Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable SSO in AADDS

    Seams kinda crazy that it doesn't support SSO out of the box, also that it hasn't been logged against Domain Services as of yet but would be great to see this added (from what I can see).
    Essentially you can setup AADDS, join a machine to said domain and login with a Azure AD account and that's great. But you then need to login to office.com, Office Apps (Word, Outlook), OneDrive,... etc etc all independently.
    However with a machine that's joined to an On Prem AD with some intranet settings added to the client & Azure AD Connect you don't…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  3 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  2. Rename Domain - (ADDS) Active Directory Domain Services

    Allow renaming the Domain set in ADDS

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  3. Fully support AzureAD Join with AzureADDS regarding Kerberos

    In a classic hybrid Scenario (ADDS DCs synched with AzureAD), AzureAD joined devices get a Kerberos Ticket form a DCs if a DC is reachable through the network.
    When doing the same thing using AzureAD and AzureAD Domain Services, AzureAD joined Devices never get a Kerberos Ticket from AzureAD Domain Services since this is currently not supported. (Case 116070414368551)
    Regarding AzureAD Join, it would be very useful if AzureAD Domain Services would behave similar like classical ADDS DCs and deliver Kerberos Tickets to AzureAD Joined devices.

    24 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add permission to create DFS namespace in Azure AD Services

    I'm using Azure Active Directory Domain services and would like to have ability to create DFS namespace in AD.

    18 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  5 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  5. AADDS: Allow pausing of Domain Services

    On a demo or MSDN subscription I would like to pause Domain Services like I can pause an AD VM. That will save me costs on a demo or development focused Azure subscription. Otherwise, AAD Domain Services uses a significant portion of the $100/month MSDN credit.

    23 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  6. 18 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  7. replace on-premises based AD with AADDS

    I read through with great interest the AADDS public preview use cases and documentation. It looks nice but for a very limited set of use cases. I do like the pricing.

    I would like to replace existing non-AD LDAP servers with AADDS and have both on-prem and cloud based apps do authentication from one common source. Turns out this isn't possible at all.

    I would like to have encryption for all requests to the AADDS, always.

    Additionally I would like to add attributes to the schema, if at all possible.

    I would like to AADDS join all windows devices to…

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  8. AADDS: Remove username collision limitation

    If you have joe@mydomainusa.com and a different user that's joe@mydomaincanada.com all in the same AAD, when you enable Domain Services, only one user will function since only one user gets MYDOMAIN\joe as its username. Please remove this limitation

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  2 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow ADConnect to register in place or a built in Portal switch to sync users matching verified domains and rules back to azureAD.

    Subject: RE: 118090418928814 trying to properly sync a user from an azure domain service domain to azure ad itself. Azure Active Directory
    We understand what your saying.
    So to use the managed domain ldaps and custom OU’s ( users / groups stored here at this location in the managed domain ) how do we get these back up and around to the azure infrastructure since we know it’s a one way from the top. If we setup a managed domain joined machine and Adconnect sync the custom ou’s to the azure AD tenant will this break the tenant? Is there…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →

    Azure AD Domain Services has a one-way synchronization mechanism FROM Azure Active Directory. Users, and organizational units from Domain Services do not sync to Azure AD. This is because Domain Services is an extension of Azure Active Directory— to enable organizations to lift on-premises applications that use legacy protocols like LDAP and Kerberos to Azure. The custom group sync provided by Azure AD Domain Services is there to enable customers to reduce the scope of the users that is synced from Azure Active Directory to Azure AD Domain Services.
    The services does not work that way and their are no plans to change it at this time.

    Mike Stephens, Azure AD Domain Services PM

  10. DirectAccess as a Service

    With domain services now providing Kerberos authentication, etc etc, it would be great to be able to deploy DirectAccess in Azure as a service. This would allow for removal of all on prem/iaas components currently required to take advantage of AD based windows management (gpos, etc).

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base