Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Microsoft Synchronization Service support on Azure SQL

    I'm aware of the constraints of setting up the the portal/service on Azure SQL due to the nature of the application but what about stand-alone sychronization service? Are there any plans to allow / support a MIM Sync install into a Azure SQL db (Managed/Instance)?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  2. Is MIM Notes Connector supported with Lotus Domino 10.x

    Is MIM Notes Connector supported with Lotus Domino 10.x?

    From the article, it mentions 8.x and 9.x only. My customer is now using 10.x and would like to know the supportability.

    Thanks.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  3. Fix Generic SQL Connector Bug, Export Type: Object Replace

    Currently the Export Type: Object Replace option doesn't seem to work. Running version 1.1.1346.0 of the Generic SQL Connector and we're using Stored Procs for export however attributes that has not been changed are sent out as NULL. This is a trace for a call to SQL Server where only one attribute has been changed (Value=Nisse) and Export Type: Object Replace option is enabled.

    exec MIMSyncUpdateUser N't01sync',N'ObjectID',N'b1eb6eb6-63f5-4c3e-96a2-7dab4c5913f3',N'Nisse',NULL,NULL,NULL,NULL

    This bug seems to have been reported earlier but never been fixed...
    https://social.microsoft.com/Forums/en-us/b242e53d-991d-492d-9695-5fcc3f9f74bb/generic-sql-connector-export-type-object-replace-option?forum=ilm2

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  4. Create a GUI to modify the RCDC

    Would like a Microsoft created GUI to modify the RCDC to make modifying RCDC more streamlined and supported in the ecosystem. A good feature for this would be to drag and drop attributes into the RCDC. Additionally autofill would be great like Visual Studio Code or PowerShell does.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  5. Hybrid Reporting Uses Different Formats for CreatedTime

    Hybrid Reporting saves MIM Service Request objects as JSON. The resulting JSON has different formats for the CreatedTime property.
    Sometimes it looks like:

    CreatedTime: 2020-05-14 17:44:57.270
    

    Other times it looks like:

    CreatedTime: 5/14/2020 5:45:10 PM
    

    The different formats make it difficult to parse and use.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  6. MIM IIF statement needs a CONTAINS operator

    I have a need to read a comma delimited string of flags from an Active Directory extensionAttribute. I need to know if the attribute contains a given string or not.

    IFF(Contains(<textstring>,<data>),trueValue,falseValue)

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  7. MIM IIF Condition Operators

    The IIF statement for MIM does not provide simple operators such as AND or OR conditional logic.
    This always results in very complicated embedded uIIF statements with IIF isPresent(attribute) and IIF Eq(attributeValue)

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  8. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  9. MIM graph connector missing key information

    MIM graph connector missing key information like Licenses,mailbox created time,Provisioned plans, Extended attributes, etc..

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  10. Provision OneDriveforBusiness and enable EXO Litigation hold

    Please update the graph connector or create an O365 connector that can do common Azure provisioning like provision a user's OneDrive for Business and enable the user's Exchange Online mailbox for litigation hold when the account is provisioned

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add rename support for SQL Databases and Jobs

    Renaming the "FIMSynchronizationService" database is currently not supported. Please add this support to allow multiple sync services to share a single SQL instance.

    SQL Agent Jobs are also hard coded. Please allow custom tagging for these jobs to be applied during installation.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  12. Update documentation on using Azure MFA for activating PAM roles

    Since Microsoft no longer offer MFA Server for new deployments, could you please update documentation with instructions on how we can utilize cloud-based Azure Multi-Factor Authentication for PAM role activation.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. Audit changes to MIM Certificate Management Profile Templates in the Windows event log

    Audit changes to MIM Certificate Management Profile Templates in the Windows event log

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  14. MIM Version 4.5.412.0 - roup objects fails to render when 'displayedOwner' attribute value is not populated

    MIM Version 4.5.412.0 - roup objects fails to render when 'displayedOwner' attribute value is not populated.

    Why would you post an update with this? How are users supposed to correct this when it prevents them from loading the page? When will a fix be posted for this?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  15. UocFilterBuilder can't be set to a null/empty value

    It seems impossible to have a UocFilterBuilder on a page that defaults to a null value (or can be changed back to a null value) - a default "all objects" filter is always present.

