Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into work-fslogix-13

Author: Heidilohr

.openpublishing.redirection.json

@@ -532,6 +532,16 @@
       "redirect_url": "/azure/machine-learning",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/QnAMaker/Quickstarts/get-answer-from-kb-using-postman.md",
+      "redirect_url": "/azure/cognitive-services//QnAMaker/Quickstarts/get-answer-from-knowledge-base-using-url-tool",
+      "redirect_document_id": false
+    },  
+    {
+      "source_path": "articles/cognitive-services/QnAMaker/Quickstarts/get-answer-from-kb-using-curl.md",
+      "redirect_url": "/azure/cognitive-services//QnAMaker/Quickstarts/get-answer-from-knowledge-base-using-url-tool",
+      "redirect_document_id": false
+    }, 
     {
       "source_path": "articles/cognitive-services/LUIS/luis-how-to-add-example-utterances.md",
       "redirect_url": "/azure/cognitive-services/LUIS/luis-how-to-add-entities",

articles/active-directory-b2c/active-directory-b2c-quickstarts-desktop-app.md

@@ -1,6 +1,6 @@
 ---
 title: Quickstart - Set up sign-in for a desktop app using Azure Active Directory B2C
-description: Run a sample WPF desktop application that uses Azure Active Directory B2C to provide account sign-in.
+description: In this Quickstart, run a sample WPF desktop application that uses Azure Active Directory B2C to provide account sign-in.
 services: active-directory-b2c
 author: mmacy
 manager: celestedg

articles/active-directory-b2c/active-directory-b2c-quickstarts-spa.md

@@ -1,6 +1,6 @@
 ---
 title: Quickstart - Set up sign-in for a single-page app using Azure Active Directory B2C
-description: Run a sample single-page application that uses Azure Active Directory B2C to provide account sign-in.
+description: In this Quickstart, run a sample single-page application that uses Azure Active Directory B2C to provide account sign-in.
 services: active-directory-b2c
 author: mmacy
 manager: celestedg

articles/active-directory-b2c/active-directory-b2c-quickstarts-web-app.md

@@ -1,6 +1,6 @@
 ---
 title: Quickstart - Set up sign in for an ASP.NET application using Azure Active Directory B2C
-description: Run a sample ASP.NET web app that uses Azure Active Directory B2C to provide account sign-in.
+description: In this Quickstart, run a sample ASP.NET web app that uses Azure Active Directory B2C to provide account sign-in.
 services: active-directory-b2c
 author: mmacy
 manager: celestedg

articles/active-directory-b2c/active-directory-b2c-tutorials-spa-webapi.md

@@ -1,6 +1,6 @@
 ---
 title: Tutorial - Grant access to an ASP.NET Core web API from a single-page application - Azure Active Directory B2C
-description: Learn how to use Active Directory B2C to protect a .NET Core web API and call the API from a single-page Node.js application.
+description: In this tutorial, learn how to use Active Directory B2C to protect a .NET Core web API and call the API from a single-page Node.js application.
 services: active-directory-b2c
 author: mmacy
 manager: celestedg

articles/active-directory-b2c/active-directory-b2c-tutorials-spa.md

@@ -1,6 +1,6 @@
 ---
-title: 'Tutorial: Enable authentication in a single-page application - Azure Active Directory B2C'
-description: Learn how to use Azure Active Directory B2C to provide user login for a single page application (JavaScript).
+title: 'Tutorial - Enable authentication in a single-page application - Azure Active Directory B2C'
+description: In this tutorial, learn how to use Azure Active Directory B2C to provide user login for a single page application (JavaScript).
 services: active-directory-b2c
 author: mmacy
 manager: celestedg

articles/active-directory-domain-services/administration-concepts.md

@@ -56,6 +56,9 @@ For users synchronized from an on-premises AD DS environment using Azure AD Conn
 
 Once appropriately configured, the usable password hashes are stored in the Azure AD DS managed domain. If you delete the Azure AD DS managed domain, any password hashes stored at that point are also deleted. Synchronized credential information in Azure AD can't be reused if you later create an Azure AD DS managed domain - you must reconfigure the password hash synchronization to store the password hashes again. Previously domain-joined VMs or users won't be able to immediately authenticate - Azure AD needs to generate and store the password hashes in the new Azure AD DS managed domain. For more information, see [Password hash sync process for Azure AD DS and Azure AD Connect][azure-ad-password-sync].
 
