Merge pull request #77697 from MicrosoftDocs/master

master --> live

Author: huypub

.openpublishing.redirection.json

@@ -1,147 +1,133 @@
 - name: Azure AD Domain Services Documentation
   href: index.yml
 - name: Overview
-  items:
-  - name: What is Azure AD Domain Services?
-    href: active-directory-ds-overview.md
-  - name: FAQs
-    href: active-directory-ds-faqs.md
-  - name: Is it right for you?
-    items:
+  expanded: true
+  items: 
+    - name: What is Azure AD Domain Services?
+      href: overview.md
     - name: Compare with Windows Server AD
-      href: active-directory-ds-comparison.md
+      href: comparison.md
     - name: Compare with Azure AD join
       href: active-directory-ds-compare-with-azure-ad-join.md
-  - name: What's new?
-    href: https://azure.microsoft.com/updates/?product=active-directory-ds
-  - name: Features
-    href: active-directory-ds-features.md
-  - name: Scenarios
-    href: active-directory-ds-scenarios.md
-  - name: How synchronization works
-    href: active-directory-ds-synchronization.md
-  - name: Compatible third-party software
-    href: active-directory-ds-compatible-software.md
-- name: Get started
-  items:
-  - name: "Task 1: configure basic settings"
-    href: active-directory-ds-getting-started.md
-  - name: "Task 2: configure network settings"
-    href: active-directory-ds-getting-started-network.md
-  - name: "Task 3: configure administrator group and enable Azure AD Domain Services"
-    href: active-directory-ds-getting-started-admingroup.md
-  - name: "Task 4: update DNS settings for virtual network"
-    href: active-directory-ds-getting-started-dns.md
-  - name: "Task 5: enable password hash synchronization"
-    href: active-directory-ds-getting-started-password-sync.md
+    - name: Features
+      href: active-directory-ds-features.md
+- name: Samples
+  items: 
+    - name: Create an Azure AD DS instance using Azure PowerShell
+      href: powershell-create-instance.md
+- name: Concepts
+  items: 
+    - name: How synchronization works
+      href: synchronization.md
 - name: How to
-  items:
-  - name: Check a managed domain's health
-    href: active-directory-ds-check-health.md
-  - name: Use Azure AD Domain Services in Azure CSP subscriptions
-    href: active-directory-ds-csp.md
-  - name: Enable Azure AD Domain Services using PowerShell
-    href: active-directory-ds-enable-using-powershell.md
-  - name: Configure scoped synchronization from Azure AD to a managed domain
-    href: active-directory-ds-scoped-synchronization.md
-  - name: Secure your managed domain
-    href: active-directory-ds-secure-your-domain.md
-  - name: Create an OU on a managed domain
-    href: active-directory-ds-admin-guide-create-ou.md
-  - name: Create a group managed service account on a managed domain
-    href: active-directory-ds-create-gmsa.md
-  - name: Administer group policy on a managed domain
-    href: active-directory-ds-admin-guide-administer-group-policy.md
-  - name: Configure password polices on a managed domain
-    href: active-directory-ds-password-policy.md
-  - name: Select a virtual network
-    href: active-directory-ds-networking.md
-  - name: Deploy applications
-    items:
-    - name: Configure support for profile synchronization for SharePoint Server
-      href: active-directory-ds-enable-sharepoint-profile-sync.md
-    - name: Configure Kerberos Constrained Delegation
-      href: active-directory-ds-enable-kcd.md
-    - name: Deploy Azure AD Application Proxy
-      href: active-directory-ds-deploy-azure-app-proxy.md
-  - name: Delete a managed domain
-    href: active-directory-ds-disable-aadds.md
-- name: Join a managed domain
-  items:
-  - name: Windows Server VM
-    href: active-directory-ds-admin-guide-join-windows-vm-portal.md
-  - name: Windows Server VM from template
-    href: active-directory-ds-join-windows-vm-template.md
-  - name: CentOS
-    href: active-directory-ds-join-centos-linux-vm.md
-  - name: CoreOS
-    href: active-directory-ds-join-coreos-linux-vm.md
-  - name: Red Hat Enterprise Linux
-    href: active-directory-ds-join-rhel-linux-vm.md
-  - name: Ubuntu Server
-    href: active-directory-ds-join-ubuntu-linux-vm.md
-- name: Administer a managed domain
-  items:
-  - name: Administer a managed domain
-    href: active-directory-ds-admin-guide-administer-domain.md
-  - name: Administer DNS on a managed domain
-    href: active-directory-ds-admin-guide-administer-dns.md
-  - name: Update email notifications
-    href: active-directory-ds-notifications.md
-- name: Configure secure LDAP for a managed domain
-  items:
-  - name: "Task 1: Obtain a certificate for secure LDAP"
-    href: active-directory-ds-admin-guide-configure-secure-ldap.md
-  - name: "Task 2: Export the secure LDAP certificate"
-    href: active-directory-ds-admin-guide-configure-secure-ldap-export-pfx.md
-  - name: "Task 3: Enable secure LDAP for the managed domain using Azure portal"
-    href: active-directory-ds-admin-guide-configure-secure-ldap-enable-ldaps.md
-  - name: "Task 4: Configure DNS to access the managed domain from the internet"
-    href: active-directory-ds-ldaps-configure-dns.md
-  - name: "Task 5: Bind to the managed domain and lock down secure LDAP access"
-    href: active-directory-ds-ldaps-bind-lockdown.md
-  - name: Troubleshoot secure LDAP
-    href: active-directory-ds-ldaps-troubleshoot.md
-- name: Troubleshoot
-  items:
-  - name: Troubleshooting guide
-    href: active-directory-ds-troubleshooting.md
-  - name: Troubleshoot alerts
-    href: active-directory-ds-troubleshoot-alerts.md
-    items:
-    - name: Fix a broken NSG configuration
-      href: active-directory-ds-troubleshoot-nsg.md
-    - name: Restore missing service principals
-      href: active-directory-ds-troubleshoot-service-principals.md
-    - name: Secure LDAP errors
-      href: active-directory-ds-troubleshoot-ldaps.md
-  - name: Resolve mismatched tenant errors
-    href: active-directory-ds-mismatched-tenant-error.md
-  - name: Suspended domains
-    href: active-directory-ds-suspension.md
