I have AAD DS enabled on my tenant and have created a storage account and file share with "Identity-based access for file shares
Azure Active Directory Domain Services (Azure AD DS)" enabled.
When connected to an AAD joined management VM I try to set NTFS permissions over SMB as detailed in the below article (Mounted using the storage key)
I get an error stating:-
"The program cannot open the required dialog box because it cannot determine whether the computer named XYZ.file.core.windows.net is joined to a domain"
When checking AAD from the management VM, there is no computer account for the storage account. - The below article states the storage account is domain joined but this does not seem to happen and I cannot set any permissions on the share or access it without using the storage key
"To enable Azure AD DS authentication over SMB for Azure Files, you can set a property on storage accounts by using the Azure portal, Azure PowerShell, or Azure CLI. Setting this property implicitly "domain joins" the storage account with the associated Azure AD DS deployment. Azure AD DS authentication over SMB is then enabled for all new and existing file shares in the storage account."
Ref
https://video2.skills-academy.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable?tabs=azure-powershell
Any ideas ?
After running "Debug-AzStorageAccountAuth" I can see that there is definately not a storage account in AAD
Ref
Debug-AzStorageAccountAuth : ActiveDirectoryProperties is not set for storage account 'XYZ' in resource group 'XYZ'. To set the properties, please use cmdlet Set-AzStorageAccount if the account is already associated with an Active Directory, or use cmdlet
Join-AzStorageAccountForAuth to join the account to an Active Directory (https://video2.skills-academy.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable)
The link mentioned for resolution relates to on-prem AD DS auth not Azure AD DS auth which I am using. - Should the Azure portal automatically doamin join the storage account when enabling "Identity-based access for file shares Azure Active Directory Domain Services (Azure AD DS)" ? If so this hasnt happened.
I am looking for the AAD DS equivalent process to add the storage account PSN ?