Update storage-files-identity-auth-active-directory-enable.md

yuemlu · web-flow · commit 3e2476be76bd · 2020-04-09T14:47:36.000-07:00
diff --git a/articles/storage/files/storage-files-identity-auth-active-directory-enable.md b/articles/storage/files/storage-files-identity-auth-active-directory-enable.md
@@ -108,8 +108,7 @@ You can use the following script to perform the registration and enable the feat
 ### 1.2 Domain join your storage account
 Remember to replace the placeholder values with your own in the parameters below before executing it in PowerShell.
 > [!IMPORTANT]
-> The domain join cmdlet below will create an AD account to represent the storage account (file share ) in AD. We recommend you to check if there is a default max password age set at the AD domain you plan to register the storage account (file share) to. You can run this [Get-ADDefaultDomainPasswordPolicy](https://docs.microsoft.com/powershell/module/addsadministration/get-addefaultdomainpasswordpolicy?view=win10-ps) cmdlet to get the MaxPasswordAge. If the MaxPasswordAge is configured, you must update the password of the AD account that will be created below to re before the maximum password age. Failing to update AD account password will result in authentication failures when accessing Azure file shares. To learn how to update the password, see [Update AD account password](#5-update-ad-account-password).
-
+> The domain join cmdlet below will create an AD account to represent the storage account (file share) in AD. You can choose to register as a computer account or service logon account. For computer accounts, there is a default password expiration age set in AD at 30 days. Similarly, the service logon account may have a default password expiration age set on the AD domain or Organizational Unit (OU). We strongly recommend you to check what is the password expiration age configurated in your AD environment and plan to [update AD account password](#5-update-ad-account-password) of the AD account below before the maximum password age. Failing to update AD account password will result in authentication failures when accessing Azure file shares. You can consider to [create a new AD Organizational Unit (OU) in AD](https://docs.microsoft.com/powershell/module/addsadministration/new-adorganizationalunit?view=win10-ps) and disable password expiration policy on [computer accounts](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj852252(v=ws.11)?redirectedfrom=MSDN) or service logon accounts accordingly. 
 
 ```PowerShell
 #Change the execution policy to unblock importing AzFilesHybrid.psm1 module
