MicrosoftDocs
diff --git a/‎.openpublishing.redirection.azure-monitor.json
Lines changed: 0 additions & 5 deletions b/‎.openpublishing.redirection.azure-monitor.json
Lines changed: 0 additions & 5 deletions
diff --git a/‎.openpublishing.redirection.iot-hub.json
Lines changed: 10 additions & 0 deletions b/‎.openpublishing.redirection.iot-hub.json
Lines changed: 10 additions & 0 deletions
diff --git a/‎.openpublishing.redirection.json
Lines changed: 5 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 5 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/partner-eid-me.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory-b2c/partner-eid-me.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory-domain-services/TOC.yml
Lines changed: 2 additions & 0 deletions b/‎articles/active-directory-domain-services/TOC.yml
Lines changed: 2 additions & 0 deletions
diff --git a/‎articles/active-directory-domain-services/how-to-data-retrieval.md
Lines changed: 99 additions & 0 deletions b/‎articles/active-directory-domain-services/how-to-data-retrieval.md
Lines changed: 99 additions & 0 deletions
diff --git a/‎articles/active-directory-domain-services/media/tutorial-create-management-vm/add-user-in-users-all-users.png
66.6 KB b/‎articles/active-directory-domain-services/media/tutorial-create-management-vm/add-user-in-users-all-users.png
66.6 KB
diff --git a/‎articles/active-directory-domain-services/media/tutorial-create-management-vm/delete-user-all-users-blade.png
29 KB b/‎articles/active-directory-domain-services/media/tutorial-create-management-vm/delete-user-all-users-blade.png
29 KB
diff --git a/‎articles/active-directory/app-provisioning/on-premises-migrate-microsoft-identity-manager.md
Lines changed: 15 additions & 8 deletions b/‎articles/active-directory/app-provisioning/on-premises-migrate-microsoft-identity-manager.md
Lines changed: 15 additions & 8 deletions
diff --git a/‎articles/active-directory/authentication/concept-fido2-hardware-vendor.md
Lines changed: 0 additions & 2 deletions b/‎articles/active-directory/authentication/concept-fido2-hardware-vendor.md
Lines changed: 0 additions & 2 deletions
@@ -10,11 +10,6 @@
             "redirect_url": "/azure/azure-monitor/app/performance-counters",
             "redirect_document_id": true
         },
-        {
-            "source_path_from_root": "/articles/application-insights/cloudservices.md",
-            "redirect_url": "/azure/azure-monitor/app/azure-web-apps-net",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/azure-monitor/insights/service-bus-insights.md",
             "redirect_url": "/azure/service-bus-messaging/service-bus-insights",
 
@@ -1088,6 +1088,16 @@
       "redirect_url": "/azure/iot-hub/iot-hub-device-management-iot-toolkit",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/iot-hub/iot-hub-operations-monitoring.md",
+      "redirect_url": "/azure/iot-hub/monitor-iot-hub",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/iot-hub/iot-hub-migrate-to-diagnostics-settings.md",
+      "redirect_url": "/azure/iot-hub/monitor-iot-hub",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/iot-hub/iot-hub-protocol-gateway.md",
       "redirect_url": "/azure/iot-edge/iot-edge-as-gateway",
 
@@ -623,6 +623,11 @@
       "redirect_url": "/azure/azure-arc/kubernetes/",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/azure-arc/kubernetes/conceptual-agent-architecture.md",
+      "redirect_url": "/azure/azure-arc/kubernetes/conceptual-agent-overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cognitive-services/whats-new-docs.md",
       "redirect_url": "/azure/cognitive-services/what-are-cognitive-services",
 
