It is a common use case to integrate your on-prem AD DS with your Azure Storage File Shares. This post summarize the necessary steps to simplify the procedures from Microsoft documentation in the following:
 Follow the steps below to set up Azure Files for AD DS Authentication:
-
Part one: enable AD DS authentication on your storage account
-
Part three: configure Windows ACLs over SMB for directories and files
-
Part four: mount an Azure file share to a VM joined to your AD DS
-
Update the password of your storage account identity in AD DS
The following diagram illustrates the end-to-end workflow for enabling Azure AD authentication over SMB for Azure file shares.
Table of Contents
My Lab Diagram
Pre-requisites
1Â AD DS environment is ready and sync it to Azure AD with Azure AD Connect.
2Â Azure storage account and file share created.
3Â Network connection is ready for your client machine, which means it can reach out to your Local AD DC and reach out to your Azure File Share (port 445). If not, you might need two VPNs, one vpn to local AD DC, and one vpn to Azure File Share (Private End Point)
Quick Steps
1Â Download and unzip the AzFilesHybrid module (GA module: v0.2.0+)Â
For example, unzip it to c:\temp\azure folder
2Â Install and execute the module. It will take a while to done during installing packages:Â
Import-Module -Name AzFilesHybrid
3Â Connect to Azure Account
Connect-AzAccount
4Â Run Join-AzStorageAccount Powershell commandÂ
    -ResourceGroupName rg-FileShare-Test-EastUs-1 `
     -StorageAccountName netsecfs `
    -DomainAccountType ComputerAccount `
    -OrganizationalUnitDistinguishedName âOU=StorageAccounts,DC=51sec,DC=corpâ
PS C:\Windows\system32> cd C:\temp\jy\
PS C:\temp\jy> cd .\AzFilesHybrid\
PS C:\temp\jy\AzFilesHybrid>Â Import-Module -Name AzFilesHybrid
Security warning
Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your
computer. If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning
message. Do you want to run C:\Users\jon\Documents\WindowsPowerShell\Modules\AzFilesHybrid\0.2.4.0\AzFilesHybrid.psm1?
[D] Do not run [R] Run once [S] Suspend [?] Help (default is âDâ): R
Install Azure PowerShell modules
This module requires Azure PowerShell (âAzâ module) 2.8.0+ and Az.Storage 3.7.0+. This can be installed now if you are
running as an administrator.
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is âYâ): A
PS C:\temp\jy\AzFilesHybrid>
PS C:\temp\jy\AzFilesHybrid>
PS C:\temp\jy\AzFilesHybrid>
PS C:\temp\jy\AzFilesHybrid>
PS C:\temp\jy\AzFilesHybrid>Â Connect-AzAccount
Account        SubscriptionName TenantId               Environment
ââ-        âââââ- âââ               ââââ
[email protected] Pay-As-You-Go  00771de-ce1-4f6-bc3-b9fecde7b AzureCloud
PS C:\temp\jy\AzFilesHybrid>Â Join-AzStorageAccount `
>>Â Â Â Â Â -ResourceGroupName rg-FileShare-Test-EastUs-1 `
>>Â Â Â Â Â -StorageAccountName netsecfs `
>>Â Â Â Â Â -DomainAccountType ComputerAccount `
>>Â Â Â Â Â -OrganizationalUnitDistinguishedName âOU=StorageAccounts,DC=corp,DC=51sec,DC=orgâ
StorageAccountName ResourceGroupName     PrimaryLocation SkuName    Kind   AccessTier CreationTime
ââââââ ââââââ     âââââ ââ-    â-   âââ- ââââ
netsecfileshares   rg-fileshare-test-eastus-1 eastus     Standard_RAGRS StorageV2 Hot    3/26/2022 11:20:55 PM
PS C:\temp\jy\AzFilesHybrid>
PS C:\temp\jy\AzFilesHybrid>
PS C:\temp\jy\AzFilesHybrid>
PS C:\temp\jy\AzFilesHybrid>
PS C:\temp\jy\AzFilesHybrid> Debug-AzStorageAccountAuth -StorageAccountName netsecfileshares -ResourceGroupName rg-FileShar
e-Test-EastUs-1 -Verbose
VERBOSE: CheckPort445Connectivity â START
VERBOSE: Found storage Account ânetsecfilesharesâ in Resource Group ârg-FileShare-Test-EastUs-1â
VERBOSE: Executing âTest-NetConnection -ComputerName netsecfileshares.file.core.windows.net -Port 445â
VERBOSE: CheckPort445Connectivity â SUCCESS
VERBOSE: CheckDomainJoined â START
VERBOSE: Perform operation âEnumerate CimInstancesâ with following parameters, ânamespaceNameâ =
root\cimv2,âclassNameâ = win32_computersystemâ.
VERBOSE: Operation âEnumerate CimInstancesâ complete.
VERBOSE: Session is running in a domain-joined environment.
VERBOSE: CheckDomainJoined â SUCCESS
VERBOSE: CheckADObject â START
VERBOSE: Perform operation âEnumerate CimInstancesâ with following parameters, ânamespaceNameâ =
root\cimv2,âclassNameâ = win32_computersystemâ.
VERBOSE: Operation âEnumerate CimInstancesâ complete.
VERBOSE: Session is running in a domain-joined environment.
VERBOSE: Found storage Account ânetsecfilesharesâ in Resource Group ârg-FileShare-Test-EastUs-1â
VERBOSE: Looking for an object with SID âS-1-5-21-2488401269-1895120637-1421044794-10609â in domain
âcorp.netsec.comâ for storage account ânetsecfilesharesâ
VERBOSE: Found AD object: CN=netsecfileshares,OU=StorageAccountsOU,DC=corp,DC=netseccoustics,DC=com of class computer.
VERBOSE: Found storage Account ânetsecfilesharesâ in Resource Group ârg-FileShare-Test-EastUs-1â
VERBOSE: Generated service principal name of cifs/netsecfileshares.file.core.windows.net
VERBOSE: CheckADObject â SUCCESS
VERBOSE: CheckGetKerberosTicket â START
VERBOSE: Found storage Account ânetsecfilesharesâ in Resource Group ârg-FileShare-Test-EastUs-1â
VERBOSE: Generated service principal name of cifs/netsecfileshares.file.core.windows.net
VERBOSE: Running command âklist.exe get cifs/netsecfileshares.file.core.windows.netâ
VERBOSE:
VERBOSE: Current LogonId is 0:0xb90872
VERBOSE: A ticket to cifs/netsecfileshares.file.core.windows.net has been retrieved successfully.
VERBOSE:
VERBOSE: Cached Tickets: (2)
VERBOSE:
VERBOSE: #0> Client: jon @ CORP.netsec.com
VERBOSE:Â Server: krbtgt/CORP.netsec.com @ CORP.netsec.com
VERBOSE:Â KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
VERBOSE:Â Ticket Flags 0x40e10000 -> forwardable renewable initial pre_authent name_canonicalize
VERBOSE:Â Start Time: 3/26/2022 19:25:37 (local)
VERBOSE:Â End Time:Â Â 3/27/2022 5:25:37 (local)
VERBOSE:Â Renew Time: 4/2/2022 19:25:37 (local)
VERBOSE:Â Session Key Type: AES-256-CTS-HMAC-SHA1-96
VERBOSE:Â Cache Flags: 0x1 -> PRIMARY
VERBOSE:Â Kdc Called: netsecDC04
VERBOSE:
VERBOSE: #1> Client: jon @ CORP.netsec.com
VERBOSE:Â Server: cifs/netsecfileshares.file.core.windows.net @ CORP.netsec.com
VERBOSE:Â KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
VERBOSE:Â Ticket Flags 0x40a10000 -> forwardable renewable pre_authent name_canonicalize
VERBOSE:Â Start Time: 3/26/2022 19:25:37 (local)
VERBOSE:Â End Time:Â Â 3/27/2022 5:25:37 (local)
VERBOSE:Â Renew Time: 4/2/2022 19:25:37 (local)
VERBOSE:Â Session Key Type: RSADSI RC4-HMAC(NT)
VERBOSE:Â Cache Flags: 0
VERBOSE:Â Kdc Called: netsecDC04
VERBOSE: Azure Files Kerberos Ticket Health Check Summary:
VERBOSE: 1 Kerberos service tickets to Azure storage accounts were detected.
