From e8cdcf3d7512539238d80e12f062b7ae67892128 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Thu, 19 May 2022 11:08:02 -0700 Subject: [PATCH 1/2] Update hello-hybrid-key-whfb-settings-dir-sync.md Enterprise Key admins --- .../hello-hybrid-key-whfb-settings-dir-sync.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index 3843fecaa8..30592d92d8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -44,6 +44,8 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva 5. In the **Enter the object names to select** text box, type the name of the service account used as an AD DS Connector account and click **OK**. 6. Click **OK** to return to **Active Directory Users and Computers**. +Note: If your AD has multiple domains in your forest. Your ADConnect accounts needs to be part of "Enterprise Key Admins" group to write the keys across other domain users. + ### Section Review > [!div class="checklist"] @@ -63,4 +65,4 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md) 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md) 6. Configure Windows Hello for Business settings: Directory Synchronization (*You are here*) -7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md) \ No newline at end of file +7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md) From 76e8709cc86bcb8b904cec2c62d01eaf9ed52b6d Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 19 May 2022 17:23:03 -0700 Subject: [PATCH 2/2] edit contribution --- .../hello-hybrid-key-whfb-settings-dir-sync.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index 30592d92d8..b964f460e9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -44,7 +44,8 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva 5. In the **Enter the object names to select** text box, type the name of the service account used as an AD DS Connector account and click **OK**. 6. Click **OK** to return to **Active Directory Users and Computers**. -Note: If your AD has multiple domains in your forest. Your ADConnect accounts needs to be part of "Enterprise Key Admins" group to write the keys across other domain users. +> [!NOTE] +> If your Active Directory forest has multiple domains, your ADConnect accounts need to be members of the **Enterprise Key Admins** group. This membership is needed to write the keys to other domain users. ### Section Review