Go Azure AD joined with on-prem DC and fileserver!
Wouldn’t be cool to migrate all your laptops and desktops to Azure AD, but still have your on-premise file server for the people that can’t say goodbye to their network drives?
Now it is possible! Azure is supporting out of the box, Azure AD domain joined devices to connect with their on-premise domain joined counterparts with credentials (Kerberos) to the good old file and print server!
To be able to set this up, you will still need a traditional domain controller with a file/print server. On top of that you will need to synchronize the identities to Azure AD. Make sure that you enable password sync, and start joining the devices to Azure AD.
One other important thing, your device needs to be Windows 10 1607 or higher! Older versions of Windows 10 do not support the Kerberos authentication.
If you now want to map a network drive with the existing NTFS permissions, just map the drive, and start using like you used to do before!
About The Author
Cor den Boer
There is a working network connection required to map the drive (address reachable on port 445). So if you want to connect to a local fileserver from the internet, it needs access on a public IP, or use VPN. Without connectivity it will not map.
I think you might mis a few configurations steps, please use the following documentation to solve your problem: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base
We have tested migration from Hybrid Azure Ad joined device to Azure AD joined device. We then connected to the VPN but we are still not able to access file server on Azure AD joined device.
1. Identities are in sync from AD to Azure AD via Azure AD Connect
2. password sync in place
How do we do this ” map a network drive with the existing NTFS permissions” so that we can access file server on Azure AD joine ddeviceReply
Please verify that in Active Directory the attribute msDS-KeyCredentialLink exists and contains a value. If it doesn’t exist, or isn’t populated, double check your AD Connect setup.
I need your advise on below:
How do we map a network drive with the existing NTFS permissions so that users can access file servers on azure ad joined devices.
We are not able to access at the moment though identities and password are in sync and devices are being migrated from hybrid azure join to Azure AD join.
There are some user profiles that are not local and they are redirected profiles.
does it requires the azure ad joined devices to connect (pingable) to the same network as the domain-joined file server in order to map drives?
or the azure ad joined devices can just connect to the internet and it will be able to map drive in domain-joined file server?