Posts – Tech Blog

Step by Step to install Linux Virtual Delivery Agent Installation for RHEL

April 26, 2022 / Ram Prasad

Unfortunately, citrix has not provided detailed step by step procedure to install VDA on Linux distributions. There are so many articles published to install VDA on windows machines whereas not for Linux distributions.

In one of my recent project, I spent lot of time to install VDA on Red Hat Enterprise Linux due to lack of detailed documentation hence I am publishing below step by step procedure to install VDA on Red Hat Enterprise Linux.

This articles covers below components installation & configuration

• RHEL 8.2 Linux Workstation VM Installation on Nutanix AHV
• XenDesktop VDA 2203 Agent Installation & configuration
• NVIDIA Graphics Drivers Installation
• NVDIA vGPU licensing

The Linux Virtual Delivery Agent (VDA) enables access to the Linux virtual apps and desktops anywhere from any device where Citrix Workspace app is installed. Install the VDA software on your Linux virtual machines, configure the Delivery Controller, and then use Citrix Studio to make the apps and desktops available to users.

Supported Linux distributions
System requirements | Linux Virtual Delivery Agent 2203 LTSR (citrix.com)

RHEL 8.2 Linux Workstation VM Installation

Mount the RHEL 8.2 ISO and boot the VM with ISO

Select “Install Red Hat Enterprise Linux 8.2”

In above options, modify each installation setting based on requirement

As my requirement is Linux “Workstation”, I chosen “Base Environment” , choose options based on your requirement

For VDA, choosing GNOME Applications & GRAPHICS Administration tools is sufficient. Choose based on your requirement

Select Automatic unless you have a specific requirements of partitions

Enable Network to get IP from DHCP and Provide Hostname correctly at this page

Post Selection of all options, you will see below output

Reboot VM post installation

Note:

My Citrix VDI setup do not have proxy connectivity hence to install packages and dependencies, I need to mount YUM repository from locally mounted ISO which avoids internet connectivity for any RPM installations. Ignore YUM repository steps if VM able to connect internet

Steps to mount YUM repository locally

Mount the RHEL installation ISO to a directory like /mnt/disc, e.g.:
mkdir -p /mnt/disc
mount /dev/sr0 /mnt/disc

Create below directories to copy repositories

mkdir /home/BaseOS
mkdir /home/AppStream

Copy the media.repo file from the root of the mounted directory

cp -ivr /mnt/disc/BaseOS/* /home/BaseOS/

cp -ivr /mnt/disc/AppStream/* /home/AppStream/

Unmount /mnt/disc -> do after copying files

Delete files if any found under directory /etc/yum.repos.d/ and create the file vi /etc/yum.repos.d/local.repo

Note: you should have only local.repo file under /etc/yum.repos.d/
Copy and Paste the below text in local.repo

[BaseOS]
name = BaseOS
enabled = 1
gpgcheck = 0
baseurl = file:///home/BaseOS/
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[AppStream]
name = AppStream
enabled = 1
gpgcheck = 0
baseurl = file:///home/AppStream/
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

Save the changes by typing wq!

Clear the cache and check whether you can get the packages list from the DVD repo with below commands

yum clean all
yum repolist enabled

You should get below output

To disable Red Hat Subscription Management warning , edit below file and change enabled value to 0
vi /etc/yum/pluginconf.d/subscription-manager.conf

Install & Configure Linux Virtual Delivery Agent

Prerequisite for VDA: Dotnet runtime is required for VDA installation

URL:
https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-aspnetcore-6.0.3-linux-x64-binaries

Upload aspnetcore-runtime file to /root directory and execute below command to extract dotnet runtime
cd /root
mkdir dotnet
chmod 777 dotnet ( Note : command to change directory permissions)

Extract runtime to /root/dotnet with below comand

tar -xf aspnetcore-runtime-6.0.3-linux-x64.tar.gz -C /root/dotnet

Download “XenDesktopVDA-22.03.0.18-1.el8_x.x86_64” and upload XenDesktop VDA file to /tmp directory
Note: The version used is Linux Virtual Delivery Agent 2203 an DDC version is 2112

Run below command to install VDA

sudo yum -y localinstall XenDesktopVDA-22.03.0.18-1.el8_x.x86_64.rpm

Post installation of VDA, configure the VDA with below command

/opt/Citrix/VDA/sbin/ctxinstall.sh

Input below values during configuration
• Host name of the machine on which the Linux VDA is to be installed
• IP address of DNA
• IP address of NTP Server
• Domain name – The NetBIOS name of the domain
• Realm name – The Kerberos realm name (Note: Name should be in CAPITAL LETTERS)
• Fully Qualified Domain Name (FQDN) of the domain controller

While configuring VDA, it prompts for dotnet core runtime path, set the dotnet Core Runtime path as “/root/dotnet”

Note

• As my requirement is for graphics (GPU), here I selected “Y” HDX 3D pro. Select “N” if VDI do not require Graphics
• Linux multisession does not support “HDX 3D PRO” select “NO” if requirement is for multi session and no graphics card required.
• If HDX3D pro enabled then mandatorily NIVIDIA graphics drivers are to be installed else, while launching VDA grey screen appears because Linux by default search for graphics drivers

Cross verify the below Inputs before proceed further

Post VDA Installation and configuration. Need to check the below 2 services status
systemctl status ctxvda
systemctl status ctxhdx

NVIDIA Graphics Drivers installation & vGPU license assignment

Follow below steps, if VDI has requirement to enable Graphics else ignore the steps

Prerequisite for NVIDIA Guest drivers installation: Assign GPU or vGPU to VM

Upload the NVIDIA drivers (highlighted) to /root folder

Note: Upload 2 NVIDIA guest drivers(highlighted above) into /root folder

Install the below dependencies one by one before install of NVIDIA drivers
yum install elfutils-libelf-devel libglvnd-devel
yum install gcc
yum install gcc kernel-devel
yum install gcc kernel-headers

Once successfully installed. Install NVIDIA Package with below command

bash ./NVIDIA-Linux-x86_64-450.102.04-grid.run

Note: Without NVIDIA license server assignment, VDI functionality will be minimum hence map NVIDIA license server for complete functionality.

vGPU License Server Assignment on Linux

run below command to check license status

nvidia-smi –q

Ouptut before License server assignment

To provide NVIDIA License Server on Linux workstation, edit the file gridd.conf with below steps

cd /etc/nvidia/

Create new file “gridd.conf ” by using “gridd.conf.template” file
cp gridd.conf.template gridd.conf

Edit the /etc/nvidia/gridd.conf by vi editor with below highlighted values

ServerAddress=IP Address
ServerPort=7070
FeatureType=0
EnableUI=TRUE ( uncomment by removing #)

Stop & start nvidia service for license reflection

sudo nvidia-gridd stop
sudo nvidia-gridd start

Run command nvidia-smi –q to check license status and verify logs /var/logs/messages
If license not applied then restart VM.

