Skip to content

Commit febda19

Browse files
khdowniekhdownie
committed
Add disable instructions for AD DS auth
1 parent b5eaec5 commit febda19

1 file changed

Lines changed: 19 additions & 2 deletions

File tree

articles/storage/files/storage-files-identity-ad-ds-enable.md

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: Learn how to enable Active Directory Domain Services authentication
44
author: khdownie
55
ms.service: azure-file-storage
66
ms.topic: how-to
7-
ms.date: 12/18/2025
7+
ms.date: 02/12/2026
88
ms.author: kendownie
99
ms.custom: engagement-fy23, devx-track-azurepowershell
1010
# Customer intent: As an IT administrator, I want to enable Active Directory Domain Services authentication for Azure file shares, so that our domain-joined Windows virtual machines can securely access and manage file shares using existing AD credentials.
@@ -270,6 +270,23 @@ DomainSid:<yourSIDHere>
270270
AzureStorageID:<yourStorageSIDHere>
271271
```
272272

273+
> [!IMPORTANT]
274+
> Before you can authenticate users, you must [assign share-level permissions](storage-files-identity-assign-share-level-permissions.md).
275+
276+
## Disable AD DS authentication on your storage account
277+
278+
If you want to use another authentication method, you can disable AD DS authentication on your storage account. Disabling this feature means that there will be no identity-based access for file shares in your storage account until you enable and configure one of the other identity sources.
279+
280+
> [!IMPORTANT]
281+
> After disabling AD DS authentication on the storage account, you should also consider deleting the AD DS identity (computer account or service logon account) that was created to represent the storage account in your on-premises AD. If you leave the identity in AD DS, it will remain as an orphaned object. Removing it won't happen automatically.
282+
283+
To disable AD DS authentication on your storage account, run the following PowerShell command. Remember to replace placeholder values, including brackets, with your values.
284+
285+
```powershell
286+
Set-AzStorageAccount -ResourceGroupName <resourceGroupName> -StorageAccountName <storageAccountName> -EnableActiveDirectoryDomainServicesForFile $false
287+
```
288+
289+
273290
## Next step
274291

275-
You've now successfully enabled AD DS on your storage account. To use the feature, you must [assign share-level permissions](storage-files-identity-assign-share-level-permissions.md).
292+
- [Assign share-level permissions](storage-files-identity-assign-share-level-permissions.md)

0 commit comments

Comments
 (0)