VERBOSE: Ticket #1 : Healthy
VERBOSE:
Client           : jon @ CORP.netsec.com
Server           : cifs/netsecfileshares.file.core.windows.net @ CORP.netsec.com
KerbTicket Encryption Type : RSADSI RC4-HMAC(NT)
Ticket Flags        : 0x40a10000 -> forwardable renewable pre_authent name_canonicalize
Start Time         : 3/26/2022 19:25:37 (local)
End Time          : 3/27/2022 5:25:37 (local)
Renew Time         : 4/2/2022 19:25:37 (local)
Session Key Type      : RSADSI RC4-HMAC(NT)
Azure Files Health Status : Healthy
Client           : jon @ CORP.netsec.com
Server           : cifs/netsecfileshares.file.core.windows.net @ CORP.netsec.com
KerbTicket Encryption Type : RSADSI RC4-HMAC(NT)
Ticket Flags        : 0x40a10000 -> forwardable renewable pre_authent name_canonicalize
Start Time         : 3/26/2022 19:25:37 (local)
End Time          : 3/27/2022 5:25:37 (local)
Renew Time         : 4/2/2022 19:25:37 (local)
Session Key Type      : RSADSI RC4-HMAC(NT)
Azure Files Health Status : Healthy
VERBOSE: CheckGetKerberosTicket â SUCCESS
VERBOSE: CheckADObjectPasswordIsCorrect â START
VERBOSE: Perform operation âEnumerate CimInstancesâ with following parameters, ânamespaceNameâ =
root\cimv2,âclassNameâ = win32_computersystemâ.
VERBOSE: Operation âEnumerate CimInstancesâ complete.
VERBOSE: Session is running in a domain-joined environment.
VERBOSE: Found storage Account ânetsecfilesharesâ in Resource Group ârg-FileShare-Test-EastUs-1â
VERBOSE: Found storage Account ânetsecfilesharesâ in Resource Group ârg-FileShare-Test-EastUs-1â
VERBOSE: Perform operation âEnumerate CimInstancesâ with following parameters, ânamespaceNameâ =
root\cimv2,âclassNameâ = win32_computersystemâ.
VERBOSE: Operation âEnumerate CimInstancesâ complete.
VERBOSE: Session is running in a domain-joined environment.
VERBOSE: Looking for an object with SID âS-1-5-21-2488401269-1895120637-1421044794-10609â in domain
âcorp.netsec.comâ for storage account ânetsecfilesharesâ
VERBOSE: Found AD object: CN=netsecfileshares,OU=StorageAccountsOU,DC=corp,DC=netseccoustics,DC=com of class computer.
VERBOSE: Found that kerb1 matches password for netsecfileshares in AD.
ResourceGroupName : rg-FileShare-Test-EastUs-1
StorageAccountName : netsecfileshares
KerbKeyName    :
KeyMatches     : False
ResourceGroupName : rg-FileShare-Test-EastUs-1
StorageAccountName : netsecfileshares
KerbKeyName    : kerb1
KeyMatches     : True
ResourceGroupName : rg-FileShare-Test-EastUs-1
StorageAccountName : netsecfileshares
KerbKeyName    : kerb2
KeyMatches     : False
VERBOSE: CheckADObjectPasswordIsCorrect â SUCCESS
VERBOSE: CheckSidHasAadUser â START
VERBOSE: Look up user jon in domain corp.netsec.com
VERBOSE: User in domain has SID = S-1-5-21-2488401269-1895120637-1421044794-9150
Install AzureAD PowerShell module
This cmdlet requires the Azure AD PowerShell module. This can be automatically installed now if you are running in an
elevated sessions.
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is âYâ): A
VERBOSE: Removing the imported âFind-Commandâ function.
VERBOSE: Removing the imported âFind-DscResourceâ function.
VERBOSE: Removing the imported âFind-Moduleâ function.
VERBOSE: Removing the imported âFind-RoleCapabilityâ function.
VERBOSE: Removing the imported âFind-Scriptâ function.
VERBOSE: Removing the imported âGet-CredsFromCredentialProviderâ function.
VERBOSE: Removing the imported âGet-InstalledModuleâ function.
VERBOSE: Removing the imported âGet-InstalledScriptâ function.
VERBOSE: Removing the imported âGet-PSRepositoryâ function.
VERBOSE: Removing the imported âInstall-Moduleâ function.
VERBOSE: Removing the imported âInstall-Scriptâ function.
VERBOSE: Removing the imported âNew-ScriptFileInfoâ function.
VERBOSE: Removing the imported âPublish-Moduleâ function.
VERBOSE: Removing the imported âPublish-Scriptâ function.
VERBOSE: Removing the imported âRegister-PSRepositoryâ function.
VERBOSE: Removing the imported âSave-Moduleâ function.
VERBOSE: Removing the imported âSave-Scriptâ function.
VERBOSE: Removing the imported âSet-PSRepositoryâ function.
VERBOSE: Removing the imported âTest-ScriptFileInfoâ function.
VERBOSE: Removing the imported âUninstall-Moduleâ function.
VERBOSE: Removing the imported âUninstall-Scriptâ function.
VERBOSE: Removing the imported âUnregister-PSRepositoryâ function.
VERBOSE: Removing the imported âUpdate-Moduleâ function.
VERBOSE: Removing the imported âUpdate-ModuleManifestâ function.
VERBOSE: Removing the imported âUpdate-Scriptâ function.
VERBOSE: Removing the imported âUpdate-ScriptFileInfoâ function.
VERBOSE: Removing the imported âPSGetPathâ variable.
VERBOSE: Removing the imported âfimoâ alias.
VERBOSE: Removing the imported âinmoâ alias.
VERBOSE: Removing the imported âpumoâ alias.
VERBOSE: Removing the imported âupmoâ alias.
VERBOSE: Loading module from path âC:\Program Files\WindowsPowerShell\Modules\AzureAD\2.0.2.140\AzureAD.psd1â.
VERBOSE: Loading âFormatsToProcessâ from path âC:\Program
Files\WindowsPowerShell\Modules\AzureAD\2.0.2.140\AzureAD.Format.ps1xmlâ.
VERBOSE: Populating RepositorySourceLocation property for module AzureAD.
VERBOSE: Loading module from path âC:\Program
Files\WindowsPowerShell\Modules\AzureAD\2.0.2.140\Microsoft.Open.AzureAD16.Graph.PowerShell.dllâ.
VERBOSE: Exporting cmdlet âAdd-AzureADApplicationOwnerâ.
VERBOSE: Exporting cmdlet âGet-AzureADApplicationâ.
VERBOSE: Exporting cmdlet âGet-AzureADApplicationExtensionPropertyâ.
VERBOSE: Exporting cmdlet âGet-AzureADApplicationOwnerâ.
VERBOSE: Exporting cmdlet âGet-AzureADApplicationServiceEndpointâ.
VERBOSE: Exporting cmdlet âGet-AzureADDeletedApplicationâ.
VERBOSE: Exporting cmdlet âRemove-AzureADDeletedApplicationâ.
VERBOSE: Exporting cmdlet âNew-AzureADApplicationâ.
VERBOSE: Exporting cmdlet âNew-AzureADApplicationExtensionPropertyâ.
VERBOSE: Exporting cmdlet âRemove-AzureADApplicationâ.
VERBOSE: Exporting cmdlet âRemove-AzureADApplicationExtensionPropertyâ.
VERBOSE: Exporting cmdlet âRemove-AzureADApplicationOwnerâ.
VERBOSE: Exporting cmdlet âRestore-AzureADDeletedApplicationâ.
VERBOSE: Exporting cmdlet âSet-AzureADApplicationâ.
VERBOSE: Exporting cmdlet âGet-AzureADContactâ.
VERBOSE: Exporting cmdlet âGet-AzureADContactDirectReportâ.
VERBOSE: Exporting cmdlet âGet-AzureADContactManagerâ.
VERBOSE: Exporting cmdlet âGet-AzureADContactMembershipâ.
VERBOSE: Exporting cmdlet âRemove-AzureADContactâ.
VERBOSE: Exporting cmdlet âRemove-AzureADContactManagerâ.
VERBOSE: Exporting cmdlet âSelect-AzureADGroupIdsContactIsMemberOfâ.
VERBOSE: Exporting cmdlet âGet-AzureADContractâ.
VERBOSE: Exporting cmdlet âAdd-AzureADDeviceRegisteredOwnerâ.
VERBOSE: Exporting cmdlet âAdd-AzureADDeviceRegisteredUserâ.
VERBOSE: Exporting cmdlet âRemove-AzureADDeviceRegisteredOwnerâ.
VERBOSE: Exporting cmdlet âGet-AzureADDeviceâ.
