Skip to content

Commit 4a2b2fa

Browse files
authored
Merge pull request #190952 from MicrosoftDocs/main
3/08 OOB Publish
2 parents 057af05 + 8dc30fc commit 4a2b2fa

20 files changed

+215
-72
lines changed

articles/active-directory-domain-services/create-resource-forest-powershell.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ ms.service: active-directory
88
ms.subservice: domain-services
99
ms.workload: identity
1010
ms.topic: conceptual
11-
ms.date: 07/27/2020
11+
ms.date: 03/07/2022
1212
ms.author: justinha
1313
ms.custom: devx-track-azurepowershell
1414

@@ -51,8 +51,8 @@ To complete this article, you need the following resources and privileges:
5151
* Install and configure Azure AD PowerShell.
5252
* If needed, follow the instructions to [install the Azure AD PowerShell module and connect to Azure AD](/powershell/azure/active-directory/install-adv2).
5353
* Make sure that you sign in to your Azure AD tenant using the [Connect-AzureAD][Connect-AzureAD] cmdlet.
54-
* You need *global administrator* privileges in your Azure AD tenant to enable Azure AD DS.
55-
* You need *Contributor* privileges in your Azure subscription to create the required Azure AD DS resources.
54+
* You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Azure AD roles in your tenant to enable Azure AD DS.
55+
* You need [Domain Services Contributor](/azure/role-based-access-control/built-in-roles#contributor) Azure role to create the required Azure AD DS resources.
5656

5757
## Sign in to the Azure portal
5858

articles/active-directory-domain-services/deploy-azure-app-proxy.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ ms.service: active-directory
1010
ms.subservice: domain-services
1111
ms.workload: identity
1212
ms.topic: how-to
13-
ms.date: 07/09/2020
13+
ms.date: 03/07/2022
1414
ms.author: justinha
1515

1616
---

articles/active-directory-domain-services/migrate-from-classic-vnet.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ ms.service: active-directory
88
ms.subservice: domain-services
99
ms.workload: identity
1010
ms.topic: how-to
11-
ms.date: 08/11/2021
11+
ms.date: 03/07/2022
1212
ms.author: justinha
1313
ms.custom: devx-track-azurepowershell
1414

@@ -198,7 +198,7 @@ To prepare the managed domain for migration, complete the following steps:
198198
199199
1. Create a variable to hold the credentials for by the migration script using the [Get-Credential][get-credential] cmdlet.
200200
201-
The user account you specify needs *global administrator* privileges in your Azure AD tenant to enable Azure AD DS and then *Contributor* privileges in your Azure subscription to create the required Azure AD DS resources.
201+
The user account you specify needs [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Azure AD roles in your tenant to enable Azure AD DS and [Domain Services Contributor](/azure/role-based-access-control/built-in-roles#contributor) Azure role to create the required Azure AD DS resources.
202202
203203
When prompted, enter an appropriate user account and password:
204204

articles/active-directory-domain-services/powershell-scoped-synchronization.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
99
ms.subservice: domain-services
1010
ms.workload: identity
1111
ms.topic: how-to
12-
ms.date: 03/08/2021
12+
ms.date: 03/07/2022
1313
ms.author: justinha
1414
ms.custom: devx-track-azurepowershell
1515

@@ -32,7 +32,7 @@ To complete this article, you need the following resources and privileges:
3232
* If needed, [create an Azure Active Directory tenant][create-azure-ad-tenant] or [associate an Azure subscription with your account][associate-azure-ad-tenant].
3333
* An Azure Active Directory Domain Services managed domain enabled and configured in your Azure AD tenant.
3434
* If needed, complete the tutorial to [create and configure an Azure Active Directory Domain Services managed domain][tutorial-create-instance].
35-
* You need *global administrator* privileges in your Azure AD tenant to change the Azure AD DS synchronization scope.
35+
* You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Azure AD roles in your tenant to change the Azure AD DS synchronization scope.
3636

