Exam AZ-500 All QuestionsBrowse all questions from this exam
Go to Exam
Question 381

DRAG DROP -

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains a user named User1.

You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains an Azure Storage account named storage1. Storage1 contains an Azure file share named share1.

Currently, the domain and the tenant are not integrated.

You need to ensure that User1 can access share1 by using his domain credentials.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

    Correct Answer:

    Reference:

    https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable

Discussion
macco455

Looks good to me

zellck

1. Implement Azure AD Connect 2. Enable an AD source for Azure File shares 3. Assign share-level permissions for share1 https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable#prerequisites Enabling AD DS authentication for your Azure file shares allows you to authenticate to your Azure file shares with your on-premises AD DS credentials. Further, it allows you to better manage your permissions to allow granular access control. Doing this requires synching identities from on-premises AD DS to Azure AD using either the on-premises Azure AD Connect sync application or Azure AD Connect cloud sync, a lightweight agent that can be installed from the Azure Active Directory Admin Center. You assign share-level permissions to hybrid identities synced to Azure AD while managing file/directory-level access using Windows ACLs.

zellck

Follow these steps to set up Azure Files for AD DS authentication: - Enable AD DS authentication on your storage account - Assign share-level permissions to the Azure AD identity (a user, group, or service principal) that is in sync with the target AD identity - Configure Windows ACLs over SMB for directories and files - Mount an Azure file share to a VM joined to your AD DS - Update the password of your storage account identity in AD DS

zellck

Gotten this in May 2023 exam.

majstor86

1. Implement Azure AD Connect 2. Enable AD DS authentication on storage1 3. Assign share-level permissions for Share1

zellck

Same as Question 67. https://www.examtopics.com/discussions/microsoft/view/95827-exam-az-500-topic-5-question-67-discussion

alou333

# IN EXAM - 3rd june 2022 (online). Lot of new questions. Good luck !

cfsxtuv33

Looks good from my house.

Payday123

This is correct. For shure

Ajdlfasudfo0

well, if it is correct for shure, I guess we gotta go with it

saira23

In Exam20/07/2024

JaridB

Provided solution is correct: 1. Implement Azure AD Connect: This is the foundation. Azure AD Connect synchronizes your on-premises Active Directory (contoso.com) with your Azure AD tenant of the same name. This ensures User1's identity exists in Azure AD. 2. Enable Active Directory Domain Services authentication to storage1: Once the user's on-premises identity is represented in Azure AD, you need to enable storage1 to use this authentication method. This allows Azure storage to recognize and authenticate User1's domain credentials. 3. Assign share-level permissions for share1: Finally, you grant specific access rights to User1 on the Azure file share (share1). This determines what actions User1 can perform within the share.

acexyz

# IN EXAM - 30/6/2022

JosipBroz

correct answer : https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-portal

ad7399

If you go by this Microsoft video then ad connect is unnecessary. https://www.youtube.com/watch?v=jd49W33DxkQ&ab_channel=MicrosoftAzure

Bjarki2330

Believe this is correct. Referring to this article: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview#how-it-works

hendry781

wrong. answer to (2) should be create a private link to storage1

OhBee

The answer is correct. Ref: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable?tabs=azure-portal