Post License server assignment, you should get below output

Note: My use case is to create Machine Catalog with Unmanaged hence I created catalog and assigned VM’s directly to catalog. If your use case is to create Master Image and rollout VDI with MCS, follow below Citrix KB.

URL:https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-release/installation-overview/use-mcs-to-create-linux-vms.html

KB References

Quick installation by using easy install
XD Collect Traces
Streaming Linux target devices

Spreading users over multiple Azure file shares with FSLogix Profile Containers

March 30, 2022 / Ram Prasad

Inspired from https://james-rankin.com/articles/spreading-users-over-multiple-file-shares-with-fslogix-profile-containers/

Spreading-Users-over-multiple-shares Download

James Rankin blog script created based on free space criteria but our requirement is based on user count. Below is the snippet for your reference

<# This script created for spreading users over multiple file shares with FSLogix Profile Containers
With Ref https://james-rankin.com/articles/spreading-users-over-multiple-file-shares-with-fslogix-profile-containers/
Script customized as per Citrix VDI  requirement, Azure Subscription will be connected with User Assigned Managed Idenity(UAMI) and UAMI is assigned to Citrix Master Image.
Script is added in Task Scheduler of Master Image and Machine catalog is created with "Machine Profile" option so that all cloned VDI's get UAMI property #> 

# This script count the directories in each share and FSLOgix VHD location is added based on count retrieved. We took directories count as users count can not be measured.

# This Script also created to address the Azure File Handle limit which is 10k per share 

# This script fetches directories count from MULTIPLE AZURE FILE STORAGES AND MULTIPLE SHARES

########### Set TLS 1.2 ###########

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

########### Connect Using User Assigned Managed Identity (UAMI) ###########

Connect-AzAccount -Identity -AccountId <UAMI Client ID>

########### Provide Profile Storage Account Details ###########

# Provide "Profile Storage Account Name and Storage Resource Group Name"  else LEAVE BLANK values

$profilestorageaccount1 = ""        
$profilestorageaccount1RG = "" 
$profilestorageaccount1shares = @(
"profile1",
"profile2"
)
# Provide "Profile Storageaccount Shares FULL PATH" in above SHARES ORDER ONLY

$profilestorageaccount1sharesfullpath = @(
"\\<storageaccountname>.file.core.windows.net\profile1", 
"\\<storageaccountname>.file.core.windows.net\profile2"
)

# Provide "Profile Storage Account Name and Storage Resource Group Name"  else LEAVE BLANK values

$profilestorageaccount2 = ""
$profilestorageaccount2RG = ""
$profilestorageaccount2shares = @(
"profile3",
"profile4"
)
# Provide "Profile Storageaccount Shares FULL PATH" in above SHARES ORDER ONLY

$profilestorageaccount2sharesfullpath = @(
"\\<storageaccountname>.file.core.windows.net\profile3",
"\\<storageaccountname>c.file.core.windows.net\profile4"
)

# Provide "Profile Storage Account Name and Storage Resource Group Name"  else LEAVE BLANK values

$profilestorageaccount3 = ""        
$profilestorageaccount3RG = ""      
$profilestorageaccount3shares = @(
)
# Provide "Profile Storageaccount Shares FULL PATH" in above SHARES ORDER ONLY

$profilestorageaccount3sharesfullpath = @(
)

# Provide "Profile Storage Account Name and Storage Resource Group Name"  else LEAVE BLANK values

$profilestorageaccount4 = ""
$profilestorageaccount4RG = ""
$profilestorageaccount4shares = @(
)

# Provide "Profile Storageaccount Shares FULL PATH" in above SHARES ORDER ONLY

$profilestorageaccount4sharesfullpath = @(
)

# Provide "Profile Storage Account Name and Storage Resource Group Name"  else LEAVE BLANK values

$profilestorageaccount5 = ""
$profilestorageaccount5RG = ""
$profilestorageaccount5shares = @(
)
# Provide "Profile Storageaccount Shares FULL PATH" in above SHARES ORDER ONLY

$profilestorageaccount5sharesfullpath = @(
)


########### Provide Office Storage Account Details ###########

# Provide "Office Storage Account Name and Storage Resource Group Name"  else LEAVE BLANK values

$officestorageaccount1 = ""
$officestorageaccount1RG = ""
$officestorageaccount1shares = @(
"office1",
"office2"
)
# Provide "Office Storageaccount Shares FULL PATH" in above SHARES ORDER ONLY

$officestorageaccount1sharesfullpath = @(
"\\<storageaccountname>.file.core.windows.net\office1",
"\\<storageaccountname>.file.core.windows.net\office2"
)

# Provide "Office Storage Account Name and Storage Resource Group Name"  else LEAVE BLANK values

$officestorageaccount2 = ""
$officestorageaccount2RG = ""
$officestorageaccount2shares = @(
"office3",
"office4"
)
# Provide "Office Storageaccount Shares FULL PATH" in above SHARES ORDER ONLY

$officestorageaccount2sharesfullpath = @(
"\\<storageaccountname>.file.core.windows.net\office3",
"\\<storageaccountname>.file.core.windows.net\office4"
)

# Provide "Office Storage Account Name and Storage Resource Group Name"  else LEAVE BLANK values


$officestorageaccount3 = ""
$officestorageaccount3RG = ""
$officestorageaccount3shares = @(
)
# Provide "Office Storageaccount Shares FULL PATH" in above SHARES ORDER ONLY

$officestorageaccount3sharesfullpath = @(
)

# Provide "Office Storage Account Name and Storage Resource Group Name"  else LEAVE BLANK values

$officestorageaccount4 = ""
$officestorageaccount4RG = ""
$officestorageaccount4shares = @(
)
# Provide "Office Storageaccount Shares FULL PATH" in above SHARES ORDER ONLY

$officestorageaccount4sharesfullpath = @(
)

# Provide "Office Storage Account Name and Storage Resource Group Name"  else LEAVE BLANK values

$officestorageaccount5 = ""
$officestorageaccount5RG = ""
$officestorageaccount5shares = @(
)
# Provide "Office Storageaccount Shares FULL PATH" in above SHARES ORDER ONLY