3737
## Scoped synchronization overview
3838

articles/active-directory-domain-services/scoped-synchronization.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ ms.service: active-directory
1010
ms.subservice: domain-services
1111
ms.workload: identity
1212
ms.topic: how-to
13-
ms.date: 01/20/2021
13+
ms.date: 03/07/2022
1414
ms.author: justinha
1515
ms.custom: devx-track-azurepowershell
1616

@@ -33,7 +33,7 @@ To complete this article, you need the following resources and privileges:
3333
* If needed, [create an Azure Active Directory tenant][create-azure-ad-tenant] or [associate an Azure subscription with your account][associate-azure-ad-tenant].
3434
* An Azure Active Directory Domain Services managed domain enabled and configured in your Azure AD tenant.
3535
* If needed, complete the tutorial to [create and configure an Azure Active Directory Domain Services managed domain][tutorial-create-instance].
36-
* You need *global administrator* privileges in your Azure AD tenant to change the Azure AD DS synchronization scope.
36+
* You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Azure AD roles in your tenant to change the Azure AD DS synchronization scope.
3737

3838
## Scoped synchronization overview
3939

articles/active-directory-domain-services/template-create-instance.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
99
ms.subservice: domain-services
1010
ms.workload: identity
1111
ms.topic: sample
12-
ms.date: 07/09/2020
12+
ms.date: 03/04/2022
1313
ms.author: justinha
1414
ms.custom: devx-track-azurepowershell
1515

@@ -30,8 +30,8 @@ To complete this article, you need the following resources:
3030
* Install and configure Azure AD PowerShell.
3131
* If needed, follow the instructions to [install the Azure AD PowerShell module and connect to Azure AD](/powershell/azure/active-directory/install-adv2).
3232
* Make sure that you sign in to your Azure AD tenant using the [Connect-AzureAD][Connect-AzureAD] cmdlet.
33-
* You need *global administrator* privileges in your Azure AD tenant to enable Azure AD DS.
34-
* You need *Contributor* privileges in your Azure subscription to create the required Azure AD DS resources.
33+
* You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Azure AD roles in your tenant to enable Azure AD DS.
34+
* You need Domain Services Contributor Azure role to create the required Azure AD DS resources.
3535

3636
## DNS naming requirements
3737

articles/active-directory-domain-services/tutorial-configure-ldaps.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ ms.service: active-directory
88
ms.subservice: domain-services
99
ms.workload: identity
1010
ms.topic: tutorial
11-
ms.date: 03/23/2021
11+
ms.date: 03/07/2022
1212
ms.author: justinha
1313

1414
#Customer intent: As an identity administrator, I want to secure access to an Azure Active Directory Domain Services managed domain using secure lightweight directory access protocol (LDAPS)
@@ -44,7 +44,7 @@ To complete this tutorial, you need the following resources and privileges:
4444
* If needed, [create and configure an Azure Active Directory Domain Services managed domain][create-azure-ad-ds-instance].
4545
* The *LDP.exe* tool installed on your computer.
4646
* If needed, [install the Remote Server Administration Tools (RSAT)][rsat] for *Active Directory Domain Services and LDAP*.
47-
* You need global administrator privileges in your Azure AD tenant to enable secure LDAP.
47+
* You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Azure AD roles in your tenant to enable secure LDAP.
4848

4949
## Sign in to the Azure portal
5050

articles/active-directory-domain-services/tutorial-configure-networking.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ ms.service: active-directory
88
ms.subservice: domain-services
99
ms.workload: identity
1010
ms.topic: tutorial
11-
ms.date: 07/06/2020
11+
ms.date: 03/07/2022
1212
ms.author: justinha
1313