@@ -101,7 +101,7 @@ To configure your tenant application as a Relying Party in eID-Me the following
 | Name                               | Azure AD B2C/your desired application name                                                                                                                                                                                                                                                                                                                                                                       |
 | Domain                             | name.onmicrosoft.com                                                                                                                                                                                                                                                                                                                                                                                             |
 | Redirect URIs                      | https://jwt.ms                                                                                                                                                                                                                                                                                                                                                                       |
-| Redirect URLs                      | https://your-B2C-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com/oauth2/authresp<br>For Example: `https://fabrikam.b2clogin.com/fabrikam.onmicrosoft.com/oauth2/authresp`<br>If you use a custom domain, enter https://your-domain-name/your-tenant-name.onmicrosoft.com/oauth2/authresp.<br> Replace your-domain-name with your custom domain, and your-tenant-name with the name of your tenant. |
+| Redirect URLs                      | `https://your-B2C-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com/oauth2/authresp`<br>For Example: `https://fabrikam.b2clogin.com/fabrikam.onmicrosoft.com/oauth2/authresp`<br>If you use a custom domain, enter https://your-domain-name/your-tenant-name.onmicrosoft.com/oauth2/authresp.<br> Replace your-domain-name with your custom domain, and your-tenant-name with the name of your tenant. |
 | URL for application home page      | Will be displayed to the end user                                                                                                                                                                                                                                                                                                                                                                                |
 | URL for application privacy policy | Will be displayed to the end user                                                                                                                                                                                                                                                                                                                                                                                |
 
@@ -300,7 +300,7 @@ There are additional identity claims that eID-Me supports and can be added.
 
 1. Open the `TrustFrameworksExtension.xml`
 
-2. Find the `BuildingBlocks` element.  This is where additional identity claims that eID-Me supports can be added. Full lists of supported eID-Me identity claims with descriptions are mentioned at [http://www.oid-info.com/get/1.3.6.1.4.1.50715](http://www.oid-info.com/get/1.3.6.1.4.1.50715) with the OIDC identifiers used here [https://eid-me.bluink.ca/.well-known/openid-configuration](https://eid-me.bluink.ca/.well-known/openid-configuration).
+2. Find the `BuildingBlocks` element.  This is where additional identity claims that eID-Me supports can be added. Full lists of supported eID-Me identity claims with descriptions are mentioned at `http://www.oid-info.com/get/1.3.6.1.4.1.50715` with the OIDC identifiers used here [https://eid-me.bluink.ca/.well-known/openid-configuration](https://eid-me.bluink.ca/.well-known/openid-configuration).
 
    ```xml
    <BuildingBlocks>
 
@@ -91,6 +91,8 @@
           href: migrate-from-classic-vnet.md
         - name: Change SKU
           href: change-sku.md
+        - name: Retrieve data
+          href: how-to-data-retrieval.md
     - name: Secure Azure AD DS
       items:
         - name: Secure your managed domain
 
