Merge pull request #107707 from b-juche/live-update-03-13-smb-site-scoping

Live update 03 13 smb site scoping

Author: ShannonLeavitt

articles/azure-netapp-files/azure-netapp-files-create-volumes-smb.md

@@ -13,7 +13,7 @@ ms.workload: storage
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
-ms.date: 02/05/2020
+ms.date: 03/13/2020
 ms.author: b-juche
 ---
 # Create an SMB volume for Azure NetApp Files
@@ -30,7 +30,7 @@ A subnet must be delegated to Azure NetApp Files.
 
  You need to create Active Directory connections before creating an SMB volume. The requirements for Active Directory connections are as follows: 
 
-* The admin account you use must be able to create machine accounts in the organizational unit (OU) path that you will specify.  
+* The admin account you use must have the capability to create machine accounts in the organizational unit (OU) path that you will specify.  
 
 * Proper ports must be open on the applicable Windows Active Directory (AD) server.  
     The required ports are as follows: 
@@ -55,7 +55,7 @@ A subnet must be delegated to Azure NetApp Files.
 
 * The site topology for the targeted Active Directory Domain Services must adhere to best practices, in particular the Azure VNet where Azure NetApp Files is deployed.  
 
-    The address space for the virtual network where Azure NetApp Files is deployed must be added to a new or existing Active Directory site (where a domain controller reachable by Azure NetApp Files resides). 
+    The address space for the virtual network where Azure NetApp Files is deployed must be added to a new or existing Active Directory site (where a domain controller reachable by Azure NetApp Files is). 
 
 * The specified DNS servers must be reachable from the [delegated subnet](https://docs.microsoft.com/azure/azure-netapp-files/azure-netapp-files-delegate-subnet) of Azure NetApp Files.  
 
@@ -65,19 +65,62 @@ A subnet must be delegated to Azure NetApp Files.
 
 * The Azure NetApp Files delegated subnet must be able to reach all Active Directory Domain Services (ADDS) domain controllers in the domain, including all local and remote domain controllers. Otherwise, service interruption can occur.  
 
-    If you have domain controllers that are unreachable via the Azure NetApp Files delegated subnet, you can specify an Active Directory site during creation of the Active Directory connection.  Azure NetApp Files needs to communicate only with domain controllers in the site where the Azure NetApp Files delegated subnet address space resides.
+    If you have domain controllers that are unreachable by the Azure NetApp Files delegated subnet, you can specify an Active Directory site during creation of the Active Directory connection.  Azure NetApp Files needs to communicate only with domain controllers in the site where the Azure NetApp Files delegated subnet address space is.
 
     See [Designing the site topology](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/designing-the-site-topology) about AD sites and services. 
 
 See Azure NetApp Files [SMB FAQs](https://docs.microsoft.com/azure/azure-netapp-files/azure-netapp-files-faqs#smb-faqs) about additional AD information. 
 
