AD Computer Account for AD DS Enabled Azure Storage file share has been deleted

Apurva Pathak 380 Reputation points
2024-06-11T16:25:10.0066667+00:00

Hi folks,

We have created AD DS AuthN enable Azure Storage File shares, but it seems that somehow the computer object entry for the storage account has been deleted from our On-Prem AD and now it is inaccessible.

Is there any way to recover it? We tried recreating the account, but it fails as object already exists error.

Thanks in advance!

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,217 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,894 questions
0 comments No comments
{count} votes

Accepted answer
  1. Anand Prakash Yadav 7,780 Reputation points Microsoft Vendor
    2024-06-12T10:47:57.6+00:00

    Hello Apurva Pathak,

    Thank you for posting your query here!

    If the AD DS computer account for your Azure Storage File share cannot be recovered, you can try the following steps to restore access: Since you mentioned that recreating the account with the same name fails due to an "object already exists" error, you can try creating a new computer account with a slightly different name in AD DS. Update the Azure Storage File share configuration to use this new computer account.

    If the original computer account object still exists in a corrupted or orphaned state, you may need to clean it up manually. This can involve removing the remnants of the old object from AD DS.

    After creating a new computer account, re-establish the trust relationship between your on-premises AD DS and the Azure Storage File share. This involves updating the Azure Storage configuration to point to the new computer account and ensuring that the necessary permissions and configurations are applied.

    Also, ensure that the new computer account has the necessary permissions in AD DS and on the Azure Storage File share.

    Note: Consider enabling the AD DS Recycle Bin if it is not already enabled. This feature allows for easier recovery of deleted objects in the future.

    Do let us know if you have any further queries. I’m happy to assist you further.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Marcin Policht 17,675 Reputation points MVP
    2024-06-11T17:49:29.78+00:00

    If you don't have AD DS Recycle Bin enabled, then try recovering the computer object by following https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/retore-deleted-accounts-and-groups-in-ad


    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin


  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more