While installing the "AAD Connect" Version "1.1.819.0", in the page "Azure AD sign-in configuration" where my domain looks verified and the sign-in attribute selected at "userPrincipleName", however it couldn’t not let me move ahead in next page. However, it got succeeded installing with a legacy AAD connect version "1.1.649.0, which installed seamlessly. Reason unknown!!3 votes
Starting from 1.1.819.0 of AAD Connect, you see "Continue without any verified domains" check box even when there are some other verified domains.
The term "Continue without any verified domains" could be misleading.
It should be changed to something like "Continue with non-verified domains"3 votes
AzureAD connect attempts to validate the username entered for the admin account, but it rejects valid usernames which contain a special character in the position immediately proceeding the @.
For example, it is possible to create an azuread/o365 user account with the username of 'email@example.com'. This is a valid user account and email address, but when it is entered the AzureAD connect tool rejects it with an error indicating that the format is incorrect.
Please fix the input validation rules so that they don't reject usernames with special characters in the position prior to the @.3 votes
Investments into the synchronization part (SaaS and AADConnect) are continuing, moving forward we need to able to set precedence for attributes.
Example: Attribute is imported from SaaS HR App (e.g. Workday) to a FEDERATED user directly to AAD, this attribute is also synced via AADConnect, we need to be able to configure who "wins".
This option is also very important when sync from AAD to ADDS is advancing (https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/6455327-sync-azure-active-directory-down-to-on-premises-ad)3 votes
Azure AD Connect now allows you to migrate from LocalDB to a full SQL server using the /useexistingdatabase flag, however, we are unable to use this because the installer requires SQL sysadmin privileges to update the database. In fact, this installer also attempts to call deprecated system stored procedures, such as sp_grantlogin (ALTER LOGIN is prefered now). This installation script should be modular, have error handling, or support non-SA accounts for highly secure environments.3 votes
As part of the public folder sync functionality in Azure AD Connect, include syncing distribution group memberships for mail enabled public folders. Currently, when I sync my mail enabled public folders, the public folder objects are excluded from any distribution groups they are included in, which causes issues for SharePoint Online and Exchange Online.3 votes
Basically keeping up with all the changes in Azure AD Connect all the time.
Support Azure AD Connect Auto Upgrade for all feature and releases3 votes
Allow an AD sync to be performed from the Azure AD website.3 votes
Considering that MIM now supports SQL Always-On clusters, can we get that support added to AADConnect?3 votes
- The AADC Hybrid Azure AD Join should remind users to sync the OUs containing domain-joined computers.
- The Microsoft Hybrid Azure AD Join documentation should prominently note that computers need to be AADC synced
- The User Device Registration event log error messages when you fail to sync domain-joined computers should be clear about what has happened and the specific error should be in an article.
Please work towards allowing minimal hybrid configurations to enable writeback. With a single SCP in a forest there can only be one Azure AD tenant with the ability to perform write back operations. Allow for multiple domains in a single forest to perform scoped based write back.2 votes
We can run Delta, Initial and Scheduled Synchronizations using PowerShell as well as get diagnostics to some degree. It would be great to have those features as part of the AAD Connect GUI in the management console.2 votes
Better filtering options for password hash synchronization.
I would like to have better filtering options for which accounts password hashes will be synchronized.
If I use Azure MFA for a admin user that user must be synced to AAD. But I don't necessarily want the admin hashes to be synchronized to AAD, only regular users.2 votes
More auditing is desired. Read this post for a conversation re it:2 votes
When changing some properties of Office 365, I need to extend the on-premises AD schema. This may be necessary as well as "Skype for Business" as well as Exchange. Therefore, in many cases, both schemas are extended before configuring Azure AD Connect. Extension of the schema of both products is a very troublesome task, I feel absurd in that it is necessary to prepare a product DVD, in particular. For these reasons, we strongly hope that the wizard of Azure AD Connect will provide options for schema extension.2 votes
AADConnect document needs to be updated that how to change AADConnect Sync Service Account password. Current document is absurdly unclear
AADConnect document needs to be updated that how to change AADConnect Sync Service Account password. Current document is absurdly unclear about the builds after mid 2017.2 votes
Thanks for the feedback.
Please give document feedback at
The document owner will update corresponding content
In the Synchronization Service Manager, If i customize a AD DS connector, the account i use to log into and edit the connect becomes the account used by the connect to access AD DS not the MSOL_account, this causes permissions-issues during sychronization2 votes
I set up a new accout decause it is required not an existing one. How do I get an email message to complete activation?
I am excited about computers, but sorry, I have a shallow knowledge. I use what I understand or recommended. One thing I know is that if I press the DELETE button, DELETE I get.2 votes
When installing or re-installing Azure AD Connect after a previous installation it would be create, if the setup could replace/delete the old ADSync database on the SQL server. Currently we have to talk to the SQL Admin or open SQL Management Studio to delete the database before we can perform a new installation.2 votes
Azure idFix Check will not check every standard
A security group that contains one or more "." will result in an error with "mailnickname" property in Azure AD Connector when syncing to Azure AD / Exchange online.
The Error message is irritating and wrong as not the property "Mailnickname" is wrong but the security group has an invalid display name which contains one or more dots "." characters.
Implement a correct error message for this sync error.
There exist a support ticket for this issue.2 votes
- Don't see your idea?