Specifying the supported encryption types
All prevalidated users must have their Active Directory msDS‑SupportedEncryptionTypes attribute set to 0x18 (for just AES128 and AES256 support) or above to be able to login when disconnected. The parameter value represents the sum of the encryption types supported. Use the sum of the following encryption type values to determine the parameter value:
DES_CBC_CRC = 0x01 DES_CBC_MD5= 0x02 RC4_HMAC_MD5 = 0x4 AES128_CTS_HMAC_SHA1_96 = 0x08 AES256_CTS_HMAC_SHA1_96 = 0x10
For example, 0x1c indicates support for RC4_HMAC-MD5, AES128_CTS_HMAC_SHA1_96, and AES256_CTS_HMAC_SHA1_96.