VERBOSE: Exporting cmdlet âGet-AzureADDeviceRegisteredOwnerâ.
VERBOSE: Exporting cmdlet âGet-AzureADDeviceRegisteredUserâ.
VERBOSE: Exporting cmdlet âNew-AzureADDeviceâ.
VERBOSE: Exporting cmdlet âRemove-AzureADDeviceâ.
VERBOSE: Exporting cmdlet âRemove-AzureADDeviceRegisteredUserâ.
VERBOSE: Exporting cmdlet âSet-AzureADDeviceâ.
VERBOSE: Exporting cmdlet âGet-AzureADDeviceConfigurationâ.
VERBOSE: Exporting cmdlet âGet-AzureADObjectByObjectIdâ.
VERBOSE: Exporting cmdlet âEnable-AzureADDirectoryRoleâ.
VERBOSE: Exporting cmdlet âAdd-AzureADDirectoryRoleMemberâ.
VERBOSE: Exporting cmdlet âGet-AzureADDirectoryRoleMemberâ.
VERBOSE: Exporting cmdlet âGet-AzureADDirectoryRoleâ.
VERBOSE: Exporting cmdlet âRemove-AzureADDirectoryRoleMemberâ.
VERBOSE: Exporting cmdlet âGet-AzureADDirectoryRoleTemplateâ.
VERBOSE: Exporting cmdlet âConfirm-AzureADDomainâ.
VERBOSE: Exporting cmdlet âGet-CrossCloudVerificationCodeâ.
VERBOSE: Exporting cmdlet âGet-AzureADDomainâ.
VERBOSE: Exporting cmdlet âGet-AzureADDomainNameReferenceâ.
VERBOSE: Exporting cmdlet âGet-AzureADDomainServiceConfigurationRecordâ.
VERBOSE: Exporting cmdlet âGet-AzureADDomainVerificationDnsRecordâ.
VERBOSE: Exporting cmdlet âNew-AzureADDomainâ.
VERBOSE: Exporting cmdlet âRemove-AzureADDomainâ.
VERBOSE: Exporting cmdlet âSet-AzureADDomainâ.
VERBOSE: Exporting cmdlet âGet-AzureADExtensionPropertyâ.
VERBOSE: Exporting cmdlet âAdd-AzureADGroupMemberâ.
VERBOSE: Exporting cmdlet âAdd-AzureADGroupOwnerâ.
VERBOSE: Exporting cmdlet âGet-AzureADGroupâ.
VERBOSE: Exporting cmdlet âGet-AzureADGroupAppRoleAssignmentâ.
VERBOSE: Exporting cmdlet âGet-AzureADGroupMemberâ.
VERBOSE: Exporting cmdlet âGet-AzureADGroupOwnerâ.
VERBOSE: Exporting cmdlet âNew-AzureADGroupâ.
VERBOSE: Exporting cmdlet âNew-AzureADGroupAppRoleAssignmentâ.
VERBOSE: Exporting cmdlet âRemove-AzureADGroupâ.
VERBOSE: Exporting cmdlet âRemove-AzureADGroupAppRoleAssignmentâ.
VERBOSE: Exporting cmdlet âRemove-AzureADGroupMemberâ.
VERBOSE: Exporting cmdlet âRemove-AzureADGroupOwnerâ.
VERBOSE: Exporting cmdlet âSelect-AzureADGroupIdsGroupIsMemberOfâ.
VERBOSE: Exporting cmdlet âSet-AzureADGroupâ.
VERBOSE: Exporting cmdlet âGet-AzureADOAuth2PermissionGrantâ.
VERBOSE: Exporting cmdlet âRemove-AzureADOAuth2PermissionGrantâ.
VERBOSE: Exporting cmdlet âAdd-AzureADServicePrincipalOwnerâ.
VERBOSE: Exporting cmdlet âGet-AzureADServicePrincipalâ.
VERBOSE: Exporting cmdlet âGet-AzureADServiceAppRoleAssignedToâ.
VERBOSE: Exporting cmdlet âGet-AzureADServiceAppRoleAssignmentâ.
VERBOSE: Exporting cmdlet âGet-AzureADServicePrincipalCreatedObjectâ.
VERBOSE: Exporting cmdlet âGet-AzureADServicePrincipalMembershipâ.
VERBOSE: Exporting cmdlet âGet-AzureADServicePrincipalOAuth2PermissionGrantâ.
VERBOSE: Exporting cmdlet âGet-AzureADServicePrincipalOwnedObjectâ.
VERBOSE: Exporting cmdlet âGet-AzureADServicePrincipalOwnerâ.
VERBOSE: Exporting cmdlet âNew-AzureADServicePrincipalâ.
VERBOSE: Exporting cmdlet âNew-AzureADServiceAppRoleAssignmentâ.
VERBOSE: Exporting cmdlet âRemove-AzureADServicePrincipalâ.
VERBOSE: Exporting cmdlet âRemove-AzureADServiceAppRoleAssignmentâ.
VERBOSE: Exporting cmdlet âRemove-AzureADServicePrincipalOwnerâ.
VERBOSE: Exporting cmdlet âSelect-AzureADGroupIdsServicePrincipalIsMemberOfâ.
VERBOSE: Exporting cmdlet âSet-AzureADServicePrincipalâ.
VERBOSE: Exporting cmdlet âRevoke-AzureADSignedInUserAllRefreshTokenâ.
VERBOSE: Exporting cmdlet âGet-AzureADSubscribedSkuâ.
VERBOSE: Exporting cmdlet âGet-AzureADTenantDetailâ.
VERBOSE: Exporting cmdlet âSet-AzureADTenantDetailâ.
VERBOSE: Exporting cmdlet âGet-AzureADUserâ.
VERBOSE: Exporting cmdlet âGet-AzureADUserAppRoleAssignmentâ.
VERBOSE: Exporting cmdlet âGet-AzureADUserCreatedObjectâ.
VERBOSE: Exporting cmdlet âGet-AzureADUserDirectReportâ.
VERBOSE: Exporting cmdlet âGet-AzureADUserLicenseDetailâ.
VERBOSE: Exporting cmdlet âGet-AzureADUserManagerâ.
VERBOSE: Exporting cmdlet âGet-AzureADUserMembershipâ.
VERBOSE: Exporting cmdlet âGet-AzureADUserOAuth2PermissionGrantâ.
VERBOSE: Exporting cmdlet âGet-AzureADUserOwnedDeviceâ.
VERBOSE: Exporting cmdlet âGet-AzureADUserOwnedObjectâ.
VERBOSE: Exporting cmdlet âGet-AzureADUserRegisteredDeviceâ.
VERBOSE: Exporting cmdlet âNew-AzureADUserâ.
VERBOSE: Exporting cmdlet âNew-AzureADUserAppRoleAssignmentâ.
VERBOSE: Exporting cmdlet âRemove-AzureADUserâ.
VERBOSE: Exporting cmdlet âRemove-AzureADUserAppRoleAssignmentâ.
VERBOSE: Exporting cmdlet âRemove-AzureADUserManagerâ.
VERBOSE: Exporting cmdlet âRevoke-AzureADUserAllRefreshTokenâ.
VERBOSE: Exporting cmdlet âSelect-AzureADGroupIdsUserIsMemberOfâ.
VERBOSE: Exporting cmdlet âSet-AzureADUserâ.
VERBOSE: Exporting cmdlet âSet-AzureADUserLicenseâ.
VERBOSE: Exporting cmdlet âSet-AzureADUserManagerâ.
VERBOSE: Exporting cmdlet âConnect-AzureADâ.
VERBOSE: Exporting cmdlet âDisconnect-AzureADâ.
VERBOSE: Exporting cmdlet âGet-AzureADCurrentSessionInfoâ.
VERBOSE: Exporting cmdlet âGet-AzureADApplicationLogoâ.
VERBOSE: Exporting cmdlet âSet-AzureADApplicationLogoâ.
VERBOSE: Exporting cmdlet âSet-AzureADUserPasswordâ.
VERBOSE: Exporting cmdlet âGet-AzureADContactThumbnailPhotoâ.
VERBOSE: Exporting cmdlet âGet-AzureADUserThumbnailPhotoâ.
VERBOSE: Exporting cmdlet âSet-AzureADUserThumbnailPhotoâ.
VERBOSE: Exporting cmdlet âNew-AzureADApplicationKeyCredentialâ.
VERBOSE: Exporting cmdlet âGet-AzureADApplicationKeyCredentialâ.
