One of the significant features added to Azure Files in the last year is the ability to domain join an Azure file share to your on-premises Active Directory domain. This allows you to replace your on-premises file server with Azure file sharing.
In this post, we’ll walk through the five steps necessary to replace an on-premises file server with Azure file shares. We will also discuss some extra considerations for transitioning to Azure file shares.
Step 1: Domain join your storage account with your on-premises domain.
The first step is to associate your storage account with your on-premises Active Directory domain. This is accomplished with the join-az storage account commandlet in PowerShell.
More information on how to achieve this may be found in Microsoft’s guidance at https://learn.microsoft.com/en-us/azure/azure-netapp-files.
Step 2: Create a share ACL for the storage account or the particular file share.
The second step is to create a share ACL for the storage account or individual file shares. This grants users permission to access the files. You can do this through the Azure site or PowerShell.
Step 3: Check the network connection to Azure Files.
The next stage involves testing the network connection to Azure Files. Use the test-net connection cmdlet to accomplish this. If the test fails, you will need to set up a private endpoint for the storage account.
Step 4: Set up a private endpoint for your storage account.
A private endpoint assigns your storage account a private IP address within the IP address space of a virtual network. This allows you to tunnel from your on-premises network to your Azure network, bypassing the port 445 issue. You can create a private endpoint either the Azure site or PowerShell.
Step 5: Create a VPN tunnel between your on-premises network or workstation and your Azure virtual network.
The fifth step is to establish a VPN connection between your on-premises network or workstation and the Azure virtual network. This is a more involved process, but the video description has links that will guide you through it.
Additional items to remember:
To mount the file share, you can use the storage account’s fully qualified domain name or an alternate name, such as an existing file server name, which uses DFSN.
If you are using DFSN, you must establish a root consolidation record for the file server name you wish to take over.
To learn more about using Azure file shares, visit https://learn.microsoft.com/en-us/azure/azure-netapp-files/.
Also check this descriptive demo from Microsoft Azure for better unterstanding https://youtu.be/jd49W33DxkQ