+> [!IMPORTANT]
+> Azure AD Connect should only be installed and configured for synchronization with on-premises AD DS environments. It's not supported to install Azure AD Connect in an Azure AD DS managed domain to synchronize objects back to Azure AD.
+
 ## Forests and trusts
 
 A *forest* is a logical construct used by Active Directory Domain Services (AD DS) to group one or more *domains*. The domains then store objects for user or groups, and provide authentication services.

articles/active-directory-domain-services/overview.md

@@ -93,6 +93,9 @@ Let's look at an example for Litware Corporation, a hybrid organization that run
 * Litware's IT team enables Azure AD DS for their Azure AD tenant in this, or a peered, virtual network.
 * Applications and VMs deployed in the Azure virtual network can then use Azure AD DS features like domain join, LDAP read, LDAP bind, NTLM and Kerberos authentication, and Group Policy.
 
+> [!IMPORTANT]
+> Azure AD Connect should only be installed and configured for synchronization with on-premises AD DS environments. It's not supported to install Azure AD Connect in an Azure AD DS managed domain to synchronize objects back to Azure AD.
+
 ### Azure AD DS for cloud-only organizations
 
 A cloud-only Azure AD tenant doesn't have an on-premises identity source. User accounts and group memberships, for example, are created and managed directly in in Azure AD.

articles/active-directory-domain-services/synchronization.md

@@ -95,6 +95,9 @@ The following table illustrates how specific attributes for group objects in Azu
 
 Azure AD Connect is used to synchronize user accounts, group memberships, and credential hashes from an on-premises AD DS environment to Azure AD. Attributes of user accounts such as the UPN and on-premises security identifier (SID) are synchronized. To sign in using Azure AD Domain Services, legacy password hashes required for NTLM and Kerberos authentication are also synchronized to Azure AD.
 
+> [!IMPORTANT]
+> Azure AD Connect should only be installed and configured for synchronization with on-premises AD DS environments. It's not supported to install Azure AD Connect in an Azure AD DS managed domain to synchronize objects back to Azure AD.
+
 If you configure write-back, changes from Azure AD are synchronized back to the on-premises AD DS environment. For example, if a user changes their password using Azure AD self-service password management, the password is updated back in the on-premises AD DS environment.
 
 > [!NOTE]

articles/active-directory-domain-services/tutorial-configure-password-hash-sync.md

@@ -50,6 +50,9 @@ To authenticate users on the managed domain, Azure AD DS needs password hashes i
 
 Azure AD Connect can be configured to synchronize the required NTLM or Kerberos password hashes for Azure AD DS. Make sure that you have completed the steps to [enable Azure AD Connect for password hash synchronization][enable-azure-ad-connect]. If you had an existing instance of Azure AD Connect, [download and update to the latest version][azure-ad-connect-download] to make sure you can synchronize the legacy password hashes for NTLM and Kerberos. This functionality isn't available in early releases of Azure AD Connect or with the legacy DirSync tool. Azure AD Connect version *1.1.614.0* or later is required.
 
+> [!IMPORTANT]
+> Azure AD Connect should only be installed and configured for synchronization with on-premises AD DS environments. It's not supported to install Azure AD Connect in an Azure AD DS managed domain to synchronize objects back to Azure AD.
+
 ## Enable synchronization of password hashes
 
 With Azure AD Connect installed and configured to synchronize with Azure AD, now configure the legacy password hash sync for NTLM and Kerberos. A PowerShell script is used to configure the required settings and then start a full password synchronization to Azure AD. When that Azure AD Connect password hash synchronization process is complete, users can sign in to applications through Azure AD DS that use legacy NTLM or Kerberos password hashes.