Merge pull request #4941 from Azure/FromPrivateRepo

From private repo

articles/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet.md

@@ -257,7 +257,7 @@ Content-Length: 338
 {
 	// These properties are all required for creating consumer users.
 	 
-	"accountEnabled": false,                    // always set to false
+	"accountEnabled": true,
 	"alternativeSignInNamesInfo": [             // controls what identifier the user uses to sign into their account
 		{
 			"type": "emailAddress",             // can be 'emailAddress' or 'userName'

articles/active-directory-domain-services/active-directory-ds-faqs.md

@@ -30,7 +30,7 @@ Refer to our [Troubleshooting guide](active-directory-ds-troubleshooting.md) for
 No. You can only create a single domain serviced by Azure AD Domain Services for a single Azure AD directory.  
 
 #### Can I make Azure AD Domain Services available in multiple virtual networks within my subscription?
-The service itself does not directly support this scenario. Azure AD Domain Services are available in only one virtual network at a time. However, you may configure connectivity between multiple virtual networks in order to expose Azure AD Domain Services to other virtual networks. This article describes how you can [connect virtual networks in Azure](../vpn-gateway/virtual-networks-configure-vnet-to-vnetconnection.md).
+The service itself does not directly support this scenario. Azure AD Domain Services are available in only one virtual network at a time. However, you may configure connectivity between multiple virtual networks in order to expose Azure AD Domain Services to other virtual networks. This article describes how you can [connect virtual networks in Azure](../vpn-gateway/virtual-networks-configure-vnet-to-vnet-connection.md).
 
 #### Can I enable Azure AD Domain Services using PowerShell?
 PowerShell/automated deployment of Azure AD Domain Services is not available currently.

articles/active-directory-domain-services/active-directory-ds-getting-started-password-sync.md

@@ -5,15 +5,15 @@
 	documentationCenter=""
 	authors="mahesh-unnikrishnan"
 	manager="udayh"
-	editor="inhenk"/>
+	editor="curtand"/>
 
 <tags
 	ms.service="active-directory-ds"
 	ms.workload="identity"
 	ms.tgt_pltfrm="na"
 	ms.devlang="na"
 	ms.topic="article"
-	ms.date="10/16/2015"
+	ms.date="11/09/2015"
 	ms.author="maheshu"/>
 
 # Azure AD Domain Services *(Preview)* - Getting started
@@ -23,49 +23,41 @@ Once you have enabled Azure AD Domain Services for your Azure AD tenant, the nex
 
 The steps involved are different based on whether your organization is a cloud-only Azure AD tenant or is set to synchronize with your on-premises directory using Azure AD Connect.
 
-### Enable password synchronization for cloud-only tenants
-If your organization is a cloud-only Azure AD tenant, users that need to use Azure AD Domain Services will need to change their passwords. This step causes the credential hashes required by Azure AD Domain Services for Kerberos and NTLM authentication to be generated in Azure AD. You can either expire passwords for all users in the tenant that need to use Azure AD Domain Services or instruct these end-users to change their passwords.
+### Cloud-only tenants - Enable NTLM and Kerberos credential hash generation in Azure AD
+If your organization is a cloud-only Azure AD tenant, users that need to use Azure AD Domain Services will need to change their passwords. This step causes the credential hashes required by Azure AD Domain Services for Kerberos and NTLM authentication to be generated in Azure AD. You can either expire passwords for all users in the tenant that need to use Azure AD Domain Services or instruct these users to change their passwords.
 
-Here are instructions you need to provide end users in order to change their passwords:
+Here are instructions you need to provide users, in order to change their passwords:
 
 1. Navigate to the Azure AD Access Panel page for your organization. This is typically available at [http://myapps.microsoft.com](http://myapps.microsoft.com).
 2. Select the **profile** tab on this page.
 3. Click on the **Change password** tile on this page to initiate a password change.
 
     ![Create a virtual network for Azure AD Domain Services.](./media/active-directory-domain-services-getting-started/user-change-password.png)
 
-4. This brings up the **change password** page. The user can then enter their existing (old) password and proceed to change their password.
+4. This brings up the **change password** page. Users can enter their existing (old) password and proceed to change their password.
 
     ![Create a virtual network for Azure AD Domain Services.](./media/active-directory-domain-services-getting-started/user-change-password2.png)
 
-After users have changed their password, the new password will be synchronized to Azure AD Domain Services shortly. After the password synchronization is complete, users can then login to the domain using their newly changed password.
+After users have changed their password, the new password will be usable in Azure AD Domain Services shortly. After a few minutes, users can sign in to computers joined to the managed domain using their newly changed password.
 
 
-### Enable password synchronization for synced tenants
+### Synced tenants - Enable synchronization of NTLM and Kerberos credential hashes to Azure AD
 If the Azure AD tenant for your organization is set to synchronize with your on-premises directory using Azure AD Connect, you will need to configure Azure AD Connect to synchronize credential hashes required for NTLM and Kerberos authentication. These hashes are not synchronized to Azure AD by default and the following steps will enable you to enable synchronization of the hashes to your Azure AD tenant.
 
