MicrosoftDocs
diff --git a/‎articles/active-directory-domain-services/tutorial-configure-networking.md
Lines changed: 23 additions & 23 deletions b/‎articles/active-directory-domain-services/tutorial-configure-networking.md
Lines changed: 23 additions & 23 deletions
diff --git a/‎articles/active-directory-domain-services/tutorial-configure-password-hash-sync.md
Lines changed: 7 additions & 7 deletions b/‎articles/active-directory-domain-services/tutorial-configure-password-hash-sync.md
Lines changed: 7 additions & 7 deletions
@@ -16,18 +16,18 @@ ms.author: justinha
 
 # Tutorial: Configure virtual networking for a Microsoft Entra Domain Services managed domain
 
-To provide connectivity to users and applications, a Microsoft Entra Domain Services (Microsoft Entra DS) managed domain is deployed into an Azure virtual network subnet. This virtual network subnet should only be used for the managed domain resources provided by the Azure platform.
+To provide connectivity to users and applications, a Microsoft Entra Domain Services managed domain is deployed into an Azure virtual network subnet. This virtual network subnet should only be used for the managed domain resources provided by the Azure platform.
 
-When you create your own VMs and applications, they shouldn't be deployed into the same virtual network subnet. Instead, you should create and deploy your applications into a separate virtual network subnet, or in a separate virtual network that's peered to the Microsoft Entra DS virtual network.
+When you create your own VMs and applications, they shouldn't be deployed into the same virtual network subnet. Instead, you should create and deploy your applications into a separate virtual network subnet, or in a separate virtual network that's peered to the Domain Services virtual network.
 
-This tutorial shows you how to create and configure a dedicated virtual network subnet or how to peer a different network to the Microsoft Entra DS managed domain's virtual network.
+This tutorial shows you how to create and configure a dedicated virtual network subnet or how to peer a different network to the Domain Services managed domain's virtual network.
 
 In this tutorial, you learn how to:
 
 > [!div class="checklist"]
-> * Understand the virtual network connectivity options for domain-joined resources to Microsoft Entra DS
-> * Create an IP address range and additional subnet in the Microsoft Entra DS virtual network
-> * Configure virtual network peering to a network that's separate from Microsoft Entra DS
+> * Understand the virtual network connectivity options for domain-joined resources to Domain Services
+> * Create an IP address range and additional subnet in the Domain Services virtual network
+> * Configure virtual network peering to a network that's separate from Domain Services
 
 If you don't have an Azure subscription, [create an account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
 
@@ -39,8 +39,8 @@ To complete this tutorial, you need the following resources and privileges:
     * If you don't have an Azure subscription, [create an account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 * A Microsoft Entra tenant associated with your subscription, either synchronized with an on-premises directory or a cloud-only directory.
     * If needed, [create a Microsoft Entra tenant][create-azure-ad-tenant] or [associate an Azure subscription with your account][associate-azure-ad-tenant].
-* You need [Application Administrator](../active-directory/roles/permissions-reference.md#application-administrator) and [Groups Administrator](../active-directory/roles/permissions-reference.md#groups-administrator) Microsoft Entra roles in your tenant to enable Microsoft Entra DS.
-* You need Domain Services Contributor Azure role to create the required Microsoft Entra DS resources.
+* You need [Application Administrator](../active-directory/roles/permissions-reference.md#application-administrator) and [Groups Administrator](../active-directory/roles/permissions-reference.md#groups-administrator) Microsoft Entra roles in your tenant to enable Domain Services.
+* You need Domain Services Contributor Azure role to create the required Domain Services resources.
 * A Microsoft Entra Domain Services managed domain enabled and configured in your Microsoft Entra tenant.
     * If needed, the first tutorial [creates and configures a Microsoft Entra Domain Services managed domain][create-azure-ad-ds-instance].
 
@@ -50,19 +50,19 @@ In this tutorial, you create and configure the managed domain using the Microsof
 
 ## Application workload connectivity options
 
-In the previous tutorial, a managed domain was created that used some default configuration options for the virtual network. These default options created an Azure virtual network and virtual network subnet. The Microsoft Entra DS domain controllers that provide the managed domain services are connected to this virtual network subnet.
+In the previous tutorial, a managed domain was created that used some default configuration options for the virtual network. These default options created an Azure virtual network and virtual network subnet. The Domain Services domain controllers that provide the managed domain services are connected to this virtual network subnet.
 
