Merge pull request #224132 from billmath/fresh1

updating

Author: v-dirichards

articles/active-directory/cloud-sync/how-to-troubleshoot.md

@@ -4,7 +4,7 @@ description: This article describes how to troubleshoot problems that might aris
 author: billmath
 ms.author: billmath
 manager: amycolannino
-ms.date: 10/13/2021
+ms.date: 01/18/2023
 ms.topic: how-to
 ms.prod: windows-server-threshold
 ms.technology: identity-adfs

articles/active-directory/cloud-sync/plan-cloud-sync-topologies.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 09/10/2021
+ms.date: 01/17/2023
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management

articles/active-directory/cloud-sync/reference-expressions.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 12/02/2019
+ms.date: 01/18/2023
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management

articles/active-directory/cloud-sync/reference-powershell.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 11/03/2021
+ms.date: 01/17/2023
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management

articles/active-directory/cloud-sync/reference-version-history.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.topic: reference
 ms.workload: identity
-ms.date: 11/19/2020
+ms.date: 01/17/2023
 ms.subservice: app-provisioning
 ms.author: billmath
 ms.reviewer: daveba

articles/active-directory/cloud-sync/tutorial-existing-forest.md

@@ -1,65 +1,55 @@
 ---
-title: Tutorial - Integrate an existing forest and a new forest with a single Azure AD tenant by using Azure AD Connect cloud sync
+title: Tutorial - Integrate an existing forest and a new forest with a single Azure AD tenant using Azure AD Connect cloud sync.
 description: Learn how to add cloud sync to an existing hybrid identity environment.
 services: active-directory
 author: billmath
 manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 11/11/2022
+ms.date: 01/17/2023
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
 ---
 
-# Tutorial: Integrate an existing forest and a new forest with a single Azure AD tenant
+# Integrate an existing forest and a new forest with a single Azure AD tenant
 
 This tutorial walks you through adding cloud sync to an existing hybrid identity environment. 
 
 ![Diagram that shows the Azure AD Connect cloud sync flow.](media/tutorial-existing-forest/existing-forest-new-forest-2.png)
 
 You can use the environment you create in this tutorial for testing or for getting more familiar with how a hybrid identity works. 
 
-In this scenario, you sync an existing forest with an Azure AD tenant by using Azure Active Directory (Azure AD) Connect. You want to sync a new forest with the same Azure AD tenant. You'll set up cloud sync for the new forest. 
+In this scenario, there's an existing forest synced using Azure AD Connect sync to an Azure AD tenant. And you have a new forest that you want to sync to the same Azure AD tenant. You'll set up cloud sync for the new forest. 
 
 ## Prerequisites
+### In the Azure Active Directory admin center
 
-Before you begin, set up your environments.
-
-### In the Azure AD admin center
-
-1. Create a cloud-only global administrator account on your Azure AD tenant. 
-
-   This way, you can manage the configuration of your tenant if your on-premises services fail or become unavailable. [Learn how to add a cloud-only global administrator account](../fundamentals/add-users-azure-active-directory.md). Complete this step to ensure that you don't get locked out of your tenant.
-
-1. Add one or more [custom domain names](../fundamentals/add-custom-domain.md) to your Azure AD tenant. Your users can sign in with one of these domain names.
+1. Create a cloud-only global administrator account on your Azure AD tenant. This way, you can manage the configuration of your tenant should your on-premises services fail or become unavailable. Learn about [adding a cloud-only global administrator account](../fundamentals/add-users-azure-active-directory.md). Completing this step is critical to ensure that you don't get locked out of your tenant.
+2. Add one or more [custom domain names](../fundamentals/add-custom-domain.md) to your Azure AD tenant. Your users can sign in with one of these domain names.
 
 ### In your on-premises environment
 
-1. Identify a domain-joined host server that's running Windows Server 2012 R2 or later, with at least 4 GB of RAM and .NET 4.7.1+ runtime. 
-
-1. If there's a firewall between your servers and Azure AD, configure the following items:
+1. Identify a domain-joined host server running Windows Server 2012 R2 or greater with minimum of 4-GB RAM and .NET 4.7.1+ runtime 
 
+2. If there's a firewall between your servers and Azure AD, configure the following items:
    - Ensure that agents can make *outbound* requests to Azure AD over the following ports:
 
      | Port number | How it's used |
      | --- | --- |
-     | **80** | Downloads the certificate revocation lists (CRLs) while it validates the TLS/SSL certificate. |
-     | **443** | Handles all outbound communication with the service. |
-     | **8080** (optional) | Agents report their status every 10 minutes over port 8080, if port 443 is unavailable. This status is displayed in the Azure AD portal. |
+     | **80** | Downloads the certificate revocation lists (CRLs) while validating the TLS/SSL certificate |
+     | **443** | Handles all outbound communication with the service |
+     | **8080** (optional) | Agents report their status every 10 minutes over port 8080, if port 443 is unavailable. This status is displayed on the Azure AD portal. |
      