VERBOSE: Exporting cmdlet âRemove-AzureADApplicationKeyCredentialâ.
VERBOSE: Exporting cmdlet âNew-AzureADApplicationPasswordCredentialâ.
VERBOSE: Exporting cmdlet âGet-AzureADApplicationPasswordCredentialâ.
VERBOSE: Exporting cmdlet âRemove-AzureADApplicationPasswordCredentialâ.
VERBOSE: Exporting cmdlet âUpdate-AzureADSignedInUserPasswordâ.
VERBOSE: Exporting cmdlet âNew-AzureADServicePrincipalKeyCredentialâ.
VERBOSE: Exporting cmdlet âGet-AzureADServicePrincipalKeyCredentialâ.
VERBOSE: Exporting cmdlet âRemove-AzureADServicePrincipalKeyCredentialâ.
VERBOSE: Exporting cmdlet âNew-AzureADServicePrincipalPasswordCredentialâ.
VERBOSE: Exporting cmdlet âGet-AzureADServicePrincipalPasswordCredentialâ.
VERBOSE: Exporting cmdlet âRemove-AzureADServicePrincipalPasswordCredentialâ.
VERBOSE: Exporting cmdlet âGet-AzureADTrustedCertificateAuthorityâ.
VERBOSE: Exporting cmdlet âNew-AzureADTrustedCertificateAuthorityâ.
VERBOSE: Exporting cmdlet âSet-AzureADTrustedCertificateAuthorityâ.
VERBOSE: Exporting cmdlet âRemove-AzureADTrustedCertificateAuthorityâ.
VERBOSE: Exporting cmdlet âGet-AzureADUserExtensionâ.
VERBOSE: Exporting cmdlet âSet-AzureADUserExtensionâ.
VERBOSE: Exporting cmdlet âRemove-AzureADUserExtensionâ.
VERBOSE: Exporting cmdlet âAdd-AzureADMSApplicationOwnerâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSApplicationâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSApplicationExtensionPropertyâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSApplicationOwnerâ.
VERBOSE: Exporting cmdlet âNew-AzureADMSApplicationâ.
VERBOSE: Exporting cmdlet âNew-AzureADMSApplicationExtensionPropertyâ.
VERBOSE: Exporting cmdlet âNew-AzureADMSApplicationKeyâ.
VERBOSE: Exporting cmdlet âNew-AzureADMSApplicationPasswordâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSApplicationâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSApplicationExtensionPropertyâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSApplicationKeyâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSApplicationOwnerâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSApplicationPasswordâ.
VERBOSE: Exporting cmdlet âSet-AzureADMSApplicationâ.
VERBOSE: Exporting cmdlet âSet-AzureADMSApplicationLogoâ.
VERBOSE: Exporting cmdlet âGet-AzureADApplicationProxyApplicationâ.
VERBOSE: Exporting cmdlet âGet-AzureADApplicationProxyApplicationConnectorGroupâ.
VERBOSE: Exporting cmdlet âGet-AzureADApplicationProxyConnectorâ.
VERBOSE: Exporting cmdlet âGet-AzureADApplicationProxyConnectorGroupMemberâ.
VERBOSE: Exporting cmdlet âGet-AzureADApplicationProxyConnectorMemberOfâ.
VERBOSE: Exporting cmdlet âNew-AzureADApplicationProxyConnectorGroupâ.
VERBOSE: Exporting cmdlet âRemove-AzureADApplicationProxyApplicationConnectorGroupâ.
VERBOSE: Exporting cmdlet âRemove-AzureADApplicationProxyConnectorGroupâ.
VERBOSE: Exporting cmdlet âSet-AzureADApplicationProxyConnectorGroupâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSApplicationVerifiedPublisherâ.
VERBOSE: Exporting cmdlet âSet-AzureADMSApplicationVerifiedPublisherâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSAuthorizationPolicyâ.
VERBOSE: Exporting cmdlet âSet-AzureADMSAuthorizationPolicyâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSGroupPermissionGrantâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSPermissionGrantConditionSetâ.
VERBOSE: Exporting cmdlet âNew-AzureADMSPermissionGrantConditionSetâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSPermissionGrantConditionSetâ.
VERBOSE: Exporting cmdlet âSet-AzureADMSPermissionGrantConditionSetâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSPermissionGrantPolicyâ.
VERBOSE: Exporting cmdlet âNew-AzureADMSPermissionGrantPolicyâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSPermissionGrantPolicyâ.
VERBOSE: Exporting cmdlet âSet-AzureADMSPermissionGrantPolicyâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSRoleAssignmentâ.
VERBOSE: Exporting cmdlet âNew-AzureADMSRoleAssignmentâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSRoleAssignmentâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSRoleDefinitionâ.
VERBOSE: Exporting cmdlet âNew-AzureADMSRoleDefinitionâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSRoleDefinitionâ.
VERBOSE: Exporting cmdlet âSet-AzureADMSRoleDefinitionâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSConditionalAccessPolicyâ.
VERBOSE: Exporting cmdlet âNew-AzureADMSConditionalAccessPolicyâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSConditionalAccessPolicyâ.
VERBOSE: Exporting cmdlet âSet-AzureADMSConditionalAccessPolicyâ.
VERBOSE: Exporting cmdlet âAdd-AzureADMSServicePrincipalDelegatedPermissionClassificationâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSServicePrincipalDelegatedPermissionClassificationâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSServicePrincipalDelegatedPermissionClassificationâ.
VERBOSE: Exporting cmdlet âAdd-AzureADMSLifecyclePolicyGroupâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSGroupLifecyclePolicyâ.
VERBOSE: Exporting cmdlet âNew-AzureADMSGroupLifecyclePolicyâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSGroupLifecyclePolicyâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSLifecyclePolicyGroupâ.
VERBOSE: Exporting cmdlet âReset-AzureADMSLifeCycleGroupâ.
VERBOSE: Exporting cmdlet âSet-AzureADMSGroupLifecyclePolicyâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSIdentityProviderâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSIdentityProviderâ.
VERBOSE: Exporting cmdlet âNew-AzureADMSIdentityProviderâ.
VERBOSE: Exporting cmdlet âSet-AzureADMSIdentityProviderâ.
VERBOSE: Exporting cmdlet âNew-AzureADMSInvitationâ.
VERBOSE: Exporting cmdlet âAdd-AzureADMSAdministrativeUnitMemberâ.
VERBOSE: Exporting cmdlet âAdd-AzureADMSScopedRoleMembershipâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSAdministrativeUnitâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSAdministrativeUnitMemberâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSScopedRoleMembershipâ.
VERBOSE: Exporting cmdlet âNew-AzureADMSAdministrativeUnitâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSAdministrativeUnitâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSAdministrativeUnitMemberâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSScopedRoleMembershipâ.
VERBOSE: Exporting cmdlet âSet-AzureADMSAdministrativeUnitâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSDeletedGroupâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSDeletedDirectoryObjectâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSDeletedDirectoryObjectâ.
VERBOSE: Exporting cmdlet âRestore-AzureADMSDeletedDirectoryObjectâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSLifecyclePolicyGroupâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSGroupâ.
VERBOSE: Exporting cmdlet âNew-AzureADMSGroupâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSGroupâ.
VERBOSE: Exporting cmdlet âSet-AzureADMSGroupâ.
VERBOSE: Exporting cmdlet âGet-AzureADMSNamedLocationPolicyâ.
VERBOSE: Exporting cmdlet âNew-AzureADMSNamedLocationPolicyâ.
VERBOSE: Exporting cmdlet âRemove-AzureADMSNamedLocationPolicyâ.
VERBOSE: Exporting cmdlet âSet-AzureADMSNamedLocationPolicyâ.
VERBOSE: Exporting cmdlet âNew-AzureADApplicationProxyApplicationâ.
VERBOSE: Exporting cmdlet âRemove-AzureADApplicationProxyApplicationâ.
VERBOSE: Exporting cmdlet âSet-AzureADApplicationProxyApplicationâ.
VERBOSE: Exporting cmdlet âSet-AzureADApplicationProxyApplicationConnectorGroupâ.
VERBOSE: Exporting cmdlet âSet-AzureADApplicationProxyApplicationCustomDomainCertificateâ.
VERBOSE: Exporting cmdlet âSet-AzureADApplicationProxyApplicationSingleSignOnâ.
VERBOSE: Exporting cmdlet âSet-AzureADApplicationProxyConnectorâ.
