This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 10%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Receiving the following error when using an identity connection to a smb file storage from a domain laptop. "New-PSDrive : The specified network password is not correct" The connection to the smb share works fine using the storage account and key. New-PSDrive command is a follows. New-PSDrive -Name Z -PSProvider FileSystem -Root "\mystoragetest.file.core.windows.net\myshare" -Persist -Credential $credGetCredentials Here's what has been reviewed and verified. - Port 445 communication is working. - Azure AD DS says it's healthy. - On premise AD DS is synchronizing passwords to Azure AD. - SMB share permissions have been added for the users. - NTFS permissions have been set for users. (This was done while using the storage account to connect the share) - Passed credentials to New-PSDrive using UPN but still receive the error. What are we missing? What log can we look at in Azure to see a connection failure?
Had the same thing recently and it was due to the Synchronization setting on the AAD DS. It has to be set to ALL not Scoped.
It's mentioned in the first note on this article.
Hope this is somewhat useful and good luck!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 91%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
@Alex Harvey , where do you change the setting?
It's under the Synchronization settings menu for Azure AD Domain Services. You can then change the scope from 'Scoped' to 'All'.
One other thing I have found that gives the same experience is that you need to allow the RC4 cypher. If you have deployed CIS benchmarks Level 1 for AD in the domain it will disable RC4 and cause this issue too. It is noted here https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 26%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Same issue but we have our AAD DS set to All and the RC4 is allowed as well. Not sure what else to do at this point?
@Alex Harvey , In working with Microsoft the computer mounting the smb file share had to be a member of the AAD DS. We were trying to connect to a computer connected to our internal hybrid domain. If we missed something, let me know. Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 50%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hey - did you manage to get this solved?
At the time you needed accounts in AAD DS to use user based authentication without a computer account. I'm not sure if something has changed since, but that was the case at the time. Since our environment was ADS we used the computer account option and connected the smb file share to DFS.