MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 5 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 5 additions & 0 deletions
diff --git a/‎articles/active-directory-domain-services/TOC.md
Lines changed: 3 additions & 0 deletions b/‎articles/active-directory-domain-services/TOC.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎articles/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap-enable-ldaps.md
Lines changed: 11 additions & 90 deletions b/‎articles/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap-enable-ldaps.md
Lines changed: 11 additions & 90 deletions
diff --git a/‎articles/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap-export-pfx.md
Lines changed: 14 additions & 11 deletions b/‎articles/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap-export-pfx.md
Lines changed: 14 additions & 11 deletions
@@ -15270,6 +15270,11 @@
             "redirect_url": "/azure/virtual-machines/linux/expand-disks-nodejs",
             "redirect_document_id": false
         },
+        {
+            "source_path": "articles/active-directory/develop/active-directory-developers-guide.md",
+            "redirect_url": "/azure/active-directory/develop/azure-ad-developers-guide",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/virtual-machines/virtual-machines-linux-expand-disks.md",
             "redirect_url": "/azure/virtual-machines/linux/expand-disks",
 
@@ -36,6 +36,9 @@
 #### [Task 1: obtain a certificate for secure LDAP](active-directory-ds-admin-guide-configure-secure-ldap.md)
 #### [Task 2: export the secure LDAP certificate](active-directory-ds-admin-guide-configure-secure-ldap-export-pfx.md)
 #### [Task 3: enable secure LDAP for the managed domain using Azure portal](active-directory-ds-admin-guide-configure-secure-ldap-enable-ldaps.md)
+#### [Task 4: configure DNS to access the managed domain from the internet](active-directory-ds-ldaps-configure-dns.md)
+#### [Task 5: bind to the managed domain and lock down secure LDAP access](active-directory-ds-ldaps-bind-lockdown.md)
+#### [Troubleshoot secure LDAP](active-directory-ds-ldaps-troubleshoot.md)
 
 ### [Create an OU on a managed domain](active-directory-ds-admin-guide-create-ou.md)
 ### [Create a group managed service account on a managed domain](active-directory-ds-create-gmsa.md)
 
@@ -1,6 +1,6 @@
 ---
-title: Configure Secure LDAP (LDAPS) in Azure AD Domain Services | Microsoft Docs
-description: Configure Secure LDAP (LDAPS) for an Azure AD Domain Services managed domain
+title: Enable Secure LDAP (LDAPS) in Azure AD Domain Services | Microsoft Docs
+description: Enable Secure LDAP (LDAPS) for an Azure AD Domain Services managed domain
 services: active-directory-ds
 documentationcenter: ''
 author: mahesh-unnikrishnan
@@ -14,17 +14,17 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 06/27/2018
+ms.date: 08/01/2018
 ms.author: maheshu
 
 ---
-# Configure secure LDAP (LDAPS) for an Azure AD Domain Services managed domain
+# Enable secure LDAP (LDAPS) for an Azure AD Domain Services managed domain
 
 ## Before you begin
-Ensure you've completed [Task 2 - export the secure LDAP certificate to a .PFX file](active-directory-ds-admin-guide-configure-secure-ldap-export-pfx.md).
+Complete [Task 2 - export the secure LDAP certificate to a .PFX file](active-directory-ds-admin-guide-configure-secure-ldap-export-pfx.md).
 
 
-## Task 3 - enable secure LDAP for the managed domain using the Azure portal
+## Task 3: Enable secure LDAP for the managed domain using the Azure portal
 To enable secure LDAP, perform the following configuration steps:
 
 1. Navigate to the **[Azure portal](https://portal.azure.com)**.
@@ -44,7 +44,7 @@ To enable secure LDAP, perform the following configuration steps:
 4. By default, secure LDAP access to your managed domain is disabled. Toggle **Secure LDAP** to **Enable**.
 
