edits

ktoliver · ktoliver · commit 670be628528b · 2023-02-01T15:16:51.000-08:00
diff --git a/articles/active-directory/hybrid/how-to-connect-install-move-db.md b/articles/active-directory/hybrid/how-to-connect-install-move-db.md
@@ -29,7 +29,7 @@ Use the following steps to move the Azure AD Connect database to a computer runn
 
 1. On the Azure AD Connect server, go to **Services** and stop the Microsoft Azure AD Sync service.
 1. Go to the *%ProgramFiles%\Microsoft Azure AD Sync\Data* folder and copy the *ADSync.mdf* and *ADSync_log.ldf* files to the computer running remote SQL Server.
-1. Restart the **Microsoft Azure AD Sync** service on the Azure AD Connect server.
+1. Restart the Microsoft Azure AD Sync service on the Azure AD Connect server.
 1. Uninstall Azure AD Connect by going to **Control Panel** > **Programs** > **Programs and Features**. Select **Microsoft Azure AD Connect**, and then select **Uninstall**.
 1. On the computer running remote SQL Server, open SQL Server Management Studio.
 1. Right-click **Databases** and select **Attach**.
@@ -46,23 +46,29 @@ Use the following steps to move the Azure AD Connect database to a computer runn
 
    :::image type="content" source="media/how-to-connect-install-move-db/db2.png" alt-text="Screenshot that shows the command described in the step in PowerShell.":::
 
-1. In **Welcome to Azure AD Connect**. Review and agree to the license terms and privacy notice, and then select **Continue**.
+1. In **Welcome to Azure AD Connect**, review and agree to the license terms and privacy notice, and then select **Continue**.
 
    :::image type="content" source="media/how-to-connect-install-move-db/db3.png" alt-text="Screenshot that shows the Welcome to Azure AD Connect page.":::
 
-1. In **Install required components**, the **Use an existing SQL Server** option is enabled. Specify the name of the SQL Server instance that's hosting the ADSync database. If the SQL engine instance that's used to host the ADSync database isn't the default instance on the SQL Server instance, you must specify the name of the SQL engine instance. Also, if SQL browsing isn't enabled, you must specify the SQL engine instance port number. For example:
+1. In **Install required components**, the **Use an existing SQL Server** option is enabled. Specify the name of the SQL Server instance that's hosting the ADSync database. If the SQL engine instance that's used to host the ADSync database isn't the default instance in SQL Server, you must specify the name of the SQL engine instance.
+
+   Also, if SQL browsing isn't enabled, you must specify the SQL engine instance port number. For example:
 
    :::image type="content" source="media/how-to-connect-install-move-db/db4.png" alt-text="Screenshot that shows the options on the Install required components page.":::
 
-1. In **Connect to Azure AD**, you must provide the credentials of a Hybrid Identity Administrator for your directory in Azure Active Directory (Azure AD). We recommend that you use an account in the default `onmicrosoft.com` domain. This account is used only to create a service account in Azure AD. The account isn't used after the wizard is finished.
+1. In **Connect to Azure AD**, you must provide the credentials of a Hybrid Identity Administrator for your directory in Azure Active Directory (Azure AD).
+
+   We recommend that you use an account in the default `onmicrosoft.com` domain. This account is used only to create a service account in Azure AD. The account isn't used after the wizard is finished.
 
    :::image type="content" source="media/how-to-connect-install-move-db/db5.png" alt-text="Screenshot that shows the options on the Connect to Azure AD page.":::
 
-1. In **Connect your directories**, the existing Windows Server Active Directory (Windows Server AD) forest that's configured for directory sync is listed with a red X icon beside it. To sync changes from a Windows Server AD, an Active Directory Domain Services (AD DS) account is required. The Azure AD Connect wizard can't retrieve the credentials of the AD DS account that's stored in the ADSync database because the credentials are encrypted. The credentials can be decrypted only by the earlier Azure AD Connect server. Select **Change Credentials** to specify the AD DS account for the Windows Server AD forest.
+1. In **Connect your directories**, the existing Windows Server Active Directory (Windows Server AD) forest that's configured for directory sync is listed with a red X icon beside it. To sync changes from Windows Server AD, an Active Directory Domain Services (AD DS) account is required. Select **Change Credentials** to specify the AD DS account for the Windows Server AD forest.
+
+   The Azure AD Connect wizard can't retrieve the credentials of the AD DS account that are stored in the ADSync database because the credentials are encrypted. The credentials can be decrypted only by the earlier instance of the Azure AD Connect server.
 