$officestorageaccount5sharesfullpath = @(
)


########### Fetch the Directories in the Profile Shares ###########
$ProfileDirShareCount = @()
$profileorderedShares = @()

if($profilestorageaccount1shares.Count -gt 0)
{
    $i = 0
    $keys = Get-AzStorageAccountKey -ResourceGroupName $profilestorageaccount1RG -AccountName $profilestorageaccount1
    $value = $keys[0].Value
    $context = New-AzStorageContext -StorageAccountName $profilestorageaccount1 -StorageAccountKey $value

    foreach($sharename in $profilestorageaccount1shares)
    {
        $directories = Get-AzStorageFile -ShareName $sharename -Context $context
        $dircount = $directories.count
        $shareSpace = New-Object -TypeName psobject
        $path = $profilestorageaccount1sharesfullpath[$i]
        $sharespace | Add-Member -membertype NoteProperty -Name Share -value $path
        $sharespace | Add-Member -membertype NoteProperty -Name freespace -value $dircount
        $ProfileDirShareCount += $shareSpace
        $i = $i + 1
    }
}
if($profilestorageaccount2shares.Count -gt 0)
{
    $i = 0
    $keys = Get-AzStorageAccountKey -ResourceGroupName $profilestorageaccount2RG -AccountName $profilestorageaccount2
    $value = $keys[0].Value
    $context = New-AzStorageContext -StorageAccountName $profilestorageaccount2 -StorageAccountKey $value

    foreach($sharename in $profilestorageaccount2shares)
    {
        $directories = Get-AzStorageFile -ShareName $sharename -Context $context
        $dircount = $directories.count
        $shareSpace = New-Object -TypeName psobject
        $path = $profilestorageaccount2sharesfullpath[$i]
        $sharespace | Add-Member -membertype NoteProperty -Name Share -value $path
        $sharespace | Add-Member -membertype NoteProperty -Name freespace -value $dircount
        $ProfileDirShareCount += $shareSpace
        $i = $i + 1
    }
}
if($profilestorageaccount3shares.Count -gt 0)
{
    $i = 0
    $keys = Get-AzStorageAccountKey -ResourceGroupName $profilestorageaccount3RG -AccountName $profilestorageaccount3
    $value = $keys[0].Value
    $context = New-AzStorageContext -StorageAccountName $profilestorageaccount3 -StorageAccountKey $value

    foreach($sharename in $profilestorageaccount3shares)
    {
        $directories = Get-AzStorageFile -ShareName $sharename -Context $context
        $dircount = $directories.count
        $shareSpace = New-Object -TypeName psobject
        $path = $profilestorageaccount3sharesfullpath[$i]
        $sharespace | Add-Member -membertype NoteProperty -Name Share -value $path
        $sharespace | Add-Member -membertype NoteProperty -Name freespace -value $dircount
        $ProfileDirShareCount += $shareSpace
        $i = $i + 1
    }
}
if($profilestorageaccount4shares.Count -gt 0)
{
    $i = 0
    $keys = Get-AzStorageAccountKey -ResourceGroupName $profilestorageaccount4RG -AccountName $profilestorageaccount4
    $value = $keys[0].Value
    $context = New-AzStorageContext -StorageAccountName $profilestorageaccount4 -StorageAccountKey $value

    foreach($sharename in $profilestorageaccount4shares)
    {
        $directories = Get-AzStorageFile -ShareName $sharename -Context $context
        $dircount = $directories.count
        $shareSpace = New-Object -TypeName psobject
        $path = $profilestorageaccount4sharesfullpath[$i]
        $sharespace | Add-Member -membertype NoteProperty -Name Share -value $path
        $sharespace | Add-Member -membertype NoteProperty -Name freespace -value $dircount
        $ProfileDirShareCount += $shareSpace
        $i = $i + 1
    }
}
if($profilestorageaccount5shares.Count -gt 0)
{
    $i = 0
    $keys = Get-AzStorageAccountKey -ResourceGroupName $profilestorageaccount5RG -AccountName $profilestorageaccount5
    $value = $keys[0].Value
    $context = New-AzStorageContext -StorageAccountName $profilestorageaccount5 -StorageAccountKey $value

    foreach($sharename in $profilestorageaccount5shares)
    {
        $directories = Get-AzStorageFile -ShareName $sharename -Context $context
        $dircount = $directories.count
        $shareSpace = New-Object -TypeName psobject
        $path = $profilestorageaccount5sharesfullpath[$i]
        $sharespace | Add-Member -membertype NoteProperty -Name Share -value $path
        $sharespace | Add-Member -membertype NoteProperty -Name freespace -value $dircount
        $ProfileDirShareCount += $shareSpace
        $i = $i + 1
    }
}

$SortedProfileShares = $ProfileDirShareCount | Sort-Object freespace | select share
foreach ($item in $SortedProfileShares) {
    $profileorderedShares +=  $item.Share.ToString()
}


########### Fetch the Directories in the Office Shares ###########
$OfficeDirShareCount = @()
$officeorderedShares = @()

if($officestorageaccount1shares.Count -gt 0)
{
    $i = 0
    $keys = Get-AzStorageAccountKey -ResourceGroupName $officestorageaccount1RG -AccountName $officestorageaccount1
    $value = $keys[0].Value
    $context = New-AzStorageContext -StorageAccountName $officestorageaccount1 -StorageAccountKey $value

    foreach($sharename in $officestorageaccount1shares)
    {
        $directories = Get-AzStorageFile -ShareName $sharename -Context $context
        $dircount = $directories.count
        $shareSpace = New-Object -TypeName psobject
        $path = $officestorageaccount1sharesfullpath[$i]
        $sharespace | Add-Member -membertype NoteProperty -Name Share -value $path
        $sharespace | Add-Member -membertype NoteProperty -Name freespace -value $dircount
        $officeDirShareCount += $shareSpace
        $i = $i + 1
    }
}
if($officestorageaccount2shares.Count -gt 0)
{
    $i = 0
    $keys = Get-AzStorageAccountKey -ResourceGroupName $officestorageaccount2RG -AccountName $officestorageaccount2
    $value = $keys[0].Value
    $context = New-AzStorageContext -StorageAccountName $officestorageaccount2 -StorageAccountKey $value