-- name: Reference
-  items:
-  - name: Code samples
-    href: https://azure.microsoft.com/resources/samples/?service=active-directory
-- name: Related
-  items:
-  - name: Azure Active Directory
-    href: ../active-directory/fundamentals/active-directory-whatis.md
-  - name: Azure Active Directory B2C
-    href: ../active-directory-b2c/active-directory-b2c-overview.md
-  - name: Multi-Factor Authentication
-    href: ../active-directory/authentication/multi-factor-authentication.md
+  items: 
+    - name: Create an Azure AD DS instance
+      items: 
+        - name: "Task 1 configure basic settings"
+          href: create-instance.md
+        - name: "Task 2 configure network settings"
+          href: active-directory-ds-getting-started-network.md
+        - name: "Task 3 configure administrator group and enable Azure AD Domain Services"
+          href: active-directory-ds-getting-started-admingroup.md
+        - name: "Task 4 update DNS settings for virtual network"
+          href: active-directory-ds-getting-started-dns.md
+        - name: "Task 5 enable password hash synchronization"
+          href: active-directory-ds-getting-started-password-sync.md
+    - name: Plan for Azure AD DS
+      items: 
+        - name: Scenarios
+          href: scenarios.md
+        - name: Select a virtual network
+          href: network-considerations.md
+    - name: Manage Azure AD DS
+      items: 
+        - name: Check a managed domain's health
+          href: check-health.md
+        - name: Configure scoped synchronization from Azure AD to a managed domain
+          href: scoped-synchronization.md
+        - name: Secure your managed domain
+          href: secure-your-domain.md
+        - name: Create an OU on a managed domain
+          href: create-ou.md
+        - name: Create a group managed service account on a managed domain
+          href: create-gmsa.md
+        - name: Manage Group Policy for Azure AD Domain Services
+          href: manage-group-policy.md
+        - name: Configure password polices on a managed domain
+          href: password-policy.md
+        - name: Delete a managed domain
+          href: delete-aadds.md
+        - name: Create an Azure AD DS administrative virtual machine
+          href: manage-domain.md
+        - name: Manage DNS for Azure AD Domain Services
+          href: manage-dns.md
+        - name: Update email notifications
+          href: notifications.md
+        - name: Configure secure LDAP (LDAPS) in an Azure AD Domain Services domain
+          href: "configure-ldaps.md"
+          items:             
+            - name: "Task 2 Export the secure LDAP certificate"
+              href: active-directory-ds-admin-guide-configure-secure-ldap-export-pfx.md
+            - name: "Task 3 Enable secure LDAP for the managed domain using Azure portal"
+              href: active-directory-ds-admin-guide-configure-secure-ldap-enable-ldaps.md
+            - name: "Task 4 Configure DNS to access the managed domain from the internet"
+              href: active-directory-ds-ldaps-configure-dns.md
+            - name: "Task 5 Bind to the managed domain and lock down secure LDAP access"
+              href: active-directory-ds-ldaps-bind-lockdown.md
+    - name: Deploy applications to Azure AD DS
+      items: 
+        - name: Configure support for profile synchronization for SharePoint Server
+          href: deploy-sp-profile-sync.md
+        - name: Configure Kerberos Constrained Delegation
+          href: deploy-kcd.md
+        - name: Deploy Azure AD Application Proxy
+          href: deploy-azure-app-proxy.md
+    - name: Join virtual machines to Azure AD DS
+      items: 
+        - name: Windows Server VM
+          href: join-windows-vm.md
+        - name: Windows Server VM from template
+          href: join-windows-vm-template.md
+        - name: CentOS
+          href: join-centos-linux-vm.md
+        - name: CoreOS
+          href: join-coreos-linux-vm.md
+        - name: Red Hat Enterprise Linux
+          href: join-rhel-linux-vm.md
+        - name: Ubuntu Server
+          href: join-ubuntu-linux-vm.md
+    - name: Troubleshoot Azure AD DS
+      items: 
+        - name: Troubleshooting guide
+          href: troubleshoot.md
+        - name: Troubleshoot alerts
+          href: troubleshoot-alerts.md          
+          items: 
+            - name: Fix a broken NSG configuration
+              href: alert-nsg.md
+            - name: Restore missing service principals
+              href: alert-service-principal.md
+            - name: Secure LDAP errors
+              href: alert-ldaps.md
+        - name: Resolve mismatched tenant errors
+          href: mismatched-tenant-error.md
+        - name: Suspended domains
+          href: suspension.md
+        - name: Troubleshoot secure LDAP
+          href: tshoot-ldaps.md
 - name: Resources
-  items:
-  - name: Azure AD feedback forum
-    href: https://feedback.azure.com/forums/169401-azure-active-directory
-  - name: Azure Roadmap
-    href: https://azure.microsoft.com/roadmap/?category=security-identity
-  - name: Contact us
-    href: active-directory-ds-contact-us.md
-  - name: Pricing
-    href: https://azure.microsoft.com/pricing/details/active-directory-ds/
-  - name: Pricing calculator
-    href: https://azure.microsoft.com/pricing/calculator/
-  - name: Service updates
-    href: https://azure.microsoft.com/updates/?product=active-directory-ds
+  items: 
+    - name: FAQs
+      href: faqs.md
+    - name: Service updates
+      href: https://azure.microsoft.com/updates/?product=active-directory-ds
+    - name: Compatible third-party software
+      href: compatible-software.md
+    - name: Pricing
+      href: https://azure.microsoft.com/pricing/details/active-directory-ds/
+    - name: Azure AD feedback forum
+      href: https://feedback.azure.com/forums/169401-azure-active-directory
+    - name: Contact us
+      href: contact-us.md
+    - name: Use Azure AD Domain Services in Azure CSP subscriptions
+      href: csp.md