+## Decide which Domain Services to use 
+
+Azure NetApp Files supports both [Active Directory Domain Services](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/understanding-active-directory-site-topology) (ADDS) and Azure Active Directory Domain Services (AADDS) for AD connections.  Before you create an AD connection, you need to decide whether to use ADDS or AADDS.  
+
+For more information, see [Compare self-managed Active Directory Domain Services, Azure Active Directory, and managed Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services/compare-identity-solutions). 
+
+### Active Directory Domain Services
+
+You can use your preferred [Active Directory Sites and Services](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/understanding-active-directory-site-topology) scope for Azure NetApp Files. This option enables reads and writes to Active Directory Domain Services (ADDS) domain controllers that are [accessible by Azure NetApp Files](azure-netapp-files-network-topologies.md). It also prevents the service from communicating with domain controllers that are not in the specified Active Directory Sites and Services site. 
+
+To find your site name when you use ADDS, you can contact the administrative group in your organization that is responsible for Active Directory Domain Services. The example below shows the Active Directory Sites and Services plugin where the site name is displayed: 
+
+![Active Directory Sites and Services](../media/azure-netapp-files/azure-netapp-files-active-directory-sites-and-services.png)
+
+When you configure an AD connection for Azure NetApp Files, you specify the site name in scope for the **AD Site Name** field.
+
+### Azure Active Directory Domain Services 
+
+For Azure Active Directory Domain Services (AADDS) configuration and guidance, see [Azure AD Domain Services documentation](https://docs.microsoft.com/azure/active-directory-domain-services/).
+
+Additional AADDS considerations apply for Azure NetApp Files: 
+
+* Ensure the VNet or subnet where AADDS is deployed is in the same Azure region as the Azure NetApp Files deployment.
+* If you use another VNet in the region where Azure NetApp Files is deployed, you should create a peering between the two VNets.
+* Azure NetApp Files supports `user` and `resource forest` types.
+* For synchronization type, you can select `All` or `Scoped`.   
+    If you select `Scoped`, ensure the correct Azure AD group is selected for accessing SMB shares.  If you are uncertain, you can use the `All` synchronization type.
+* Use of the Enterprise or Premium SKU is required. The Standard SKU is not supported.
+
+When you create an Active Directory connection, note the following specifics for AADDS:
+
+* You can find information for **Primary DNS**, **Secondary DNS**, and **AD DNS Domain Name** in the AADDS menu.  
+For DNS servers, two IP addresses will be used for configuring the Active Directory connection. 
+* The **organizational unit path** is `OU=AADDC Computers`.  
+This setting is configured in the **Active Directory Connections** under **NetApp Account**:
+
+  ![Organizational unit path](../media/azure-netapp-files/azure-netapp-files-org-unit-path.png)
+
+* **Username** credentials can be any user that is a member of the Azure AD group **Azure AD DC Administrators**.
+
+
 ## Create an Active Directory connection
 
 1. From your NetApp account, click **Active Directory connections**, then click **Join**.  
 
     ![Active Directory Connections](../media/azure-netapp-files/azure-netapp-files-active-directory-connections.png)
 
-2. In the Join Active Directory window, provide the following information:
+2. In the Join Active Directory window, provide the following information, based on the Domain Services you want to use:  
+
+    For information specific to the Domain Services you use, see [Decide which Domain Services to use](#decide-which-domain-services-to-use). 
 
     * **Primary DNS**  
         This is the DNS that is required for the Active Directory domain join and SMB authentication operations. 
@@ -90,7 +133,7 @@ See Azure NetApp Files [SMB FAQs](https://docs.microsoft.com/azure/azure-netapp-
     * **SMB server (computer account) prefix**  
         This is the naming prefix for the machine account in Active Directory that Azure NetApp Files will use for creation of new accounts.
 
-        For example, if the naming standard that your organization uses for file servers is NAS-01, NAS-02..., NAS-045, then you would enter “NAS” for the prefix. 
+        For example, if the naming standard that your organization uses for file servers is NAS-01, NAS-02..., NAS-045, then you would enter "NAS" for the prefix. 
 
         The service will create additional machine accounts in Active Directory as needed.
 
@@ -127,7 +170,7 @@ See Azure NetApp Files [SMB FAQs](https://docs.microsoft.com/azure/azure-netapp-
 
         A volume name must be unique within each capacity pool. It must be at least three characters long. You can use any alphanumeric characters.   
 
-        You cannot use `default` as the volume name.
+        You can't use `default` as the volume name.
 
     * **Capacity pool**  
         Specify the capacity pool where you want the volume to be created.
@@ -146,7 +189,7 @@ See Azure NetApp Files [SMB FAQs](https://docs.microsoft.com/azure/azure-netapp-
         Specify the subnet that you want to use for the volume.  
         The subnet you specify must be delegated to Azure NetApp Files. 
 
-        If you have not delegated a subnet, you can click **Create new** on the Create a Volume page. Then in the Create Subnet page, specify the subnet information, and select **Microsoft.NetApp/volumes** to delegate the subnet for Azure NetApp Files. In each VNet, only one subnet can be delegated to Azure NetApp Files.   
+        If you haven't delegated a subnet, you can click **Create new** on the Create a Volume page. Then in the Create Subnet page, specify the subnet information, and select **Microsoft.NetApp/volumes** to delegate the subnet for Azure NetApp Files. In each VNet, only one subnet can be delegated to Azure NetApp Files.   
 
         ![Create a volume](../media/azure-netapp-files/azure-netapp-files-new-volume.png)