Go Azure AD joined with on-prem DC and fileserver!
Wouldn’t be cool to migrate all your laptops and desktops to Azure AD, but still have your on-premise file server for the people that can’t say goodbye to their network drives?
Now it is possible! Azure is supporting out of the box, Azure AD domain joined devices to connect with their on-premise domain joined counterparts with credentials (Kerberos) to the good old file and print server!
Requirements
To be able to set this up, you will still need a traditional domain controller with a file/print server. On top of that you will need to synchronize the identities to Azure AD. Make sure that you enable password sync, and start joining the devices to Azure AD.
One other important thing, your device needs to be Windows 10 1607 or higher! Older versions of Windows 10 do not support the Kerberos authentication.
If you now want to map a network drive with the existing NTFS permissions, just map the drive, and start using like you used to do before!
does it requires the azure ad joined devices to connect (pingable) to the same network as the domain-joined file server in order to map drives?
or the azure ad joined devices can just connect to the internet and it will be able to map drive in domain-joined file server?
Hi Jeffrey,
There is a working network connection required to map the drive (address reachable on port 445). So if you want to connect to a local fileserver from the internet, it needs access on a public IP, or use VPN. Without connectivity it will not map.
Cor
Hi,
what about the hello4bussines prompt that kicks in when accessing the local shares.
Hi Mark,
I think you might mis a few configurations steps, please use the following documentation to solve your problem: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base
Cor
Hi Cor,
We have tested migration from Hybrid Azure Ad joined device to Azure AD joined device. We then connected to the VPN but we are still not able to access file server on Azure AD joined device.
Following exists
1. Identities are in sync from AD to Azure AD via Azure AD Connect
2. password sync in place
How do we do this ” map a network drive with the existing NTFS permissions” so that we can access file server on Azure AD joine ddevice
Hi Swati,
Please verify that in Active Directory the attribute msDS-KeyCredentialLink exists and contains a value. If it doesn’t exist, or isn’t populated, double check your AD Connect setup.
Cor
Hi Cor,
I need your advise on below:
How do we map a network drive with the existing NTFS permissions so that users can access file servers on azure ad joined devices.
We are not able to access at the moment though identities and password are in sync and devices are being migrated from hybrid azure join to Azure AD join.
There are some user profiles that are not local and they are redirected profiles.