Important: Make sure your storage account name is no longer than 15 characters!
STEP 2: Select from where you want to allow access to the share. As this share is only working with an active connection to a domain controller, it might make sense to only allow office locations. For this demo we allowed all, as I am using Always-On VPN with split tunneling, I need it to work from any location.
STEP 3: Make sure Secure transfer is required is set to Enabled. Leave the rest to default.
STEP 4: Last, review your configuration and press create
STEP 5: Once deployed, go to your newly create resource by clicking on Go to resource.
STEP 6: Next create a new File share, for the demo we call it shareddrive
Note: We need to run these commands from a computer/server that is part – joined to the Active Directory (AD) domain. It takes over the rights from the user that is logged which is running the PowerShell session so the user needs to have the domain administrator / delegated rights for that in place. It does not have to be a domain controller, but the command is using the ActiveDirectory PoSH module, so running it from a domain controller could be easier.
Note: The OU (friendly) name (not DN) is where the computer account to provide the LDAP connect is stored in. Make sure that the permissions on the OU level are correct. You can leave this empty – the computer account will then be created in the Root directly under your domain (not the computers OU).
STEP 12: Now we run the following command, get the information from step 4
STEP 13: Let’s review the status of the activation, you should see a screen that looks like below with your domain name to it.
STEP 14: Now it is time to grant access to AD joined people to the share. This is simular to the Share feature in Windows.
There are 3 roles to provision:
Storage File Data SMB Share Elevated Contributor (Full Access)
Storage File Data SMB Share Contributor (Read + Write)
Storage File Data SMB Share Reader (Read)
Make sure to grant your admin account that will set NTFS permissions the role for Elevated contributor.
STEP 15: Map and test the share. I’ve created 2 folders with different NTFS permissions. Although it might be obvious, make sure that there is an active connection with a domain controller, and test and map the drive on a domain joined machine.