From 910c4184e1d66e93e3c621d38eeb5b330803bb11 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Notin?= <clement.notin@gmail.com>
Date: Tue, 21 Sep 2021 13:45:09 +0200
Subject: [PATCH 1/5] Make Domain Admins well-known SID consistent with others

It was missing the "-21-" part which all other similar well-known have.
For example, see just below: "Domain Computers" -> "S-1-5-21-<domain>-515
---
 .../access-control/active-directory-security-groups.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md
index 9b9c40977d..b14702f2e4 100644
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
@@ -1489,7 +1489,7 @@ This security group has not changed since Windows Server 2008.
 <tbody>
 <tr class="odd">
 <td><p>Well-Known SID/RID</p></td>
-<td><p>S-1-5-&lt;domain&gt;-512</p></td>
+<td><p>S-1-5-21-&lt;domain&gt;-512</p></td>
 </tr>
 <tr class="even">
 <td><p>Type</p></td>

From f6f5d1a98715fe82ef0abe8e52febb473ec05599 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Notin?= <clement.notin@gmail.com>
Date: Tue, 21 Sep 2021 15:08:30 +0200
Subject: [PATCH 2/5] Enterprise Read Only Domain Controllers (-498) are
 defined at forest root level

---
 .../access-control/active-directory-security-groups.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md
index 9b9c40977d..ab20f08979 100644
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
@@ -1885,7 +1885,7 @@ This security group has not changed since Windows Server 2008.
 <tbody>
 <tr class="odd">
 <td><p>Well-Known SID/RID</p></td>
-<td><p>S-1-5-21-&lt;domain&gt;-498</p></td>
+<td><p>S-1-5-21-&lt;root domain&gt;-498</p></td>
 </tr>
 <tr class="even">
 <td><p>Type</p></td>

From 960c78b2cc51b5c256d6b39355da9d4814d1c56f Mon Sep 17 00:00:00 2001
From: Peter Smith <pesmith@microsoft.com>
Date: Tue, 21 Sep 2021 10:36:31 -0700
Subject: [PATCH 3/5] Update vpnv2-csp.md

From customer feedback -- IT admins should not use lots of DNS suffixes. Not only is there a limit to how many you can have, but each one makes name resolution slower.
---
 windows/client-management/mdm/vpnv2-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 1fed240483..291a8e0d58 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -591,7 +591,7 @@ Valid values:
 - True = Register the connection's addresses in DNS.
 
 <a href="" id="vpnv2-profilename-dnssuffix"></a>**VPNv2/**<em>ProfileName</em>**/DnsSuffix**  
-Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
+Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList. Windows has a limit of 50 DNS suffixes that can be set. Windows name resolution will apply each suffix in order. Long DNS suffix lists may impact performance.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 

From 2583871160dbacf2c3709a0978d9145b0dfb5531 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 21 Sep 2021 10:43:36 -0700
Subject: [PATCH 4/5] Update vpnv2-csp.md

---
 windows/client-management/mdm/vpnv2-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 291a8e0d58..87588a2a0e 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -9,7 +9,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 10/30/2020
+ms.date: 09/21/2021
 ---
 
 # VPNv2 CSP

From a3670fcf38b685ee62775e042cc75d4fed288735 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 21 Sep 2021 10:46:08 -0700
Subject: [PATCH 5/5] Update active-directory-security-groups.md

---
 .../access-control/active-directory-security-groups.md     | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md
index ab20f08979..35606ee96a 100644
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
@@ -1,5 +1,5 @@
 ---
-title: Active Directory Security Groups (Windows 10)
+title: Active Directory Security Groups
 description: Active Directory Security Groups
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -12,14 +12,15 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 04/19/2017
+ms.date: 09/21/2021
 ms.reviewer: 
 ---
 
 # Active Directory Security Groups
 
 **Applies to**
--   Windows Server 2016
+-   Windows Server 2016 or later
+-   Windows 10 or later
 
 This reference topic for the IT professional describes the default Active Directory security groups.