    foreach($sharename in $officestorageaccount2shares)
    {
        $directories = Get-AzStorageFile -ShareName $sharename -Context $context
        $dircount = $directories.count
        $shareSpace = New-Object -TypeName psobject
        $path = $officestorageaccount2sharesfullpath[$i]
        $sharespace | Add-Member -membertype NoteProperty -Name Share -value $path
        $sharespace | Add-Member -membertype NoteProperty -Name freespace -value $dircount
        $officeDirShareCount += $shareSpace
        $i = $i + 1
    }
}
if($officestorageaccount3shares.Count -gt 0)
{
    $i = 0
    $keys = Get-AzStorageAccountKey -ResourceGroupName $officestorageaccount3RG -AccountName $officestorageaccount3
    $value = $keys[0].Value
    $context = New-AzStorageContext -StorageAccountName $officestorageaccount3 -StorageAccountKey $value

    foreach($sharename in $officestorageaccount3shares)
    {
        $directories = Get-AzStorageFile -ShareName $sharename -Context $context
        $dircount = $directories.count
        $shareSpace = New-Object -TypeName psobject
        $path = $officestorageaccount3sharesfullpath[$i]
        $sharespace | Add-Member -membertype NoteProperty -Name Share -value $path
        $sharespace | Add-Member -membertype NoteProperty -Name freespace -value $dircount
        $officeDirShareCount += $shareSpace
        $i = $i + 1
    }
}
if($officestorageaccount4shares.Count -gt 0)
{
    $i = 0
    $keys = Get-AzStorageAccountKey -ResourceGroupName $officestorageaccount4RG -AccountName $officestorageaccount4
    $value = $keys[0].Value
    $context = New-AzStorageContext -StorageAccountName $officestorageaccount4 -StorageAccountKey $value

    foreach($sharename in $officestorageaccount4shares)
    {
        $directories = Get-AzStorageFile -ShareName $sharename -Context $context
        $dircount = $directories.count
        $shareSpace = New-Object -TypeName psobject
        $path = $officestorageaccount4sharesfullpath[$i]
        $sharespace | Add-Member -membertype NoteProperty -Name Share -value $path
        $sharespace | Add-Member -membertype NoteProperty -Name freespace -value $dircount
        $officeDirShareCount += $shareSpace
        $i = $i + 1
    }
}
if($officestorageaccount5shares.Count -gt 0)
{
    $i = 0
    $keys = Get-AzStorageAccountKey -ResourceGroupName $officestorageaccount5RG -AccountName $officestorageaccount5
    $value = $keys[0].Value
    $context = New-AzStorageContext -StorageAccountName $officestorageaccount5 -StorageAccountKey $value

    foreach($sharename in $officestorageaccount5shares)
    {
        $directories = Get-AzStorageFile -ShareName $sharename -Context $context
        $dircount = $directories.count
        $shareSpace = New-Object -TypeName psobject
        $path = $officestorageaccount5sharesfullpath[$i]
        $sharespace | Add-Member -membertype NoteProperty -Name Share -value $path
        $sharespace | Add-Member -membertype NoteProperty -Name freespace -value $dircount
        $officeDirShareCount += $shareSpace
        $i = $i + 1
    }
}

$SortedOfficeShares = $OfficeDirShareCount | Sort-Object freespace | select share
foreach ($item in $SortedOfficeShares) {
    $officeorderedShares +=  $item.Share.ToString()
}

########### Remove the Existing VHDLocations Available ###########
$FSLogixProfilePath="HKLM:\software\FSLogix\Profiles"
$FSLogixODFCPath="HKLM:\SOFTWARE\Policies\FSLogix\ODFC"
$FSLogixKeyName="VHDLocations"
if ((get-item -path $FSLogixProfilePath).GetValue($FSLogixKeyName) -ne $null) {
        Remove-itemProperty -path $FSLogixProfilePath -Name $FSLogixKeyName -force
} else {
        # do nothing, no key to delete
}
if ((get-item -path $FSLogixODFCPath).GetValue($FSLogixKeyName) -ne $null) {
        Remove-itemProperty -path $FSLogixODFCPath -Name $FSLogixKeyName -force
} else {
        # do nothing, no key to delete
}
########### Adding New VHDLocation for Profile ###########

### Reason for changing VHDLocation property type to Multi string value is because  that FSLogix need to searches the user profile in all shares hence to keep all shares , regkey should be Mutistring

New-ItemProperty $FSLogixProfilePath -Name $FSLogixKeyName -Value $profileorderedShares -PropertyType MultiString -Force

########### Adding New VHDLocation for Office ###########


New-ItemProperty $FSLogixODFCPath -Name $FSLogixKeyName -Value $officeorderedShares -PropertyType MultiString -Force


########### Write OutPut ###########

$folderPath="C:\Temp"

$ProfileDirShareCount | Export-csv -Path "$folderPath\Profile_Shareleastlog_$((Get-Date).ToString('MM-dd-yyyy_hh-mm-ss')).csv" -NoTypeInformation
$OfficeDirShareCount | Export-csv -Path "$folderPath\Office_Shareleastlog_$((Get-Date).ToString('MM-dd-yyyy_hh-mm-ss')).csv" -NoTypeInformation

FSLogix User profile deletion from Azure file shares

March 30, 2022 / Ram Prasad

Below script is used to delete user profiles based on user logon names


# Delete the Files in Azure file share by taking input value GPN(logon) which is provided in CSV

### Az.Accounts, Az.Resources & Az.Storage modules are required to execute the script.

# To Set TLS1.2

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12  

$path="C:\Temp" ### Path for input & output files

$NTRUsers=Import-Csv $path\NTRUsersGPN.csv # Input File with UserLogonNames

write-host "NTRUsersGPN Count = $($NTRUsers.Count)"

## Connect Azure Subscription with your own method

# Connect-AzAccount -AccessToken 



#FileShare Details from which the user profiles needs to removed

$StorageAccountName="<Name>"
$fileShareName="<Share Name" # Only one fileshare at a time, to avoid the deletion of profiles in different shares.
$ResourceGroup = (Get-AzResource -Name $StorageAccountName).ResourceGroupName
$Key = Get-AzStorageAccountKey -ResourceGroupName $ResourceGroup -Name $StorageAccountName
$context=New-AzStorageContext -StorageAccountName $StorageAccountName -StorageAccountKey $Key[1].Value

$finalResult=@()
$FilesDirectory=Get-AzStorageFile -Context $context -ShareName $fileShareName 
write-host "FilesDirectory Count = $($FilesDirectory.Count)"