@@ -0,0 +1,99 @@
+---
+title: Instructions for data retrieval from Azure Active Directory Domain Services | Microsoft Docs
+description: Learn how to retrieve data from Azure Active Directory Domain Services (Azure AD DS).
+services: active-directory-ds
+author: justinha
+manager: karenhoran
+
+ms.service: active-directory
+ms.subservice: domain-services
+ms.workload: identity
+ms.topic: conceptual
+ms.date: 04/14/2022
+ms.author: justinha
+ms.reviewer: manthanm
+---
+
+# Azure AD DS instructions for data retrieval
+
+This document describes how to retrieve data from Azure Active Directory Domain Services (Azure AD DS).
+
+[!INCLUDE [active-directory-app-provisioning.md](../../includes/gdpr-intro-sentence.md)]
+
+## Use Azure Active Directory to create, read, update, and delete user objects
+
+You can create a user in the Azure AD portal or by using Graph PowerShell or Graph API. You can also read, update, and delete users. The next sections show how to do these operations in the Azure AD portal. 
+
+### Create, read, or update a user
+
+You can create a new user using the Azure Active Directory portal.
+To add a new user, follow these steps:
+
+1. Sign in to the [Azure portal](https://portal.azure.com/) in the User Administrator role for the organization.
+
+1. Search for and select *Azure Active Directory* from any page.
+
+1. Select **Users**, and then select **New user**.
+
+    ![Add a user through Users - All users in Azure AD](./media/tutorial-create-management-vm/add-user-in-users-all-users.png)
+
+1. On the **User** page, enter information for this user:
+
+   - **Name**. Required. The first and last name of the new user. For example, *Mary Parker*.
+
+   - **User name**. Required. The user name of the new user. For example, `[email protected]`.
+
+   - **Groups**. Optionally, you can add the user to one or more existing groups. 
+
+   - **Directory role**: If you require Azure AD administrative permissions for the user, you can add them to an Azure AD role. 
+
+   - **Job info**: You can add more information about the user here.
+
+1. Copy the autogenerated password provided in the **Password** box. You'll need to give this password to the user to sign in for the first time.
+
+1. Select **Create**.
+
+The user is created and added to your Azure AD organization.
+
+To read or update a user, search for and select the user such as, _Mary Parker_. Change any property and click **Save**. 
+
+### Delete a user
+
+To delete a user, follow these steps:
+
+1. Search for and select the user you want to delete from your Azure AD tenant. For example, _Mary Parker_.
+
+1. Select **Delete user**.
+
+   ![Users - All users page with Delete user highlighted](./media/tutorial-create-management-vm/delete-user-all-users-blade.png)
+
+
+The user is deleted and no longer appears on the **Users - All users** page. The user can be seen on the **Deleted users** page for the next 30 days and can be restored during that time. 
+
+When a user is deleted, any licenses consumed by the user are made available for other users.
+
+## Use RSAT tools to connect to an Azure AD DS managed domain and view users
+
+Sign in to an administrative workstation with a user account that's a member of the *AAD DC Administrators* group. The following steps require installation of [Remote Server Administration Tools (RSAT)](tutorial-create-management-vm.md#install-active-directory-administrative-tools).
+
+1. From the **Start** menu, select **Windows Administrative Tools**. The Active Directory Administration Tools are listed.
+
+    ![List of Administrative Tools installed on the server](./media/tutorial-create-management-vm/list-admin-tools.png)
+
+1. Select **Active Directory Administrative Center**.
+1. To explore the managed domain, choose the domain name in the left pane, such as *aaddscontoso*. Two containers named *AADDC Computers* and *AADDC Users* are at the top of the list.
+
+    ![List the available containers part of the managed domain](./media/tutorial-create-management-vm/active-directory-administrative-center.png)
+
+1. To see the users and groups that belong to the managed domain, select the **AADDC Users** container. The user accounts and groups from your Azure AD tenant are listed in this container.
+
+    In the following example output, a user account named *Contoso Admin* and a group for *AAD DC Administrators* are shown in this container.
+
+    ![View the list of Azure AD DS domain users in the Active Directory Administrative Center](./media/tutorial-create-management-vm/list-azure-ad-users.png)
+
+1. To see the computers that are joined to the managed domain, select the **AADDC Computers** container. An entry for the current virtual machine, such as *myVM*, is listed. Computer accounts for all devices that are joined to the managed domain are stored in this *AADDC Computers* container.
+
+You can also use the *Active Directory Module for Windows PowerShell*, installed as part of the administrative tools, to manage common actions in your managed domain.
+
+## Next steps
+* [Azure AD DS Overview](overview.md)
@@ -21,31 +21,38 @@ You can import into the Azure Active Directory (Azure AD) ECMA Connector Host a
 >[!IMPORTANT]
 >Currently, only the generic SQL and LDAP connectors are supported for use with the Azure AD ECMA Connector Host.
 
-## Create and export a connector configuration in MIM Sync
-If you already have MIM Sync with your ECMA connector configured, skip to step 10.
+## Create a connector configuration in MIM Sync
+This section is included for illustrative purposes, if you wish to set up MIM Sync with a connector. If you already have MIM Sync with your ECMA connector configured, skip to the next section.
 
