@PT Maliborski Firstly, Apologies for the delay response!
Welcome to Microsoft Q&A Forum, Thank you for posting your query here
Yes, users from all three subdomains can access a new share in Azure if they have the appropriate permissions. For example, users from different domains within the same forest can access the file share and underlying directories/files if they have the appropriate permissions
When joining an Azure Storage account to an Active Directory domain using the Join-AzStorageAccount cmdlet, you can only specify one domain at a time. This means that users from other domains will not be able to access the Azure file share unless they are also joined to the same domain.
To enable users from multiple domains to access the Azure file share, you can either:
- Join the Azure Storage account to a domain that is trusted by all of the domains that need access. This will allow users from all of the trusted domains to access the Azure file share.
- Create a separate Azure Storage account for each domain that needs access. This will allow you to join each storage account to the corresponding domain, and users from each domain will be able to access the corresponding Azure file share.
If you choose to join the Azure Storage account to a domain that is trusted by all of the domains that need access, you will need to ensure that the trust relationship is properly configured and that the necessary permissions are granted to the users and groups that need access.
It's also worth noting that placing the storage computer account in the root domain may not be necessary or desirable, depending on your specific requirements and security policies. You should consult with your IT team or security team to determine the best approach for your organization.
Please let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.