    :::image type="content" source="media/how-to-connect-install-move-db/db6.png" alt-text="Screenshot that shows the options on the Connect your directories page.":::
 
-1. In the dialog, you can choose one of the following options:
+1. In the dialog, choose one of the following options:
 
    1. Enter the credentials for an Enterprise Admin and let Azure AD Connect create the AD DS account for you.
    1. Create the AD DS account yourself and enter its credentials in Azure AD Connect.
@@ -71,9 +77,9 @@ Use the following steps to move the Azure AD Connect database to a computer runn
 
    After you select an option and enter the credentials, select **OK**.
 
-1. After the credentials are entered, the red cross icon is replaced with a green checkmark icon. Select **Next**.
+1. After the credentials are entered, the red X icon is replaced with a green checkmark icon. Select **Next**.
 
-   :::image type="content" source="media/how-to-connect-install-move-db/db8.png" alt-text="Screenshot that shows the Azure AD Connect your directories page after you enter account credentials.":::
+   :::image type="content" source="media/how-to-connect-install-move-db/db8.png" alt-text="Screenshot that shows the Connect your directories page after you enter account credentials.":::
 
 1. In **Ready to configure**, select **Install**.
 
@@ -84,5 +90,5 @@ Use the following steps to move the Azure AD Connect database to a computer runn
 ## Next steps
 
 - Learn more about [integrating your on-premises identities with Azure Active Directory](whatis-hybrid-identity.md).
-- [Install Azure AD Connect by using an existing ADSync database](how-to-connect-install-existing-database.md).
-- [Install Azure AD Connect by using SQL delegated administrator permissions](how-to-connect-install-sql-delegation.md).
+- Get more information about [installing Azure AD Connect by using an existing ADSync database](how-to-connect-install-existing-database.md).
+- Learn how to [install Azure AD Connect by using SQL delegated administrator permissions](how-to-connect-install-sql-delegation.md).
diff --git a/articles/active-directory/hybrid/reference-connect-ports.md b/articles/active-directory/hybrid/reference-connect-ports.md
@@ -45,7 +45,7 @@ This table describes the ports and protocols that are required for communication
 | HTTP |80 (TCP) |Used to download CRLs (Certificate Revocation Lists) to verify TLS/SSL certificates. |
 | HTTPS |443 (TCP) |Used to synchronize with Azure AD. |
 
-For a list of URLs and IP addresses you need to open in your firewall, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2) and [Troubleshooting Azure AD Connect connectivity](tshoot-connect-connectivity.md#troubleshoot-connectivity-issues-in-the-installation-wizard).
+For a list of URLs and IP addresses you need to open in your firewall, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2) and [Troubleshooting Azure AD Connect connectivity](tshoot-connect-connectivity.md#connectivity-issues-in-the-installation-wizard).
 
 ## Table 3 - Azure AD Connect and AD FS Federation Servers/WAP
 This table describes the ports and protocols that are required for communication between the Azure AD Connect server and AD FS Federation/WAP servers.  
diff --git a/articles/active-directory/hybrid/tshoot-connect-connectivity.md b/articles/active-directory/hybrid/tshoot-connect-connectivity.md
@@ -21,7 +21,7 @@ ms.custom: has-adal-ref
 
 This article explains how connectivity between Azure AD Connect and Azure Active Directory (Azure AD) works and how to troubleshoot connectivity issues. These issues are most likely to be seen in an environment that uses a proxy server.
 