VERBOSE: Exporting cmdlet âGet-AzureADApplicationProxyConnectorGroupâ.
VERBOSE: Exporting alias âGet-AzureADApplicationProxyConnectorGroupMembersâ.
VERBOSE: Importing cmdlet âAdd-AzureADApplicationOwnerâ.
VERBOSE: Importing cmdlet âAdd-AzureADDeviceRegisteredOwnerâ.
VERBOSE: Importing cmdlet âAdd-AzureADDeviceRegisteredUserâ.
VERBOSE: Importing cmdlet âAdd-AzureADDirectoryRoleMemberâ.
VERBOSE: Importing cmdlet âAdd-AzureADGroupMemberâ.
VERBOSE: Importing cmdlet âAdd-AzureADGroupOwnerâ.
VERBOSE: Importing cmdlet âAdd-AzureADMSAdministrativeUnitMemberâ.
VERBOSE: Importing cmdlet âAdd-AzureADMSApplicationOwnerâ.
VERBOSE: Importing cmdlet âAdd-AzureADMSLifecyclePolicyGroupâ.
VERBOSE: Importing cmdlet âAdd-AzureADMSScopedRoleMembershipâ.
VERBOSE: Importing cmdlet âAdd-AzureADMSServicePrincipalDelegatedPermissionClassificationâ.
VERBOSE: Importing cmdlet âAdd-AzureADServicePrincipalOwnerâ.
VERBOSE: Importing cmdlet âConfirm-AzureADDomainâ.
VERBOSE: Importing cmdlet âConnect-AzureADâ.
VERBOSE: Importing cmdlet âDisconnect-AzureADâ.
VERBOSE: Importing cmdlet âEnable-AzureADDirectoryRoleâ.
VERBOSE: Importing cmdlet âGet-AzureADApplicationâ.
VERBOSE: Importing cmdlet âGet-AzureADApplicationExtensionPropertyâ.
VERBOSE: Importing cmdlet âGet-AzureADApplicationKeyCredentialâ.
VERBOSE: Importing cmdlet âGet-AzureADApplicationLogoâ.
VERBOSE: Importing cmdlet âGet-AzureADApplicationOwnerâ.
VERBOSE: Importing cmdlet âGet-AzureADApplicationPasswordCredentialâ.
VERBOSE: Importing cmdlet âGet-AzureADApplicationProxyApplicationâ.
VERBOSE: Importing cmdlet âGet-AzureADApplicationProxyApplicationConnectorGroupâ.
VERBOSE: Importing cmdlet âGet-AzureADApplicationProxyConnectorâ.
VERBOSE: Importing cmdlet âGet-AzureADApplicationProxyConnectorGroupâ.
VERBOSE: Importing cmdlet âGet-AzureADApplicationProxyConnectorGroupMemberâ.
VERBOSE: Importing cmdlet âGet-AzureADApplicationProxyConnectorMemberOfâ.
VERBOSE: Importing cmdlet âGet-AzureADApplicationServiceEndpointâ.
VERBOSE: Importing cmdlet âGet-AzureADContactâ.
VERBOSE: Importing cmdlet âGet-AzureADContactDirectReportâ.
VERBOSE: Importing cmdlet âGet-AzureADContactManagerâ.
VERBOSE: Importing cmdlet âGet-AzureADContactMembershipâ.
VERBOSE: Importing cmdlet âGet-AzureADContactThumbnailPhotoâ.
VERBOSE: Importing cmdlet âGet-AzureADContractâ.
VERBOSE: Importing cmdlet âGet-AzureADCurrentSessionInfoâ.
VERBOSE: Importing cmdlet âGet-AzureADDeletedApplicationâ.
VERBOSE: Importing cmdlet âGet-AzureADDeviceâ.
VERBOSE: Importing cmdlet âGet-AzureADDeviceConfigurationâ.
VERBOSE: Importing cmdlet âGet-AzureADDeviceRegisteredOwnerâ.
VERBOSE: Importing cmdlet âGet-AzureADDeviceRegisteredUserâ.
VERBOSE: Importing cmdlet âGet-AzureADDirectoryRoleâ.
VERBOSE: Importing cmdlet âGet-AzureADDirectoryRoleMemberâ.
VERBOSE: Importing cmdlet âGet-AzureADDirectoryRoleTemplateâ.
VERBOSE: Importing cmdlet âGet-AzureADDomainâ.
VERBOSE: Importing cmdlet âGet-AzureADDomainNameReferenceâ.
VERBOSE: Importing cmdlet âGet-AzureADDomainServiceConfigurationRecordâ.
VERBOSE: Importing cmdlet âGet-AzureADDomainVerificationDnsRecordâ.
VERBOSE: Importing cmdlet âGet-AzureADExtensionPropertyâ.
VERBOSE: Importing cmdlet âGet-AzureADGroupâ.
VERBOSE: Importing cmdlet âGet-AzureADGroupAppRoleAssignmentâ.
VERBOSE: Importing cmdlet âGet-AzureADGroupMemberâ.
VERBOSE: Importing cmdlet âGet-AzureADGroupOwnerâ.
VERBOSE: Importing cmdlet âGet-AzureADMSAdministrativeUnitâ.
VERBOSE: Importing cmdlet âGet-AzureADMSAdministrativeUnitMemberâ.
VERBOSE: Importing cmdlet âGet-AzureADMSApplicationâ.
VERBOSE: Importing cmdlet âGet-AzureADMSApplicationExtensionPropertyâ.
VERBOSE: Importing cmdlet âGet-AzureADMSApplicationOwnerâ.
VERBOSE: Importing cmdlet âGet-AzureADMSAuthorizationPolicyâ.
VERBOSE: Importing cmdlet âGet-AzureADMSConditionalAccessPolicyâ.
VERBOSE: Importing cmdlet âGet-AzureADMSDeletedDirectoryObjectâ.
VERBOSE: Importing cmdlet âGet-AzureADMSDeletedGroupâ.
VERBOSE: Importing cmdlet âGet-AzureADMSGroupâ.
VERBOSE: Importing cmdlet âGet-AzureADMSGroupLifecyclePolicyâ.
VERBOSE: Importing cmdlet âGet-AzureADMSGroupPermissionGrantâ.
VERBOSE: Importing cmdlet âGet-AzureADMSIdentityProviderâ.
VERBOSE: Importing cmdlet âGet-AzureADMSLifecyclePolicyGroupâ.
VERBOSE: Importing cmdlet âGet-AzureADMSNamedLocationPolicyâ.
VERBOSE: Importing cmdlet âGet-AzureADMSPermissionGrantConditionSetâ.
VERBOSE: Importing cmdlet âGet-AzureADMSPermissionGrantPolicyâ.
VERBOSE: Importing cmdlet âGet-AzureADMSRoleAssignmentâ.
VERBOSE: Importing cmdlet âGet-AzureADMSRoleDefinitionâ.
VERBOSE: Importing cmdlet âGet-AzureADMSScopedRoleMembershipâ.
VERBOSE: Importing cmdlet âGet-AzureADMSServicePrincipalDelegatedPermissionClassificationâ.
VERBOSE: Importing cmdlet âGet-AzureADOAuth2PermissionGrantâ.
VERBOSE: Importing cmdlet âGet-AzureADObjectByObjectIdâ.
VERBOSE: Importing cmdlet âGet-AzureADServiceAppRoleAssignedToâ.
VERBOSE: Importing cmdlet âGet-AzureADServiceAppRoleAssignmentâ.
VERBOSE: Importing cmdlet âGet-AzureADServicePrincipalâ.
VERBOSE: Importing cmdlet âGet-AzureADServicePrincipalCreatedObjectâ.
VERBOSE: Importing cmdlet âGet-AzureADServicePrincipalKeyCredentialâ.
VERBOSE: Importing cmdlet âGet-AzureADServicePrincipalMembershipâ.
VERBOSE: Importing cmdlet âGet-AzureADServicePrincipalOAuth2PermissionGrantâ.
VERBOSE: Importing cmdlet âGet-AzureADServicePrincipalOwnedObjectâ.
VERBOSE: Importing cmdlet âGet-AzureADServicePrincipalOwnerâ.
VERBOSE: Importing cmdlet âGet-AzureADServicePrincipalPasswordCredentialâ.
VERBOSE: Importing cmdlet âGet-AzureADSubscribedSkuâ.
VERBOSE: Importing cmdlet âGet-AzureADTenantDetailâ.
VERBOSE: Importing cmdlet âGet-AzureADTrustedCertificateAuthorityâ.
