Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add hireDate to Azure AD Connector schema in Azure AD Connect

    Azure AD has a hireDate attribute with the following description:

    The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'

    This attribute can be set and retrieved via the graph API, but it is not listed in the available attributes for the Azure AD connector in Azure AD Connect.

    Please add this attribute to the schema so it can be synchronized from Active Directory.

    While AD does not have its own hire date…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  2. Azure AD Connect "PasswordNeverExpires" Attribute not synced correctly

    Last tests done with version 1.1.443.0 of AAD Connect

    The User Attribute "PasswordNeverExpires" is not synced correctly from OnPremise to AAD (when doing an inital sync of an user account). Furthermore later changes of this Attribute are not synced correctly to the AAD.

    I had different/random results when testing with this. Sometimes the initial value was transfered correctly to the Cloud accounts but the a change was not synced. Sometimes directly the initial value was wrong (when syncing a user the first time).

    Kind Regards
    Robin K.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sync Cycle Estimator (Predictor, Completion Projections)

    Provide additional visibility into how long a (estimated) a sync cycle will take to complete. This estimate can be based on historical trends based on the number of records that can be processed in a particular time window. Operationally, we currently have no mechanism to communicate ETA for newly provisioned accounts. Since the records to be processed are in the database, it should be possible to compute a completion estimation.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  4. Mobile Phone Sync Between on prem AD and Azure/Office 365

    There is known issue when on-prem AD mobile phone attribute not syncing changes or the phone number up to Azure/365 because of MFA implementation. Please differentiate between personal and business number, no one wants their personal cellphone to be listed in the address directory and not their work mobile.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support AADConnect Service account password change process that doesn't destroy the key

    Create a password change process for the AADConnect service account that doesn't destroy the password hashing key. It seems like the same process used for the KRBTGT account in AD could be used - maintain a key short history, allowing you to phase out an old key without abandoning it immediately and breaking every hash currently in the sync DB. Having such a privileged account in AD and no easy way to update its password is absurd.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  6. Preview function and UI for AAD synchronization engine

    Similar to MIM the AAD sync engine needs:
    - A preview function for synchronization to validate changes e.g. on attribute mappings or scopes
    - Per SaaS app a list of "connected users"
    - Per user a list of "connected systems"
    - Per user visibility which attributes are contributed from various systems (e.g. SaaS attr. sync like Workday, On-Prem via AADC, directly managed attributes in AAD)

    Try and error with a look at the audit logs is not enough.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  7. Force object based AD sync for automation

    From a sourcing perspective we often have to deal with hybrid cloud environments. For the User Workspace (webbased) we make use of both Active Directory systems (LocalAD and AzureAD) for access control to multiple applications.

    To optimize End User Experience it is neccessary to sync both Active Directory systems as fast as possible (realtime is preferred).

    Antoher possible workaround is object based (specific user or group) synchronization from command line to integrate with automation tools.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  8. Possible to have both Federation with AD FS and Seamless SSO in same Azure AD Connect configuration

    Make it possible to have both Federation with AD FS + Enable single sign-on selected in Azure AD Connect sign-in configuration.

    Scenario: Customer has a single on-premises AD forest (contoso.com) which consists of multiple child AD domains, one for each country and each country also has their own public e-mail domain:
    - us.contoso.com (US, contoso.com is UPN and e-mail domain)
    - fr.contoso.com (France, contoso.fr is UPN and e-mail domain)
    - de.contoso.com (Germany, contoso.de is UPN and e-mail domain)
    - ...and so on.

