Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Issue in "AAD Connect" Version "1.1.819.0"

    While installing the "AAD Connect" Version "1.1.819.0", in the page "Azure AD sign-in configuration" where my domain looks verified and the sign-in attribute selected at "userPrincipleName", however it couldn’t not let me move ahead in next page. However, it got succeeded installing with a legacy AAD connect version "1.1.649.0, which installed seamlessly. Reason unknown!!

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  2. Change "Continue without any verified domains" in Azure AD Connect installation wizard

    Starting from 1.1.819.0 of AAD Connect, you see "Continue without any verified domains" check box even when there are some other verified domains.

    The term "Continue without any verified domains" could be misleading.

    It should be changed to something like "Continue with non-verified domains"

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  3. AzureAD connect rejects valid o365 admin account with special character before @

    AzureAD connect attempts to validate the username entered for the admin account, but it rejects valid usernames which contain a special character in the position immediately proceeding the @.

    For example, it is possible to create an azuread/o365 user account with the username of 'abc!@contoso.com'. This is a valid user account and email address, but when it is entered the AzureAD connect tool rejects it with an error indicating that the format is incorrect.

    Please fix the input validation rules so that they don't reject usernames with special characters in the position prior to the @.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  4. Attribute flow precedence for Azure AD

    Investments into the synchronization part (SaaS and AADConnect) are continuing, moving forward we need to able to set precedence for attributes.

    Example: Attribute is imported from SaaS HR App (e.g. Workday) to a FEDERATED user directly to AAD, this attribute is also synced via AADConnect, we need to be able to configure who "wins".

    This option is also very important when sync from AAD to ADDS is advancing (https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/6455327-sync-azure-active-directory-down-to-on-premises-ad)

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure AAD Connect /useexistingdatabase installation script updates

    Azure AD Connect now allows you to migrate from LocalDB to a full SQL server using the /useexistingdatabase flag, however, we are unable to use this because the installer requires SQL sysadmin privileges to update the database. In fact, this installer also attempts to call deprecated system stored procedures, such as sp_grantlogin (ALTER LOGIN is prefered now). This installation script should be modular, have error handling, or support non-SA accounts for highly secure environments.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  6. public folder

    As part of the public folder sync functionality in Azure AD Connect, include syncing distribution group memberships for mail enabled public folders. Currently, when I sync my mail enabled public folders, the public folder objects are excluded from any distribution groups they are included in, which causes issues for SharePoint Online and Exchange Online.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support Azure AD Connect Auto Upgrade for all feature and releases

    Basically keeping up with all the changes in Azure AD Connect all the time.

    Support Azure AD Connect Auto Upgrade for all feature and releases

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  8. synchronisation triggered from website

    Allow an AD sync to be performed from the Azure AD website.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  9. SQL Always On Support for Azure AD Connect Sync Service HA

    Considering that MIM now supports SQL Always-On clusters, can we get that support added to AADConnect?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  10. Have the AADC Hybrid Azure AD Join remind admins to sync OUs containing computers


    1. The AADC Hybrid Azure AD Join should remind users to sync the OUs containing domain-joined computers.

    2. The Microsoft Hybrid Azure AD Join documentation should prominently note that computers need to be AADC synced

    3. The User Device Registration event log error messages when you fail to sync domain-joined computers should be clear about what has happened and the specific error should be in an article.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow Enabling Device, Group and User Writeback for Minimal Hybrid Domain

    Please work towards allowing minimal hybrid configurations to enable writeback. With a single SCP in a forest there can only be one Azure AD tenant with the ability to perform write back operations. Allow for multiple domains in a single forest to perform scoped based write back.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  12. More documentation. More GUI Features to check and activate Synchronizations.

    We can run Delta, Initial and Scheduled Synchronizations using PowerShell as well as get diagnostics to some degree. It would be great to have those features as part of the AAD Connect GUI in the management console.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  13. Better filtering options for password hash synchronization

    Better filtering options for password hash synchronization.

    I would like to have better filtering options for which accounts password hashes will be synchronized.
    If I use Azure MFA for a admin user that user must be synced to AAD. But I don't necessarily want the admin hashes to be synchronized to AAD, only regular users.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  14. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  15. Include expand AD Schema (Exchange/Skype) option to AADConnect

    When changing some properties of Office 365, I need to extend the on-premises AD schema. This may be necessary as well as "Skype for Business" as well as Exchange. Therefore, in many cases, both schemas are extended before configuring Azure AD Connect. Extension of the schema of both products is a very troublesome task, I feel absurd in that it is necessary to prepare a product DVD, in particular. For these reasons, we strongly hope that the wizard of Azure AD Connect will provide options for schema extension.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  16. AADConnect document needs to be updated that how to change AADConnect Sync Service Account password. Current document is absurdly unclear

    AADConnect document needs to be updated that how to change AADConnect Sync Service Account password. Current document is absurdly unclear about the builds after mid 2017.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  17. In Azure AD Connect Sync AD DS connector permissions

    In the Synchronization Service Manager, If i customize a AD DS connector, the account i use to log into and edit the connect becomes the account used by the connect to access AD DS not the MSOL_account, this causes permissions-issues during sychronization

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  18. I set up a new accout decause it is required not an existing one. How do I get an email message to complete activation?

    I am excited about computers, but sorry, I have a shallow knowledge. I use what I understand or recommended. One thing I know is that if I press the DELETE button, DELETE I get.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    need-feedback  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure AD Connect GUI Setup: Allow DB override during install

    When installing or re-installing Azure AD Connect after a previous installation it would be create, if the setup could replace/delete the old ADSync database on the SQL server. Currently we have to talk to the SQL Admin or open SQL Management Studio to delete the database before we can perform a new installation.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure AD Connector - wrong error message "Mailnickname"

    Azure idFix Check will not check every standard

    Problem:
    A security group that contains one or more "." will result in an error with "mailnickname" property in Azure AD Connector when syncing to Azure AD / Exchange online.

    The Error message is irritating and wrong as not the property "Mailnickname" is wrong but the security group has an invalid display name which contains one or more dots "." characters.

    Suggestion:
    Implement a correct error message for this sync error.

    There exist a support ticket for this issue.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base