Skip to content

Commit 65d5978

Browse files
committed
ANF JIRA 24416: SRE requested AD doc updates
1 parent 81f7c56 commit 65d5978

File tree

3 files changed

+7
-4
lines changed

3 files changed

+7
-4
lines changed

articles/azure-netapp-files/configure-ldap-over-tls.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ ms.service: azure-netapp-files
1212
ms.workload: storage
1313
ms.tgt_pltfrm: na
1414
ms.topic: how-to
15-
ms.date: 03/15/2022
15+
ms.date: 01/20/2023
1616
ms.author: anfdocs
1717
---
1818
# Configure ADDS LDAP over TLS for Azure NetApp Files
@@ -22,6 +22,7 @@ You can use LDAP over TLS to secure communication between an Azure NetApp Files
2222
## Considerations
2323

2424
* LDAP over TLS must not be enabled if you are using Azure Active Directory Domain Services (AADDS). AADDS uses LDAPS (port 636) to secure LDAP traffic instead of LDAP over TLS (port 389).
25+
* PTR records must exist for all domain controllers in the site for ADDS LDAP over TLS to function properly.
2526

2627
## Generate and export root CA certificate
2728

articles/azure-netapp-files/create-active-directory-connections.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ ms.service: azure-netapp-files
1212
ms.workload: storage
1313
ms.tgt_pltfrm: na
1414
ms.topic: how-to
15-
ms.date: 11/28/2022
15+
ms.date: 01/20/2023
1616
ms.author: anfdocs
1717
---
1818
# Create and manage Active Directory connections for Azure NetApp Files
@@ -137,6 +137,8 @@ Several features of Azure NetApp Files require that you have an Active Directory
137137
138138
Azure NetApp Files supports LDAP Channel Binding if both LDAP Signing and LDAP over TLS settings options are enabled in the Active Directory Connection. For more information, see [ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023).
139139
140+
PTR records for the machine accounts must exist for LDAP signing to work.
141+
140142
![Screenshot of the LDAP signing checkbox.](../media/azure-netapp-files/active-directory-ldap-signing.png)
141143
142144
* **Allow local NFS users with LDAP**

articles/azure-netapp-files/understand-guidelines-active-directory-domain-service-site.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ ms.service: azure-netapp-files
1212
ms.workload: storage
1313
ms.tgt_pltfrm: na
1414
ms.topic: conceptual
15-
ms.date: 01/06/2022
15+
ms.date: 01/20/2023
1616
ms.author: anfdocs
1717
---
1818
# Understand guidelines for Active Directory Domain Services site design and planning for Azure NetApp Files
@@ -70,7 +70,7 @@ Ensure that you meet the following requirements about the DNS configurations:
7070
* Ensure that DNS servers have network connectivity to the Azure NetApp Files delegated subnet hosting the Azure NetApp Files volumes.
7171
* Ensure that network ports UDP 53 and TCP 53 are not blocked by firewalls or NSGs.
7272
* Ensure that [the SRV records registered by the AD DS Net Logon service](https://social.technet.microsoft.com/wiki/contents/articles/7608.srv-records-registered-by-net-logon.aspx) have been created on the DNS servers.
73-
* Ensure that the PTR records for the SRV records registered by the AD DS Net Logon service have been created on the DNS servers.
73+
* Ensure that the PTR records for the AD DS domain controllers used by Azure NetApp Files have been created on the DNS servers.
7474
* Azure NetApp Files supports standard and secure dynamic DNS updates. If you require secure dynamic DNS updates, ensure that secure updates are configured on the DNS servers.
7575
* If dynamic DNS updates are not used, you need to manually create A record and PTR records for Azure NetApp Files SMB volumes.
7676
* For complex or large AD DS topologies, [DNS Policies or DNS subnet prioritization may be required to support LDAP enabled NFS volumes](#ad-ds-ldap-discover).

0 commit comments

Comments
 (0)