Document Details

Storage Files Identity Multiple Forests
Home / Scan #41 / Storage Files Identity Multiple Forests
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
windows_tools
powershell_heavy
missing_linux_example
Summary
The documentation is heavily oriented toward Windows environments, with all examples, tools, and instructions assuming the use of Windows-based systems and Active Directory management consoles. There are no Linux or cross-platform instructions for managing trusts, mounting SMB shares, or configuring permissions. All command-line examples use Windows tools (icacls, net use, klist, setspn), and PowerShell is referenced for AD queries and sync operations. There is no mention of Linux equivalents or how to perform these tasks from non-Windows clients.
Recommendations
  • Provide equivalent instructions and examples for Linux environments, such as using Samba tools (e.g., smbclient, mount.cifs) for mounting SMB shares and managing permissions.
  • Include guidance on managing Active Directory trusts and DNS from Linux-based AD management tools or via command-line utilities where possible.
  • Offer examples of how to validate Kerberos tickets and credentials on Linux (e.g., using klist, kinit, or realm commands).
  • Clarify any limitations or requirements for Linux clients accessing Azure Files with AD authentication in multi-forest scenarios.
  • If certain features are only supported on Windows, explicitly state this and provide workarounds or alternatives for Linux users.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Clean Clean
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2025-08-19 00:01 #85 completed Clean Clean
2025-07-13 21:37 #48 completed Biased Biased
2025-07-12 23:44 #41 cancelled Biased Biased

Flagged Code Snippets

   net use <driveletter> \\storageaccount.file.core.windows.net\sharename /user:AZURE\<storageaccountname> <storageaccountkey>
   
Client: onprem1user @ ONPREMAD1.COM
Server: cifs/onprem2sa.file.core.windows.net @ ONPREMAD2.COM
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a10000 -> forwardable renewable pre_authent name_canonicalize
Start Time: 11/22/2022 18:45:02 (local)
End Time: 11/23/2022 4:45:02 (local)
Renew Time: 11/29/2022 18:45:02 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
Cache Flags: 0x200 -> DISABLE-TGT-DELEGATION
Kdc Called: onprem2.onpremad2.com

   setspn -s cifs/<storage-account-name>.<DomainDnsRoot> <storage-account-name>
   
Client: onprem2user @ ONPREMAD2.COM
Server: krbtgt/ONPREMAD2.COM @ ONPREMAD2.COM
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40e10000 -> forwardable renewable pre_authent name_canonicalize
Start Time: 11/22/2022 18:46:35 (local)
End Time: 11/23/2022 4:46:35 (local)
Renew Time: 11/29/2022 18:46:35 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
Cache Flags: 0x1 -> PRIMARY
Kdc Called: onprem2

Client: onprem2user @ ONPREMAD2.COM    
Server: cifs/onprem1sa.file.core.windows.net @ ONPREMAD1.COM
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a10000 -> forwardable renewable pre_authent name_canonicalize
Start Time: 11/22/2022 18:46:35 (local)
End Time: 11/23/2022 4:46:35 (local)
Renew Time: 11/29/2022 18:46:35 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
Cache Flags: 0x200 -> DISABLE-TGT-DELEGATION
Kdc Called: onpremad1.onpremad1.com