For this lab I created a Windows AD domain with the namespace jogcloud.local
When performing the Kerberos authentication, the domain controller in the account forest wouldn’t know how to to direct the request to the resource forest because that domain will not be associated with your resource forest. The short of it is the service principal name associated with the computer or service account used to represent the Azure Storage account the file share is created on uses the domain of. I’m not going to go into the details of name suffix routing, but if you’re curious you can read through this article. If you integrate it with a resource forest but have your user accounts in the account forest, you’ll need to use name suffix routing. One disclaimer to keep in mind is you have a multiple Windows AD forest scenario, such as an account and resource forest, you’ll need to be aware of which domain you’re integrating the Azure File share with. One obvious factoid is you’ll need a Windows AD domain up and running and the machine you connect to the share from will need to be joined to that domain. For this post I’ll be walking through the setup, examining some packet captures and Fiddler captures, and touching on a few of the gotchas I ran into.īefore I jump into the technical gooey goodness, I’m going to cover some prerequisites. In the first post I gave an overview of the service, the value proposition, its current limitations, and described the lab I’ll be using for this post. Hi there and welcome to the second post in my series about Azure Files integration with AD DS.
0 kommentar(er)
