Enable Hybrid AD Authentication for Azure Files - brian-anderson01/Capstone GitHub Wiki

Setup file share and enable authentication from the DC

Create a file share as mentioned on this page and continue until the Active Directory settings step
Click "Not Configured", next to Active Directory: at the top of the file shares page
Now click set up under Active Directory
Choose "Enable Active Directory authentication" from the steps to complete
Download and unzip AzFilesHybrid from here on the on-premise DC
Before running the script make sure that the local user has been added as a Contributor to the Azure storage account
Now open PowerShell as an admin and run this script, but replace the placeholder values with your own before running
Setting the domain account type as ServiceLogonAccount was the only way I could get this working
Once the script runs and debugs we can check and confirm that the authentication is working as expected
Run the following commands from PowerShell after the script:
- $storageaccount = Get-AzStorageAccount -ResourceGroupName "<your-resource-group-name-here>" -Name "<your-storage-account-name-here>"
- $storageAccount.AzureFilesIdentityBasedAuth.DirectoryServiceOptions
- $storageAccount.AzureFilesIdentityBasedAuth.ActiveDirectoryProperties
The output of these commands should show your local domain name, DomainGUID, and SID as well as the Azure Storage SID.
Along with this, you can open the storage account from the Azure portal and go to shares and it should now show that Active Directory is enabled and configured. If these checks are all good, you can continue on to the next step.

In the Azure portal go to the storage account and then go to shares
Select the share you want to set permissions for
- Now on the left choose "Access Control (IAM)"
- Click role assignments then choose add at the top
- Once assigned, the selected users will be assigned those permissions for the share