$i=1
foreach($FilesD in $FilesDirectory)
{
    foreach($NTRUser in $NTRUsers)
    {
        if($FilesD.Name -cmatch $NTRUser.UserGPN)
        {
            try
            {
                $Files=$FilesD|Get-AzStorageFile
                foreach($File in $Files)
                {
                    Remove-AzStorageFile -Context $context -ShareName $fileShareName -Path $File.ShareFileClient.Path
                }
                Remove-AzStorageDirectory -Context $context -ShareName $fileShareName -Path $FilesD.Name

                $obj=""|select User,Directory,Status
                $obj.User=$NTRUser.UserGPN
                $obj.Directory=$FileD.Name
                $obj.Status="Success"
                $finalResult+=$obj
            }
            catch
            {
                $obj=""|select User,Directory,Status
                $obj.User=$NTRUser.UserGPN
                $obj.Directory=$FileD.Name
                $obj.Status=$_.Exception.Message
                $finalResult+=$obj
            }         
        }
    }
    $i=$i+1
}

$finalResult | Export-Csv -Path "$path\$($fileShareName)FileSharesDeleteOutput.csv" -Append -Force -NoTypeInformation

NTFS Permission on Assignment on User profile shares

March 30, 2022 / Ram Prasad

Below script used to assign NTFS permissions( List,Read,Traverse, Create/Append) for FSlogix user profiles, it provides users not to access other folders

#Below script used to assign NTFS permissions( List,Read,Traverse, Create/Append)  for FSlogix user profiles, it provides users not to access other folders
# User Groups/Users are given in input file , Keep Heading(top) GROUPS and provide groupnames under that
# Input your Storage account name and Domain Name in below script

# Whoever runs the below code, he should have full admin privilege

$permission = ":(X,RD,AD,RC)"


$Lists = Import-csv -Path "C:\temp\devgroups.csv"  #group Accounts


$shares = "<Share Name 1>,<Share Name 2>"

$sharelist = $shares.Split(",")

foreach($share in $sharelist)

 {
    $share
    $shrpath=\\<storageAccountName>.file.core.windows.net\$share

    
    foreach($list in $lists)
    {
     $UserName = $list.groups

           
        Invoke-Expression -Command ('icacls $shrpath /grant "<Domain Name>\${UserName}${permission}"')
    }
}

User Profile Migration – Citrix UPM to FSLogix Profiles

December 26, 2021 / Ram Prasad

We had a requirement to migrated 8000+ Citrix User UPM profiles across globe to FSLogix Profiles (.VHDX) as customer wanted to move from Citrix to AVD. This was a very challenging requirement due to new experience

#Below Script used to convert UPM Profile Path to FSlogix profile path by retaining NTFS Permissions
# Fslogix Root profile path
$newprofilepath = "\\<StorageAccountName>.file.core.windows.net\<ShareName>" 
# UPM Root profile path
$oldprofilepath = "<Profile Share Path>" # Provide UPM Profile Path
$newusers = @()
ForEach ($user in(gc "C:\temp\users.txt")) {
$path = $oldprofilepath + $user
if(Test-Path -Path $path){
$newusers += $user    
}
else{
Write-Output "$user does not exist"
}
}
ForEach ($user in $newusers) {
# Subfolder 1 - First Path to UPM_Profile Folder in UPM Profiles
$subfolder1 = ""
# Subfolder 2 - First Path to UPM_Profile Folder in UPM Profiles
#$subfolder2 =
$sam = "$user"
Start-Sleep -s 10
######################################################
$iniownr = (Get-Acl (Get-ChildItem "C:\temp\$sam" -force -Recurse ).FullName).Owner
takeown /f $sam /r /d y
Start-Sleep -s 10
icacls "C:\Temp\$sam" /grant zs_wvd_prod:f /q /c /t
#####################################################
Start-Sleep -s 10
#########################################################################################
# Do not edit here
#########################################################################################
$old = $oldprofilepath + $sam + $subfolder1;
$sid = (New-Object System.Security.Principal.NTAccount($sam)).translate([System.Security.Principal.SecurityIdentifier]).Value
$regtext = "Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$sid]
`"ProfileImagePath`"=`"C:\\Users\\$sam`"
`"FSL_OriginalProfileImagePath`"=`"C:\\Users\\$sam`"
`"Flags`"=dword:00000000
`"State`"=dword:00000000
`"ProfileLoadTimeLow`"=dword:00000000
`"ProfileLoadTimeHigh`"=dword:00000000
`"RefCount`"=dword:00000000
`"RunLogonScriptSync`"=dword:00000000
"
$nfolder = join-path $newprofilepath ($sid+"_"+$sam)
if (!(test-path $nfolder)) {New-Item -Path $nfolder -ItemType directory | Out-Null}
#& icacls $nfolder /setowner "$env:userdomain\$sam" /T /C
#& icacls $nfolder /grant $env:userdomain\$sam`:`(OI`)`(CI`)F /T
& icacls $nfolder /grant $sam`:`(OI`)`(CI`)F /T
$vhd = Join-Path $nfolder ("Profile_"+$sam+".vhdx")
$script1 = "create vdisk file=`"$vhd`" maximum 30720 type=expandable"
$script2 = "sel vdisk file=`"$vhd`"`r`nattach vdisk"
$script3 = "sel vdisk file=`"$vhd`"`r`ncreate part prim`r`nselect part 1`r`nformat fs=ntfs quick"
$script4 = "sel vdisk file=`"$vhd`"`r`nsel part 1`r`nassign letter=T"
$script5 = "sel vdisk file`"$vhd`"`r`ndetach vdisk"
$script6 = "sel vdisk file=`"$vhd`"`r`nattach vdisk readonly`"`r`ncompact vdisk"
if (!(test-path $vhd)) {
$script1 | diskpart
$script2 | diskpart
Start-Sleep -s 5
$script3 | diskpart
$script4 | diskpart
& label T: Profile-$sam
New-Item -Path T:\Profile -ItemType directory | Out-Null
start-process icacls "T:\Profile /setowner SYSTEM"
Start-Process icacls -ArgumentList "T:\Profile /inheritance:r"
$cmd1 = "T:\Profile /grant $env:userdomain\$sam`:`(OI`)`(CI`)F"
Start-Process icacls -ArgumentList "T:\Profile /grant SYSTEM`:`(OI`)`(CI`)F"
Start-Process icacls -ArgumentList "T:\Profile /grant Administrators`:`(OI`)`(CI`)F"
Start-Process icacls -ArgumentList $cmd1
} else {
$script2 | diskpart
Start-Sleep -s 5
$script4 | diskpart
}
"Copying $old to $vhd"
& robocopy $old T:\Profile /MIR /r:0 | Out-Null
if (!(Test-Path "T:\Profile\AppData\Local\FSLogix")) {
New-Item -Path "T:\Profile\AppData\Local\FSLogix" -ItemType directory | Out-Null
}
if (!(Test-Path "T:\Profile\AppData\Local\FSLogix\ProfileData.reg")) {$regtext | Out-File "T:\Profile\AppData\Local\FSLogix\ProfileData.reg" -Encoding ascii}
$script5 | diskpart