articles/active-directory-domain-services/TOC.yml

@@ -1,9 +1,9 @@
 ---
-title: Create a secure LDAP certificate for an Azure AD Domain Services manage domain | Microsoft Docs
+title: Create a .PFX file with the secure LDAP (LDAPS) certificate for an Azure AD Domain Services domain
 description: Create a secure LDAP certificate for an Azure AD Domain Services manage domain
 services: active-directory-ds
 documentationcenter: ''
-author: eringreenlee
+author: MikeStephens-MS
 manager: daveba
 editor: curtand
 
@@ -14,17 +14,17 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
-ms.date: 08/01/2017
-ms.author: ergreenl
-
+ms.date: 05/13/2019
+ms.author: mstephen
 ---
 # Create a .PFX file with the secure LDAP (LDAPS) certificate for a managed domain
 
 ## Before you begin
-Complete [Task 1: obtain a certificate for secure LDAP](active-directory-ds-admin-guide-configure-secure-ldap.md).
 
+Complete [Task 1: obtain a certificate for secure LDAP](configure-ldaps.md).
 
 ## Task 2: Export the secure LDAP certificate to a .PFX file
+
 Before you start this task, get the secure LDAP certificate from a public certification authority or create a self-signed certificate.
 
 To export the LDAPS certificate to a .PFX file:
@@ -92,6 +92,6 @@ To export the LDAPS certificate to a .PFX file:
 
     ![Export certificate done](./media/active-directory-domain-services-admin-guide/secure-ldap-exported-as-pfx.png)
 
-
 ## Next step
+
 [Task 3: enable secure LDAP for the managed domain](active-directory-ds-admin-guide-configure-secure-ldap-enable-ldaps.md)

articles/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap-export-pfx.md

@@ -3,7 +3,7 @@ title: 'Compare Azure AD Join and Azure Active Directory Domain Services | Micro
 description: Deciding between Azure AD Join and Azure AD Domain Services
 services: active-directory-ds
 documentationcenter: ''
-author: eringreenlee
+author: MikeStephens-MS
 manager: daveba
 editor: curtand
 
@@ -14,8 +14,8 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
-ms.date: 10/26/2017
-ms.author: ergreenl
+ms.date: 05/20/2019
+ms.author: mstephen
 ---
 