-#### Install Azure AD Connect
+#### Install or update Azure AD Connect
 
-You will need to install the GA release of Azure AD Connect on a domain joined computer. If you have an existing instance of Azure AD Connect setup, you will need to update it to use the Azure AD Connect GA build.
+You will need to install the latest recommended release of Azure AD Connect on a domain joined computer. If you have an existing instance of Azure AD Connect setup, you will need to update it to use the Azure AD Connect GA build. Ensure you use the current version of Azure AD Connect, in order to avoid known issues/bugs.
 
-  [Download Azure AD Connect – GA release](http://download.microsoft.com/download/B/0/0/B00291D0-5A83-4DE7-86F5-980BC00DE05A/AzureADConnect.msi)
+**[Download Azure AD Connect](http://www.microsoft.com/download/details.aspx?id=47594)**
 
-> [AZURE.WARNING] You MUST install the GA release of Azure AD Connect in order to enable legacy password credentials (required for NTLM and Kerberos authentication) to sync to your Azure AD tenant. This functionality is not available in prior releases of Azure AD Connect.
+Minimum recommended version: **1.0.9125** - published on November 3, 2015.
 
-Installation instructions for Azure AD Connect are available in the following article - [Getting started with Azure AD Connect](../active-directory/active-directory-aadconnect.md)
-
-
-#### Enable synchronization of legacy credentials to Azure AD
-
-Enable synchronization of legacy credentials required for NTLM authentication in Azure AD Domain Services. You can do this by creating the following registry key on the machine where Azure AD Connect was installed.
+  > [AZURE.WARNING] You MUST install the latest recommended release of Azure AD Connect in order to enable legacy password credentials (required for NTLM and Kerberos authentication) to synchronize to your Azure AD tenant. This functionality is not available in prior releases of Azure AD Connect or with the legacy DirSync tool.
 
-Create the following DWORD registry key and set it to 1.
+NOTE: You no longer need to create the 'EnableWindowsLegacyCredentialsSync' registry key with the latest version of Azure AD Connect (i.e. 1.0.9125 and above).
 
-```
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSOLCoExistence\PasswordSync\EnableWindowsLegacyCredentialsSync
+Installation instructions for Azure AD Connect are available in the following article - [Getting started with Azure AD Connect](../active-directory/active-directory-aadconnect.md)
 
-Set its value to 1.
-```
 
 #### Force full password synchronization to Azure AD
 
@@ -76,7 +68,7 @@ $adConnector = "<CASE SENSITIVE AD CONNECTOR NAME>"
 $azureadConnector = "<CASE SENSITIVE AZURE AD CONNECTOR NAME>"  
 Import-Module adsync  
 $c = Get-ADSyncConnector -Name $adConnector  
-$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String, ConnectorGlobal, $null, $null, $null  
+$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String, ConnectorGlobal, $null, $null, $null
 $p.Value = 1  
 $c.GlobalParameters.Remove($p.Name)  
 $c.GlobalParameters.Add($p)  
@@ -85,4 +77,4 @@ Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConn
 Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $azureadConnector -Enable $true  
 ```
 
-Depending on the size of your directory (number of users, groups etc.), synchronization of credentials to Azure AD and then to Azure AD Domain Services will take time.
+Depending on the size of your directory (number of users, groups etc.), synchronization of credentials to Azure AD will take time. The passwords will be usable on the Azure AD Domain Services managed domain shortly after the credential hashes have synchronized to Azure AD.

articles/active-directory-domain-services/active-directory-ds-getting-started-vnet.md

@@ -5,25 +5,26 @@
 	documentationCenter=""
 	authors="mahesh-unnikrishnan"
 	manager="udayh"
-	editor="inhenk"/>
+	editor="curtand"/>
 
 <tags
 	ms.service="active-directory-ds"
 	ms.workload="identity"
 	ms.tgt_pltfrm="na"
 	ms.devlang="na"
 	ms.topic="article"
-	ms.date="10/12/2015"
+	ms.date="11/09/2015"
 	ms.author="maheshu"/>
 
 # Azure AD Domain Services *(Preview)* - Getting started
 
 ## Guidelines to select an Azure virtual network
 When selecting a virtual network to use with Azure AD Domain Services, keep the following guidelines in mind:
 
-- Ensure you select a virtual network in a region that is supported by Azure AD Domain Services. The current list of supported Azure regions is available on the [regions page](active-directory-ds-regions.md).
+- Ensure you select a virtual network in a region that is supported by Azure AD Domain Services. The current list of supported Azure regions is available on the [regions page](https://azure.microsoft.com/regions/#services).
 - If you plan to use an existing virtual network, ensure that it is a regional virtual network. Virtual networks that use the legacy affinity groups mechanism cannot be used with Azure AD Domain Services. You will need to [migrate legacy virtual networks to regional virtual networks](../virtual-networks-migrate-to-regional-vnet.md).
 - Select the virtual network that currently hosts/will host virtual machines that need access to Azure AD Domain Services. You will not be able to move Domain Services to another virtual network later.
+- Azure AD Domain Services are not supported with virtual networks created using the Azure Resource Manager.
 
 
 ## Step 2: Create an Azure virtual network