Introduction
Azure files share SMB Access with on-premises Windows AD authentication allows you to access file shares in Azure with NTFS access control. By default, that access won’t extend to an on-prem network over VPN or Express Route. In this article, I teach how to extend access to Azure Files share with Windows AD to an on-premises network using Private Endpoints.
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Prerequisites
- Active Directory Domain Services in On-prem
- On-prem to Azure connectivity via VPN S2S
- Azure storage account
- Azure Private Endpoint
Step 1
This is my domain controller from On-prem
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 2
Click here Create An Storage Account In Azure (c-sharpcorner.com) to create the storage account
Step 3
In your storage account create on a file share and make it SMB elevated contributor
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Implement a Private Endpoint for the azure storage account
Step 1
Select storage your account and create Private Endpoint Networking>Private endpoint connection
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 2
Following the appropriate steps.
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 3
In the resource tab Select file and Next.
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 4
Following the steps for the demo purpose, I have kept the private IP dynamic. If you want you can change it.
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 5
I'm going to use the default DNS name for the demo purpose.
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 6
Just review + create
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 7
Finally created my private endpoint successfully
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Note: When I try to resolve via name but still resolved by Public IP
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Implement DNS host record for storage account in DNS server
Step 1
Open the DNS server and Select Forward Lookup Zones
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 2
Click Next to create
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 3
Select zone and Next
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 4
Copy the privatelink.file.core.windows.net
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 5
Past on the Zone Name
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 6
Successfully created my Forward lookup zone
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 7
Create a New Host record on your private link zone
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 7
The host record name should be your storage account name in my case I shanukastorage and IP address which you created a private endpoint for storage. and Add Host
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 8
Successfully created my Host record.
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Step 9
Finally, my DNS Name resolution is working fine, and You can test via nslookup cmdlet
Successfully name resolved by private IP
![Implement an Azure Files SMB Access On-premises with Private Endpoints]()
Important
If you want to mount the azure file share drive to your domain-joined computer using AD credentials you can do it.
Conclusion
This article taught us how to Implement Azure file share with integrated on-prem AD authentication. And if you have any questions don't hesitate to get in touch with me.
Thanks.