question

AegisOffice365Admin-5876 avatar image
0 Votes"
AegisOffice365Admin-5876 asked SumanthMarigowda-MSFT commented

Azure Storage NTFS permissions - Can't add Azure users to NTFS permissions

Spoke to azure support. Was told the issue I am having with mapping the drive is due to IAM role and NTFS permissions not being assigned

When mapping I am getting "The Network Resource Type is not correct. " as the error using the default generated powershell script from file shares

When I map with a key I can see the drive in file explorer.

When mapped with a key if I try and goto edit the NTFS permissions I can't add any Azure AD users. It seems to be that it can't see our azure Ad domain

In configuration I have Identity-based access for file shares Azure Active Directory Domain Services (Azure AD DS) - Enabled

We have Azure Active Directory Services running in Azure

The laptop being tested is added to azure ad but not connected to a domain (because it is connect to an Azure domain)

I am trying this from the global admin account only currently. In IAM it has the Owner role.

Any help would be great. Still having the issue but can connect from domain joined vm's now just not from azure domain joined machines

azure-storage-accountsazure-blob-storage
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SumanthMarigowda-MSFT avatar image
0 Votes"
SumanthMarigowda-MSFT answered SumanthMarigowda-MSFT commented

@AegisOffice365Admin-5876 Firstly apologies for delay in responding here!

For better understanding the issue: Have you Add a role assignment(still add the roles): In the Add role assignment blade, select the appropriate built-in role (Storage File Data SMB Share Reader, Storage File Data SMB Share Contributor) from the Role list. Leave Assign access to at the default setting: Azure AD user, group, or service principal. Select the target Azure AD identity by name or email address. Select Save to complete the role assignment operation.

Can you please cross-verify Prerequisites

Can you share the screenshot of the error message?


Azure Files is to be compatible with existing file shares, inclusive of how you set ACLs on files and folders. You can simply type the UNC path (\\storageaccount.file.core.windows.net\share) into File Explorer and set the ACLs

If you wants to set ACLs without every touching SMB, they can use the REST API (directly or through their preferred language SDK) to set permissions using CreateFile, SetFileProperties, CreatePermission, and GetPermission. This is not a trivial task to build an application or script that can set an API this way, but it’s possible, and we do it in File Sync this way.

Additional information: Refer here how RBAC works

Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.


Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.