Fileshare connect to AD

%3CLINGO-SUB%20id%3D%22lingo-sub-1133211%22%20slang%3D%22en-US%22%3EFileshare%20connect%20to%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1133211%22%20slang%3D%22en-US%22%3E%3CP%3EI%20like%20to%20bring%20my%20windows%20file%20share%20to%20the%20azure%20cloud.%20I%20want%20to%20connect%20the%20file%20share%20to%20an%20AD%20(domain%20controller%20runs%20in%20a%20VM).%20Is%20it%20possible%3F%26nbsp%3BHow%20can%20I%20do%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1133211%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EData%20%2B%20Storage%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1137303%22%20slang%3D%22en-US%22%3ERe%3A%20Fileshare%20connect%20to%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1137303%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F24406%22%20target%3D%22_blank%22%3E%40Stefan%20Kie%C3%9Fig%3C%2FA%3E%26nbsp%3BI've%20got%20some%20questions%20for%20you.%3C%2FP%3E%3CUL%3E%3CLI%3EDo%20you%20already%20have%20an%20on-premises%20Active%20Directory%20that%20this%20will%20be%20part%20of%3F%3C%2FLI%3E%3CLI%3EDo%20you%20already%20have%20an%20Azure%20tenant%3F%3C%2FLI%3E%3CLI%3EIf%20you%20have%20an%20Azure%20tenant%2C%20do%20you%20have%20ExpressRoute%20connectivity%20to%20it%20either%20through%20VPN%20or%20an%20MPLS%20connection%3F%3C%2FLI%3E%3C%2FUL%3E%3CP%3EThere%20are%20multiple%20options%20depending%20on%20your%20current%20configuration.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1137340%22%20slang%3D%22en-US%22%3ERe%3A%20Fileshare%20connect%20to%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1137340%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20an%20on-premise%20Active%20Directory%20and%20an%20azure%20tenant.%20The%20azure%20tenant%20has%26nbsp%3B%3C%2FP%3E%3CP%3E-%20private%20network%20(connected%20to%20on-premise%20by%20VPN)%3C%2FP%3E%3CP%3E-%20storage%20account%26nbsp%3B%3C%2FP%3E%3CP%3E-%20inside%20in%20the%20storage%20account%2C%20there%20is%20a%20file%20share%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20I%20like%20to%20connect%20the%20file%20share%20to%20my%20on-premise%20Active%20Directory%20and%20manage%20the%20shares%20with%20the%20AD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3EStefan%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1137556%22%20slang%3D%22en-US%22%3ERe%3A%20Fileshare%20connect%20to%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1137556%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F24406%22%20target%3D%22_blank%22%3E%40Stefan%20Kie%C3%9Fig%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20believe%20you'll%20be%20able%20to%20do%20that.%26nbsp%3B%20Take%20a%20look%20at%20the%20link%20below.%26nbsp%3B%20You'll%20probably%20need%20to%20use%20Azure%20AD%20Domain%20Services%20for%20that%20to%20work%20but%20there%20are%20caveats%20in%20that%20the%20computers%20connecting%20to%20the%20share%20would%20need%20to%20be%20Azure%20AD%20Domain%20Services%20joined%20instead%20of%20on-premises%20AD%20joined.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20what%20you%20are%20trying%20to%20do%2C%20you'll%20probably%20need%20to%20have%20an%20IaaS%20VM%20acting%20as%20a%20file%20server.%26nbsp%3B%20You%20would%20probably%20also%20want%20an%20IaaS%20VM%20to%20use%20as%20a%20domain%20controller%20in%20Azure.%26nbsp%3B%20The%20file%20server%20could%20be%20joined%20to%20your%20current%20on-premises%20AD%20and%20control%20access%20to%20the%20file%20share.%26nbsp%3B%20You%20could%20still%20leverage%20Azure%20File%20Services%20on%20the%20back%20end%20for%20storage.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fstorage%2Ffiles%2Fstorage-files-faq%23security-authentication-and-access-control%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fstorage%2Ffiles%2Fstorage-files-faq%23security-authentication-and-access-control%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps.%26nbsp%3B%20Maybe%20someone%20else%20in%20the%20community%20has%20a%20better%20solution%20or%20recommendation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBrent%3C%2FP%3E%3C%2FLINGO-BODY%3E
Regular Contributor

I like to bring my windows file share to the azure cloud. I want to connect the file share to an AD (domain controller runs in a VM). Is it possible? How can I do this?

3 Replies

@Stefan Kießig I've got some questions for you.

  • Do you already have an on-premises Active Directory that this will be part of?
  • Do you already have an Azure tenant?
  • If you have an Azure tenant, do you have ExpressRoute connectivity to it either through VPN or an MPLS connection?

There are multiple options depending on your current configuration.

We have an on-premise Active Directory and an azure tenant. The azure tenant has 

- private network (connected to on-premise by VPN)

- storage account 

- inside in the storage account, there is a file share

 

Now I like to connect the file share to my on-premise Active Directory and manage the shares with the AD.

 

Regards

Stefan

 

@Stefan Kießig 

I don't believe you'll be able to do that.  Take a look at the link below.  You'll probably need to use Azure AD Domain Services for that to work but there are caveats in that the computers connecting to the share would need to be Azure AD Domain Services joined instead of on-premises AD joined.

 

For what you are trying to do, you'll probably need to have an IaaS VM acting as a file server.  You would probably also want an IaaS VM to use as a domain controller in Azure.  The file server could be joined to your current on-premises AD and control access to the file share.  You could still leverage Azure File Services on the back end for storage.

 

https://docs.microsoft.com/en-us/azure/storage/files/storage-files-faq#security-authentication-and-a...

 

Hope this helps.  Maybe someone else in the community has a better solution or recommendation.

 

Thanks,

 

Brent