End Client Connections

Chris Farmer 1 Reputation point
2020-10-23T11:20:29.54+00:00

I believe that I have done what is required.

  • All my accounts are cloud only.
  • I have Deployed an Azure AD Domain Server and I have reset my password.
  • I have a storage account and some file shares
  • Under the storage account I have enabled 'Azure Active Directory Domain Services)
  • I have joined a Windows Server and a Windows 10 PC all in Azure to the Azure ADDS.
  • On the Server I can connect the file shares using Azure\strorage name and the password of the storage Key
  • I can Assign NTFS permission on folders and Files.

If I log in to the Windows 10 PC and use the connect PS commands

I get New-PSDrive : The specified network password is not correct

From my understanding, when connecting using the storage account and key, then the access is Full, so you don't want to push that out for every user?

So where have I gone wrong?

Chris

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,215 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. deherman-MSFT 35,011 Reputation points Microsoft Employee
    2020-10-23T19:43:29.807+00:00

    @Chris Farmer Firstly please make sure that your VM resides in the same VNET as your Azure AD DS. Also make sure you have the proper role assigned to the user. For mounting with Azure AD DS, sign in to the VM with the Azure AD DS credentials them mount with "net use <desired-drive letter>: \<storage-account-name>.file.core.windows.net\<fileshare-name>". A user with the storage account key can access Azure file shares with superuser permissions. Superuser permissions bypass all access control restrictions.

    Hope this helps. If you continue to face issues please let us know.

    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

  2. Chris Farmer 1 Reputation point
    2020-11-03T09:04:30.703+00:00

    It did thanks.

    I thought it worked with AzureAD, not just azure AD DS.

    I think I saw that you can Domain Join storage to an existing domain, so I may look at that and see if that joined storage allows the files shares to be mapped by AD Joined PCs?

    I guess I was hoping that I could get access to the resources, without having to have AD DS or Azure AD DS and that the remote uses could connect the the file shares without having to connect to a VPN.

    Thanks

    Chris

    0 comments