SOLVED
Home

Azure ADDS and on-premise file server permissions

%3CLINGO-SUB%20id%3D%22lingo-sub-361105%22%20slang%3D%22en-US%22%3EAzure%20ADDS%20and%20on-premise%20file%20server%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-361105%22%20slang%3D%22en-US%22%3E%3CP%3EHello!%3C%2FP%3E%3CP%3EI%20need%20some%20guidence%20regarding%20Azure%20ADDS%20and%20on-premise%20servers.%3C%2FP%3E%3CP%3EI%20have%20a%20customer%20that%20is%20using%20Office%20365.%20Currently%20only%20for%20e-mail%2C%20Skype%20for%20Business%20and%20Office%20applications.%20They%20also%20have%20an%20on-premise%20file%20server%20and%20some%26nbsp%3B%20other%20application%20servers%2C%20but%20no%20local%20Active%20Directory.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrently%20they%20logon%20with%20local%20computer%20accounts%20and%20access%20file%20server%20shares%20using%20local%20accounts%20created%20on%20the%20file%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20customer%20want%20to%20use%20their%20Office%20365%20accounts%20to%20login%20to%20their%20computers%20and%20access%20shares%20on%20the%20file%20server%20with%20the%20same%20account.%20Is%20this%20possible%3F%20I've%20been%20searching%20for%20this%20and%20found%20a%20couple%20of%20different%20forum%20threads%20but%20no%20definitive%20answer.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETLDR%3B%3C%2FP%3E%3CP%3EWould%20it%20be%20possible%20to%20setup%20Azure%20ADDS%20with%20Express%20Route%20or%20VPN%20to%20the%20customers%20network%2C%20join%20the%20on-premise%20servers%20to%20Azure%20ADDS%20and%20set%20permissions%20to%20folders%2Ffiles%20for%20the%20Office%20365%20accounts%20on%20the%20on-premise%20servers%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-361105%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-361130%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ADDS%20and%20on-premise%20file%20server%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-361130%22%20slang%3D%22en-US%22%3E%3CP%3EI%20will%20look%20into%20that.%20Thanks!%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-361122%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ADDS%20and%20on-premise%20file%20server%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-361122%22%20slang%3D%22en-US%22%3EDepending%20on%20the%20workload%20on-premises%20I%20would%20consider%20to%20create%20an%20AD%20and%20sync%20those%20accounts%20to%20AAD!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-361118%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ADDS%20and%20on-premise%20file%20server%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-361118%22%20slang%3D%22en-US%22%3E%3CP%3EThere%20are%20about%2025%20users%2C%20everyone%20is%20using%20Windows%2010%20Pro.%20Servers%20are%20Windows%20Server%202016%20Standard%2C%20but%20one%20of%20them%20is%20only%20Windows%20Server%202012%20Standard.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-361117%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ADDS%20and%20on-premise%20file%20server%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-361117%22%20slang%3D%22en-US%22%3EHow%20many%20users%2C%20client%20OS%3F%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-361111%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ADDS%20and%20on-premise%20file%20server%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-361111%22%20slang%3D%22en-US%22%3E%3CP%3EI%20had%20a%20bad%20feeling%20about%20this%20not%20being%20easy.%20Thank%20you%20for%20making%20this%20clear%20Adam.%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-361107%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ADDS%20and%20on-premise%20file%20server%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-361107%22%20slang%3D%22en-US%22%3ENo%2C%20this%20can%E2%80%99t%20be%20done!%3CBR%20%2F%3EWhat%20you%20can%20to%20do%20is%20set%20up%20an%20AD%20on%20premises%20and%20then%20match%20those%20accounts%20with%20your%20AAD%20accounts!%20They%20will%20then%20be%20able%20to%20use%20the%20same%20account%20to%20access%20on%20premises%20and%20cloud%20resources%3CBR%20%2F%3E%3CBR%20%2F%3EOr%20I%20would%20prefer%20to%20move%20the%20file%20server%20to%20sharepoint%20and%20join%20their%20computers%20to%20Azure%20AD%20instead!%3C%2FLINGO-BODY%3E
thomas1984
New Contributor

Hello!

I need some guidence regarding Azure ADDS and on-premise servers.

I have a customer that is using Office 365. Currently only for e-mail, Skype for Business and Office applications. They also have an on-premise file server and some  other application servers, but no local Active Directory. 

 

Currently they logon with local computer accounts and access file server shares using local accounts created on the file server.

 

The customer want to use their Office 365 accounts to login to their computers and access shares on the file server with the same account. Is this possible? I've been searching for this and found a couple of different forum threads but no definitive answer.

 

TLDR;

Would it be possible to setup Azure ADDS with Express Route or VPN to the customers network, join the on-premise servers to Azure ADDS and set permissions to folders/files for the Office 365 accounts on the on-premise servers?

 

Thanks in advance!

6 Replies
Solution
No, this can’t be done!
What you can to do is set up an AD on premises and then match those accounts with your AAD accounts! They will then be able to use the same account to access on premises and cloud resources

Or I would prefer to move the file server to sharepoint and join their computers to Azure AD instead!

I had a bad feeling about this not being easy. Thank you for making this clear Adam. :)

How many users, client OS?

There are about 25 users, everyone is using Windows 10 Pro. Servers are Windows Server 2016 Standard, but one of them is only Windows Server 2012 Standard.

Depending on the workload on-premises I would consider to create an AD and sync those accounts to AAD!

I will look into that. Thanks! :)

Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
7 Replies