Go Azure AD joined with on-prem DC and fileserver!

Wouldn’t be cool to migrate all your laptops and desktops to Azure AD, but still have your on-premise file server for the people that can’t say goodbye to their network drives?

Now it is possible! Azure is supporting out of the box, Azure AD domain joined devices to connect with their on-premise domain joined counterparts with credentials (Kerberos) to the good old file and print server!

Requirements

To be able to set this up, you will still need a traditional domain controller with a file/print server. On top of that you will need to synchronize the identities to Azure AD. Make sure that you enable password sync, and start joining the devices to Azure AD.

One other important thing, your device needs to be Windows 10 1607 or higher! Older versions of Windows 10 do not support the Kerberos authentication.

If you now want to map a network drive with the existing NTFS permissions, just map the drive, and start using like you used to do before!

3 Replies to “Go Azure AD joined with on-prem DC and fileserver!”

  1. does it requires the azure ad joined devices to connect (pingable) to the same network as the domain-joined file server in order to map drives?

    or the azure ad joined devices can just connect to the internet and it will be able to map drive in domain-joined file server?

    1. Hi Jeffrey,

      There is a working network connection required to map the drive (address reachable on port 445). So if you want to connect to a local fileserver from the internet, it needs access on a public IP, or use VPN. Without connectivity it will not map.

      Cor

Leave a Reply

Your email address will not be published. Required fields are marked *