     ![Enable secure LDAP](./media/active-directory-domain-services-admin-guide/secure-ldap-blade-configure.png)
-5. By default, secure LDAP access to your managed domain over the internet is disabled. Toggle **Allow secure LDAP access over the internet** to **Enable**, if desired.
+5. By default, secure LDAP access to your managed domain over the internet is disabled. Toggle **Allow secure LDAP access over the internet** to **Enable**, if you need to.
 
     > [!WARNING]
     > When you enable secure LDAP access over the internet, your domain is susceptible to password brute force attacks over the internet. Therefore, we recommend setting up an NSG to lock down access to required source IP address ranges. See the instructions to [lock down LDAPS access to your managed domain over the internet](#task-5---lock-down-secure-ldap-access-to-your-managed-domain-over-the-internet).
@@ -54,9 +54,9 @@ To enable secure LDAP, perform the following configuration steps:
 
 7. Specify the **Password to decrypt .PFX file**. Provide the same password you used when exporting the certificate to the PFX file.
 
-8. When you are done, click the **Save** button.
+8. When you're done, click the **Save** button.
 
-9. You see a notification that informs you secure LDAP is being configured for the managed domain. Until this operation is complete, you cannot modify other settings for the domain.
+9. You see a notification that informs you secure LDAP is being configured for the managed domain. Until this operation is complete, you can't modify other settings for the domain.
 
     ![Configuring secure LDAP for the managed domain](./media/active-directory-domain-services-admin-guide/secure-ldap-blade-configuring.png)
 
@@ -65,84 +65,5 @@ To enable secure LDAP, perform the following configuration steps:
 >
 >
 
