From 2a5b0d5c0696e674daac125255dbb747f38ac5ba Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 20 May 2020 01:55:31 +0200 Subject: [PATCH 1/2] #6744 follow-up: convert Note text to Note blob Description: In PR #6744, a Note text line was added to the page, but without the common Note blob used in the default MS Docs code style. This PR updates the Note to follow the MS Docs code style by adding the MarkDown Note blob indent markers and the [!NOTE] tag or header. The text content itself remains unchanged. Changes proposed: - Convert the Note text line to a standard MS Docs Note blob - Remove redundant end-of-line whitespace (blanks) throughout the page Ticket closure or reference: Ref. PR #6744 --- .../hello-hybrid-cert-whfb-settings-dir-sync.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index b9c99d4bae..98e4ceb61e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -16,6 +16,7 @@ localizationpriority: medium ms.date: 10/23/2017 ms.reviewer: --- + # Configure Hybrid Windows Hello for Business: Directory Synchronization **Applies to** @@ -26,7 +27,7 @@ ms.reviewer: ## Directory Synchronization -In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory. +In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory. The key-trust model needs Windows Server 2016 domain controllers, which configures the key registration permissions automatically; however, the certificate-trust model does not and requires you to add the permissions manually. @@ -45,12 +46,12 @@ Sign-in a domain controller or management workstations with *Domain Admin* equiv 6. In the **Applies to** list box, select **Descendant User objects**. 7. Using the scroll bar, scroll to the bottom of the page and click **Clear all**. 8. In the **Properties** section, select **Read msDS-KeyCredentialLink** and **Write msDS-KeyCredentialLink**. -9. Click **OK** three times to complete the task. +9. Click **OK** three times to complete the task. ### Group Memberships for the Azure AD Connect Service Account -The KeyAdmins or KeyCredential Admins global group provides the Azure AD Connect service with the permissions needed to read and write the public key to Active Directory. +The KeyAdmins or KeyCredential Admins global group provides the Azure AD Connect service with the permissions needed to read and write the public key to Active Directory. Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials. @@ -61,14 +62,15 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva 5. In the **Enter the object names to select** text box, type the name of the Azure AD Connect service account. Click **OK**. 6. Click **OK** to return to **Active Directory Users and Computers**. -Note: if your AD forest has multiple domains. Please make sure you add the ADConnect sync service account (ie. MSOL_12121212) into "Enterprise Key Admins" group to gain permission across the domains in the forest. +> [!NOTE] +> if your AD forest has multiple domains. Please make sure you add the ADConnect sync service account (ie. MSOL_12121212) into "Enterprise Key Admins" group to gain permission across the domains in the forest. ### Section Review > [!div class="checklist"] > * Configure Permissions for Key Synchronization > * Configure group membership for Azure AD Connect -> +> > [!div class="step-by-step"] > [< Configure Active Directory](hello-hybrid-cert-whfb-settings-ad.md) > [Configure PKI >](hello-hybrid-cert-whfb-settings-pki.md) From 6c6a89b9f73f346c41305a528c155ff1f13afc6e Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 20 May 2020 19:18:35 +0200 Subject: [PATCH 2/2] Add grammar correction - by mapalko Co-authored-by: mapalko --- .../hello-hybrid-cert-whfb-settings-dir-sync.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index 98e4ceb61e..78b43b43e2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -63,7 +63,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva 6. Click **OK** to return to **Active Directory Users and Computers**. > [!NOTE] -> if your AD forest has multiple domains. Please make sure you add the ADConnect sync service account (ie. MSOL_12121212) into "Enterprise Key Admins" group to gain permission across the domains in the forest. +> If your AD forest has multiple domains, make sure you add the ADConnect sync service account (ie. MSOL_12121212) into "Enterprise Key Admins" group to gain permission across the domains in the forest. ### Section Review