SMB FAQs for Azure NetApp Files
This article answers frequently asked questions (FAQs) about the SMB protocol of Azure NetApp Files.
Which SMB versions are supported by Azure NetApp Files?
Azure NetApp Files supports SMB 2.1 and SMB 3.1 (which includes support for SMB 3.0).
Does Azure NetApp Files support access to ‘offline files’ on SMB volumes?
Azure NetApp Files supports 'manual' offline files, allowing users on Windows clients to manually select files to be cached locally.
Is an Active Directory connection required for SMB access?
Yes, you must create an Active Directory connection before deploying an SMB volume. The specified Domain Controllers must be accessible by the delegated subnet of Azure NetApp Files for a successful connection. See Create an SMB volume for details.
How many Active Directory connections are supported?
You can configure only one Active Directory (AD) connection per subscription and per region. See Requirements for Active Directory connections for additional information.
However, you can map multiple NetApp accounts that are under the same subscription and same region to a common AD server created in one of the NetApp accounts. See Map multiple NetApp accounts in the same subscription and region to an AD connection.
Does Azure NetApp Files support Microsoft Entra ID?
Both Microsoft Entra Domain Services and Active Directory Domain Services (AD DS) are supported. You can use existing Active Directory domain controllers with Azure NetApp Files. Domain controllers can reside in Azure as virtual machines, or on premises via ExpressRoute or S2S VPN. Azure NetApp Files doesn't support AD join for Microsoft Entra ID at this time. However, you can use Microsoft Entra ID with hybrid identities to Access SMB volumes from Microsoft Entra joined Windows virtual machines.
If you're using Azure NetApp Files with Microsoft Entra Domain Services, the organizational unit path is
OU=AADDC Computers when you configure Active Directory for your NetApp account.
How do the Netlogon protocol changes in the April 2023 Windows Update affect Azure NetApp Files?
The Windows April 2023 updated included a patch for Netlogon protocol changes, which were not enforced at release.
The upgrades to the Azure NetApp File storage resource have been completed. The enforcement of setting
RequireSeal value to 2 will occur by default with the June 2023 Azure update. No action is required regarding the June 13 enforcement phase.
For more information about this update, see KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023.
What versions of Windows Server Active Directory are supported?
Azure NetApp Files supports Windows Server 2012-2022 versions of Active Directory Domain Services.
I’m having issues connecting to my SMB share. What should I do?
As a best practice, set the maximum tolerance for computer clock synchronization to five minutes. For more information, see Maximum tolerance for computer clock synchronization.
Can I manage
Open Files through Microsoft Management Console (MMC)?
Azure NetApp Files supports modifying
SMB Shares by using MMC. However, modifying share properties has significant risk. If the users or groups assigned to the share properties are removed from the Active Directory, or if the permissions for the share become unusable, then the entire share will become inaccessible.
Azure NetApp Files doesn't support using MMC to manage
How can I obtain the IP address of an SMB volume via the portal?
Use the JSON View link on the volume overview pane, and look for the startIp identifier under properties > mountTargets.
Can an Azure NetApp Files SMB share act as a DFS Namespace (DFS-N) root?
No. However, Azure NetApp Files SMB shares can serve as a DFS Namespace (DFS-N) folder target.
To use an Azure NetApp Files SMB share as a DFS-N folder target, provide the Universal Naming Convention (UNC) mount path of the Azure NetApp Files SMB share by using the DFS Add Folder Target procedure.
Also refer to Use DFS-N and DFS Root Consolidation with Azure NetApp Files.
Can the SMB share permissions be changed?
Azure NetApp Files supports modifying
SMB Shares by using Microsoft Management Console (MMC). However, modifying share properties has significant risk. If the users or groups assigned to the share properties are removed from the Active Directory, or if the permissions for the share become unusable, then the entire share will become inaccessible.
See Modify SMB share permissions for more information on this procedure.
Azure NetApp Files also supports access-based enumeration and non-browsable shares on SMB and dual-protocol volumes. You can enable these features during or after the creation of an SMB or dual-protocol volume.
Can I change the SMB share name after the SMB volume has been created?
No. However, you can create a new SMB volume with the new share name from a snapshot of the SMB volume with the old share name.
Alternatively, you can use Windows Server DFS Namespace where a DFS Namespace with the new share name can point to the Azure NetApp Files SMB volume with the old share name.
Does Azure NetApp Files support SMB change notification and file locking?
Azure NetApp Files also supports breaking file locks.
To learn more about file locking in Azure NetApp Files, see file locking.
What network authentication methods are supported for SMB volumes in Azure NetApp Files?
NTLMv2 and Kerberos network authentication methods are supported with SMB volumes in Azure NetApp Files. NTLMv1 and LanManager are disabled and are not supported.
What is the password rotation policy for the Active Directory computer account for SMB volumes?
The Azure NetApp Files service has a policy that automatically updates the password on the Active Directory computer account that is created for SMB volumes. This policy has the following properties:
- Schedule interval: 4 weeks
- Schedule randomization period: 120 minutes
- Schedule: Sunday
To see when the password was last updated on the Azure NetApp Files SMB computer account, check the
pwdLastSet property on the computer account using the Attribute Editor in the Active Directory Users and Computers utility:
Due to an interoperability issue with the April 2022 Monthly Windows Update, the policy that automatically updates the Active Directory computer account password for SMB volumes has been suspended until a fix is deployed.
Does Azure NetApp Files support Alternate Data Streams (ADS)?
Yes, Azure NetApp Files supports Alternate Data Streams (ADS) by default on SMB volumes and dual-protocol volumes configured with NTFS security style when accessed via SMB.
What are SMB/CIFS
oplocks and are they enabled on Azure NetApp Files volumes?
SMB/CIFS oplocks (opportunistic locks) enable the redirector on a SMB/CIFS client in certain file-sharing scenarios to perform client-side caching of read-ahead, write-behind, and lock information. A client can then work with a file (read or write it) without regularly reminding the server that it needs access to the file. This improves performance by reducing network traffic. SMB/CIFS oplocks are enabled on Azure NetApp Files SMB and dual-protocol volumes.