Final Acrolinx fixes?

Author: wmgries

articles/storage/files/storage-files-identity-ad-ds-update-password.md

@@ -12,7 +12,7 @@ recommendations: false
 # Update the password of your storage account identity in AD DS
 When you domain join your storage account in your Active Directory Domain Services (AD DS), you create an AD principal, either a computer account or service account, with a password. The password of the AD principal is one of the Kerberos keys of the storage account. Depending on the password policy of the organization unit of the AD principal, you must periodically rotate the password of the AD principal to avoid authentication issues. Failing to change the password before it expires could result in losing Kerberos authentication to your Azure file shares. Some AD environments may also delete of the AD principals with expired passwords using automated cleanup.
 
-Instead of periodically rotating the password, you can also place the AD principal that represents the storage account into an organizational unit that does not require password rotation.
+Instead of periodically rotating the password, you can also place the AD principal that represents the storage account into an organizational unit that doesn't require password rotation.
 
 There are two options for triggering password rotation. You can use the `AzFilesHybrid` module or Active Directory PowerShell. Use one method, not both.
 
@@ -31,8 +31,11 @@ There are two options for triggering password rotation. You can use the `AzFiles
 | Microsoft.Storage | Pay-as-you-go | HDD (standard) | GeoZone (GZRS) | ![Yes](../media/icons/yes-icon.png) | ![No](../media/icons/no-icon.png) |
 
 ## Option 1: Use AzFilesHybrid module
+To regenerate and rotate the password of the AD principal that represents the storage account, use the `Update-AzStorageAccountADObjectPassword` cmdlet from the [AzFilesHybrid module](https://github.com/Azure-Samples/azure-files-samples/releases). To execute `Update-AzStorageAccountADObjectPassword`, you must:
 
-You can run the `Update-AzStorageAccountADObjectPassword` cmdlet from the [AzFilesHybrid module](https://github.com/Azure-Samples/azure-files-samples/releases). You must run this command in an on-premises AD DS-joined environment by a [hybrid identity](../../active-directory/hybrid/whatis-hybrid-identity.md) with owner permission to the storage account and AD DS permissions to change the password of the identity that represents the storage account. The command performs actions similar to storage account key rotation. Specifically, it regenerates the second Kerberos key of the storage account and then uses it to update the password of the registered account in AD DS. 
+- Run the cmdlet from a domain joined client.
+- Have the owner permission on the storage account. 
+- Have AD DS permissions to change the password of the AD principal that represents the storage account.
 
 ```PowerShell
 # Update the password of the AD DS account registered for the storage account