-## Troubleshoot connectivity issues in the installation wizard
+## Connectivity issues in the installation wizard
 
 Azure AD Connect uses the Microsoft Authentication Library (MSAL) for authentication. The installation wizard and the sync engine require machine.config to be properly configured because these two are .NET applications.
 
@@ -96,7 +96,7 @@ Is the password a temporary password that must be changed? Is it actually the co
 
 ### Verify proxy connectivity
 
-To check whether the Azure AD Connect server is connecting to the proxy and the internet, use some PowerShell cmdlets to see if the proxy is allowing web requests. In a PowerShell prompt, run `Invoke-WebRequest -Uri https://adminwebservice.microsoftonline.com/ProvisioningService.svc`. (Technically, the first call is to `https://login.microsoftonline.com` and this URI works as well, but the other URI is faster to respond.)
+To check whether the Azure AD Connect server is connecting to the proxy and the internet, use some PowerShell cmdlets to see if the proxy is allowing web requests. In PowerShell, run `Invoke-WebRequest -Uri https://adminwebservice.microsoftonline.com/ProvisioningService.svc`. (Technically, the first call is to `https://login.microsoftonline.com`, and this URI also works, but the other URI is quicker to respond.)
 
 PowerShell uses the configuration in *machine.config* to contact the proxy. The settings in *winhttp/netsh* shouldn't affect these cmdlets.
 
@@ -108,7 +108,7 @@ If you see the message **Unable to connect to the remote server**, PowerShell is
 
 :::image type="content" source="media/tshoot-connect-connectivity/invokewebrequestunable.png" alt-text="Screenshot of an error message when PowerShell can't connect to the remote server.":::
 
-If the proxy isn't correctly configured, an error message appears:
+If the proxy isn't correctly configured, a 403 or 407 error message appears:
 
 :::image type="content" source="media/tshoot-connect-connectivity/invokewebrequest403.png" alt-text="Screenshot of a 403 proxy error in PowerShell.":::
 
@@ -123,17 +123,17 @@ The following table describes 403 and 407 proxy errors:
 
 ### Proxy idle timeout setting
 
-When Azure AD Connect sends an export request to Azure AD, Azure AD can take up to 5 minutes to process the request before generating a response. A response might be delayed especially if many group objects that have large group memberships are included in the same export request. Ensure that the proxy idle timeout is configured to be greater than 5 minutes. Otherwise, you might have intermittent connectivity issues with Azure AD on the Azure AD Connect server.
+When Azure AD Connect sends an export request to Azure AD, Azure AD can take up to 5 minutes to process the request before generating a response. The response is especially likely to be delayed if many group objects that have large group memberships are included in the same export request. Ensure that the proxy idle timeout is configured to be greater than 5 minutes. Otherwise, you might have intermittent connectivity issues with Azure AD on the Azure AD Connect server.
 
-## The communication pattern between Azure AD Connect and Azure AD
+## Communication pattern between Azure AD Connect and Azure AD
 
 If you've followed all the steps described in this article and you still can't connect, at this point you might look at network logs. This section describes a normal and successful connectivity pattern.
 
-Here are some common concerns about data in the network logs that you can ignore:
+But first, here are some common concerns about data in the network logs that you can ignore:
 
 - There are calls to `https://dc.services.visualstudio.com`. It's not required to have this URL open in the proxy for the installation to succeed, and these calls can be ignored.
 - You see that DNS resolution lists the actual hosts as being in the DNS namespace `nsatc.net` and other namespaces that aren't under `microsoftonline.com`. However, there aren't any web service requests on the actual server names. You don't have to add these URLs to the proxy.
-- The endpoints `adminwebservice` and `provisioningapi` are discovery endpoints and are used to find the actual endpoint to use. These endpoints are different depending on your region.
+- The endpoints `adminwebservice` and `provisioningapi` are discovery endpoints, and they're used to find the actual endpoint to use. These endpoints are different depending on your region.
 