    This can be a problem, for example when creating a custom object with both Explicit Membership, and a Filter for criteria membership
    (see https://blogs.technet.microsoft.com/iamsupport/2017/03/27/microsoft-identity-manager-2016-sp1-portal-4-4-1459-0-or-later-support-for-customobject-explicitmember-membership-management/)

    It may be that only the manually managed membership is required, in which case the Filter should be null, and the value of ComputedMember should be equal to ExplicitMember.

    However, if the RCDC contains a UocFilterBuilder, it will always default to…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  16. Option to disable character escaping on parameter lockups in e-Mail Templates

    If you want to send html e-mails over MIM Service the content of variables are escaped.
    This prevents to send dynamic html content.
    As an example, this prevents as well the function ParametersTable() from the open source activity MIMWAL to display the parameters as html.

    Feature request suggestion:
    There should be an option to disable this functionality, as a suggestion on the e-Mail Template like "Disable character escaping for variables".

    In detail:
    If you have a variable like [//WorkflowData/Content] with the value "Hello Test User,<br>Welcome on board" this results in "Hello Test User,&lt;br&gt;Welcome on board"

    As an example Use case: …

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  17. Graph Connector Issue: select is not supported for these properties

    An issue are available on the Graph Management Agent Version 1.1.913.0.

    If you select all attributes you run into the delta limitations of Graph (not all attributes are available over the delta link).

    Method Name : GraphConnector : GetImportEntries
    --------- Outer Exception Data ---------
    Message: Error during http call. HttpStatusCode: BadRequest;
    url: https://graph.microsoft.com:443/v1.0/users/delta/?$select=consentProvidedForMinor,pastProjects,country,registeredDevices,mySite,onPremisesSecurityIdentifier,schools,userType,preferredName,memberOf,faxNumber,postalCode,state,aboutMe,ageGroup,transitiveMemberOf,legalAgeGroupClassification,createdObjects,onPremisesDistinguishedName,employeeId,birthday,deletedDateTime,otherMails,streetAddress,mailNickname,proxyAddresses,contacts,showInAddressList,officeLocation,displayName,businessPhones,ownedDevices,deviceEnrollmentLimit,preferredLanguage,ownedObjects,interests,responsibilities,hireDate,imAddresses,city,onPremisesSamAccountName,id,jobTitle,companyName,onPremisesDomainName,onPremisesLastSyncDateTime,surname,mobilePhone,onPremisesSyncEnabled,directReports,mail,userPrincipalName,department,givenName,onPremisesUserPrincipalName,accountEnabled,manager,isResourceAccount,skills,usageLocation,onPremisesImmutableId,passwordPolicies;
    Response: {
    "error": {

    &quot;code&quot;: &quot;BadRequest&quot;,
    
    &quot;message&quot;: &quot;Invalid Request: $select is not supported for these properties.&quot;,
    &quot;innerError&quot;: {
    &quot;request-id&quot;: &quot;removed&quot;,
    &quot;date&quot;: &quot;removed&quot;
    }

    }
    }
    Exception root Exception type: Microsoft.IdentityManagement.Connector.Graph.GraphAPIException
    Source: Microsoft.IdentityManagement.Connector.Graph
    Stack Trace: at Microsoft.IdentityManagement.Connector.Graph.GraphHttpClient.<GetAsync>d__4.MoveNext()
    --- End of stack trace from previous location where exception…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add ability to add child domain after MA already set up

    After you configure a manangement agent in MIM, you can't go back and select a child domain to be synced. It continues to run, but ignores the new partition and selected OUs.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  19. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
  20. Graph Connector Issue: Manager update wrong HTTP method

    An issue are available on the Graph Management Agent Version 1.1.913.0.

    If you want to update the manager of a user the connector sends a POST request against graph.

    The issue is that the function Assign manager is listening on HTTP PUT.

    StackTrace below:
    Method Name : ExportContext : Export Export failed
    --------- Outer Exception Data ---------
    Message: Error during http call. HttpStatusCode: MethodNotAllowed;
    url: https://graph.microsoft.com:443/Beta/users/{GUID removed}/manager//$ref/;
    Response: {
    "error": {

    &quot;code&quot;: &quot;Request_BadRequest&quot;,
    
    &quot;message&quot;: &quot;Uri is invalid for a POST operation. The URI must refer to a service operation or an entity set.&quot;,
    &quot;innerError&quot;: {
    &quot;request-id&quot;: &quot;{GUID removed}&quot;,
    &quot;date&quot;: &quot;2019-05-21T06:41:51&quot;
    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Microsoft Identity Manager  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base