question

PrabinBhusal-5638 avatar image
0 Votes"
PrabinBhusal-5638 asked JonnathanP-1802 edited

Cannot Map Drive from Azure File Sharing into non domain joined Computer

I have created Storage Account in Azure and I joined the Storage Account to my domain.

I assigned users role via Access Control (IAM) and It is successfully mapped into a computer which is joined in Domain.

I want to map the same drive in non domain joined computer. I mapped the drive using the location from azure storage account. It asked me username and password when I try to log in using the user credentials that I have created and gave permission it shows the error.

"The Specified Network Password is not Correct".

I dont want to map the drive using Access Key. I want to map using users login Credentials.

When I run script in powershell to find out the issue. It shows me this issue:

Issues found:---- CheckSidHasAadUser ----No Azure Active Directory user exists with OnPremisesSecurityIdentifier of the currently logged on user's SID (S-1-5-21-4081914295-3719894761-3031614629-500).            

This means that the AD user object has not synced to the AAD corresponding to the storage account.            Mounting to Azure Files using Active Directory authentication is not supported for AD users who have not been synced to AAD.


Is it possible to mount the drive into non domain joined computer ?? 

azure-ad-domain-servicesazure-files
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TKujala avatar image
0 Votes"
TKujala answered

Hi @PrabinBhusal-5638,

I think you can mount the drive.

Have you check the following troubleshooting tips?

https://docs.microsoft.com/en-us/azure/storage/files/storage-troubleshoot-windows-file-connection-problems

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SumanthMarigowda-MSFT avatar image
0 Votes"
SumanthMarigowda-MSFT answered SumanthMarigowda-MSFT edited

@PrabinBhusal-5638 Following up to see if the above suggestion was helpful. And, if you have any further query do let us know.
Just checking in to see if the above answer helped. If this answers your query, please don’t forget to "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

If the issue still persists, First, make sure that you have followed through all four steps to enable Azure Files AD Authentication.

Can you please cross verify: Have provide access to the Storage account (Storage Contributor role) and for file share( Storage File data SMB Share Contributor)

If your machine is not domain joined to an AD DS, you may still be able to leverage AD credentials for authentication if your machine has line of sight of the AD domain controller.

nslookup -type=SRV _kerberos._tcp.<ADDOMAINNAME>
It's important to use domain credentials from the Active Directory the storage account is joined to. As mentioned in https://serverfault.com/a/1025351/277487, the computer uses the domain information provided in these credentials to locate the domain controller.





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JonnathanP-1802 avatar image
0 Votes"
JonnathanP-1802 answered JonnathanP-1802 edited

No I don't think it is possible to map an AD integrated Azure Files share from a non-domain joined PC even when using domain credentials to map the drive.

It literally says in the document that @TKujala posted under troubleshooting: CheckDomainJoined: Validate that the client machine is domain joined to AD. If your machine is not domain joined to AD, please refer to this article for domain join instruction.

Thus they are forcing you to use a domain-joined PC it seems. It's stupid #workfromhomesince2020

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.