    US was first to roll out Azure AD/Office 365 and are required to use Federation with AD FS…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  9. Create custom sync rules based on local AD group membership

    I'd like to be able to create custom join rules based on users group membership in AD. I can do this currently based on other fields (employee type, OU, etc....) but in our environment and I'm assuming others doing being able to do this simply based on current group membership would be preferred.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  10. AAD Connect - View Current Configuration

    AAD Connect - View Current Configuration needs an option to export the configuration. This should be to text file and CSV format for viewing. Also to XML format for backup and later importing of the configuration if ever needed.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  11. [BUG] AADC stops syncing OU when it is renamed

    As the title says, Azure AD Connect ceases to synchronize an OU when it is renamed. After renaming the OU, Azure AD Connect recognizes the name change, but unchecks the OU from synchronizing further.

    This is on version 1.1.882.0. I looked at the release notes for more recent versions and don't see anything referencing a fix for this.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  12. AAD Connect - Staging server(s)

    AAD Connect - Powershell commands - Specifically one to flip from Live to Staging Server and vice and versa

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow synchronization from Global Azure Active Directory to China Azure Active Directory

    Is it possible to sync our on-prem active directory to China Azure? We currently do this for Global Azure. If this is not possible what are some alternatives?

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  14. 4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    unplanned  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enable notification and tracking on AD connect configurations. Send automatic notification as and when AD configuration updated

    Yum uses the Azure Active Directory globally and any changes on Azure Connect configuration make huge impact globally. There are too many administrator that can make changes on that because of global nature. And general change management process doesn't help to track what changes being done Azure Connect. would it be possible to configure automatically notification whenever any configuration changes happened on Azure AD connect and send it to support team ?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  16. Invoke-ADSyncRunProfile does not return the RunProfile Result

    The RunProfile Result is returned but the data is incorrect, as shown below. The GUIDs are empty, and the other properties have incorrect or missing data.

    Invoke-ADSyncRunProfile -ConnectorName litware.ca -RunProfileName 'full import' -Verbose
    <#
    RunHistoryId : 00000000-0000-0000-0000-000000000000
    ConnectorId : 00000000-0000-0000-0000-000000000000
    ConnectorName :
    RunProfileId : 00000000-0000-0000-0000-000000000000
    RunProfileName :
    RunNumber : 0
    Username :
    IsRunComplete : False
    Result : success
    CurrentStepNumber : 0
    TotalSteps : 0
    StartDate : 1/1/0001 12:00:00 AM
    EndDate : 1/1/0001 12:00:00 AM
    RunStepResults : {}

    >

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  17. Permit multiple domains to use scoped writeback features

    With multiple domains in a forest in a minimal hybrid configuration they are prevented from using services such as group writeback, user writeback and device writeback. Please work towards allowing multiple domains in a forest to have these writeback features on a per domain basis.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  18. AAD Connect - enhance "large object"

    In latest AAD Connect 1.3.21.0 we are not able to fully synchronize the whole 400 proxyAddresses of a MailboxUser from OnPrem to AzureAD.
    Exchange Online supports 400 proxyAddresses regarding this article:
    https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#receiving-and-sending-limits

    Unfortunately AAD Connect stops synching at 333 proxyAddresses. The limit may not be exactly the same in all environments, as I was told, this is due to a cache limit in AAD Connect.

    My support case number 119070222001318
    "Also, I have discussed this issue with my Technical Lead in copy @Obaro Olori (Tek Experts), I was informed that the synchronization error of large attribute on the synchronization service…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  19. OU slelction in Azure AD Connect

    Currently Azure AD Connect is not having an option to export the selected OU's and Sub OU's for reporting purpose. It would be helpful if we have an option to export the list of OU's selected in Sync scope.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  20. AD Sync with local AD - Sync Mix case of UPN when changed in local AD

    Local AD user principal name is all lower case - john.smith@domainx.com. This is synchronized with Azure AD, all lower case UserName.
    If the local AD user object's UPN is changed to mixed case, - John.Smith@domainx.com then the change doesn't happen in Azure AD. Only way to get the updated Case to sync is to make a change to the domain. After Azure AD is updated, change the domain back. This will then update the case of the UPN. Suggest updating the Azure Active Directory to include the changing in case of the UPN.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base