      If your firewall enforces rules according to the originating users, open these ports for traffic from Windows services that run as a network service.
-
-   - If your firewall or proxy allows you to specify safe suffixes, add connections to **\*.msappproxy.net** and **\*.servicebus.windows.net**. If it doesn't, allow access to the [Azure datacenter IP ranges](https://www.microsoft.com/download/details.aspx?id=41653), which are updated weekly.
-
+   - If your firewall or proxy allows you to specify safe suffixes, then add  connections to **\*.msappproxy.net** and **\*.servicebus.windows.net**. If not, allow access to the [Azure datacenter IP ranges](https://www.microsoft.com/download/details.aspx?id=41653), which are updated weekly.
    - Your agents need access to **login.windows.net** and **login.microsoftonline.com** for initial registration. Open your firewall for those URLs as well.
-
-   - For certificate validation, unblock the following URLs: **mscrl.microsoft.com:80**, **crl.microsoft.com:80**, **ocsp.msocsp.com:80**, and **www\.microsoft.com:80**. Because these URLs are used to validate certificates for other Microsoft products, you might already have these URLs unblocked.
+   - For certificate validation, unblock the following URLs: **mscrl.microsoft.com:80**, **crl.microsoft.com:80**, **ocsp.msocsp.com:80**, and **www\.microsoft.com:80**. Since these URLs are used for certificate validation with other Microsoft products, you may already have these URLs unblocked.
 
 ## Install the Azure AD Connect provisioning agent
 
-If you're using the [Basic Active Directory and Azure environment](tutorial-basic-ad-azure.md) tutorial, the agent is DC1. To install the agent, do the following: 
+If you're using the  [Basic AD and Azure environment](tutorial-basic-ad-azure.md) tutorial, it would be DC1. To install the agent, follow these steps: 
 
 [!INCLUDE [active-directory-cloud-sync-how-to-install](../../../includes/active-directory-cloud-sync-how-to-install.md)]
 
@@ -69,43 +59,43 @@ If you're using the [Basic Active Directory and Azure environment](tutorial-basi
 [!INCLUDE [active-directory-cloud-sync-how-to-verify-installation](../../../includes/active-directory-cloud-sync-how-to-verify-installation.md)]
 
 ## Configure Azure AD Connect cloud sync
-
-To configure the cloud sync setup, do the following:
+ Use the following steps to configure provisioning
 
 1.  Sign in to the Azure AD portal.
-1.  Select **Azure Active Directory**.
-1.  Select **Azure AD Connect**.
-1.  Select **Manage cloud sync**.
+2.  Select **Azure Active Directory**
+3.  Select **Azure AD Connect**
+4.  Select **Manage cloud sync**
 
-    ![Screenshot that highlights the "Manage cloud sync" link.](media/how-to-configure/manage-1.png)
+    ![Screenshot showing "Manage cloud sync" link.](media/how-to-configure/manage-1.png)
 
-1.  Select **New Configuration**.
+5.  Select **New Configuration**
 
-    ![Screenshot of the Azure AD Connect cloud sync page, with the "New configuration" link highlighted.](media/tutorial-single-forest/configure-1.png)
+    ![Screenshot of Azure AD Connect cloud sync screen with "New configuration" link highlighted.](media/tutorial-single-forest/configure-1.png)
 
-1.  On the **Configuration** page, enter a **Notification email**, move the selector to **Enable**, and then select **Save**.
+7.  On the configuration screen, enter a **Notification email**, move the selector to **Enable** and select **Save**.
 
-    ![Screenshot of the "Edit provisioning configuration" page.](media/how-to-configure/configure-2.png)
+    ![Screenshot of Configure screen with Notification email filled in and Enable selected.](media/how-to-configure/configure-2.png)
 
 1.  The configuration status should now be **Healthy**.
 
-    ![Screenshot of Azure AD Connect cloud sync page, showing a "Healthy" status.](media/how-to-configure/manage-4.png)
+    ![Screenshot of Azure AD Connect cloud sync screen showing Healthy status.](media/how-to-configure/manage-4.png)
+
+## Verify users are created and synchronization is occurring
 
-## Verify that users are created and synchronization is occurring
+You'll now verify that the users that you had in our on-premises directory have been synchronized and now exist in our Azure AD tenant.  This process may take a few hours to complete.  To verify users are synchronized, do the following:
 
-You'll now verify that the users in your on-premises Active Directory have been synchronized and exist in your Azure AD tenant. This process might take a few hours to complete. To verify that the users are synchronized, do the following:
 
-1. Sign in to the [Azure portal](https://portal.azure.com) with an account that has an Azure subscription.
-1. On the left pane, select **Azure Active Directory**.
-1. Under **Manage**, select **Users**.
-1. Verify that the new users are displayed in your tenant.
+1. Browse to the [Azure portal](https://portal.azure.com) and sign in with an account that has an Azure subscription.
+2. On the left, select **Azure Active Directory**
+3. Under **Manage**, select **Users**.
+4. Verify that you see the new users in our tenant
 
-## Test signing in with one of your users
+## Test signing in with one of our users
 
-1. Go to the [Microsoft My Apps](https://myapps.microsoft.com) page.
-1. Sign in with a user account that was created in your new tenant.  You'll need to sign in by using the following format: *[email protected]*. Use the same password that the user uses to sign in on-premises.
+1. Browse to [https://myapps.microsoft.com](https://myapps.microsoft.com)
+2. Sign in with a user account that was created in our new tenant.  You'll need to sign in using the following format: ([email protected]). Use the same password that the user uses to sign in on-premises.
 
-   ![Screenshot that shows the My Apps portal with signed-in users.](media/tutorial-single-forest/verify-1.png)
+   ![Screenshot that shows the my apps portal with a signed in users.](media/tutorial-single-forest/verify-1.png)
 
 You have now successfully set up a hybrid identity environment that you can use to test and familiarize yourself with what Azure has to offer.