Merge pull request #245074 from khdownie/kendownie071423-2

prmerger-automator[bot] · web-flow · commit 161d690a5518 · 2023-07-14T23:07:47.000Z
required perms to change to aes256
diff --git a/articles/storage/files/storage-files-identity-ad-ds-enable.md b/articles/storage/files/storage-files-identity-ad-ds-enable.md
@@ -196,7 +196,7 @@ Set-AzStorageAccount `
 To enable AES-256 encryption, follow the steps in this section. If you plan to use RC4 encryption, skip this section.
 
 > [!IMPORTANT]
-> In order to enable AES-256 encryption, the domain object that represents your storage account must be a computer account (default) or service logon account in the on-premises AD domain. If your domain object doesn't meet this requirement, delete it and create a new domain object that does.
+> In order to enable AES-256 encryption, the domain object that represents your storage account must be a computer account (default) or service logon account in the on-premises AD domain. If your domain object doesn't meet this requirement, delete it and create a new domain object that does. Also, you must have write access to the `msDS-SupportedEncryptionTypes` attribute of the object.
 
 The cmdlet you'll run to configure AES-256 support depends on whether the domain object that represents your storage account is a computer account or service logon account (user account). Either way, you must have AD PowerShell cmdlets installed and execute the cmdlet in PowerShell 5.1 with elevated privileges.
 
