Skip to content

Commit 19fe5cd

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #208339 from khdownie/kendownie081722
Thanks Leslie for the clarification
2 parents 1707fc7 + 4b2d8f1 commit 19fe5cd

File tree

1 file changed

+9
-4
lines changed

1 file changed

+9
-4
lines changed

articles/storage/files/storage-files-identity-auth-active-directory-domain-service-enable.md

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: Learn how to enable identity-based authentication over Server Messa
44
author: khdownie
55
ms.service: storage
66
ms.topic: how-to
7-
ms.date: 08/16/2022
7+
ms.date: 08/17/2022
88
ms.author: kendownie
99
ms.subservice: files
1010
ms.custom: contperf-fy21q1, devx-track-azurecli, devx-track-azurepowershell
@@ -146,11 +146,16 @@ az storage account update -n <storage-account-name> -g <resource-group-name> --e
146146

147147
## Recommended: Use AES-256 encryption
148148

149-
By default, Azure AD DS authentication uses Kerberos RC4 encryption. We recommend configuring it to use Kerberos AES-256 encryption instead by following these steps:
149+
By default, Azure AD DS authentication uses Kerberos RC4 encryption. We recommend configuring it to use Kerberos AES-256 encryption instead by following these instructions.
150150

151-
As an Azure AD DS user with the required permissions (typically, members of the **AAD DC Administrators** group will have the necessary permissions), execute the following Azure PowerShell commands. If using Azure Cloud Shell, be sure to run the `Connect-AzureAD` cmdlet first.
151+
The action requires running an operation on the Active Directory domain that's managed by Azure AD DS to reach a domain controller to request a property change to the domain object. The cmdlets below are Windows Server Active Directory PowerShell cmdlets, not Azure PowerShell cmdlets. Because of this, these PowerShell commands must be run from a machine that's domain-joined to the Azure AD DS domain.
152152

153-
```azurepowershell
153+
> [!IMPORTANT]
154+
> Azure Cloud Shell won't work in this scenario.
155+
156+
As an Azure AD DS user with the required permissions (typically, members of the **AAD DC Administrators** group will have the necessary permissions), execute the following PowerShell commands.
157+
158+
```powershell
154159
# 1. Find the service account in your managed domain that represents the storage account.
155160
156161
$storageAccountName= “<InsertStorageAccountNameHere>”

0 commit comments

Comments
 (0)