Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Join-AzStorageAccount DirectoryServiceOptions Error #188

Open
robhiitsd opened this issue Feb 7, 2024 · 4 comments
Open

Join-AzStorageAccount DirectoryServiceOptions Error #188

robhiitsd opened this issue Feb 7, 2024 · 4 comments

Comments

@robhiitsd
Copy link

Attempting to join newly created Azure Storage Account to AD DS via running Join-AzStorageAccount from MS article https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable#run-join-azstorageaccount

AD Computer object is created, but storage account does not get configured for AD DS.
Receives the following error:
"Set-AzStorageAccount: Cannot validate argument on parameter 'ActiveDirectoryDomainSid'. The argument is null or empty. Provide an argument that is not null or empty,
and then try the command again.
Write-Error: The cmdlet is stopped due to the storage account 'stmtavdapp01' having the DirectoryServiceOptions value: ''. The DirectoryServiceOptions for
the account needs to be 'AD' in order to run the cmdlet."

I was able to configure it by running the Set-AZStorageAccount using MS Article:
https://learn.microsoft.com/en-us/powershell/module/az.storage/set-azstorageaccount?view=azps-11.2.0#example-11-update-a-storage-account-by-enable-files-active-directory-domain-service-authentication-and-then-show-the-file-identity-based-authentication-setting

This did not have to be done in previous version of AZFilesHybrid module.

Using the following AZFilesHybrid version:
ModuleType Version PreRelease Name PSEdition ExportedCommands

Script 0.2.9.0 AzFilesHybrid Core,Desk {Get-IsElevatedSession, Assert-IsElevatedSession, Get-OSPlatfor…
@theillien
Copy link

This is still an issue in v0.3.2. I had to perform the same action (manually running Set-AzStorageAccount) to enable AD authentication on my storage account. After doing that, I encountered additional Kerberos errors which I assume would not be an issue if manual intervention wasn't necessary.

@MichaelGibsonAltrad
Copy link

MichaelGibsonAltrad commented Jan 21, 2025
edited
Loading

This has been broken for multiple versions of this PS module and the cause is line 5082

$domainSid = $domainInformation.DomainSID.Value

The ".value" on the end is invalid so it should read

$domainSid = $domainInformation.DomainSID

@MichaelGibsonAltrad
Copy link

Also line 5078

$azureStorageSid = $azureStorageIdentity.SID.Value

should be

$azureStorageSid = $azureStorageIdentity.SID

@MichaelGibsonAltrad
Copy link

Also line 5413

-Identity $adObj

should be

-Identity $adObj.DistinguishedName

Do they even test this module before they push it out.

I've made the above changes then deleted the MS signing key from the bottom (so I can run the script) and it now works

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@theillien @MichaelGibsonAltrad @robhiitsd