  1. Prepare a Windows Server 2016 server, which is distinct from the server that will be used for running the Azure AD ECMA Connector Host. This host server should either have a SQL Server 2016 database colocated or have network connectivity to a SQL Server 2016 database. One way to set up this server is by deploying an Azure virtual machine with the image **SQL Server 2016 SP1 Standard on Windows Server 2016**. This server doesn't need internet connectivity other than remote desktop access for setup purposes.
  1. Create an account for use during the MIM Sync installation. It can be a local account on that Windows Server instance. To create a local account, open **Control Panel** > **User Accounts**, and add the user account **mimsync**.
  1. Add the account created in the previous step to the local Administrators group.
  1. Give the account created earlier the ability to run a service. Start **Local Security Policy** and select **Local Policies** > **User Rights Assignment** > **Log on as a service**. Add the account mentioned earlier.
- 1. Install MIM Sync on this host. If you don't have MIM Sync binaries, you can install an evaluation by downloading the zip file from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=48244), mounting the ISO image, and copying the folder **Synchronization Service** to the Windows Server host. Then run the setup program contained in that folder. Evaluation software is time limited and will expire. It isn't intended for production use.
+ 1. Install MIM Sync on this host.
  1. After the installation of MIM Sync is complete, sign out and sign back in.
- 1. Install your connector on the same server as MIM Sync. For illustration purposes, this test lab guide will illustrate using one of the Microsoft-supplied connectors for download from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=51495).
+ 1. Install your connector on the same server as MIM Sync. For illustration purposes, use either of the Microsoft-supplied SQL or LDAP connectors for download from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=51495).
  1. Start the Synchronization Service UI. Select **Management Agents**. Select **Create**, and specify the connector management agent. Be sure to select a connector management agent that's ECMA based.
  1. Give the connector a name, and configure the parameters needed to import and export data to the connector. Be sure to configure that the connector can import and export single-valued string attributes of a user or person object type.
+
+## Export a connector configuration from MIM Sync
+
  1. On the MIM Sync server computer, start the Synchronization Service UI, if it isn't already running. Select **Management Agents**.
  1. Select the connector, and select **Export Management Agent**. Save the XML file, and the DLL and related software for your connector, to the Windows server that will be holding the ECMA Connector Host.
 
 At this point, the MIM Sync server is no longer needed.
 
- 1. Sign in to the Windows server as the account that the Azure AD ECMA Connector Host will run as.
+## Import a connector configuration
+
+ 1. Install the ECMA Connector host and provisioning agent on a Windows Server, using the [provisioning users into SQL based applications](on-premises-sql-connector-configure.md#download-install-and-configure-the-azure-ad-connect-provisioning-agent-package) or [provisioning users into LDAP directories](on-premises-ldap-connector-configure.md#download-install-and-configure-the-azure-ad-connect-provisioning-agent-package) articles.
+ 1. Sign in to the Windows server as the account that the Azure AD ECMA Connector Host runs as.
  1. Change to the directory C:\Program Files\Microsoft ECMA2host\Service\ECMA. Ensure there are one or more DLLs already present in that directory. Those DLLs correspond to Microsoft-delivered connectors.
  1. Copy the MA DLL for your connector, and any of its prerequisite DLLs, to that same ECMA subdirectory of the Service directory.
  1. Change to the directory C:\Program Files\Microsoft ECMA2Host\Wizard. Run the program Microsoft.ECMA2Host.ConfigWizard.exe to set up the ECMA Connector Host configuration.
  1. A new window appears with a list of connectors. By default, no connectors will be present. Select **New connector**.
- 1. Specify the management agent XML file that was exported from MIM Sync earlier. Continue with the configuration and schema-mapping instructions from the section "Configure a connector."
+ 1. Specify the management agent XML file that was exported from MIM Sync earlier. Continue with the configuration and schema-mapping instructions from the section "Create a connector" in either the [provisioning users into SQL based applications](on-premises-sql-connector-configure.md#create-a-generic-sql-connector) or [provisioning users into LDAP directories](on-premises-ldap-connector-configure.md#configure-a-generic-ldap-connector) articles.
 
 ## Next steps
 
-- [App provisioning](user-provisioning.md)
-- [Generic SQL connector](on-premises-sql-connector-configure.md)
+- Learn more about [App provisioning](user-provisioning.md)
+- [Configuring Azure AD to provision users into SQL based applications](on-premises-sql-connector-configure.md) with the Generic SQL connector
+- [Configuring Azure AD to provision users into LDAP directories](on-premises-ldap-connector-configure.md) with the Generic LDAP connector
@@ -29,8 +29,6 @@ You can become a Microsoft-compatible FIDO2 security key vendor through the foll
         - Receive an overview of the device from the vendor
     - Microsoft will share our test scripts with you. Our engineering team will be able to answer questions if you have any specific needs.
     - You will complete and send all passed results to Microsoft Engineering team
-    - Once Microsoft confirms, you will send multiple hardware/solution samples of each device to Microsoft Engineering team
-        - Upon receipt Microsoft Engineering team will conduct test script verification and user experience flow
 4. Upon successful passing of all tests by Microsoft Engineering team, Microsoft will confirm vendor's device is listed in [the FIDO MDS](https://fidoalliance.org/metadata/).
 5. Microsoft will add your FIDO2 Security Key on Azure AD backend and to our list of approved FIDO2 vendors.