Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. AAD Connect switch staging mode without global admin permission

    The number of global admins should be kept low.

    In order to allow operation teams to switch services in case of failure, the need to do this with the Global Admin permission should be removed.

    As a service provider we have problems to comply with SLAs because the customer only approves Global Admin authorization temporarily on request. In a 24/7 fault situation, this can not be secured.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  2. Would like to have an alert notification within Azure AD Connect Health when group membership exceeds 50,000

    Would like to have a DCR (Design Change Request) entered in for an alert creation within Azure Active Directory (AAD) Connect Health that would send an alert when more than the default of 50,000 users is exceeded and the syncing stops occurring. Currently there is the limitation of 50,000 and would like to see an alert within the AD Connect Health Dashboard as right now the alerts are hard to navigate as by a default they are all the way positioned at the bottom of the FIM logs. Thank you.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  3. Revise licensing requirements for initial registered agents

    The current licensing system requires 25 AAD Premium licenses for each additional registered agent beyond the first (i.e. 26 licenses for 2 agents, 51 licenses for 3 agents, etc ...). That's a shame as it makes it impossible for smaller businesses to get even close to full coverage of their relevant infrastructure.

    For example, assume a best practices infrastructure with:
    - 2 x Domain Controllers
    - 2 x AD Federation Servers (installed on DCs)
    - 1 x AAD Connect server
    - 1 x AD FS Web Application Proxy (on AAD Connect server)

    That's 3 Windows servers with two DCs &…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  4. Relaying party utilization report

    AD connect health should provide some kind of a report which can tell who are the users trying to authenticate externally or internally per relying party in ADFS.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure AD Connect Health agent data

    Hi, I'm currently looking at implementing Azure AD Connect Health on our AD DS, AD FS, WAP and Azure AD Connect sync servers. We have offices in German and when anything is implemented the German Workers Council have to agree it. We are being asked what actual data is being sent by the on-premises agents to Azure AD Connect Health. I don't see this level of information in the Microsoft Online documentation, but I would have thought that we are not the first to ask this question. Do you have details that can be shared and also I think it…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  6. Issue with Azure AD Connect Health AD DS agent - Ports exhaustion

    We ran into an issue where all the RPC ports on few of our Production DC's got exhausted by this agent and resulted in replication failure. See below netstat output:

    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55151 10.153.6.10:389 CLOSE_WAIT 5860
    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55157 10.155.32.13:389 CLOSE_WAIT 5860
    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55164 10.153.6.10:389 CLOSE_WAIT 5860
    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55167 57.12.150.90:389 CLOSE_WAIT 5860
    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55172 10.155.44.8:389 CLOSE_WAIT 5860
    [Microsoft.Identity.Health.Adds.InsightsService.exe]
    TCP 10.20.81.9:55173 10.153.6.10:389 CLOSE_WAIT 5860

    Log Name: System
    Source: Tcpip
    Date: 06/07/2019 05:00:21
    Event ID: 4231
    Task Category: None
    Level: Warning
    Keywords: Classic
    User: N/A
    Computer: DXBEGDC26PV.corp.emirates.com
    Description:
    A request to allocate an ephemeral port number from the global…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure AD Health Connect Agent for ADFS is out of date

    I tried to download the latest version of the "Azure AD Health Connect Agent for ADFS" from https://www.microsoft.com/en-us/download/details.aspx?id=48261 (version 3.1.51.0) but when I checked the file details (attached screenshot) it is showing it is version 3.1.46.0.
    When I install this agent on one of the ADFS servers it is also installed as version 3.1.46.0.

    Please can the download URL for this agent be updated with version 3.1.51.0 of the agent?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  8. Amina

    Amina

    0 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add AD DS Login Auditing to Agent

    While the AAD Connect for AD FS Agent can help identity some risks related to logins, that isn't a complete solution right now. Further to other feedback requests asking for IP and Application in those reports, I think we could do with the additional information from the AD DS Agent as well. Additionally, being able to search for specific IPs or Accounts to assist in determining the failed login sources (and dates/times) would be very useful.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  10. server 2019 support?

    ADFS connect health support for Server 2019 or just isnt documented?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure AD Connect Health for ADDS

    Support for Azure AD Connect Health for ADDS on Windows Server Core. It currently does not work because it sets up by using IE. Have it use "device login" like the Az module for PowerShell Core.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  12. AD Connect Health report legacy endpoints not enabled

    AAD Connect Health should not be prompting organisations to re-instate legacy authentication endpoints:
    1. /adfs/services/trust/2005/usernamemixed
    2. /adfs/services/trust/2005/windowstransport
    also the service seems to be unaware that 2016 and later do not default publish certain unnecessary URLS:
    3. /adfs/ls/
    as we cannot customise the alerts checked to ignore this, customers will be prompted to open vulnerabilities through legacy authentication by using AD Connect Health!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  13. Azure AD Connect Health Pass-through Authentication Agent Support

    Please add support for monitoring the Azure AD Pass-through Authentication Agent to Azure AD Connect Health. This is current a gap in that when you use Pass-through Authentication (PTA) the agents are not monitored and there is no way to do this via Azure AD Connect Health currently. The PTA agent is a critical service when using Pass-Through Authentication so this should be monitored.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure AD Connect Sync Tool - Allow sync by selecting specific AD Groups - Not by OU

    We are using the Azure AD Connect sync tool and would like to be able to synchronize a selection of on premise AD security groups. This would allow us the ability to create a set of Azure groups on premise that we add users to and specifically grant access to our azure AD. Then in Azure we can set those permissions to azure resources as needed. This allows us to add and remove users on prem easily and synchronize ONLY those users we want to have access to Azure. This keeps our Azure AD clean and relevant. The current tool…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  15. Is there a way to set a daily download automaticlly for Sync Errors on AD connect

    Is there a way to set a daily download automatically for Sync Errors on AD connect

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  16. Keep Azure AD Connect Health ADFS Diagnostics script is up to date

    The latest version of the Azure AD Connect Health Agent for AD FS still has the ADFS Diagnostics script version 1.0.0 but this script is now on version 3.0.2 - https://www.powershellgallery.com/packages/ADFSDiagnostics/3.0.2

    It would be great if the scripts used installed by the AAD Connect Health are kept up to date.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  17. Azure Active Directory Connect Setup install fail

    Azure Active Directory Connect Setup
    The cabinet file 'media1.cab' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-Rom,Or a problem with this package.
    I downloaded it again many times.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  18. Fix AD Connect Health remediation in the portal so it actually works

    I have a handful of users who had AAD accounts first. We then added a server in office and created accounts on it. We installed AAD Connect and synced the domain. The users all now have duplicates in AAD. Sync recognized this issue and the UI offers a fix, but the fix ALWAYS fails with a generic error message offering no recourse. Please fix the fix.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  19. A PDC is not reachable through this domain controller when server reboots

    If your PDC emulator is unavailable when rebooting for applying updates, we can get this error from all other domain controllers in the environment.

    Is this actually a problem? My experience says no, but this alert casts doubt on that. We are back to asking ourselves, should the FSMO roles be moved when patching? Historically, the answer to this has been no, this isn't needed. Can we get some more guidance from Microsoft on this?

    Title:
    Domain controller is unable to find a PDC.

    Description:
    A PDC is not reachable through this domain controller. This will lead to impacted user…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
  20. allow unsubscribing from Azure AD Connect Sync errors detected email

    I am receiving emails to notify me of Azure AD Connect Sync errors being detected for a tenant which is not related to me. My email has been put there by mistake maybe. There should be some way for me to cancel receiving these emails.

    0 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect Health  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base