VERBOSE: Importing cmdlet âGet-AzureADUserâ.
VERBOSE: Importing cmdlet âGet-AzureADUserAppRoleAssignmentâ.
VERBOSE: Importing cmdlet âGet-AzureADUserCreatedObjectâ.
VERBOSE: Importing cmdlet âGet-AzureADUserDirectReportâ.
VERBOSE: Importing cmdlet âGet-AzureADUserExtensionâ.
VERBOSE: Importing cmdlet âGet-AzureADUserLicenseDetailâ.
VERBOSE: Importing cmdlet âGet-AzureADUserManagerâ.
VERBOSE: Importing cmdlet âGet-AzureADUserMembershipâ.
VERBOSE: Importing cmdlet âGet-AzureADUserOAuth2PermissionGrantâ.
VERBOSE: Importing cmdlet âGet-AzureADUserOwnedDeviceâ.
VERBOSE: Importing cmdlet âGet-AzureADUserOwnedObjectâ.
VERBOSE: Importing cmdlet âGet-AzureADUserRegisteredDeviceâ.
VERBOSE: Importing cmdlet âGet-AzureADUserThumbnailPhotoâ.
VERBOSE: Importing cmdlet âGet-CrossCloudVerificationCodeâ.
VERBOSE: Importing cmdlet âNew-AzureADApplicationâ.
VERBOSE: Importing cmdlet âNew-AzureADApplicationExtensionPropertyâ.
VERBOSE: Importing cmdlet âNew-AzureADApplicationKeyCredentialâ.
VERBOSE: Importing cmdlet âNew-AzureADApplicationPasswordCredentialâ.
VERBOSE: Importing cmdlet âNew-AzureADApplicationProxyApplicationâ.
VERBOSE: Importing cmdlet âNew-AzureADApplicationProxyConnectorGroupâ.
VERBOSE: Importing cmdlet âNew-AzureADDeviceâ.
VERBOSE: Importing cmdlet âNew-AzureADDomainâ.
VERBOSE: Importing cmdlet âNew-AzureADGroupâ.
VERBOSE: Importing cmdlet âNew-AzureADGroupAppRoleAssignmentâ.
VERBOSE: Importing cmdlet âNew-AzureADMSAdministrativeUnitâ.
VERBOSE: Importing cmdlet âNew-AzureADMSApplicationâ.
VERBOSE: Importing cmdlet âNew-AzureADMSApplicationExtensionPropertyâ.
VERBOSE: Importing cmdlet âNew-AzureADMSApplicationKeyâ.
VERBOSE: Importing cmdlet âNew-AzureADMSApplicationPasswordâ.
VERBOSE: Importing cmdlet âNew-AzureADMSConditionalAccessPolicyâ.
VERBOSE: Importing cmdlet âNew-AzureADMSGroupâ.
VERBOSE: Importing cmdlet âNew-AzureADMSGroupLifecyclePolicyâ.
VERBOSE: Importing cmdlet âNew-AzureADMSIdentityProviderâ.
VERBOSE: Importing cmdlet âNew-AzureADMSInvitationâ.
VERBOSE: Importing cmdlet âNew-AzureADMSNamedLocationPolicyâ.
VERBOSE: Importing cmdlet âNew-AzureADMSPermissionGrantConditionSetâ.
VERBOSE: Importing cmdlet âNew-AzureADMSPermissionGrantPolicyâ.
VERBOSE: Importing cmdlet âNew-AzureADMSRoleAssignmentâ.
VERBOSE: Importing cmdlet âNew-AzureADMSRoleDefinitionâ.
VERBOSE: Importing cmdlet âNew-AzureADServiceAppRoleAssignmentâ.
VERBOSE: Importing cmdlet âNew-AzureADServicePrincipalâ.
VERBOSE: Importing cmdlet âNew-AzureADServicePrincipalKeyCredentialâ.
VERBOSE: Importing cmdlet âNew-AzureADServicePrincipalPasswordCredentialâ.
VERBOSE: Importing cmdlet âNew-AzureADTrustedCertificateAuthorityâ.
VERBOSE: Importing cmdlet âNew-AzureADUserâ.
VERBOSE: Importing cmdlet âNew-AzureADUserAppRoleAssignmentâ.
VERBOSE: Importing cmdlet âRemove-AzureADApplicationâ.
VERBOSE: Importing cmdlet âRemove-AzureADApplicationExtensionPropertyâ.
VERBOSE: Importing cmdlet âRemove-AzureADApplicationKeyCredentialâ.
VERBOSE: Importing cmdlet âRemove-AzureADApplicationOwnerâ.
VERBOSE: Importing cmdlet âRemove-AzureADApplicationPasswordCredentialâ.
VERBOSE: Importing cmdlet âRemove-AzureADApplicationProxyApplicationâ.
VERBOSE: Importing cmdlet âRemove-AzureADApplicationProxyApplicationConnectorGroupâ.
VERBOSE: Importing cmdlet âRemove-AzureADApplicationProxyConnectorGroupâ.
VERBOSE: Importing cmdlet âRemove-AzureADContactâ.
VERBOSE: Importing cmdlet âRemove-AzureADContactManagerâ.
VERBOSE: Importing cmdlet âRemove-AzureADDeletedApplicationâ.
VERBOSE: Importing cmdlet âRemove-AzureADDeviceâ.
VERBOSE: Importing cmdlet âRemove-AzureADDeviceRegisteredOwnerâ.
VERBOSE: Importing cmdlet âRemove-AzureADDeviceRegisteredUserâ.
VERBOSE: Importing cmdlet âRemove-AzureADDirectoryRoleMemberâ.
VERBOSE: Importing cmdlet âRemove-AzureADDomainâ.
VERBOSE: Importing cmdlet âRemove-AzureADGroupâ.
VERBOSE: Importing cmdlet âRemove-AzureADGroupAppRoleAssignmentâ.
VERBOSE: Importing cmdlet âRemove-AzureADGroupMemberâ.
VERBOSE: Importing cmdlet âRemove-AzureADGroupOwnerâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSAdministrativeUnitâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSAdministrativeUnitMemberâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSApplicationâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSApplicationExtensionPropertyâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSApplicationKeyâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSApplicationOwnerâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSApplicationPasswordâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSApplicationVerifiedPublisherâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSConditionalAccessPolicyâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSDeletedDirectoryObjectâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSGroupâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSGroupLifecyclePolicyâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSIdentityProviderâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSLifecyclePolicyGroupâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSNamedLocationPolicyâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSPermissionGrantConditionSetâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSPermissionGrantPolicyâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSRoleAssignmentâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSRoleDefinitionâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSScopedRoleMembershipâ.
VERBOSE: Importing cmdlet âRemove-AzureADMSServicePrincipalDelegatedPermissionClassificationâ.
VERBOSE: Importing cmdlet âRemove-AzureADOAuth2PermissionGrantâ.
VERBOSE: Importing cmdlet âRemove-AzureADServiceAppRoleAssignmentâ.
VERBOSE: Importing cmdlet âRemove-AzureADServicePrincipalâ.
VERBOSE: Importing cmdlet âRemove-AzureADServicePrincipalKeyCredentialâ.
VERBOSE: Importing cmdlet âRemove-AzureADServicePrincipalOwnerâ.
VERBOSE: Importing cmdlet âRemove-AzureADServicePrincipalPasswordCredentialâ.
VERBOSE: Importing cmdlet âRemove-AzureADTrustedCertificateAuthorityâ.
VERBOSE: Importing cmdlet âRemove-AzureADUserâ.
VERBOSE: Importing cmdlet âRemove-AzureADUserAppRoleAssignmentâ.
VERBOSE: Importing cmdlet âRemove-AzureADUserExtensionâ.
VERBOSE: Importing cmdlet âRemove-AzureADUserManagerâ.
VERBOSE: Importing cmdlet âReset-AzureADMSLifeCycleGroupâ.
VERBOSE: Importing cmdlet âRestore-AzureADDeletedApplicationâ.
VERBOSE: Importing cmdlet âRestore-AzureADMSDeletedDirectoryObjectâ.
VERBOSE: Importing cmdlet âRevoke-AzureADSignedInUserAllRefreshTokenâ.
VERBOSE: Importing cmdlet âRevoke-AzureADUserAllRefreshTokenâ.
VERBOSE: Importing cmdlet âSelect-AzureADGroupIdsContactIsMemberOfâ.
