Merge pull request #226067 from billmath/fixes3

updating

Author: v-regandowner

articles/active-directory/cloud-sync/how-to-prerequisites.md

@@ -26,7 +26,7 @@ You need the following to use Azure AD Connect cloud sync:
 - On-premises firewall configurations.
 
 ## Group Managed Service Accounts
-A group Managed Service Account is a managed domain account that provides automatic password management, simplified service principal name (SPN) management,the ability to delegate the management to other administrators, and also extends this functionality over multiple servers.  Azure AD Connect Cloud Sync supports and uses a gMSA for running the agent.  You will be prompted for administrative credentials during setup, in order to create this account.  The account will appear as (domain\provAgentgMSA$).  For more information on a gMSA, see [Group Managed Service Accounts](/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview) 
+A group Managed Service Account is a managed domain account that provides automatic password management, simplified service principal name (SPN) management, the ability to delegate the management to other administrators, and also extends this functionality over multiple servers.  Azure AD Connect Cloud Sync supports and uses a gMSA for running the agent.  You will be prompted for administrative credentials during setup, in order to create this account.  The account will appear as (domain\provAgentgMSA$).  For more information on a gMSA, see [group Managed Service Accounts](/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview) 
 
 ### Prerequisites for gMSA:
 1.	The Active Directory schema in the gMSA domain's forest needs to be updated to Windows Server 2012 or later.
@@ -48,46 +48,9 @@ If you are creating a custom gMSA account, you need to ensure that the account h
 |Allow |gMSA Account |Read all properties |Descendant Contact objects| 
 |Allow |gMSA Account |Create/delete User objects|This object and all descendant objects| 
 
-For steps on how to upgrade an existing agent to use a gMSA account see [Group Managed Service Accounts](how-to-install.md#group-managed-service-accounts).
-
-#### Create gMSA account with PowerShell
-You can use the following PowerShell script to create a custom gMSA account.  Then you can use the [cloud sync gMSA cmdlets](how-to-gmsa-cmdlets.md) to apply more granular permissions.
-
-```powershell
-# Filename:    1_SetupgMSA.ps1
-# Description: Creates and installs a custom gMSA account for use with Azure AD Connect cloud sync.
-#
-# DISCLAIMER:
-# Copyright (c) Microsoft Corporation. All rights reserved. This 
-# script is made available to you without any express, implied or 
-# statutory warranty, not even the implied warranty of 
-# merchantability or fitness for a particular purpose, or the 
-# warranty of title or non-infringement. The entire risk of the 
-# use or the results from the use of this script remains with you.
-#
-#
-#
-#
-# Declare variables
-$Name = 'provAPP1gMSA'
-$Description = "Azure AD Cloud Sync service account for APP1 server"
-$Server = "APP1.contoso.com"
-$Principal = Get-ADGroup 'Domain Computers'
-
-# Create service account in Active Directory
-New-ADServiceAccount -Name $Name `
--Description $Description `
--DNSHostName $Server `
--ManagedPasswordIntervalInDays 30 `
--PrincipalsAllowedToRetrieveManagedPassword $Principal `
--Enabled $True `
--PassThru
-
-# Install the new service account on Azure AD Cloud Sync server
-Install-ADServiceAccount -Identity $Name
-```
-
-For additional information on the cmdlets above, see [Getting Started with Group Managed Service Accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj128431(v=ws.11)?redirectedfrom=MSDN).
+For steps on how to upgrade an existing agent to use a gMSA account see [group Managed Service Accounts](how-to-install.md#group-managed-service-accounts).
+
+For more information on how to prepare your Active Directory for group Managed Service Account, see [group Managed Service Accounts Overview](/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview).
 
 ### In the Azure Active Directory admin center
 
@@ -104,7 +67,7 @@ Run the [IdFix tool](/office365/enterprise/prepare-directory-attributes-for-sync
 
 2. The PowerShell execution policy on the local server must be set to Undefined or RemoteSigned.
 
-3. If there's a firewall between your servers and Azure AD, configure see [Firewall and proxy requirements](#firewall-and-proxy-requirements) below.  
+3. If there's a firewall between your servers and Azure AD, see [Firewall and proxy requirements](#firewall-and-proxy-requirements) below.  
 
 >[!NOTE]
 > Installing the cloud provisioning agent on Windows Server Core is not supported.