On-premises Windows Server to Azure file share

The end customer ABC* is a company that sells and pawns quality second hand goods. It has four locations in South Africa and all four locations has AD-DNS & GC servers. They are running on an on-premises Windows Server 2012 R2 & Windows Server 2016. ABC* wants to move their File Servers to cloud with Azure File Share. Also, ABC* has created a VM called Pastel on Azure portal with the same AD-DNS & GC role. All four sites interconnected with MPNL line and Azure VM connected with Azure VPN gateway with company’s firewall.

Technical Challenges

Multiple challenges were faced during the setup of Azure File Share:

It must have updated password update for Azure File Share to avoid “Access denied” issue while mounting Azure file share.

Built-in AD account did not sync with Azure AD (e.g administrator@domain.com)

To work around, we edited service object under Azure AD tool call Idfix tool, which syncs all built-in accounts to Azure AD if it is under selected OU on Azure AD Connect.User accounts are hybrid identity to mount Azure File Share.

Solution

A successful and seamless implementation and configuration of Azure File Share & On-Premises Authentication.

Following procedures were carried out for Azure File Share & On-Premises Authentication.

Enabled AD DS authentication on storage account follow by installed AzFilesHybrid module on AD server.

Assigned Share level permission for a share to the Azure Hybrid identity on Azure Portal.

Mounted Azure File Share on AD server with Storage Account key, followed by configured windows ACL(NTFS) permission over SMB for directories and files.