question

DarrellMee-0052 avatar image
0 Votes"
DarrellMee-0052 asked SaiKishor-MSFT answered

Azure File Sync and SMB access

We are using Azure File sync and have a server on-premises acting as an endpoint. This endpoint was our original File Server and has lots of granular NTFS permissions for users. The whole setup works great as the end users had no idea i started tiering files to Azure.

In the future we want to move away from this on-premises endpoint and have people connect directly to the File Share over SMB3.

My question is when I enable on-premises AD DS Authentication (I'm going to use on-premises AD as it's synced to Azure) to the share, will this have any affect on the existing permissions within the endpoint? I want to enable this and slowly move people over so there will be a time where some are directly connecting over SMB3 and others still using the endpoint. I understand I will need to configure permissions at the Azure end with a domain joined device that has the share connected via the pre shared key using properties of the file(s)\folder(s) but what do i need to be aware of regarding people accessing the files via the endpoint? Will things break for them at all?

I can't seem to find any documentation on what will happen when I enable it.

azure-files
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SaiKishor-MSFT avatar image SaiKishor-MSFT ·

@DarrellMee-0052 We apologize for any inconvenience while we are working on this issue. Thank you!

0 Votes 0 ·

1 Answer

SaiKishor-MSFT avatar image
0 Votes"
SaiKishor-MSFT answered

@DarrellMee-0052 Thank you for reaching out to Microsoft Q&A. I understand that you are having questions regarding on-premise AD DS for Azure File Storage.

Answering your questions below:

  • When I enable on-premises AD DS Authentication (I'm going to use on-premises AD as it's synced to Azure) to the share, will this have any affect on the existing permissions within the endpoint?

When you enable AD DS for Azure file shares over SMB, your AD DS-joined machines can mount Azure file shares using your existing AD DS credentials. This capability can be enabled with an AD DS environment hosted either in on-prem machines or hosted in Azure. Other than this, it shouldn't really have any other effect on the endpoint.

  • What do I need to be aware of regarding people accessing the files via the endpoint? Will things break for them at all?

I would suggest you to go through this document that further discussed AD DS with File Storage in detail: On-premises Active Directory Domain Services authentication over SMB for Azure file shares

Hope this helps. Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

Remember:

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Want a reminder to come back and check responses? Here is how to subscribe to a notification.



5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.