Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Remove requirement for onprem Exchange when using DirSync

    as per : http://tinyurl.com/kqgjvqx

    Currently for a small business who want password sync, but make the move to 365. they have to keep Exchange running on premise simply to be able to edit user attributes related to Exchange. - an active directory DLL, standalone app or simply support in the 365 portal would solve this for so many customers.

    201 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

    • Unattended installation Azure AD Connect

      Provide The ability to perform unattended/silent installation of Azure AD Connect using either/ or both commandline or answer file for the installation parameters.

      This is highly needed for re-Deployment of test/Dev environments and especially for hosting/service providers with many customers

      42 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

      • Automate Seamless SSO Kerberos decryption key rollover AZUREADSSOACC

        Currently to automate the Kerberos SSO decryption key rollover for AZUREADSSOACC , we would need to store domain admin and tenant global admin credentials in a script or scheduled task.

        This is obviously not ideal. We currently having to perform the rollover task manually each month.

        Please look at how this process could be improved for automation.

        34 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

        • Enable User Writeback to On Premise AD from Azure AD

          We need to be able to sync down from Azure AD - specifically we have External Users that we need to have down on our on premise AD so that we can put them into Distribution Lists...

          34 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            Hi – this is not a feature we are planning in AADConnect. We’re currently designing a new feature based on a new technology that would allow us to write back users and group from AAD to various different targets – AD, other directories, applications – and hope to be able to tell you more about it in the coming months.

            Rob de Jong

          • Update UPN-Suffix Change from one federated UPN Suffix to another federated UPN Suffix

            According to Support Article 2669550 (https://support.microsoft.com/en-us/help/2669550), AzureAD Connect doesn't update a user’s userPrincipalName in AzureAD when we change the users UPN-Suffix from one federated Domain to another federated Domain. So we need to fix such changes manually or by a custom script.
            I understand that preventing such updates by AzureAD Connect is a good choice for many customers. But for customers with several dozens or hundreds of federated domains, I would like to have a choice whether to sync such changes using AzureAD Connect or leave it on the default behavior of not allowing upn-changes form one federated…

            32 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

            • Support for multi-valued attributes synchronized from on premises AD

              AD Connect supports synchronizing multi-valued attributes to AAD.
              However, AAD doesn't support multi-valued attributes synchronized from on premises AD.

              Would be great to have this supported so that for example Dynamic Groups can use multi-value attributes for group membership rules.

              24 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

              • Fix AD Connect auto-update mechanism so it doesn't cause VSS SQL failures

                Issue has been going on for at least a year. When AD Connect auto-updates, it messes something up with its 'SQL Server 2012 Express LocalDB' instance such that VSS backups of the server fail until addressed.

                'Fix' is to run a repair installation of the LocalDB instance, after which the VSS operations succeed without requiring a server reboot.

                https://forums.veeam.com/veeam-backup-replication-f2/bunch-of-servers-vss-writer-errror-0x800423f4-t37483.html

                17 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                • Make Azure AD Connect compatible to SBS 2011

                  The Azure AD Connect tool does not install on a SBS 2011. I think, that AADConnect should work on an SBS 2011 as well. All in all it's just a W2K8.

                  14 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                  • 14 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                    • Reinstate Joiner and other MIM Sync features

                      In various scenarios, but especially when in Staging Mode, it is a hindrance that the ways to address data issues invariably presented in the sync service that were once possible in DirSync/FIM/MIM are no longer possible in AADConnect. In particular I am referring to such functions as:
                      * changing a disconnector type (via the MIM Joiner tab), and
                      * disconnecting a connected object (via the MV object details dialog).

                      While I understand architecturally there was a move to remove the Joiner entirely, in a production support scenario I imagine that such features would be of just as much assistance to…

                      12 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                      • Allow password expiration policy to sync from on-prem AD to Azure AD

                        Why doesn't a users cloud password expire when the on-prem password expires? We use an Azure Application Proxy App to securely publish an extranet to many employees and vendors whom never log into our domain directly but have on-prem AD accounts. To ensure they change their passwords regularly, we have to change their on-prem password once it expires so they are forced to use SSPR and create a new password.

                        11 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                        • Please add support for MFA to the ADSync module

                          Please add support for MFA to the ADSync module.

                          Accounts enabled with MFA cannot run this basic administrative tasks like “Get-ADSyncExportDeletionThreshold”.

                          9 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                          • In Exchange Hybrid Mode, add Capability to writeback Mailbox Type Attributes to AD

                            When Mailbox is changed from Mailbox to Shared Mailbox or Resources, we have to manually modify two attributes in AD: msExchangeRecipientTypeDetails and msExchangeRemoteRecipientType.

                            We would like these attributed to be updated automatically.

                            This step is often overlooked and caused issues for end users.

                            9 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                            • Ability to export Azure Active Directory Connect configuration to a backup servers

                              Our configuration changes often and there is a concern the backup server (in Staging Mode) may not get updated - by an oversight. Then on the day we cut over a department may get impacted by not being in the search scope.

                              A simple way to export the Configuration(new connectors, search scope, custom attributes etc ) to the backup server may reduce the chance of this happening.

                              8 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                              • Skype For Business Modern Authentication

                                Please support modern authentication in Skype for Business 2016 in AD Connect Pass Through Authentication scenarios

                                7 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                • AAD connect as a service

                                  I would love to see Microsoft offering AAD Connect as a Service. Either with an agent on a DC or member server much like the pass-through auth server works. But having the sync and metaverse running in a service in the cloud.

                                  7 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                  • sync hideDLMembership

                                    Please allow us to sync hideDLMembership with Exchange online

                                    6 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                    • Sync "Account Expired" UserAccountControl to Azure AD (AccountEnabled)

                                      Consider adding support for disabling user accounts in Azure Active Directory when the account is expired in the local Active Directory. Currently you recommend that customers create a PowerShell script that disable user accounts in Active Directory to support this scenario.

                                      I would prefer that a rule be added to Azure Active Directory Connect that automatically changes AccountEnabled to false, if the users account expires in the local Active Directory.

                                      Aaron posted a great workaround solution:
                                      https://blogs.technet.microsoft.com/undocumentedfeatures/2017/09/15/use-aad-connect-to-disable-accounts-with-expired-on-premises-passwords/

                                      We would like something built-in Active AD Connect that solves this out of the box

                                      6 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                      • Allow multi-tenant automatic registration of windows domain-joined devices

                                        The guide available here:

                                        https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup

                                        Is not multi-tenant aware.

                                        This prevents the use of meaningful conditional access polices where multiple customers are sharing the same source Windows Server OnPrem AD in a hybrid 365 scenario.

                                        I would like a solution that allows the SCP information to be delivered by an alternate means, GPO for example.

                                        We could then sync multiple customers in AD to multiple 365 tenants and implement conditional access effectively.

                                        6 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                        • Termination Sync from AD

                                          Currently It looks like we have a full sync every 3 hrs & password sync every 3 minutes.. In the event of a terminated employee they would have 3 hrs access to One Drive.. Is there a way to Sync Terminated or Disabled accounts to remove access ?

                                          6 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                          ← Previous 1 3 4 5
                                          • Don't see your idea?

                                          Feedback and Knowledge Base