Share via

Azure Files with Entra Domain Services vs Active Directory

Ryan Griffin 20 Reputation points
2025-01-15T20:13:33.4766667+00:00

I have a number of clients with Azure files shares setup that are joined to entra domain services, however they are not joined to AD.

When I am trying to setup a new client with the same config, it is telling me I have to join to AD and is not giving me a straightforward only join to entra ds option.

I don't understand the distinction here or what the difference is. Can someone give me a simple explanation please? Thanks.

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,348 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,829 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,045 questions
0 comments
Accepted answer
  1. Keshavulu Dasari 3,095 Reputation points Microsoft Vendor
    2025-01-15T20:42:20.25+00:00

    Hi Ryan Griffin,

    Greetings & Welcome to Microsoft Q&A forum! Thanks for posting your query!

    Azure Files with Entra Domain Services and AD are both used for identity-based authentication, but they serve different purposes and have distinct configurations:

    Microsoft Entra Domain Services:

    • Provides managed domain services like domain join, group policies, LDAP, and Kerberos/NTLM authentication.
    • Fully compatible with traditional AD DS, but it's a managed service in Azure.
    • Ideal for scenarios where you don't want to manage your own domain controllers.
    • Azure Files can use Entra Domain Services for identity-based authentication over SMB (Server Message Block) protocol.

    AD DS:

    • Traditional on-premises directory service that provides domain join, group policies, LDAP, and Kerberos/NTLM authentication.
    • Requires you to manage your own domain controllers.
    • Commonly used in on-premises environments or on cloud-hosted VMs.
    • Azure Files can also integrate with on-premises AD DS for identity-based authentication.

    Differences:

    Entra Domain Services is managed by Azure, while AD DS requires you to manage your own domain controllers. Entra Domain Services is easier to set up for cloud-only environments, whereas AD DS is typically used in hybrid or on-premises setups.

    Integration Entra Domain Services integrates seamlessly with Azure services, while AD DS might require additional configuration for hybrid scenarios.

    If you're seeing a requirement to join AD instead of Entra Domain Services, it might be due to specific configuration settings or prerequisites for the new client setup. Double-check the setup guide for Entra Domain Services to ensure all prerequisites are met

    For more additional information, please refer the following documents:

    https://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview
    https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-domain-services-enable?tabs=azure-portal

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members. User's image

    If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.