update according to TR.

Deland-Han · Deland-Han · commit 1baf83bef5a0 · 2025-04-01T16:21:53.000+08:00
diff --git a/support/windows-server/active-directory/domain-join-error-0x6d9-there-are-no-more-endpoints-available-from-the-endpoint-mapper.md b/support/windows-server/active-directory/domain-join-error-0x6d9-there-are-no-more-endpoints-available-from-the-endpoint-mapper.md
@@ -53,7 +53,7 @@ NetpDoDomainJoin: status: 0x6d9
 
 ## Cause
   
-Error 0x6D9 is logged when network connectivity is blocked between the joining client and the Domain Controller (DC). The network connectivity services the domain join operation over port 135 or a port in the ephemeral range between 1025 to 5000 or 49152 to 65535. For more information, see [Service overview and network port requirements for Windows](../networking/service-overview-and-network-port-requirements.md).  
+Error 0x6D9 is logged when network connectivity is blocked between the joining client and the Domain Controller (DC). The network connectivity services the domain join operation initially over Transmission Control Protocol (TCP) port 135, and then an ephemeral port between 49152 to 65535. For more information, see [Service overview and network port requirements for Windows](../networking/service-overview-and-network-port-requirements.md).  
 
 The network connectivity issue can be caused by several factors, including advanced security solutions with host firewalls installed on the DC, port exhaustion, and other potential issues.
 
@@ -68,7 +68,7 @@ The network connectivity issue can be caused by several factors, including advan
    NetpGetComputerObjectDn: Unable to bind to DS on '\\DC1.CONTOSO.COM': 0x6d9
    ```
 
-2. Verify that the joining client has network connectivity to the DC over the required ports and protocols used by the applicable operating system (OS) versions. Domain join clients connect a DC over Transmission Control Protocol (TCP) port 135 by the dynamically assigned port in the range between 49152 and 65535.
+2. Verify that the joining client has network connectivity to the DC over the required ports and protocols used by the applicable operating system (OS) versions. Domain join clients initially connect to a DC over TCP port 135, and then a dynamically assigned port in the range between 49152 and 65535.
 3. Ensure that the OS, software and hardware routers, firewalls, and switches allow connectivity over the required ports and protocols.
 4. Ensure that there are enough available ports for the operation. You can use tools like netstat to check for port availability and usage.
 5. If advanced security solutions with host firewalls is installed on the DC, review its settings to ensure it isn't blocking the required ports.
diff --git a/support/windows-server/active-directory/failure-when-you-use-an-existing-computer-account-to-join-a-domain.md b/support/windows-server/active-directory/failure-when-you-use-an-existing-computer-account-to-join-a-domain.md
@@ -33,15 +33,15 @@ Review the following example of the Netsetup.log on a fully updated system.
 
 ```output
 NetpProvisionComputerAccount:
-	lpDomain: contoso.com
-	lpHostName: host1
-	lpMachineAccountOU: (NULL)
-	lpDcName: ContosoDC1.contoso.com
-	lpMachinePassword: (null)
-	lpAccount: contoso\nonadminuser2
-	lpPassword: (non-null)
-	dwJoinOptions: 0x403
-	dwOptions: 0x40000003
+    lpDomain: contoso.com
+    lpHostName: host1
+    lpMachineAccountOU: (NULL)
+    lpDcName: ContosoDC1.contoso.com
+    lpMachinePassword: (null)
+    lpAccount: contoso\nonadminuser2
+    lpPassword: (non-null)
+    dwJoinOptions: 0x403
+    dwOptions: 0x40000003
 NetpLdapBind: Verified minimum encryption strength on ContosoDC1.contoso.com: 0x0
 NetpLdapGetLsaPrimaryDomain: reading domain data
 NetpGetNCData: Reading NC data
@@ -50,9 +50,9 @@ NetpGetDomainData: Lookup crossref data for: CN=Partitions,CN=Configuration,DC=c
 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0
 NetpCheckForDomainSIDCollision: returning 0x0(0).
 NetpGetComputerObjectDn: Cracking DNS domain name contoso.com/ into Netbios on \\ContosoDC1.contoso.com
-NetpGetComputerObjectDn: Crack results: 	name = CONTOSO\
+NetpGetComputerObjectDn: Crack results:     name = CONTOSO\
 NetpGetComputerObjectDn: Cracking account name CONTOSO\HOST1$ on \\ContosoDC1.contoso.com
-NetpGetComputerObjectDn: Crack results: 	(Account already exists) DN = CN=HOST1,CN=Computers,DC=contoso,DC=com 
+NetpGetComputerObjectDn: Crack results:     (Account already exists) DN = CN=HOST1,CN=Computers,DC=contoso,DC=com 
 NetpGetADObjectOwnerAttributes: Looking up attributes for machine account: CN=HOST1,CN=Computers,DC=contoso,DC=com
 NetpGetNCData: Reading NC data
 NetpReadAccountReuseModeFromAD: Searching '<WKGUID=AB1D30F3768811D1ADED00C04FD8D5CD,DC=contoso,DC=com>' for '(&(ObjectClass=ServiceConnectionPoint)(KeyWords=NetJoin*))'.
@@ -91,7 +91,7 @@ NetpDoDomainJoin: status: 0xaac
 
 ## Cause
 
-Windows introduced extra protections with updates released on and after October 11, 2022. These protections intentionally prevent domain join operations from reusing an existing computer account in the target domain unless the following specific conditions are met:
+Windows introduced extra protections with updates released on and after October 11, 2022. These protections intentionally prevent domain join operations from reusing an existing computer account in the target domain unless any of the following conditions is met:
 
 - The user attempting the operation is the creator of the existing account.
 - The computer was created by a member of domain administrators, enterprise administrators, or built-in administrators groups.