############################################################
Start-Sleep -s 10
icacls "C:\Temp\$sam" /grant $iniownr:f /q /c /t


}

Azure Virtual Machine Orphaned Resources Deletion Script

December 26, 2021 / Ram Prasad

Post Virtual Machine Deletion in Azure, few resources like Disk,NICs,NSG,Public IP etc.. will remain exists so use below script to cleanup all these orphaned resources

## Gather orphaned resources details using below link and use below script to delete all orphaned resources
https://github.com/scautomation/AzureResourceGraph-Examples/blob/master/resourceQueries/Orphaned%20Resources/OrphanedResource.MD

##########################DeleteOrphanedDisk##########################
$csv = Import-Csv "disk.csv" #name of csv file 

$filetim = (Get-Date).tostring("dd-MM-yyyy-hh-mm")
$Logfile = "log-deletedisk-$filetim.log"

Function LogWrite
{
   Param ([string]$logstring)

 

   Add-content $Logfile -value $logstring
}
Start-Transcript -Path $Logfile
Stop-Transcript

LogWrite " "
LogWrite " "
LogWrite "***** LogFile *****"
LogWrite " "
LogWrite " "

$csv | ForEach-Object {

$diskname = $_.NAME
$state = $_.DISKSTATE
$resourcegroup = $_.RESOURCEGROUP
$location = $_.LOCATION

if($state -like "Unattached")
{

$tim = (Get-Date).tostring("dd-MM-yyyy-hh:mm:ss")
LogWrite "$tim    -    Deleting disk $diskname in $resourcegroup of Location - $location"
Write-Host -ForegroundColor Cyan "Deleting Disk $diskname in $resourcegroup of Location - $location"
Remove-AzDisk -ResourceGroupName $resourcegroup -DiskName $diskname -Force
}
else
{
Write-Host -ForegroundColor Red "Failed to delete the disk $diskname in $resourcegroup of Location - $location since it is Attached" 
$tim = (Get-Date).tostring("dd-MM-yyyy-hh:mm:ss")
LogWrite "$tim    -   Failed to delete the disk $diskname in $resourcegroup of Location - $location since it is Attached"

}
}
#####################################################################
##########################DeleteOrphanedNICs##########################
$csv = Import-Csv "nic.csv" #name of csv file 

$filetim = (Get-Date).tostring("dd-MM-yyyy-hh-mm")
$Logfile = "log-$filetim.log"

Function LogWrite
{
   Param ([string]$logstring)

 

   Add-content $Logfile -value $logstring
}

Start-Transcript -Path $Logfile
Stop-Transcript

LogWrite " "
LogWrite " "
LogWrite "***** LogFile *****"
LogWrite " "
LogWrite " "

$csv | ForEach-Object {

$nicname = $_.NAME
$resourcegroup = $_.RESOURCEGROUP
$location = $_.LOCATION

$tim = (Get-Date).tostring("dd-MM-yyyy-hh:mm:ss")
LogWrite "$tim    -    Deleting NIC $nicname in $resourcegroup of Location - $location"
Write-Host -ForegroundColor Cyan "Deleting NIC $nicname in $resourcegroup of Location - $location"

Remove-AzNetworkInterface -Name $nicname -ResourceGroup $resourcegroup -Force

}
#####################################################################
##########################DeleteOrphanedNSGs#########################
$csv = Import-Csv "nsg.csv" #name of csv file 

$filetim = (Get-Date).tostring("dd-MM-yyyy-hh-mm")
$Logfile = "log-deleteNSG-$filetim.log"

Function LogWrite
{
   Param ([string]$logstring)

   Add-content $Logfile -value $logstring
}

Start-Transcript -Path $Logfile
Stop-Transcript

LogWrite " "
LogWrite " "
LogWrite "***** LogFile *****"
LogWrite " "
LogWrite " "

$csv | ForEach-Object {

$nsgname = $_.RESOURCE
$resourcegroup = $_.RESOURCEGROUP
$location = $_.LOCATION

$tim = (Get-Date).tostring("dd-MM-yyyy-hh:mm:ss")
LogWrite "$tim    -    Deleting NSG $nsgname in $resourcegroup of Location - $location"
Write-Host -ForegroundColor Cyan "Deleting NSG $nsgname in $resourcegroup of Location - $location"

Remove-AzNetworkSecurityGroup -Name $nsgname -ResourceGroup $resourcegroup -Force

}
#####################################################################
##########################DeleteOrphanedPiP##########################
$csv = Import-Csv "pip.csv" #name of csv file 

$filetim = (Get-Date).tostring("dd-MM-yyyy-hh-mm")
$Logfile = "log-deletePIP-$filetim.log"

Function LogWrite
{
   Param ([string]$logstring)

   Add-content $Logfile -value $logstring
}

Start-Transcript -Path $Logfile
Stop-Transcript

LogWrite " "
LogWrite " "
LogWrite "***** LogFile *****"
LogWrite " "
LogWrite " "

$csv | ForEach-Object {

$pipname = $_.NAME
$resourcegroup = $_.RESOURCEGROUP
$location = $_.LOCATION

$tim = (Get-Date).tostring("dd-MM-yyyy-hh:mm:ss")
LogWrite "$tim    -    Deleting Public IP $pipname in $resourcegroup of Location - $location"
Write-Host -ForegroundColor Cyan "Deleting Public IP $pipname in $resourcegroup of Location - $location"

Remove-AzPublicIpAddress -Name $pipname -ResourceGroupName $resourcegroup -Force

}
#####################################################################

FSLogix User Profile Size Reports

December 25, 2021 / Ram Prasad

Below script used to fetch FSLogix User Profile Size Report with Az Commands

#TLS Enablement

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

# Script fetch details with Azure storage commands

$StorageAccountName="storage account Name" # Dont include file.core.windowsnet, just give storage account name
$fileShares="profile2","profile3","profile4","profile5","profile6"
$ResourceGroup = (Get-AzResource -Name $StorageAccountName).ResourceGroupName
$Key = Get-AzStorageAccountKey -ResourceGroupName $ResourceGroup -Name $StorageAccountName
$context=New-AzStorageContext -StorageAccountName $StorageAccountName -StorageAccountKey $Key[1].Value

