how to check if the azure storage account is domain joined? because need to access files share from the account as shared path from domain joined VM

Question

I am not sure weather azure storage account is domain joined or not. I want to access files from the azure file share storage as shared path without mounting this file share.

Answer 1

• You can check if the storage account is domain joined or not by checking the on-premises ADDS environment for a computer account or a service logon account with User Principal Name/Service Principal Name as ‘cifs/your-storage-account-name-here.file.core.windows.net’. For this purpose, you should have ‘ADUser.Read’ permissions on the Active Directory environment or you should logon to the AD Users and Computers console with the ID who is a member of ‘Domain Members’ group.

• If you have ‘Contributor’ role access to Azure resources in your tenant, execute the below command in Azure cloud powershell to know detailed information regarding the storage account authentication with Active Directory. If the storage account is domain joined to an ADDS environment, then it will display accordingly: -

 Debug-AzStorageAccountAuth -StorageAccountName $StorageAccountName -ResourceGroupName $ResourceGroupName -Verbose

Also, to know whether the Azure files authentication for on-premises identities is enabled or not, kindly refer to the below documentation link. It describes a powershell script which shows the Active Directory service options for files share in your storage account: -

https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable#confirm-the-feature-is-enabled

Answer 2

Account is domain joined or not, can be checked from the Azure file share itself when we click the connect button it show authentication method as active directory enabled. and also we can check it from the overview of the account also.