23, 2025

      Thanks Matthias, this is very helpful!

      I will look into the site-to-site VPN next.

  • Kidd_Ip's avatar
    Kidd_Ip
    MVP
    Jan 23, 2025

    Take this:

     

    • Entra Connect Setup: Entra Connect synchronizes your on-premises AD with Entra ID, ensuring that user attributes like SAM Account Name, Domain Name, and UPN are synced.
    • Single Sign-On (SSO): With Entra Connect, users can enjoy a seamless SSO experience. When they sign in to an Entra ID-joined device, their on-premises AD credentials are also recognized.
    • Access to On-Premises Resources: Entra Connect enables Kerberos and NTLM authentication on Entra ID-joined devices, allowing users to access on-premises resources like file shares and printers.
    • Additional Configuration: Depending on your setup, you might need to configure Kerberos authentication to ensure compatibility between Entra ID authentication and your on-premises file server.

Resources