Share via

Unable to implment ACL on Azure File Share because of non-routable domain (.local)

Syed Salman Jawaid Najmi 1 Reputation point
2022-12-11T10:54:59.343+00:00

I have a domain controller that has non routable domain like example.local, I have added an alternative UPN Suffix that is example.com. Synchronized the AD using Azure AD Connect and have domain joined the Azure File Share.

After implementation I am unnable to access the Azure File Share using example.com ID and getting the following error.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Error-specific details:
Error: DfsMapCacheAdd(Domain), 0x8007054b, The specified domain either does not exist or could not be contacted.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,420 questions
Azure Storage
Azure Storage
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,529 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
968 questions
Windows for business Windows Client for IT Pros Directory services Active Directory
Windows for business Windows Server Devices and deployment Configure application groups
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Manu Philip 20,206 Reputation points MVP Volunteer Moderator
    2022-12-11T13:19:01.787+00:00

    I guess, you can set the azure file ACL by the following cmdlets and no need to go for setting up an alternative UPN Suffix. After applying the ACL changes try to mount the file and see if it helps 

    $Guid = (Get-ADDomain -Identity "adname").ObjectGuid.Guid  
$Sid = (Get-ADDomain -Identity "adname").DomainSID.Value  
$StgaccountSid = (Get-ADComputer -Identity "ADComputerName").SID.Value  
$Params = @{  
    ResourceGroupName = "RGName"  
    Name = "azurefilename"  
    EnableActiveDirectoryDomainServicesForFile = $true  
    ActiveDirectoryDomainName = "adname.local"  
    ActiveDirectoryNetBiosDomainName = "adname"  
    ActiveDirectoryForestName = "adname"  
    ActiveDirectoryDomainGuid = $Guid  
    ActiveDirectoryDomainsid = $Sid  
    ActiveDirectoryAzureStorageSid = $StgaccountSid  
}  
Set-AzStorageAccount $Params

    ----------

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments
  2. Syed Salman Jawaid Najmi 1 Reputation point
    2022-12-11T21:44:36.997+00:00

    I am getting this error.

    Get-ADComputer : Cannot find an object with identity: "azurefilename" under: 'DC=adname,DC=local'.

  3. Syed Salman Jawaid Najmi 1 Reputation point
    2022-12-13T19:24:37.537+00:00

    @Manu Philip thank you for your response, but these commands did not resolve the issue.

    The issue was because I domain joined the Azure File Share with .local domain and was trying to access the Azure File Share with the .com ID.

    Following are the action items that resolved the issue.

    1. On-prem AD had forest with name adname.local
    2. Added alternative UPN Suffix with adname.com
    3. Configured AD Connect to sync on-prem users to Azure AD.
    4. Logged in to windows 10 machine using ID name.com
    5. Domain joined Azure File Share using this link https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable
    6. Migrated data from on-prem File Server to Azure File Share using RoboCopy because Azure File Sync was not supported to the OS of on-prem File Server.
    7. ACLs were transferred to Azure File Share.
    8. ACLs were working when logging in to Azure File Share using on-prem AD credentials.

    Thank you.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.