20211005 1013

WilliamDAssafMSFT · WilliamDAssafMSFT · commit c2548e5bab33 · 2021-10-05T10:14:02.000-07:00
diff --git a/docs/azdata/reference/reference-azdata-bdc-rotate.md b/docs/azdata/reference/reference-azdata-bdc-rotate.md
@@ -15,7 +15,9 @@ ms.technology: big-data-cluster
 
 Applies to [!INCLUDE [azure-data-cli-azdata](../../includes/azure-data-cli-azdata.md)]
 
-This command rotates the passwords of autogenerated AD accounts in a big data cluster. For more information, see [AD password rotation overview](../../big-data-cluster/active-directory-password-rotation.md). Autorotation of passwords for autogenerated AD objects was introduced with SQL Server Big Data Clusters CU13. 
+This command rotates the passwords of autogenerated AD accounts in a big data cluster. For more information, see [AD password rotation overview](../../big-data-cluster/active-directory-password-rotation.md). You can add this command to your automation scripts or pipelines as part of the security hardening process.
+
+This feature for rotation of passwords for autogenerated AD objects was introduced with SQL Server Big Data Clusters CU13. 
 
 > [!IMPORTANT]
 > The `azdata bdc rotate` command rotates passwords for autogenerated AD objects only. The `azdata bdc rotate` command does not rotate the password for the AD for big data cluster domain service account (DSA) created manually while performing a big data cluster AD-integrated deployment. For more information, see [big data cluster AD integrated deployment](../../big-data-cluster/active-directory-prerequisites.md).
diff --git a/docs/big-data-cluster/active-directory-prerequisites.md b/docs/big-data-cluster/active-directory-prerequisites.md
@@ -44,7 +44,7 @@ To be able to create all the required objects in Active Directory automatically,
 Big Data Clusters deployment automatically generates account and group names. Each of the accounts represents a service and will be managed by the big data cluster throughout the lifetime where the big data cluster is in use. Those accounts own the Service Principal Names (SPNs) are required by each service.  For a full list of AD autogenerated accounts, groups, and service that they managed, see [Autogenerated Active Directory objects](active-directory-objects.md).
 
 >[!IMPORTANT]
-> Depending on the password expiration policy set in the Domain Controller, passwords for these accounts can expire. There is no mechanism to automatically rotate credentials for all accounts in the big data cluster, so the cluster will become inoperable once the expiration period is met. You can use `azdata bdc rotate` to rotate the passwords of autogenerated AD accounts for the big data cluster. For more information, see [azdata-bdc-rotate](../azdata/reference/reference-azdata-bdc-rotate.md). You may want to add this to their automation scripts or pipelines as part of security hardening process. 
+> Depending on the password expiration policy set in the Domain Controller, passwords for these accounts can expire. There is no mechanism to automatically rotate credentials for all accounts in the big data cluster, so the cluster will become inoperable once the expiration period is met. You can use `azdata bdc rotate` to rotate the passwords of autogenerated AD accounts for the big data cluster. For more information, see [azdata-bdc-rotate](../azdata/reference/reference-azdata-bdc-rotate.md). You can add this command to your automation scripts or pipelines as part of the security hardening process.
 
 The steps below assume you already have an Active Directory domain controller. If you don't have a domain controller, the following [guide](https://social.technet.microsoft.com/wiki/contents/articles/37528.create-and-configure-active-directory-domain-controller-in-azure-windows-server.aspx) includes steps that can be helpful.
 
@@ -83,7 +83,8 @@ The examples in this article use `bdc` for the OU name.
 
 Whether you have created a new AD user or using an existing AD user, there are certain permissions the user needs to have. This account is the user account that the big data cluster controller will use when joining the cluster to AD.
 
-The DSA needs to be able to create users, groups, and computer accounts in the OU. In the following steps, we have named the big data cluster domain service account `bdcDSA`. You can choose any name for this account depending on your project requirements for big data cluster deployment, but we do not recommend altering the account name once the big data cluster is deployed.
+> [!IMPORTANT]
+> The DSA needs to be able to create users, groups, and computer accounts in the OU. In the following steps, we have named the big data cluster domain service account `bdcDSA`. You can choose any name for this account depending on your project requirements for big data cluster deployment, but we do not recommend altering the account name once the big data cluster is deployed.
 
 1. On the domain controller, open **Active Directory Users and Computers**
 