 When you create and run VMs that need to use the managed domain, network connectivity needs to be provided. This network connectivity can be provided in one of the following ways:
 
 * Create an additional virtual network subnet in the managed domain's virtual network. This additional subnet is where you create and connect your VMs.
-    * As the VMs are part of the same virtual network, they can automatically perform name resolution and communicate with the Microsoft Entra DS domain controllers.
+    * As the VMs are part of the same virtual network, they can automatically perform name resolution and communicate with the Domain Services domain controllers.
 * Configure Azure virtual network peering from the managed domain's virtual network to one or more separate virtual networks. These separate virtual networks are where you create and connect your VMs.
-    * When you configure virtual network peering, you must also configure DNS settings to use name resolution back to the Microsoft Entra DS domain controllers.
+    * When you configure virtual network peering, you must also configure DNS settings to use name resolution back to the Domain Services domain controllers.
 
 Usually, you only use one of these network connectivity options. The choice is often down to how you wish to manage separate your Azure resources.
 
-* If you want to manage Microsoft Entra DS and connected VMs as one group of resources, you can create an additional virtual network subnet for VMs.
-* If you want to separate the management of Microsoft Entra DS and then any connected VMs, you can use virtual network peering.
+* If you want to manage Domain Services and connected VMs as one group of resources, you can create an additional virtual network subnet for VMs.
+* If you want to separate the management of Domain Services and then any connected VMs, you can use virtual network peering.
     * You may also choose to use virtual network peering to provide connectivity to existing VMs in your Azure environment that are connected to an existing virtual network.
 
 In this tutorial, you only need to configure one these virtual network connectivity options.
@@ -97,7 +97,7 @@ When you create a VM that needs to use the managed domain, make sure you select
 
 ## Configure virtual network peering
 
-You may have an existing Azure virtual network for VMs, or wish to keep your managed domain virtual network separate. To use the managed domain, VMs in other virtual networks need a way to communicate with the Microsoft Entra DS domain controllers. This connectivity can be provided using Azure virtual network peering.
+You may have an existing Azure virtual network for VMs, or wish to keep your managed domain virtual network separate. To use the managed domain, VMs in other virtual networks need a way to communicate with the Domain Services domain controllers. This connectivity can be provided using Azure virtual network peering.
 
 With Azure virtual network peering, two virtual networks are connected together, without the need for a virtual private network (VPN) device. Network peering lets you quickly connect virtual networks and define traffic flows across your Azure environment.
 
@@ -119,26 +119,26 @@ To peer a virtual network to the managed domain virtual network, complete the fo
 
     Leave any other defaults for virtual network access or forwarded traffic unless you have specific requirements for your environment, then select **OK**.
 
-1. It takes a few moments to create the peering on both the Microsoft Entra DS virtual network and the virtual network you selected. When ready, the **Peering status** reports *Connected*, as shown in the following example:
+1. It takes a few moments to create the peering on both the Domain Services virtual network and the virtual network you selected. When ready, the **Peering status** reports *Connected*, as shown in the following example:
 
     ![Successfully connected peered networks in the Microsoft Entra admin center](./media/tutorial-configure-networking/connected-peering.png)
 
 Before VMs in the peered virtual network can use the managed domain, configure the DNS servers to allow for correct name resolution.
 
 ### Configure DNS servers in the peered virtual network
 
-For VMs and applications in the peered virtual network to successfully talk to the managed domain, the DNS settings must be updated. The IP addresses of the Microsoft Entra DS domain controllers must be configured as the DNS servers on the peered virtual network. There are two ways to configure the domain controllers as DNS servers for the peered virtual network:
+For VMs and applications in the peered virtual network to successfully talk to the managed domain, the DNS settings must be updated. The IP addresses of the Domain Services domain controllers must be configured as the DNS servers on the peered virtual network. There are two ways to configure the domain controllers as DNS servers for the peered virtual network:
 
-* Configure the Azure virtual network DNS servers to use the Microsoft Entra DS domain controllers.
+* Configure the Azure virtual network DNS servers to use the Domain Services domain controllers.
 * Configure the existing DNS server in use on the peered virtual network to use conditional DNS forwarding to direct queries to the managed domain. These steps vary depending on the existing DNS server in use.
 
