This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 99%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
hi
I am having a problem.
I am trying to follow the link below
The documentation says "AD DS identities used for Azure Files on-premises AD DS authentication must be synchronized to Azure AD or use a default share-level permission. Password hash synchronization is optional."
I was wondering if my understanding of this is correct.
I think I can use "use a default share-level permission" if I don't sync on-premises AD DS to Azure AD.
However, the diagram in the image in the link below shows "Sync AD to Azure AD with Azure AD Connect" as a prerequisite.
I was wondering if it is possible to connect to an Azure file share without "Sync AD to Azure AD with Azure AD Connect" if I use the "default share-level permission" with just the on-premises AD user on a virtual machine joined to the on-premises AD DS.
Thanks for reading and have a great day.
@romero , Just checking in to see if the above answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
@romero , Just checking in to see if the below answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 0%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Hi @romero , answer to your question: Yes.
"Assigning a default share-level permission allows you to work around the sync requirement because you don't need to specify the permission to identities in Azure AD." from first bullet point of this document.
Follow this step-by-step to set default share-level permission.
Please let me know if you have issues. Thank you.