-<br>
-
-## Task 4 - configure DNS to access the managed domain from the internet
-> [!NOTE]
-> **Optional task** - If you do not plan to access the managed domain using LDAPS over the internet, skip this configuration task.
->
->
-
-Before you begin this task, ensure you have completed the steps outlined in [Task 3](#task-3---enable-secure-ldap-for-the-managed-domain-using-the-azure-portal-preview).
-
-Once you have enabled secure LDAP access over the internet for your managed domain, you need to update DNS so that client computers can find this managed domain. At the end of task 3, an external IP address is displayed on the **Properties** tab in **EXTERNAL IP ADDRESS FOR LDAPS ACCESS**.
-
-Configure your external DNS provider so that the DNS name of the managed domain (for example, 'ldaps.contoso100.com') points to this external IP address. For example, create the following DNS entry:
-
-    ldaps.contoso100.com  -> 52.165.38.113
-
-That's it - you are now ready to connect to the managed domain using secure LDAP over the internet.
-
-> [!WARNING]
-> Remember that client computers must trust the issuer of the LDAPS certificate to be able to connect successfully to the managed domain using LDAPS. If you are using a publicly trusted certification authority, you do not need to do anything since client computers trust these certificate issuers. If you are using a self-signed certificate, install the public part of the self-signed certificate into the trusted certificate store on the client computer.
->
->
-
-
-## Task 5 - lock down secure LDAP access to your managed domain over the internet
-> [!NOTE]
-> If you have not enabled LDAPS access to the managed domain over the internet, skip this configuration task.
->
->
-
-Before you begin this task, ensure you have completed the steps outlined in [Task 3](#task-3---enable-secure-ldap-for-the-managed-domain-using-the-azure-portal-preview).
-
-Exposing your managed domain for LDAPS access over the internet represents a security threat. The managed domain is reachable from the internet at the port used for secure LDAP (that is, port 636). Therefore, you can choose to restrict access to the managed domain to specific known IP addresses. For improved security, create a network security group (NSG) and associate it with the subnet where you have enabled Azure AD Domain Services.
-
-The following table illustrates a sample NSG you can configure, to lock down secure LDAP access over the internet. The NSG contains a set of rules that allow inbound secure LDAP access over TCP port 636 only from a specified set of IP addresses. The default 'DenyAll' rule applies to all other inbound traffic from the internet. The NSG rule to allow LDAPS access over the internet from specified IP addresses has a higher priority than the DenyAll NSG rule.
-
-![Sample NSG to secure LDAPS access over the internet](./media/active-directory-domain-services-admin-guide/secure-ldap-sample-nsg.png)
-
-**More information** - [Network security groups](../virtual-network/security-overview.md).
-
-<br>
-
-## Bind to the managed domain over LDAP using LDP.exe
-You can use the LDP.exe tool which is included in the Remote Server Administration tools package to bind and search over LDAP.
-
-First, open LDP and connect to the managed domain. Click **Connection** and click **Connect...** in the menu. Specify the DNS domain name of the managed domain. Specify the port to use for connections. For LDAP connections, use port 389. For LDAPS connections use port 636. Click **OK** button to connect to the managed domain.
-
-Next, bind to the managed domain. Click **Connection** and click **Bind...** in the menu. Provide the credentials of a user account belonging to the 'AAD DC Administrators' group.
-
-Select **View**, and then select **Tree** in the menu. Leave the Base DN field blank, and click OK. Navigate to the container that you want to search, right-click the container, and select Search.
-
-> [!TIP]
-> - Users and groups synchronized from Azure AD are stored in the **AADDC Users** container. The search path for this container looks like ```CN=AADDC\ Users,DC=CONTOSO100,DC=COM```.
-> - Computer accounts for computers joined to the managed domain are stored in the **AADDC Computers** container. The search path for this container looks like ```CN=AADDC\ Computers,DC=CONTOSO100,DC=COM```.
->
->
-
-More information - [LDAP query basics](https://technet.microsoft.com/library/aa996205.aspx)
-
-
-## Troubleshooting
-If you have trouble connecting to the managed domain using secure LDAP, perform the following troubleshooting steps:
-* Ensure that the issuer chain of the secure LDAP certificate is trusted on the client. You may choose to add the Root certification authority to the trusted root certificate store on the client to establish the trust.
-* Verify that the LDAP client (for example, ldp.exe) connects to the secure LDAP endpoint using a DNS name, not the IP address.
-* Verify the DNS name the LDAP client connects to resolves to the public IP address for secure LDAP on the managed domain.
-* Verify the secure LDAP certificate for your managed domain has the DNS name in the Subject or the Subject Alternative Names attribute.
-* If you are connecting via secure LDAP over the internet, ensure the NSG settings for the virtual network allow the traffic to port 636 from the internet.
-
-If you still have trouble connecting to the managed domain using secure LDAP, [contact the product team](active-directory-ds-contact-us.md) for help. Include the following information to help diagnose the issue better:
-* A screenshot of ldp.exe making the connection and failing.
-* Your Azure AD tenant ID, and the DNS domain name of your managed domain.
-* Exact user name that you are trying to bind as.
-
-
-## Related content
-* [Azure AD Domain Services - Getting Started guide](active-directory-ds-getting-started.md)
-* [Administer an Azure AD Domain Services managed domain](active-directory-ds-admin-guide-administer-domain.md)
-* [LDAP query basics](https://technet.microsoft.com/library/aa996205.aspx)
-* [Administer Group Policy on an Azure AD Domain Services managed domain](active-directory-ds-admin-guide-administer-group-policy.md)
-* [Network security groups](../virtual-network/security-overview.md)
-* [Create a Network Security Group](../virtual-network/tutorial-filter-network-traffic.md)
+## Next step
+[Task 4: configure DNS to access the managed domain from the internet](active-directory-ds-ldaps-configure-dns.md)
@@ -1,6 +1,6 @@
 ---
-title: Configure Secure LDAP (LDAPS) in Azure AD Domain Services | Microsoft Docs
-description: Configure Secure LDAP (LDAPS) for an Azure AD Domain Services managed domain
+title: Create a secure LDAP certificate for an Azure AD Domain Services manage domain | Microsoft Docs
+description: Create a secure LDAP certificate for an Azure AD Domain Services manage domain
 services: active-directory-ds
 documentationcenter: ''
 author: mahesh-unnikrishnan
@@ -14,20 +14,20 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 06/30/2017
+ms.date: 08/01/2017
 ms.author: maheshu
 
 ---
-# Configure secure LDAP (LDAPS) for an Azure AD Domain Services managed domain
+# Create a .PFX file with the secure LDAP (LDAPS) certificate for a managed domain
 
 ## Before you begin
-Ensure you've completed [Task 1 - obtain a certificate for secure LDAP](active-directory-ds-admin-guide-configure-secure-ldap.md).
+Complete [Task 1: obtain a certificate for secure LDAP](active-directory-ds-admin-guide-configure-secure-ldap.md).
 