-In this tutorial, let's configure the Azure virtual network DNS servers to direct all queries to the Microsoft Entra DS domain controllers.
+In this tutorial, let's configure the Azure virtual network DNS servers to direct all queries to the Domain Services domain controllers.
 
 1. In the Microsoft Entra admin center, select the resource group of the peered virtual network, such as *myResourceGroup*. From the list of resources, choose the peered virtual network, such as *myVnet*.
 1. In the left-hand menu of the virtual network window, select **DNS servers**.
-1. By default, a virtual network uses the built-in Azure-provided DNS servers. Choose to use **Custom** DNS servers. Enter the IP addresses for the Microsoft Entra DS domain controllers, which are usually *10.0.2.4* and *10.0.2.5*. Confirm these IP addresses on the **Overview** window of your managed domain in the portal.
+1. By default, a virtual network uses the built-in Azure-provided DNS servers. Choose to use **Custom** DNS servers. Enter the IP addresses for the Domain Services domain controllers, which are usually *10.0.2.4* and *10.0.2.5*. Confirm these IP addresses on the **Overview** window of your managed domain in the portal.
 
-    ![Configure the virtual network DNS servers to use the Microsoft Entra DS domain controllers](./media/tutorial-configure-networking/custom-dns.png)
+    ![Configure the virtual network DNS servers to use the Domain Services domain controllers](./media/tutorial-configure-networking/custom-dns.png)
 
 1. When ready, select **Save**. It takes a few moments to update the DNS servers for the virtual network.
 1. To apply the updated DNS settings to the VMs, restart VMs connected to the peered virtual network.
@@ -150,9 +150,9 @@ When you create a VM that needs to use the managed domain, make sure you select
 In this tutorial, you learned how to:
 
 > [!div class="checklist"]
-> * Understand the virtual network connectivity options for domain-joined resources to Microsoft Entra DS
-> * Create an IP address range and additional subnet in the Microsoft Entra DS virtual network
-> * Configure virtual network peering to a network that's separate from Microsoft Entra DS
+> * Understand the virtual network connectivity options for domain-joined resources to Domain Services
+> * Create an IP address range and additional subnet in the Domain Services virtual network
+> * Configure virtual network peering to a network that's separate from Domain Services
 
 To see this managed domain in action, create and join a virtual machine to the domain.
 
 
@@ -8,17 +8,17 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 04/03/2023
+ms.date: 09/21/2023
 ms.author: justinha
 
 #Customer intent: As an server administrator, I want to learn how to enable password hash synchronization with Microsoft Entra Connect to create a hybrid environment using an on-premises AD DS domain.
 ---
 
 # Tutorial: Enable password synchronization in Microsoft Entra Domain Services for hybrid environments
 
-For hybrid environments, a Microsoft Entra tenant can be configured to synchronize with an on-premises Active Directory Domain Services (AD DS) environment using Microsoft Entra Connect. By default, Microsoft Entra Connect doesn't synchronize legacy NT LAN Manager (NTLM) and Kerberos password hashes that are needed for Microsoft Entra Domain Services (Microsoft Entra DS).
+For hybrid environments, a Microsoft Entra tenant can be configured to synchronize with an on-premises Active Directory Domain Services (AD DS) environment using Microsoft Entra Connect. By default, Microsoft Entra Connect doesn't synchronize legacy NT LAN Manager (NTLM) and Kerberos password hashes that are needed for Microsoft Entra Domain Services.
 
-To use Microsoft Entra DS with accounts synchronized from an on-premises AD DS environment, you need to configure Microsoft Entra Connect to synchronize those password hashes required for NTLM and Kerberos authentication. After Microsoft Entra Connect is configured, an on-premises account creation or password change event also then synchronizes the legacy password hashes to Microsoft Entra ID.
+To use Domain Services with accounts synchronized from an on-premises AD DS environment, you need to configure Microsoft Entra Connect to synchronize those password hashes required for NTLM and Kerberos authentication. After Microsoft Entra Connect is configured, an on-premises account creation or password change event also then synchronizes the legacy password hashes to Microsoft Entra ID.
 