VERBOSE: Importing cmdlet âSelect-AzureADGroupIdsGroupIsMemberOfâ.
VERBOSE: Importing cmdlet âSelect-AzureADGroupIdsServicePrincipalIsMemberOfâ.
VERBOSE: Importing cmdlet âSelect-AzureADGroupIdsUserIsMemberOfâ.
VERBOSE: Importing cmdlet âSet-AzureADApplicationâ.
VERBOSE: Importing cmdlet âSet-AzureADApplicationLogoâ.
VERBOSE: Importing cmdlet âSet-AzureADApplicationProxyApplicationâ.
VERBOSE: Importing cmdlet âSet-AzureADApplicationProxyApplicationConnectorGroupâ.
VERBOSE: Importing cmdlet âSet-AzureADApplicationProxyApplicationCustomDomainCertificateâ.
VERBOSE: Importing cmdlet âSet-AzureADApplicationProxyApplicationSingleSignOnâ.
VERBOSE: Importing cmdlet âSet-AzureADApplicationProxyConnectorâ.
VERBOSE: Importing cmdlet âSet-AzureADApplicationProxyConnectorGroupâ.
VERBOSE: Importing cmdlet âSet-AzureADDeviceâ.
VERBOSE: Importing cmdlet âSet-AzureADDomainâ.
VERBOSE: Importing cmdlet âSet-AzureADGroupâ.
VERBOSE: Importing cmdlet âSet-AzureADMSAdministrativeUnitâ.
VERBOSE: Importing cmdlet âSet-AzureADMSApplicationâ.
VERBOSE: Importing cmdlet âSet-AzureADMSApplicationLogoâ.
VERBOSE: Importing cmdlet âSet-AzureADMSApplicationVerifiedPublisherâ.
VERBOSE: Importing cmdlet âSet-AzureADMSAuthorizationPolicyâ.
VERBOSE: Importing cmdlet âSet-AzureADMSConditionalAccessPolicyâ.
VERBOSE: Importing cmdlet âSet-AzureADMSGroupâ.
VERBOSE: Importing cmdlet âSet-AzureADMSGroupLifecyclePolicyâ.
VERBOSE: Importing cmdlet âSet-AzureADMSIdentityProviderâ.
VERBOSE: Importing cmdlet âSet-AzureADMSNamedLocationPolicyâ.
VERBOSE: Importing cmdlet âSet-AzureADMSPermissionGrantConditionSetâ.
VERBOSE: Importing cmdlet âSet-AzureADMSPermissionGrantPolicyâ.
VERBOSE: Importing cmdlet âSet-AzureADMSRoleDefinitionâ.
VERBOSE: Importing cmdlet âSet-AzureADServicePrincipalâ.
VERBOSE: Importing cmdlet âSet-AzureADTenantDetailâ.
VERBOSE: Importing cmdlet âSet-AzureADTrustedCertificateAuthorityâ.
VERBOSE: Importing cmdlet âSet-AzureADUserâ.
VERBOSE: Importing cmdlet âSet-AzureADUserExtensionâ.
VERBOSE: Importing cmdlet âSet-AzureADUserLicenseâ.
VERBOSE: Importing cmdlet âSet-AzureADUserManagerâ.
VERBOSE: Importing cmdlet âSet-AzureADUserPasswordâ.
VERBOSE: Importing cmdlet âSet-AzureADUserThumbnailPhotoâ.
VERBOSE: Importing cmdlet âUpdate-AzureADSignedInUserPasswordâ.
VERBOSE: Importing alias âGet-AzureADApplicationProxyConnectorGroupMembersâ.
VERBOSE: Found AAD user â[email protected]â for SID S-1-5-21-2488401269-1895120637-1421044794-9150
VERBOSE: CheckSidHasAadUser â SUCCESS
VERBOSE: CheckAadUserHasSid â START
VERBOSE: Missing required parameter ObjectId for CheckAadUserHasSid requires ObjectId parameter to be present, skipping
 CheckAadUserHasSid
VERBOSE: CheckStorageAccountDomainJoined â START
VERBOSE: Found storage Account ânetsecfilesharesâ in Resource Group ârg-FileShare-Test-EastUs-1â
VERBOSE: Storage account netsecfileshares is already joined in domain corp.netsec.com.
VERBOSE: CheckStorageAccountDomainJoined â SUCCESS
VERBOSE: CheckUserRbacAssignment â START
VERBOSE: Populating RepositorySourceLocation property for module AzureAD.
VERBOSE: Loading module from path âC:\Program
Files\WindowsPowerShell\Modules\AzureAD\2.0.2.140\Microsoft.Open.Azure.AD.CommonLibrary.dllâ.
VERBOSE: Loading module from path âC:\Program
Files\WindowsPowerShell\Modules\AzureAD\2.0.2.140\Microsoft.Open.AzureAD16.Graph.PowerShell.Custom.dllâ.
VERBOSE: Loading module from path âC:\Program
Files\WindowsPowerShell\Modules\AzureAD\2.0.2.140\Microsoft.Open.AzureAD16.Graph.Client.dllâ.
VERBOSE: Loading module from path âC:\Program
Files\WindowsPowerShell\Modules\AzureAD\2.0.2.140\Microsoft.Open.MS.GraphV10.PowerShell.dllâ.
VERBOSE: Loading module from path âC:\Program
Files\WindowsPowerShell\Modules\AzureAD\2.0.2.140\Microsoft.Open.MS.GraphV10.PowerShell.Custom.dllâ.
VERBOSE: Loading module from path âC:\Program
Files\WindowsPowerShell\Modules\AzureAD\2.0.2.140\Microsoft.Open.MS.GraphV10.Client.dllâ.
VERBOSE: Loading module from path âC:\Program
Files\WindowsPowerShell\Modules\AzureAD\2.0.2.140\Microsoft.Open.AzureAD16.Graph.PowerShell.dllâ.
VERBOSE: Look up user jon in domain corp.netsec.com
VERBOSE: Look up groups of user S-1-5-21-2488401269-1895120637-1421044794-9150 in domain corp.netsec.com
Debug-AzStorageAccountAuth : CheckUserRbacAssignment â FAILED
At line:1 char:1
+ Debug-AzStorageAccountAuth -StorageAccountName netsecfileshares -Resourc âŚ
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  + CategoryInfo     : NotSpecified: (:) [Write-Error], WriteErrorException
  + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Debug-AzStorageAccountAuth
Debug-AzStorageAccountAuth : The server is not operational
At line:1 char:1
+ Debug-AzStorageAccountAuth -StorageAccountName netsecfileshares -Resourc âŚ
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  + CategoryInfo     : NotSpecified: (:) [Write-Error], WriteErrorException
  + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Debug-AzStorageAccountAuth
VERBOSE: CheckUserFileAccess â START
VERBOSE: Missing required parameter FilePath for CheckUserFileAccess, skipping CheckUserFileAccess
Summary of checks:
Name              Result
â-Â Â Â Â Â Â Â Â Â Â Â Â Â Â ââ
CheckDomainJoined        Passed
CheckGetKerberosTicket     Passed
CheckUserRbacAssignment     Failed
CheckAadUserHasSid       Skipped
CheckADObjectPasswordIsCorrect Passed
CheckADObject          Passed
CheckUserFileAccess       Skipped
CheckPort445Connectivity    Passed
CheckStorageAccountDomainJoined Passed
CheckSidHasAadUser       Passed
Issues found:
â- CheckUserRbacAssignment â-
The server is not operational
PS C:\temp\jy\AzFilesHybrid>
AD Connect Installation and Configuration
Please refer this post for Azure AD connect installation and configuration.Â
Hybrid Azure AD Joined Device Configuration
Choose Configuredevice options to start configuring Hybrid joined device configuration.Â
You will need a global admin account to log into Azure AD. Also you will need a local ad account which is part of enterprise admins group to log into local AD.
Also make sure you synced computers and users into AAD using Customize Synchronization Options from AD connect.
Verification Hybrid Joined Devices.