 
-## Task 2 - export the secure LDAP certificate to a .PFX file
-Before you start this task, ensure that you have obtained the secure LDAP certificate from a public certification authority or have created a self-signed certificate.
+## Task 2: Export the secure LDAP certificate to a .PFX file
+Before you start this task, get the secure LDAP certificate from a public certification authority or create a self-signed certificate.
 
-Perform the following steps, to export the LDAPS certificate to a .PFX file.
+To export the LDAPS certificate to a .PFX file:
 
 1. Press the **Start** button and type **R**. In the **Run** dialog, type **mmc** and click **OK**.
 
@@ -51,7 +51,7 @@ Perform the following steps, to export the LDAPS certificate to a .PFX file.
 8. In the MMC window, click to expand **Console Root**. You should see the Certificates snap-in loaded. Click **Certificates (Local Computer)** to expand. Click to expand the **Personal** node, followed by the **Certificates** node.
 
     ![Open personal certificates store](./media/active-directory-domain-services-admin-guide/secure-ldap-open-personal-store.png)
-9. You should see the self-signed certificate we created. You can examine the properties of the certificate to ensure the thumbprint matches that reported on the PowerShell windows when you created the certificate.
+9. You should see the self-signed certificate we created. You can examine the properties of the certificate to verify the thumbprint matches that reported on the PowerShell windows when you created the certificate.
 10. Select the self-signed certificate and **right click**. From the right-click menu, select **All Tasks** and select **Export...**.
 
     ![Export certificate](./media/active-directory-domain-services-admin-guide/secure-ldap-export-cert.png)
@@ -66,6 +66,7 @@ Perform the following steps, to export the LDAPS certificate to a .PFX file.
     > You MUST export the private key along with the certificate. If you provide a PFX that does not contain the private key for the certificate, enabling secure LDAP for your managed domain fails.
     >
     >
+
 13. On the **Export File Format** page, select **Personal Information Exchange - PKCS #12 (.PFX)** as the file format for the exported certificate.
 
     ![Export certificate file format](./media/active-directory-domain-services-admin-guide/secure-ldap-export-to-pfx.png)
@@ -74,14 +75,16 @@ Perform the following steps, to export the LDAPS certificate to a .PFX file.
     > Only the .PFX file format is supported. Do not export the certificate to the .CER file format.
     >
     >
-14. On the **Security** page, select the **Password** option and type in a password to protect the .PFX file. Remember this password since it will be needed in the next task. Click **Next** to proceed.
+
+14. On the **Security** page, select the **Password** option and type in a password to protect the .PFX file. Remember this password since it will be needed in the next task. Click **Next**.
 
     ![Password for certificate export ](./media/active-directory-domain-services-admin-guide/secure-ldap-export-select-password.png)
 
     > [!NOTE]
     > Make a note of this password. You need it while enabling secure LDAP for this managed domain in [Task 3 - enable secure LDAP for the managed domain](active-directory-ds-admin-guide-configure-secure-ldap-enable-ldaps.md)
     >
     >
+
 15. On the **File to Export** page, specify the file name and location where you'd like to export the certificate.
 
     ![Path for certificate export](./media/active-directory-domain-services-admin-guide/secure-ldap-export-select-path.png)
@@ -91,4 +94,4 @@ Perform the following steps, to export the LDAPS certificate to a .PFX file.
 
 
 ## Next step
-[Task 3 - enable secure LDAP for the managed domain](active-directory-ds-admin-guide-configure-secure-ldap-enable-ldaps.md)
+[Task 3: enable secure LDAP for the managed domain](active-directory-ds-admin-guide-configure-secure-ldap-enable-ldaps.md)