implement Mark B. comments

Author: b-hchen

articles/azure-netapp-files/configure-ldap-over-tls.md

@@ -12,7 +12,7 @@ ms.service: azure-netapp-files
 ms.workload: storage
 ms.tgt_pltfrm: na
 ms.topic: how-to
-ms.date: 01/20/2023
+ms.date: 01/25/2023
 ms.author: anfdocs
 ---
 # Configure ADDS LDAP over TLS for Azure NetApp Files
@@ -21,7 +21,7 @@ You can use LDAP over TLS to secure communication between an Azure NetApp Files
 
 ## Considerations
 
-* LDAP over TLS must not be enabled if you are using Azure Active Directory Domain Services (AADDS). AADDS uses LDAPS (port 636) to secure LDAP traffic instead of LDAP over TLS (port 389).  
+* DNS PTR records must exist for each AD DS domain controller assigned to the **AD Site Name** specified in the Azure NetApp Files Active Directory connection.  
 * PTR records must exist for all domain controllers in the site for ADDS LDAP over TLS to function properly.
 
 ## Generate and export root CA certificate 

articles/azure-netapp-files/create-active-directory-connections.md

@@ -12,7 +12,7 @@ ms.service: azure-netapp-files
 ms.workload: storage
 ms.tgt_pltfrm: na
 ms.topic: how-to
-ms.date: 01/20/2023
+ms.date: 01/25/2023
 ms.author: anfdocs
 ---
 # Create and manage Active Directory connections for Azure NetApp Files
@@ -137,7 +137,8 @@ Several features of Azure NetApp Files require that you have an Active Directory
         
         Azure NetApp Files supports LDAP Channel Binding if both LDAP Signing and LDAP over TLS settings options are enabled in the Active Directory Connection. For more information, see [ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023).  
 
-        PTR records for the machine accounts must exist for LDAP signing to work.
+        >[!NOTE]
+        >DNS PTR records for the AD DS machine account(s) must be created in the AD DS **Organizational Unit** specified in the Azure NetApp Files AD connection for LDAP Signing to work.
 
         ![Screenshot of the LDAP signing checkbox.](../media/azure-netapp-files/active-directory-ldap-signing.png) 
 

articles/azure-netapp-files/understand-guidelines-active-directory-domain-service-site.md

@@ -12,7 +12,7 @@ ms.service: azure-netapp-files
 ms.workload: storage
 ms.tgt_pltfrm: na
 ms.topic: conceptual
-ms.date: 01/20/2023
+ms.date: 01/25/2023
 ms.author: anfdocs
 ---
 # Understand guidelines for Active Directory Domain Services site design and planning for Azure NetApp Files
@@ -55,7 +55,6 @@ The required network ports are as follows:
 | NetBIOS name | 138 | UDP |
 | SAM/LSA | 445 | TCP |
 | SAM/LSA | 445 | UDP |
-| w32time | 123 | UDP |
 
 *DNS running on AD DS domain controller
 
@@ -72,7 +71,7 @@ Ensure that you meet the following requirements about the DNS configurations:
 * Ensure that [the SRV records registered by the AD DS Net Logon service](https://social.technet.microsoft.com/wiki/contents/articles/7608.srv-records-registered-by-net-logon.aspx) have been created on the DNS servers.
 * Ensure that the PTR records for the AD DS domain controllers used by Azure NetApp Files have been created on the DNS servers.
 * Azure NetApp Files supports standard and secure dynamic DNS updates. If you require secure dynamic DNS updates, ensure that secure updates are configured on the DNS servers.
-* If dynamic DNS updates are not used, you need to manually create A record and PTR records for Azure NetApp Files SMB volumes. The PTR records are those for the computer accounts created by the storage in Active Directory. 
+* If dynamic DNS updates are not used, you need to manually create an A record and a PTR record for the AD DS machine account(s) created in the AD DS **Organizational Unit** (specified in the Azure NetApp Files AD connection) to support Azure NetApp FIles LDAP Signing, LDAP over TLS, SMB, dual-protocol, or Kerberos NFSv4.1 volumes.
 * For complex or large AD DS topologies, [DNS Policies or DNS subnet prioritization may be required to support LDAP enabled NFS volumes](#ad-ds-ldap-discover).  
 
 ### Time source requirements