spell check

Author: jjaygbay

articles/azure-vmware/configure-external-identity-src-nsx-t.md

@@ -14,15 +14,15 @@ In this article, you'll learn how to configure an external identity source for N
 
 - A working connectivity from your Active Directory network to your Azure VMware Solution private cloud. 
 - If you require Active Directory authentication with LDAPS:
-    - You will need access to the Active Directory Domain Controller(s) with Administrator permissions. 
+    - You'll need access to the Active Directory Domain Controller(s) with Administrator permissions. 
 
     - Your Active Directory Domain Controller(s) must have LDAPS enabled with a valid certificate. The certificate could be issued by an [Active Directory Certificate Services Certificate Authority (CA)](https://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx) or a [third-party CA](https://docs.microsoft.com/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority).
     >[!Note] 
     > Self-sign certificates are not recommended for production environments.   
     
 - Ensure your Azure VMware Solution has DNS resolution configured to your on-premises AD. Enable DNS Forwarder from Azure portal. For more information, see [Configure NSX-T DNS for resolution to your Active Directory Domain and Configure DNS forwarder for Azure VMware Solution](configure-dns-azure-vmware-solution.md) .    
 >[!NOTE] 
-> For further information about LDAPS and certificate issuance, consult with your security or identity management team.
+> For more information about LDAPS and certificate issuance, see with your security or identity management team.
 
 ## Add Active Directory as LDAPS Identity Source 
 
@@ -32,7 +32,7 @@ In this article, you'll learn how to configure an external identity source for N
 
 1. Enter a name for the identity source. For example, avslab.local. 
 
-1. Enter a domain name. This must correspond to the domain name of your Active Directory server, if using Active Directory. For example, avslab.local. 
+1. Enter a domain name. The name must correspond to the domain name of your Active Directory server, if using Active Directory. For example, avslab.local. 
 
 1. Select the type as Active Directory over LDAP, if using Active Directory. 
 
@@ -48,36 +48,36 @@ In this article, you'll learn how to configure an external identity source for N
    | LDAP Protocol | Select **LDAPS** (LDAP is unsecured). |
    | Port | The default port is populated based on the selected protocol 636 for LDAPS and 389 for LDAP. If your LDAP server is running on a non-standard port, you can edit this text box to give the port number. |
    | Connection Status | After filling in the mandatory text boxes, including the LDAP server information, select **Connection Status** to test the connection. |
-   | Use StartTLS | If selected, the LDAPv3 StartTLS extension is used to upgrade the connection to use encryption. To determine if you should use this option, consult your LDAP server administrator.This option can only be used if LDAP protocol is selected. |
-   | Certificate  | If you are using LDAPS or LDAP + StartTLS, this text box should contain the PEM-encoded X.509 certificate of the server. If you leave this text box blank and select the **Check Status** link, NSX connects to the LDAP server. NSX wikk then retrieve the LDAP server's certificate, and prompt you if you want to trust that certificate. If you have verified that the certificate is correct, select **OK**, and the certificate text box will be populated with the retrieved certificate. |
-   |Bind Identity | The format is `user@domainName`, or you can specify the distinguished name. For Active Directory, you can use either the userPrincipalName (user@domainName) or the distinguished name. For OpenLDAP, you must supply a distinguished name. This text box is required unless your LDAP server supports anonymous bind, then it is optional. Consult your LDAP server administrator if you are not sure.|
-   |Password |Enter a password for the LDAP server. This text box is required unless your LDAP server supports anonymous bind, then it is optional. Consult your LDAP server administrator.|
-1. Click **Add**. 
-       :::image type="content" source="./media/nsxt/set-ldap-server.png" alt-text="Screenshot showing how to set a LDAP server." border="true":::
+   | Use StartTLS | If selected, the LDAPv3 StartTLS extension is used to upgrade the connection to use encryption. To determine if you should use this option, consult your LDAP server administrator. This option can only be used if LDAP protocol is selected. |
+   | Certificate  | If you're using LDAPS or LDAP + StartTLS, this text box should contain the PEM-encoded X.509 certificate of the server. If you leave this text box blank and select the **Check Status** link, NSX connects to the LDAP server. NSX will then retrieve the LDAP server's certificate, and prompt you if you want to trust that certificate. If you've verified that the certificate is correct, select **OK**, and the certificate text box will be populated with the retrieved certificate. |
+   |Bind Identity | The format is `user@domainName`, or you can specify the distinguished name. For Active Directory, you can use either the userPrincipalName (user@domainName) or the distinguished name. For OpenLDAP, you must supply a distinguished name. This text box is required unless your LDAP server supports anonymous bind, then it's optional. Consult your LDAP server administrator if you aren't sure.|
+   |Password |Enter a password for the LDAP server. This text box is required unless your LDAP server supports anonymous bind, then it's optional. Consult your LDAP server administrator.|
+1. Select **Add**. 
+       :::image type="content" source="./media/nsxt/set-ldap-server.png" alt-text="Screenshot showing how to set an LDAP server." border="true":::
 
 
-      :::image type="content" source="./media/nsxt/accept-ldap-cert.png" alt-text="Screenshot showing how to save the certificate for a LDAP server." border="true":::
+      :::image type="content" source="./media/nsxt/accept-ldap-cert.png" alt-text="Screenshot showing how to save the certificate for an LDAP server." border="true":::
 
 1. Select **Save** to complete the changes.
-       :::image type="content" source="./media/nsxt/user-roles-ldap-server.png" alt-text="Screenshot showing user roles on a LDAP server." border="true":::
+       :::image type="content" source="./media/nsxt/user-roles-ldap-server.png" alt-text="Screenshot showing user roles on an LDAP server." border="true":::
 
-## Assign additional NSX-T Roles to Active Directory Identities 
+## Assign other NSX-T roles to Active Directory identities 
 
 After adding an external identity, you can assign NSX-T Roles to Active Directory security groups based on your organization's security controls. 
 
 1. Sign in to NSX-T and navigate to **System** > **Users and Roles**.
-       :::image type="content" source="./media/nsxt/nsx-user-roles.png" alt-text="Screenshot showing how to add users to a LDAP server." border="true":::
+       :::image type="content" source="./media/nsxt/nsx-user-roles.png" alt-text="Screenshot showing how to add users to an LDAP server." border="true":::
 
 1. Select **Add** > **Role Assignment for LDAP**.  
 
      1. Select a domain. 
-     1. Enter the first few characters of the user's name, login ID, or a group name to search the LDAP directory, then select a user or group from the list that appears.
+     1. Enter the first few characters of the user's name, sign in ID, or a group name to search the LDAP directory, then select a user or group from the list that appears.
      1. Select a role. 
      1. Select **Save**.
     :::image type="content" source="./media/nsxt/user-roles-ldap-review.png" alt-text="Screenshot showing how to review different roles on the LDAP server." border="true":::
 
 1. Verify the permission assignment is displayed under **Users and Roles**.
-:::image type="content" source="./media/nsxt/user-roles-ldap-verify.png" alt-text="Screenshot showing how to verify user roles on a LDAP server." border="true":::
+:::image type="content" source="./media/nsxt/user-roles-ldap-verify.png" alt-text="Screenshot showing how to verify user roles on an LDAP server." border="true":::
 
 1. Users should now be able to sign in to NSX-T using their Active Directory credentials.