Join-AzStorageAccountForAuth lack of permissions?

[rabusiak]

When I try to run command:

Join-AzStorageAccountForAuth -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName -DomainAccountType ComputerAccount Getting this error:

New-ADAccountForStorageAccount : Unable to create AD object.  Please check that you have permission to create an identity of type ComputerAccount in Active Directory location path 'XXX' for the storage account 'XXX'
At C:\Documents\WindowsPowerShell\Modules\AzFilesHybrid\0.2.2.0\AzFilesHybrid.psm1:4266 char:37
+ ... eOverride = New-ADAccountForStorageAccount @newParams -ErrorAction St ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,New-ADAccountForStorageAccount

It doesn't matter if I run this as regular user or domain admin, from domain joined computer or domain controller, with or without elevated powershell / ISE.

[igomat]

@rabusiak Have you solved the case? I got the same error even if Computer object is already created in on-prem AD in the proper OU.

[rabusiak]

@igomat unfortunately not. I ended up with profiles on local fileserver.

I believe all issues I had were caused by... me ;) I messed up with setting everything up using few Microsoft docs. I didn't know there were 2 versions of wvd, old which requires all those powershell commands, creating tenant etc and new one where you can just click through portal. When I setup environment for other client "new way" all went smoothly :)