ANF JIRA 24416: SRE requested AD doc updates

Author: b-hchen

articles/azure-netapp-files/configure-ldap-over-tls.md

@@ -12,7 +12,7 @@ ms.service: azure-netapp-files
 ms.workload: storage
 ms.tgt_pltfrm: na
 ms.topic: how-to
-ms.date: 03/15/2022
+ms.date: 01/20/2023
 ms.author: anfdocs
 ---
 # Configure ADDS LDAP over TLS for Azure NetApp Files
@@ -22,6 +22,7 @@ You can use LDAP over TLS to secure communication between an Azure NetApp Files
 ## Considerations
 
 * LDAP over TLS must not be enabled if you are using Azure Active Directory Domain Services (AADDS). AADDS uses LDAPS (port 636) to secure LDAP traffic instead of LDAP over TLS (port 389).  
+* PTR records must exist for all domain controllers in the site for ADDS LDAP over TLS to function properly.
 
 ## Generate and export root CA certificate 
 

articles/azure-netapp-files/create-active-directory-connections.md

@@ -12,7 +12,7 @@ ms.service: azure-netapp-files
 ms.workload: storage
 ms.tgt_pltfrm: na
 ms.topic: how-to
-ms.date: 11/28/2022
+ms.date: 01/20/2023
 ms.author: anfdocs
 ---
 # Create and manage Active Directory connections for Azure NetApp Files
@@ -137,6 +137,8 @@ Several features of Azure NetApp Files require that you have an Active Directory
         
         Azure NetApp Files supports LDAP Channel Binding if both LDAP Signing and LDAP over TLS settings options are enabled in the Active Directory Connection. For more information, see [ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023).  
 
+        PTR records for the machine accounts must exist for LDAP signing to work.
+
         ![Screenshot of the LDAP signing checkbox.](../media/azure-netapp-files/active-directory-ldap-signing.png) 
 
     * **Allow local NFS users with LDAP**

articles/azure-netapp-files/understand-guidelines-active-directory-domain-service-site.md

@@ -12,7 +12,7 @@ ms.service: azure-netapp-files
 ms.workload: storage
 ms.tgt_pltfrm: na
 ms.topic: conceptual
-ms.date: 01/06/2022
+ms.date: 01/20/2023
 ms.author: anfdocs
 ---
 # Understand guidelines for Active Directory Domain Services site design and planning for Azure NetApp Files
@@ -70,7 +70,7 @@ Ensure that you meet the following requirements about the DNS configurations:
     * Ensure that DNS servers have network connectivity to the Azure NetApp Files delegated subnet hosting the Azure NetApp Files volumes.
     * Ensure that network ports UDP 53 and TCP 53 are not blocked by firewalls or NSGs.
 * Ensure that [the SRV records registered by the AD DS Net Logon service](https://social.technet.microsoft.com/wiki/contents/articles/7608.srv-records-registered-by-net-logon.aspx) have been created on the DNS servers.
-* Ensure that the PTR records for the SRV records registered by the AD DS Net Logon service have been created on the DNS servers.
+* Ensure that the PTR records for the AD DS domain controllers used by Azure NetApp Files have been created on the DNS servers.
 * Azure NetApp Files supports standard and secure dynamic DNS updates. If you require secure dynamic DNS updates, ensure that secure updates are configured on the DNS servers.
 * If dynamic DNS updates are not used, you need to manually create A record and PTR records for Azure NetApp Files SMB volumes.
 * For complex or large AD DS topologies, [DNS Policies or DNS subnet prioritization may be required to support LDAP enabled NFS volumes](#ad-ds-ldap-discover).