如何检查 azure 存储帐户是否已加入域？ 因为需要从帐户访问文件共享作为加入域的 VM 的共享路径

Question

I am not sure weather azure storage account is domain joined or not. I want to access files from the azure file share storage as shared path without mounting this file share.

Answer 1

• You can check if the storage account is domain joined or not by checking the on-premises ADDS environment for a computer account or a service logon account with User Principal Name/Service Principal Name as 'cifs/your-storage-account-name-here.file.core.windows.net' . For this purpose, you should have 'ADUser.Read' permissions on the Active Directory environment or you should logon to the AD Users and Computers console with the ID who is a member of 'Domain Members' group .

• If you have 'Contributor' role access to Azure resources in your tenant, execute the below command in Azure cloud powershell to know detailed information regarding the storage account authentication with Active Directory . If the storage account is domain joined to an ADDS environment, then it will display accordingly : -

 Debug-AzStorageAccountAuth -StorageAccountName $StorageAccountName -ResourceGroupName $ResourceGroupName -Verbose

Also, to know whether the Azure files authentication for on-premises identities is enabled or not , kindly refer to the below documentation link. It describes a powershell script which shows the Active Directory service options for files share in your storage account : -

https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable#confirm-the-feature-is-enabled

Answer 2

Account is domain joined or not, can be checked from the Azure file share itself when we click the connect button it show authentication method as active directory enabled. and also we can check it from the overview of the account also.