 # Choose between Azure Active Directory join and Azure Active Directory Domain Services
@@ -62,14 +62,14 @@ On a domain-joined machine, user authentication happens using NTLM or Kerberos a
 
 ## Next steps
 ### Learn more about Azure AD Domain Services
-* [Overview of Azure AD Domain Services](active-directory-ds-overview.md)
+* [Overview of Azure AD Domain Services](overview.md)
 * [Features](active-directory-ds-features.md)
-* [Deployment scenarios](active-directory-ds-scenarios.md)
-* [Find out if Azure AD Domain Services suits your use-cases](active-directory-ds-comparison.md)
-* [Understand how Azure AD Domain Services synchronizes with your Azure AD directory](active-directory-ds-synchronization.md)
+* [Deployment scenarios](scenarios.md)
+* [Find out if Azure AD Domain Services suits your use-cases](comparison.md)
+* [Understand how Azure AD Domain Services synchronizes with your Azure AD directory](synchronization.md)
 
 ### Learn more about Azure AD Join
 * [Introduction to device management in Azure Active Directory](../active-directory/device-management-introduction.md)
 
 ### Get started with Azure AD Domain Services
-* [Enable Azure AD Domain Services using the Azure portal](active-directory-ds-getting-started.md)
+* [Enable Azure AD Domain Services using the Azure portal](create-instance.md)

articles/active-directory-domain-services/active-directory-ds-compare-with-azure-ad-join.md

@@ -3,7 +3,7 @@ title: 'Azure Active Directory Domain Services: Features | Microsoft Docs'
 description: Features of Azure Active Directory Domain Services
 services: active-directory-ds
 documentationcenter: ''
-author: eringreenlee
+author: MikeStephens-MS
 manager: daveba
 editor: curtand
 
@@ -14,8 +14,8 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
-ms.date: 05/30/2018
-ms.author: ergreenl
+ms.date: 05/10/2019
+ms.author: mstephen
 
 ---
 # Azure AD Domain Services
@@ -28,10 +28,10 @@ The following features are available in Azure AD Domain Services managed domains
 * **Create domains with custom names:** You can create domains with custom names (for example, 'contoso100.com') using Azure AD Domain Services. You can use either verified or unverified domain names. Optionally, you can also create a domain with the built-in domain suffix (that is, '*.onmicrosoft.com') offered by your Azure AD directory.
 * **Integrated with Azure AD:** You do not need to configure or manage replication to Azure AD Domain Services. User accounts, group memberships, and user credentials (passwords) from your Azure AD directory are automatically available in Azure AD Domain Services. New users, groups, or changes to attributes from your Azure AD tenant or your on-premises directory are automatically synchronized to Azure AD Domain Services.
 * **NTLM and Kerberos authentication:** With support for NTLM and Kerberos authentication, you can deploy applications that rely on Windows-Integrated Authentication.
-* **Use your corporate credentials/passwords:** Passwords for users in your Azure AD tenant work with Azure AD Domain Services. Users can use their corporate credentials to domain-join machines, log in interactively or over remote desktop, and authenticate against the managed domain.
+* **Use your corporate credentials/passwords:** Passwords for users in your Azure AD tenant work with Azure AD Domain Services. Users can use their corporate credentials to domain-join machines, sign in interactively or over remote desktop, and authenticate against the managed domain.
 * **LDAP bind & LDAP read support:** You can use applications that rely on LDAP binds to authenticate users in domains serviced by Azure AD Domain Services. Additionally, applications that use LDAP read operations to query user/computer attributes from the directory can also work against Azure AD Domain Services.
 * **Secure LDAP (LDAPS):** You can enable access to the directory over secure LDAP (LDAPS). Secure LDAP access is available within the virtual network by default. However, you can also optionally enable secure LDAP access over the internet.
-* **Group Policy:** You can use a single built-in GPO each for the users and computers containers to enforce compliance with required security policies for user accounts and domain-joined computers. You can also create your own custom GPOs and assign them to custom organizational units to [manage group policy](active-directory-ds-admin-guide-administer-group-policy.md).
+* **Group Policy:** You can use a single built-in GPO each for the users and computers containers to enforce compliance with required security policies for user accounts and domain-joined computers. You can also create your own custom GPOs and assign them to custom organizational units to [manage group policy](manage-group-policy.md).
 * **Manage DNS:** Members of the 'AAD DC Administrators' group can manage DNS for your managed domain using familiar DNS administration tools such as the DNS Administration MMC snap-in.
 * **Create custom Organizational Units (OUs):** Members of the 'AAD DC Administrators' group can create custom OUs in the managed domain. These users are granted full administrative privileges over custom OUs, so they can add/remove service accounts, computers, groups etc. within these custom OUs.
 * **Available in many Azure global regions:** See the [Azure services by region](https://azure.microsoft.com/regions/#services/) page to know the Azure regions in which Azure AD Domain Services is available.