$finalResult=@()
foreach($fileShare in $fileShares)
{
    $Files=Get-AzStorageFile -Context $context -ShareName $fileShare | Get-AzStorageFile
    write-host "$($fileShare) Count = $($Files.Count)"
    $i=1
    $Files | ForEach-Object{
    Write-Host "Executing File $i"
    $File=$_.ShareFileClient.Path
    #$FileDetails=Get-AzStorageFile -Context $context -ShareName $fileShareName -Path $File
    #$obj=""|select UserGPN,UserSID,File,SizeInMB,LastModified
    $obj=""|select FileShare,UserGPN,UserSID,File,SizeInMB
    $obj.FileShare=$fileShare
    $obj.UserGPN=($File.Split("/")[0]).Split("_")[0]
    $obj.UserSID=($File.Split("/")[0]).Split("_")[1]
    $obj.File=$_.Name
    $obj.SizeInMB=$_.Length/1024/1024
    #$obj.LastModified=$FileDetails.LastModified
    $finalResult+=$obj
    $i=$i+1
    }
}

$finalResult | Export-Csv -Path C:\Temp\$StorageAccountName"_ProfileSizes_$(get-date -Format yyyyMMdd_hhmmss)".csv -NoTypeInformation

Below script used to fetch FSLogix User Profile Size Report after mapping Azure file share as a Network Drive

Firstly, Map the Azure file share as Mapped Drive and execute below script


$Date = Get-Date -Format dd-MM-yyyy
$FSLogixShareUsers = Get-ChildItem -Recurse -Path "\\<StorageAccountName>.core.windows.net\<Share Name>" | Where-Object {$_.Name -like "*.VHDX"}
ForEach($User in $FSLogixShareUsers){
    $Username = ($User.Name).Split('_')[1] | ForEach{$_.SubString(0,$_.length-5)}
    $Profile = ($User.Length | Measure-Object -Sum).Sum /1GB | Out-String
    $ProfileSize = $Profile | ForEach{$_.SubString(0,$_.Length-8)+"GB"}
    $Report = New-Object PSObject # Creates a Custom Report #
    $Report | Add-Member -MemberType NoteProperty -Name Username -Value $Username
    $Report | Add-Member -MemberType NoteProperty -Name ProfileSize -Value $ProfileSize
    $Report | Export-Csv -NoTypeInformation -Append -Path ('C:\reports\FSLogix_Share_Report_profilecontainer'+$Date+'.csv')
}
$FSLogixShare = ((Get-ChildItem -Recurse -Path "\\<StorageAccountName>.core.windows.net\<Share Name>" | Where-Object {$_.Name -like "*.VHDX"} | Measure-Object Length -Sum).Sum /1GB) | Out-String
$FSLogixShareSize = $FSLogixShare.Split('.')[0]+"GB"

FSLogix User Profile Migration – Azure Files- Within a Azure region

December 25, 2021 / Ram Prasad

Below script is used to migrate the user profiles between two different storage accounts in a single region.

# This script created to move FSlogix user profiles from one storage account to another in same region.
# In CSV input file, userlogon name is taken . Script searches with logon name in storage and move to Destination storage

Set-Location "C:\Migration" #set the path where azopy exists 

#Provide the input file with Logon Names

$Lists = Import-csv -Path "C:\Migration\profile4input.csv" 

$source = "//<storageaccountname>.file.core.windows.net/<Share Name>"
$sourceSas = "<SAS Key>"


$destination = "//<storageaccountname>.file.core.windows.net/<Share Name>"
$destinationSas = "<SAS Key>"
$items = Get-ChildItem -Path $source

$report = @()
foreach($item in $items){
    
    $itemName = $item.Name
    foreach($list in $lists){
        
        $UserName = $list.Users
        if($itemName -cmatch $UserName){
        
            #azcopy
           $SourceFullPath = "https:$source/$itemName$sourceSas"
           $destinationFullPath = "https:$destination$destinationSas"
           $output = ./azcopy.exe copy $SourceFullPath $destinationFullPath --overwrite=true --preserve-smb-permissions=true --preserve-smb-info=false --recursive --trusted-microsoft-suffixes= --log-level=INFO;
           
           $output

           $No_Of_files_Transferred = $output[-9].split(":")[-1]         
           $No_of_Folder_Property_Transfers = $output[-8].split(":")[-1]
           $Total_No_of_Transfers = $output[-7].split(":")[-1]
           $No_of_Transfers_Completed = $output[-6].split(":")[-1]
           $No_of_Transfers_Failed = $output[-5].split(":")[-1]
           $No_of_Transfers_Skipped = $output[-4].split(":")[-1]
           $TotalBytesTransferred = $output[-3].split(":")[-1]
           $Final_Job_Status = $output[-2].split(":")[-1]
           $report += @{
                UserId = $UserName;
                No_Of_files_Transferred = $No_Of_files_Transferred;
                No_of_Folder_Property_Transfers = $No_of_Folder_Property_Transfers;
                Total_No_of_Transfers = $Total_No_of_Transfers;
                No_of_Transfers_Completed = $No_of_Transfers_Completed;
                No_of_Transfers_Failed = $No_of_Transfers_Failed;
                No_of_Transfers_Skipped = $No_of_Transfers_Skipped;
                TotalBytesTransferred = $TotalBytesTransferred;
                Final_Job_Status = $Final_Job_Status
  
                    }
                   
        }

    }
}
$json = @{Profile = $report}| ConvertTo-Json
($JSONData = $json | ConvertFrom-Json)
$JSONData.profile | Export-Csv -Path "C:\Migration\profile4outputlog_16aug21.csv" -Append -NoTypeInformation

Unable to install Azure/NuGet provider for PowerShell Modules

December 25, 2021 / Ram Prasad

Thanks to Ali Tajran for helping below content

We need to install the Azure PowerShellGet module. The problem is that we are unable to install NuGet provider and a couple of errors are showing. Warning unable to download from URI, unable to download the list of available providers. After the errors, it did not install. In this article, you will learn why this is happening and the solution for installing NuGet provider for PowerShell.

