Enable on-premises Active Directory Domain Services authentication over SMB for Azure file shares – The Missing Instructions

Have you, like me, been frustrated by the PowerShell scripts running but not fully completing when you know you have all the right information when following Microsoft’s instructions?

That’s where I was trying to get the computer object created in my on-prem Active Directory.

So I went to the manual process, where is says, create the computer object and set it’s password to the storage account key, great! Just one issue, where do you set a computer account password? Nothing in the UI helped so back to PowerShell where I found the Set-ADAccountPassword cmdlet.

So I tried the cmdlet using the computer name I created in AD but it returned an error saying the object was not found. Looking up the cmdlet I found that -Identity could be the GUID or SID.

OK, so how to find either of those, again nothing in the Active Directory Users and Computers app that could help, so back to PowerShell and the command I used was:

Get-ADObject -filter 'Name -like "<The First Few Characters Of The Computer Name>"' -Properties

This returned all the object details including the ObjectGUID and ObjectSid. I decided to use the Sid since this is mentioned in the errors I get trying to setup the connection with the scripts provided by Microsoft.

So after collecting the Storage Account Key I used the following command:

Set-ADAccountPassword -Identity "<The Sid of the Computer Object in the on-prem AD>" -NewPassword (ConvertTo-SecureString -AsPlainText "<The Storage Account Key from Azure>" -Force)

My users can now map the Azure File Share without being prompted for their credentials.

Hope this helps someone else stuck in the same place I was.