1414
#Customer intent: As an identity administrator, I want to create and configure a virtual network subnet or network peering for application workloads in an Azure Active Directory Domain Services managed domain
@@ -39,8 +39,8 @@ To complete this tutorial, you need the following resources and privileges:
3939
* If you don't have an Azure subscription, [create an account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
4040
* An Azure Active Directory tenant associated with your subscription, either synchronized with an on-premises directory or a cloud-only directory.
4141
* If needed, [create an Azure Active Directory tenant][create-azure-ad-tenant] or [associate an Azure subscription with your account][associate-azure-ad-tenant].
42-
* You need *global administrator* privileges in your Azure AD tenant to configure Azure AD DS.
43-
* You need *Contributor* privileges in your Azure subscription to create the required Azure AD DS resources.
42+
* You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Azure AD roles in your tenant to enable Azure AD DS.
43+
* You need [Domain Services Contributor](/azure/role-based-access-control/built-in-roles#contributor) Azure role to create the required Azure AD DS resources.
4444
* An Azure Active Directory Domain Services managed domain enabled and configured in your Azure AD tenant.
4545
* If needed, the first tutorial [creates and configures an Azure Active Directory Domain Services managed domain][create-azure-ad-ds-instance].
4646

articles/active-directory-domain-services/tutorial-create-forest-trust.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
99
ms.subservice: domain-services
1010
ms.workload: identity
1111
ms.topic: tutorial
12-
ms.date: 10/19/2021
12+
ms.date: 03/07/2022
1313
ms.author: justinha
1414

1515
#Customer intent: As an identity administrator, I want to create a one-way outbound forest from an Azure Active Directory Domain Services resource forest to an on-premises Active Directory Domain Services forest to provide authentication and resource access between forests.
@@ -49,7 +49,7 @@ To complete this tutorial, you need the following resources and privileges:
4949
5050
## Sign in to the Azure portal
5151

52-
In this tutorial, you create and configure the outbound forest trust from Azure AD DS using the Azure portal. To get started, first sign in to the [Azure portal](https://portal.azure.com). Global administrator permissions are required to modify an Azure AD DS instance.
52+
In this tutorial, you create and configure the outbound forest trust from Azure AD DS using the Azure portal. To get started, first sign in to the [Azure portal](https://portal.azure.com). You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Azure AD roles in your tenant to modify an Azure AD DS instance.
5353

5454
## Networking considerations
5555

articles/active-directory-domain-services/tutorial-create-instance-advanced.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ ms.service: active-directory
88
ms.subservice: domain-services
99
ms.workload: identity
1010
ms.topic: tutorial
11-
ms.date: 06/01/2021
11+
ms.date: 03/04/2022
1212
ms.author: justinha
1313

1414
#Customer intent: As an identity administrator, I want to create an Azure Active Directory Domain Services managed domain and define advanced configuration options so that I can synchronize identity information with my Azure Active Directory tenant and provide Domain Services connectivity to virtual machines and applications in Azure.
@@ -38,8 +38,8 @@ To complete this tutorial, you need the following resources and privileges:
3838
* If you don't have an Azure subscription, [create an account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
3939
* An Azure Active Directory tenant associated with your subscription, either synchronized with an on-premises directory or a cloud-only directory.
4040
* If needed, [create an Azure Active Directory tenant][create-azure-ad-tenant] or [associate an Azure subscription with your account][associate-azure-ad-tenant].
41-
* You need *global administrator* privileges in your Azure AD tenant to enable Azure AD DS.
42-
* You need *Contributor* privileges in your Azure subscription to create the required Azure AD DS resources.
41+
* You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Azure AD roles in your tenant to enable Azure AD DS.
42+
* You need Domain Services Contributor Azure role to create the required Azure AD DS resources.
4343

4444
Although not required for Azure AD DS, it's recommended to [configure self-service password reset (SSPR)][configure-sspr] for the Azure AD tenant. Users can change their password without SSPR, but SSPR helps if they forget their password and need to reset it.
4545

0 commit comments

Comments
 (0)