1

Long time reader. First time poster!

Im a sysadmin at a small company. We utilize Azure + Office 365 and use a cloud-first approach. All Windows 10 PCs are Azure AD joined (we have no local AD).

We have a Windows Server 2016 running a file share on-premises. I have setup Azure Active Directory Domain Services (AAD DS) and joined this server to AAD DS. This enables me to assign cloud users on file shares.

My problem is that users cannot use single-sign-on (SSO) to access this network share. They have to re-type the username and password (and save it in Credential Manager to persist) when accessing the network drive. It appears that no kerberos ticket is given by Azure AD to the windows 10 PCs.

How can i solve this? I want users to simply type \\server\share and avoid typing user/password.

Is it really not possible to use Azure AD today without a local AD and get a good SSO-experience to local file shares?

Thanks!

northwester
  • 11
  • 2
  • Do the file shares need to be local? Azure files with AAD DS has functionality to assign AAD users rights to files – Sam Cogan Apr 13 '19 at 16:23
  • 1
    We use the file share for our developers/production. They sometimes produce large amounts of data. For this reason a local file server made more sense (Most of our business data is located in OneDrive for business) To me its odd that no one else has this problem. Is it that odd to have a local file server but relying fully on Azure AD? – northwester Apr 15 '19 at 07:37
  • Azure AD DS would allow you to do this, but it assumes that clients are joined to the same AAD DS domain, not use AAD connect. – Sam Cogan Apr 19 '19 at 20:16
  • Ok, but its not possible to Azure AD join Windows Server 2016. That requires AAD Domain Services (https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-join-windows-vm-portal). And this in turn "breaks" file shares located on the server. But there seems to be no solution to this so i will have to find a workaround. – northwester Apr 24 '19 at 08:50

0 Answers0