After a couple of minutes, check your AD joined machine to see if AAD joined enabled.Â
- from command line
- from AAD devices
Before enabled Hybrid Joined Device:
C:\Users\test1>dsregcmd /status
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : NO
EnterpriseJoined : NO
DomainJoined : YES
DomainName : 51SEC
Device Name : win11-51sec-1.51sec.corp
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : NO
+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+
AzureAdPrt : NO
AzureAdPrtAuthority : NO
EnterprisePrt : NO
EnterprisePrtAuthority : NO
+----------------------------------------------------------------------+
| Diagnostic Data |
+----------------------------------------------------------------------+
Diagnostics Reference : www.microsoft.com/aadjerrors
User Context : UN-ELEVATED User
Client Time : 2022-03-28 02:27:38.000 UTC
AD Connectivity Test : PASS
AD Configuration Test : FAIL [0x80070005]
DRS Discovery Test : SKIPPED
DRS Connectivity Test : SKIPPED
Token acquisition Test : SKIPPED
Fallback to Sync-Join : ENABLED
Previous Registration : 2022-03-28 02:04:01.000 UTC
Registration Type : sync
Error Phase : join
Client ErrorCode : 0x801c03f3
Server ErrorCode : invalid_request
Server ErrorSubCode : error_missing_device
Server Operation : DeviceRenew
Server Message : The device object by the given id (ca565a27-6db8-4a55-9e5e-d96427e8cd2e) is not found.
Https Status : 400
Request Id : 04bb2d88-30f9-44cc-a456-d84ca34dcf16
Executing Account Name : WIN11-51SEC-1\test1
+----------------------------------------------------------------------+
| IE Proxy Config for Current User |
+----------------------------------------------------------------------+
Auto Detect Settings : YES
Auto-Configuration URL :
Proxy Server List :
Proxy Bypass List :
+----------------------------------------------------------------------+
| WinHttp Default Proxy Config |
+----------------------------------------------------------------------+
Access Type : DIRECT
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsDeviceJoined : NO
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : YES
SessionIsNotRemote : YES
CertEnrollment : none
PreReqResult : WillNotProvision
For more information, please visit https://www.microsoft.com/aadjerrors
C:\Users\test1>
After enabled Hybrid Joined Device:
C:\Users\test1>dsregcmd /status
+âââââââââââââââââââââââ-+
| Device State                             |
+âââââââââââââââââââââââ-+
       AzureAdJoined : YES
     EnterpriseJoined : NO
       DomainJoined : YES
        DomainName : 51SEC
        Device Name : win11-51sec-1.51sec.corp
+âââââââââââââââââââââââ-+
| Device Details                            |
+âââââââââââââââââââââââ-+
         DeviceId : ca565a27-6db8-4a55-9e5e-d96427e8cd2e
        Thumbprint : 014E8C97B0A2553E6B32F3A03B7C931F290A3652
 DeviceCertificateValidity : [ 2022-03-28 01:57:43.000 UTC â 2032-03-28 02:27:43.000 UTC ]
      KeyContainerId : 7eacafad-c157-472f-8834-f011bafa97c3
        KeyProvider : Microsoft Platform Crypto Provider
       TpmProtected : YES
     DeviceAuthStatus : SUCCESS
+âââââââââââââââââââââââ-+
| Tenant Details                            |
+âââââââââââââââââââââââ-+
        TenantName :
         TenantId : 8ed8617a-5de3-44d8-a8f4-737c89fa9bbc
        AuthCodeUrl : https://login.microsoftonline.com/8ed8617a-5de3-44d8-a8f4-737c89fa9bbc/oauth2/authorize
      AccessTokenUrl : https://login.microsoftonline.com/8ed8617a-5de3-44d8-a8f4-737c89fa9bbc/oauth2/token
          MdmUrl :
         MdmTouUrl :
     MdmComplianceUrl :
        SettingsUrl :
      JoinSrvVersion : 2.0
        JoinSrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/device/
         JoinSrvId : urn:ms-drs:enterpriseregistration.windows.net
       KeySrvVersion : 1.0
         KeySrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/key/
         KeySrvId : urn:ms-drs:enterpriseregistration.windows.net
    WebAuthNSrvVersion : 1.0
      WebAuthNSrvUrl : https://enterpriseregistration.windows.net/webauthn/8ed8617a-5de3-44d8-a8f4-737c89fa9bbc/
       WebAuthNSrvId : urn:ms-drs:enterpriseregistration.windows.net
  DeviceManagementSrvVer : 1.0
  DeviceManagementSrvUrl : https://enterpriseregistration.windows.net/manage/8ed8617a-5de3-44d8-a8f4-737c89fa9bbc/
   DeviceManagementSrvId : urn:ms-drs:enterpriseregistration.windows.net
+âââââââââââââââââââââââ-+
| User State                              |
+âââââââââââââââââââââââ-+
          NgcSet : NO
      WorkplaceJoined : NO
       WamDefaultSet : NO
+âââââââââââââââââââââââ-+
| SSO State                              |
+âââââââââââââââââââââââ-+
        AzureAdPrt : NO
    AzureAdPrtAuthority :
       EnterprisePrt : NO
  EnterprisePrtAuthority :
+âââââââââââââââââââââââ-+
| Diagnostic Data                           |
+âââââââââââââââââââââââ-+
    AadRecoveryEnabled : NO
  Executing Account Name : WIN11-51SEC-1\test1
        KeySignTest : PASSED
+âââââââââââââââââââââââ-+
| IE Proxy Config for Current User                   |
+âââââââââââââââââââââââ-+
   Auto Detect Settings : YES
  Auto-Configuration URL :
     Proxy Server List :
     Proxy Bypass List :
+âââââââââââââââââââââââ-+
| WinHttp Default Proxy Config                     |
+âââââââââââââââââââââââ-+
        Access Type : DIRECT
+âââââââââââââââââââââââ-+
| Ngc Prerequisite Check                        |
+âââââââââââââââââââââââ-+
      IsDeviceJoined : YES
       IsUserAzureAD : NO
       PolicyEnabled : NO
     PostLogonEnabled : YES
      DeviceEligible : YES
    SessionIsNotRemote : YES
      CertEnrollment : none
       PreReqResult : WillNotProvision
For more information, please visit https://www.microsoft.com/aadjerrors
C:\Users\test1>
Now , you should be able to log into your computer using your email address.
Windows Client Configuration
Please make sure your Windows client machine joined local AD DS.Â
If your Windows client machine is not having direct connection to your local AD DC, you will need a vpn to connect back to your AD DC.Â
There is a challenge to get your remote workgroup machine to join into your local onprem AD, even with VPN installed and connected.Â
Before you log in to your machine using your AD account, you will have to log in your machine using local admin account and shift right click an application to open it using a different user. That will allow system to create a Domain user profile to allow this domain user to log in without a connection to AD DC.
Following screenshot is an example of CMD application.
Azure Point to Site (P2S) VPN Configuration
If your Internet ISP blocked port 445, you will need to create a Azure VPN Gateway to create a tunnel to have your client machine connecting to your File Shares. You might also need to create private end point for your storage account.Â
- Point-to-Site (P2S) VPN gateway connections, which are VPN connections between Azure and an individual client. This solution is primarily useful for devices that are not part of your organizationâs on-premises network, such as telecommuters who want to be able to mount their Azure file share from home, a coffee shop, or hotel while on the road. To use a P2S VPN connection with Azure Files, a P2S VPN connection will need to be configured for each client that wants to connect. To simplify the deployment of a P2S VPN connection, see Configure a Point-to-Site (P2S) VPN on Windows for use with Azure Files and Configure a Point-to-Site (P2S) VPN on Linux for use with Azure Files.
In addition to the default public endpoint for a storage account, Azure Files provides the option to have one or more private endpoints. A private endpoint is an endpoint that is only accessible within an Azure virtual network. When you create a private endpoint for your storage account, your storage account gets a private IP address from within the address space of your virtual network, much like how an on-premises file server or NAS device receives an IP address within the dedicated address space of your on-premises network.
An individual private endpoint is associated with a specific Azure virtual network subnet. A storage account may have private endpoints in more than one virtual network.
Please refer following post to configure your P2S VPN.
Notes
For Azure File Shares, you can only choose your Active Diretory source either from local AD DS or from Azure AD DS. Following screenshot is an example which enabled to intergrate with local AD DS
References
- Overview â on-premises Active Directory Domain Services authentication over SMB for Azure file shares
- Azure Point-to-Site VPN Configuration
- Using Azure AD to Log Into Computer and Assign Share Folder Permission
- Remote AAD Joined Machine Access Azure Storage File Share Using Cloud Tiering
- Install Azure AD Connect to Integrate On-Prem ADFS with AAD (Hybrid Identity)
- Mount Azure Blob Storage into Local Windows File System
- Deploy Azure File Sync on Cloud VM and Mount Azure File Share to Machine Without Port 445
- Mount Azure Cloud VM File Share Folder With Tcp Port 445 Blocked By ISP
- Setup Hybrid Azure Active Directory John and Login For Your Client Machines