Install-Module Az.Accounts

Based on above error, tried below commands to install NuGet Provider for Powershell

Run PowerShell as administrator. Run the command Install-Module PowershellGet -Force. When asked to install NuGet provider, press Y and follow with Enter.

After pressing Y and follow with Enter, the output is giving us the following warnings.

WARNING: Unable to download from URI.
WARNING: Unable to download the list of available providers. Check your internet connection.
Unable to find package provider ‘NuGet’. It may not be imported yet.

OR , you will not able t

Why are we getting this error and what is the solution for unable to install and download NuGet provider?

Find PowerShell version

Find the PowerShell version that is running on the system. We are going to use the Get-Host cmdlet in Windows Server 2016.

Check Transport Layer Security protocols

PowerShell 5.1 enables SSL 3.0 and TLS 1.0 for secure HTTP connections by default. Let’s confirm that with the next step.

Check the supported security protocols on the system.

[PS] C:\>[Net.ServicePointManager]::SecurityProtocol
Ssl3, Tls

As we can see, the security protocols defined in the system are SSL 3.0 and TLS 1.0. Both of the security protocols are deprecated.

Follow below steps to resolve the above error

First, check the SSL version with below command

Solution for unable to install NuGet provider for PowerShell

Now that we gathered all the information, we are going to enable TLS 1.2 on the system. Run both cmdlets to set .NET Framework strong cryptography registry keys. After that, restart PowerShell and check if the security protocol TLS 1.2 is added

The first cmdlet is to set strong cryptography on 64 bit .Net Framework (version 4 and above).

Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Wow6432Node\Microsoft.NetFramework\v4.0.30319’ -Name ‘SchUseStrongCrypto’ -Value ‘1’ -Type Dword

The second cmdlet is to set strong cryptography on 32 bit .Net Framework (version 4 and above).

Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft.NetFramework\v4.0.30319’ -Name ‘SchUseStrongCrypto’ -Value ‘1’ -Type Dword

Restart Powershell and check for supported security protocols.

Run again Install-Module Az.Accounts

Post installation, Import Modules ( Installed Modules can be seen in C:\Program Files\WindowsPowerShell\Modules)

Similarly do for Azure storage modules

Conclusion:

In this article, we learned why we are unable to install Azure &NuGet provider for PowerShell. The solution to this problem is configuring TLS1.2 or higher on the system. After that, you can install NuGet & Azure Modules for PowerShell

What is Azure Files Storage? Step by Step process to join to Domain

December 25, 2021 / Ram Prasad

What is Azure Files?

Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol or Network File System (NFS) protocol. Azure Files file shares can be mounted concurrently by cloud or on-premises deployments. SMB Azure file shares are accessible from Windows, Linux, and macOS clients. NFS Azure Files shares are accessible from Linux or macOS clients. Additionally, SMB Azure file shares can be cached on Windows Servers with Azure File Sync for fast access near where the data is being used

Why would I use an Azure file share versus Azure Blob storage for my data?

Azure Files and Azure Blob storage both offer ways to store large amounts of data in the cloud, but they are useful for slightly different purposes.
Azure Blob storage is useful for massive-scale, cloud-native applications that need to store unstructured data. To maximize performance and scale, Azure Blob storage is a simpler storage abstraction than a true file system. You can access Azure Blob storage only through REST-based client libraries (or directly through the REST-based protocol).

Azure Files is specifically a file system. Azure Files has all the file abstracts that you know and love from years of working with on-premises operating systems. Like Azure Blob storage, Azure Files offers a REST interface and REST-based client libraries. Unlike Azure Blob storage, Azure Files offers SMB or NFS access to Azure file shares. File shares can be mounted directly on Windows, Linux, or macOS, either on-premises or in cloud VMs, without writing any code or attaching any special drivers to the file system. You also can cache Azure SMB file shares on on-premises file servers by using Azure File Sync for quick access, close to where the data is used.

For a more in-depth description on the differences between Azure Files and Azure Blob storage, see Introduction to the core Azure Storage services. To learn more about Azure Blob storage, see Introduction to Blob storage.

Azure Files Connectivity options

We have some different connectivity options available to us depending on whether we’re accessing our file shares either internally or externally. In this context, accessing it internally or externally implies the Azure region where our storage account exists, where the file share exists.

• Internal connectivity: This implies that the clients accessing the file share are within the Azure cloud itself. Here we have the ability to use REST, SMB 2.1 and SMB 3.0.

• External connectivity: In this scenario, the client machines accessing the file shares are located in a different cloud environment or could also reside on premises. We only have the option of using REST and SMB 3.0 in this case because SMB 2.1 doesn’t provide the encryption which is required for connecting externally to ensure the safety of the data.

In terms of security, data encrypted at rest by default within our storage accounts and we have access to secure data transfer over HTTPS for data that is in transit. This allows us to protect our data, whether it’s at rest or in transit inside of our Azure Files.

Creating an Azure File Share
Prerequisites

Create a storage account
Traditional AD environment synchronized to Azure AD with Azure AD Connect
Account credentials to perform the steps below to create a computer account in an existing Active Directory environment to connect with Azure Files.
Permissions to create the storage account

Before you can work with an Azure file share, you have to create an Azure storage account. A general-purpose v2 storage account provides access to all of the Azure Storage services: blobs, files, queues, and tables.

As I have a requirement for Premium, below screenshots are provided with Premium Type and note that options may vary based on selection of storage account type.

Storage Accounts ->Create New

In above screenshot, I selected Performance Type as “Standard”. In case, if you have a requirement for Premium file Type then options will be displayed as below

Click Next (Default options)

Under Networking ->Create Private Endpoint (best practice)

Click Next (Default Options)

Click Next and validate to create

Enable AD DS authentication & Authorization for your Azure file shares -> Onpremises AD DS Authentication

Azure Files supports identity-based authentication over Server Message Block (SMB) through two types of Domain Services: on-premises Active Directory Domain Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS). We strongly recommend you to review the How it works section to select the right domain service for authentication. The setup is different depending on the domain service you choose.

Supported scenarios and restrictions

• AD DS Identities used for Azure Files on-premises AD DS authentication must be synced to Azure AD. Password hash synchronization is optional.
• Supports Azure file shares managed by Azure File Sync.
• Supports Kerberos authentication with AD with RC4-HMAC and AES 256 encryption. AES 256 encryption support is currently limited to storage accounts with names <= 15 characters in length. AES 128 Kerberos encryption is not yet supported.
• Supports single sign-on experience.
• Only supported on clients running on OS versions newer than Windows 7 or Windows Server 2008 R2.
• Only supported agains