 You don't need to perform these steps if you use cloud-only accounts with no on-premises AD DS environment.
 
@@ -48,16 +48,16 @@ To complete this tutorial, you need the following resources:
 
 Microsoft Entra Connect is used to synchronize objects like user accounts and groups from an on-premises AD DS environment into a Microsoft Entra tenant. As part of the process, password hash synchronization enables accounts to use the same password in the on-premises AD DS environment and Microsoft Entra ID.
 
-To authenticate users on the managed domain, Microsoft Entra DS needs password hashes in a format that's suitable for NTLM and Kerberos authentication. Microsoft Entra ID doesn't store password hashes in the format that's required for NTLM or Kerberos authentication until you enable Microsoft Entra DS for your tenant. For security reasons, Microsoft Entra ID also doesn't store any password credentials in clear-text form. Therefore, Microsoft Entra ID can't automatically generate these NTLM or Kerberos password hashes based on users' existing credentials.
+To authenticate users on the managed domain, Domain Services needs password hashes in a format that's suitable for NTLM and Kerberos authentication. Microsoft Entra ID doesn't store password hashes in the format that's required for NTLM or Kerberos authentication until you enable Domain Services for your tenant. For security reasons, Microsoft Entra ID also doesn't store any password credentials in clear-text form. Therefore, Microsoft Entra ID can't automatically generate these NTLM or Kerberos password hashes based on users' existing credentials.
 
-Microsoft Entra Connect can be configured to synchronize the required NTLM or Kerberos password hashes for Microsoft Entra DS. Make sure that you have completed the steps to [enable Microsoft Entra Connect for password hash synchronization][enable-azure-ad-connect]. If you had an existing instance of Microsoft Entra Connect, [download and update to the latest version][azure-ad-connect-download] to make sure you can synchronize the legacy password hashes for NTLM and Kerberos. This functionality isn't available in early releases of Microsoft Entra Connect or with the legacy DirSync tool. Microsoft Entra Connect version *1.1.614.0* or later is required.
+Microsoft Entra Connect can be configured to synchronize the required NTLM or Kerberos password hashes for Domain Services. Make sure that you have completed the steps to [enable Microsoft Entra Connect for password hash synchronization][enable-azure-ad-connect]. If you had an existing instance of Microsoft Entra Connect, [download and update to the latest version][azure-ad-connect-download] to make sure you can synchronize the legacy password hashes for NTLM and Kerberos. This functionality isn't available in early releases of Microsoft Entra Connect or with the legacy DirSync tool. Microsoft Entra Connect version *1.1.614.0* or later is required.
 
 > [!IMPORTANT]
-> Microsoft Entra Connect should only be installed and configured for synchronization with on-premises AD DS environments. It's not supported to install Microsoft Entra Connect in a Microsoft Entra DS managed domain to synchronize objects back to Microsoft Entra ID.
+> Microsoft Entra Connect should only be installed and configured for synchronization with on-premises AD DS environments. It's not supported to install Microsoft Entra Connect in a Domain Services managed domain to synchronize objects back to Microsoft Entra ID.
 
 ## Enable synchronization of password hashes
 
-With Microsoft Entra Connect installed and configured to synchronize with Microsoft Entra ID, now configure the legacy password hash sync for NTLM and Kerberos. A PowerShell script is used to configure the required settings and then start a full password synchronization to Microsoft Entra ID. When that Microsoft Entra Connect password hash synchronization process is complete, users can sign in to applications through Microsoft Entra DS that use legacy NTLM or Kerberos password hashes.
+With Microsoft Entra Connect installed and configured to synchronize with Microsoft Entra ID, now configure the legacy password hash sync for NTLM and Kerberos. A PowerShell script is used to configure the required settings and then start a full password synchronization to Microsoft Entra ID. When that Microsoft Entra Connect password hash synchronization process is complete, users can sign in to applications through Domain Services that use legacy NTLM or Kerberos password hashes.
 
 1. On the computer with Microsoft Entra Connect installed, from the Start menu, open the **Microsoft Entra Connect > Synchronization Service**.
 1. Select the **Connectors** tab. The connection information used to establish the synchronization between the on-premises AD DS environment and Microsoft Entra ID are listed.