The configured AD user already have enough permission to join a computer to domain, however, it's still reported "User does not have required permission in this Organizational Unit" in the UI. The error might be reported in multiple workflows:

• Enable vSAN file service with AD.

• Reconfigure vSAN file service from non-AD to AD.

• Add a new file server IP to the file service domain in which vSAN file service is already configured with AD.

There is some exception happened when joining a computer to the domain. This is either due to transient network issue or permission issue. The file server will connect to a different AD server in the same domain to retry joining the domain. However, the machine account hasn't been synchronized to all AD servers. As a result, we may saw below multiple machine accounts with similar names in the AD server:
  <original computer name>CNF:<GUID>

Refer to the below example:

This indicates there is some conflict when merging between different AD servers.

Refer - All about Active Directory CNF object finding validation and removing
 

Currently there is no resolution.

Workaround:

Delete the machine accounts with a GUID in the name, and then retry the vSAN file service configuration.