Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Manage AADDS DNS powershell

    Currently, I am unable to find any documented methods for managing DNS in AADDS using PowerShell. If it is possible, can we get an article published that states specifically how to use PowerShell to manage DNS in AADDS? If it doesn't exist, can we get the functionality created? Using MMC is dated and limits our abilities to be automate.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support NPS/RADIUS for Azure AD Domain Services

    Add support for Microsoft NPS/RADIUS in Azure AD Domain Services

    259 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    47 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →

    CONFIRMED that NPS and Azure AD Domain Service can work with the Azure MFA NPS extension to enable MFA for RDP to virtual machines. That said, Azure Bastion Host (https://docs.microsoft.com/en-us/azure/bastion/bastion-overview) provides the same value without the additional infrastructure of NPS. We have a doc bug created to add the nuance to our documentation, which is to 1) Skip registering the NPS server and 2) ensure your network policy has “Ignore user account dial-in properties” selected.
    Leaving the topic open as we continue to investigate/validate other NPS use cases (e.g. VPN and 802.x scenarios)

    Mike Stephens
    Senior Program Manager
    Azure Identity
    IAM Core | Domain Services

  3. Use Seamless SSO in AADDS environments.

    At the moment, having seamless SSO in Azure Active Directory Domain Services doesn't work. Logically, this feature should be automatic...

    At the moment, you can join a machine to AADDS domain, and log in to it with Azure AD credentials. But users still need to sign in manually to Office.com, office apps, etc.

    This is extremely important in a AADDS Windows Virtual Desktop scenario (where Microsoft Office is hosted as RemoteApps). To access Office, users will need to log in to WVD, then AGAIN into the remoteapp host itself, and AGAIN into the Microsoft Office apps - all with the…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  4 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure Active Domain Services Synchronisation Report

    Currently, it is not possible to get accurate information from AADDS about what and when attributes are synchronised from Azure AD to Azure ADDS. It would be most helpful if customers could query on a per user or per directory basis to find out what attributes were synced and at what time (including password changes)

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  3 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  5. AADDS domain to build trust with an on-prem domain

    have the ability to to have domain trusts so we can have our current on-prem services Domain trust user accounts in our AAD-DS Domain.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  6. AADDS allow multiple managed domain scoped views

    It would be nice to have for the following reason.
    One single Azure AD. Each branch could have it's own domain via a AADDS Managed Domain with Scoped view.

    This would be for the same tenant, same subscription. or same tenant different subscription.

    This way each branch office could manage there own users in their own scoped domain, but the AAD would maintain the identity

    Think of it like views in MS SQL..

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  7. add GC port 3269 to AD-DS created LB

    Hi,

    right now we can't access port 3269 (Global Catalog) of our AD-DS service.
    After open it in NSG and modify the LB it only stay open for hours. The LB get's overwritten every now and then.

    Request: Add LB rule for 3269 to the auto-create script of AD-DS. Customer still can control access this via NSG.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  4 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add more attributes to AADDS

    Expand the attributes that are syncd with AADDS and available via LDAPS. The one I'm specifically interested in at the moment is the Manager attribute, but others are important too.

    35 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →

    Hi all,

    We’ve started work on adding the Manager, ProxyAddress, and employeeID attributes to AAD-DS. Thank you for your patience!

    Erin Greenlee
    Program Manager
    IAM Core | Domain Services

  9. Allow B2B users to logon to VMs using Azure AD domain services

    Currently B2B users cannot login to a Azure AD Domain Services joined virtual machine. In this scenario we do not have AAD Connect, only Azure AD directory with domain services running. We can join the VMs to the AAD DS domain and sign on with member accounts but cannot sign in with B2B guest accounts.

    48 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    triaged  ·  6 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  10. Acquire access token in AADDS

    We have several legacy desktop apps we remote host through an AADDS joined VM. These apps need to login to an Azure SQL server. Currently we are using Active Directory - Password authentication and the user has to key their password in each time.

    Since the user is logged into the VM using their Azure AD account, it would be nice if there was a way to retrieve their access token and then we could login to SQL using that instead.

    I've looked and I don't see anyway to do this at this time.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    triaged  ·  2 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  11. Exposing an API for ADDS Health status (RSS Feed...)

    We need to centralize health status of all Azure Services in our main monitoring dashboard. Could you expose the ADDS Health Status information of our ADDS Instances via an API or a RSS Feed ? The idea is to capture it with a logic app and add it to a custom log in Log Analytics. An official Log Analytics solution would be even better.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    need-feedback  ·  1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  12. I changed the attribute to "not set" in Azure AD but the attribute doesn't sync to Azure ADDS.

    When I update the attributes, I can see the updated values on the Azure ADDS.
    However, if he delete the value of an attribute (= update with not set), the value is not changed.

    Please correct this behavior.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow the creation of more than one Managed Domain on different subscription.

    The idea of replacing our IaaS DC servers with managed domains is great, but how can we not create a second domain, if we have different subscriptions, i.e. different VNet and there is no communication between them??

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    triaged  ·  0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  14. Global Administrators Group

    For non-hybrid environments that use Domain Services it would help to have a default global administrators group that new user accounts can be added to for new administrators which allows these users to make changes within Active Directory and to Group Policies without having to edit permissions or delegate control over OU's.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support tags for Azure AD Domain Services

    Considering adding support for Azure Tags in Azure AD Domain Services. Azure Ad Domain Services is nearly to only service that does not support tags in Azure.

    @Erin

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  16. AADDS Improve Azure AD synchronization monitoring and management

    We would like to have more control and monitoring over the synchronization between Azure AD and AD DS. For example, the Health blade only shows when the last sync with Azure AD happened. Can you display when the next one is supposed to occur? Were there any errors during that sync or what was synced?

    Regarding management, could you provide admins with a way to trigger a full sync or delta sync? Could you let admins configure the time sync intervals between acceptable values? Or maybe even configure the sync rules for some attributes?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    triaged  ·  1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  17. Latency in sync between Azure ad and Managed domain

    There is a delay in sync between Azure ad and domain services.
    It will be great if we can reduce this sync delay.
    Some times sync will not be up to date so need access to restart the sync between Azure ad and Managed domain.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  3 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  18. Span AADDS domain across multi regions

    Span the same AADDS domain to multi regions - currently only possible with vnet pairing and VPN gateways. Would also add redundancy to the domain if say a region were to go down or the AADDS service were to stop within a region.

    63 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  19. domain services

    Upgrade the Azure AD Domain Services Domain Controllers to be Windows Server 2016 instead of Windows Server 2012 R2.

    We've switched to having our domain be AAD Domain Services and connected to our Office 365 domain and we'd like to enable Windows Hello for Business, but until those domain controllers are upgraded we can't utilize it. This makes the nice fingerprint scanners on our new machines useless.

    26 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  20. proxyaddresses

    Make the ProxyAddresses attribute available through LDAPS when using Managed Domain

    Many Anti-Spam applications (ex: Zero Spam) need to connect via LDAPS to list users, and get their email address(es) but only the mail attribute is available...

    Since LDAPS managed domain is using our Azure AD , and AzureAD already has this attributes ( synched from our onPremise AD) I don't understand why it is not available through LDAPS

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →

    Hi all,

    We’ve started work on adding the Manager, ProxyAddress, and employeeID attributes to AAD-DS. Thank you for your patience!

    Erin Greenlee
    Program Manager
    IAM Core | Domain Services

← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base