 ### Reference proxy logs
 
@@ -179,27 +179,27 @@ The following example is a dump from an actual proxy log and the installation wi
 
 This section covers errors that might be returned from the ADAL and PowerShell. The error explanation should help you identify your next steps.
 
-### Invalid Grant
+### Invalid grant
 
 You entered an invalid user name or password. For more information, see [The password can't be verified](#the-password-cant-be-verified).
 
-### Unknown User Type
+### Unknown user type
 
 Your Azure AD directory can't be found or resolved. Maybe you tried to sign in with a user name in an unverified domain?
 
-### User Realm Discovery Failed
+### User realm discovery failed
 
-Network or proxy configuration issues. The network can't be reached. See [Troubleshoot connectivity issues in the installation wizard](#troubleshoot-connectivity-issues-in-the-installation-wizard).
+Network or proxy configuration issues. The network can't be reached. See [Connectivity issues in the installation wizard](#connectivity-issues-in-the-installation-wizard).
 
-### User Password Expired
+### User password expired
 
 Your credentials have expired. Change your password.
 
-### Authorization Failure
+### Authorization failure
 
 Azure AD Connect failed to authorize the user to perform an action in Azure AD.
 
-### Authentication Canceled
+### Authentication canceled
 
 The MFA challenge was canceled.
 
@@ -210,7 +210,7 @@ The MFA challenge was canceled.
 -->
 </div>
 
-### Connect To MSOnline Failed
+### Connect to MSOnline failed
 
 Authentication was successful, but Azure AD PowerShell has an authentication problem.
 
@@ -221,7 +221,7 @@ Authentication was successful, but Azure AD PowerShell has an authentication pro
 -->
 </div>
 
-### Azure AD Global Administrator Role Needed
+### Azure AD Global Administrator role needed
 
 The user was authenticated successfully, but the user isn't assigned the Global Administrator role. You can [assign the Global Administrator role](../roles/permissions-reference.md) to the user.
 
@@ -232,9 +232,9 @@ The user was authenticated successfully, but the user isn't assigned the Global
 -->
 </div>
 
-### Privileged Identity Management Enabled
+### Privileged Identity Management enabled
 
-Authentication was successful. Privileged Identity Management has been enabled and the user currently isn't a Hybrid Identity Administrator. For more information, see [Privileged Identity Management](../privileged-identity-management/pim-getting-started.md).
+Authentication was successful, but Privileged Identity Management has been enabled and the user currently isn't a Hybrid Identity Administrator. For more information, see [Privileged Identity Management](../privileged-identity-management/pim-getting-started.md).
 
 <div id="get-msolcompanyinformation-failed">
 <!--
@@ -243,7 +243,7 @@ Authentication was successful. Privileged Identity Management has been enabled a
 -->
 </div>
 
-### Company Information Unavailable
+### Company information unavailable
 
 Authentication was successful, but company information couldn't be retrieved from Azure AD.
 
@@ -254,7 +254,7 @@ Authentication was successful, but company information couldn't be retrieved fro
 -->
 </div>
 
-### Domain Information Unavailable
+### Domain information unavailable
 
 Authentication was successful, but domain information couldn't be retrieved from Azure AD.
 
@@ -264,7 +264,7 @@ Shown as *Unexpected error* in the installation wizard. This error might occur i
 
 ## Troubleshooting steps for earlier releases
 
-In releases starting with build number 1.1.105.0 (released February 2016), the sign-in assistant was retired. Configuring the sign-in assistant should no longer be required, but the information in the next sections is kept as reference.
+In releases starting with build number 1.1.105.0 (released February 2016), the sign-in assistant was retired. Configuring the sign-in assistant should no longer be required, but the information in the next sections is included for reference.
 
 For the single sign-in assistant to work, Microsoft Windows HTTP Services (WinHTTP) must be configured. You can configure WinHTTP by using [netsh](how-to-connect-install-prerequisites.md#connectivity).
 
