Azure AD Domain Services are great but the lack of support of Mac OS devices makes it really complicated to use. Providing a way to bind these devices with a cloud only AD solution would be great.

Currently Azure Active Directory Domain Services are not available for CSP subscriptions. Firstly because you can't deploy classic VNets in CSP subscriptions and this service is required to setup AADDS. Secondly because AAD is not available for CSP subscriptions to manage from Classic Portal and according to https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-faqs there is no Powershell cmdlet to turn on AADDS. This means you can't use AAD features like Kerberos authentication in CSP offerings.

Allow (or automatically install) LAPS within Azure Domain Services since this is the Microsoft supported standard for local administrator accounts.

LAPS: https://technet.microsoft.com/en-us/library/security/3062591.aspx

Azure AD Domain Services is now forcing me to change passwords for every account, inclulding service accounts, in every 30 days, even I have set password never expires. Hopefully this will be fixed soon, this is preventing or at least making inconvenient to run SharePoint workloads integrated with Azure AD Domain Services.

In a classic hybrid Scenario (ADDS DCs synched with AzureAD), AzureAD joined devices get a Kerberos Ticket form a DCs if a DC is reachable through the network.
When doing the same thing using AzureAD and AzureAD Domain Services, AzureAD joined Devices never get a Kerberos Ticket from AzureAD Domain Services since this is currently not supported. (Case 116070414368551)
Regarding AzureAD Join, it would be very useful if AzureAD Domain Services would behave similar like classical ADDS DCs and deliver Kerberos Tickets to AzureAD Joined devices.

Upgrade the Azure AD Domain Services Domain Controllers to be Windows Server 2016 instead of Windows Server 2012 R2.

We've switched to having our domain be AAD Domain Services and connected to our Office 365 domain and we'd like to enable Windows Hello for Business, but until those domain controllers are upgraded we can't utilize it. This makes the nice fingerprint scanners on our new machines useless.

Can we have more pricing tiers? I run a small consultancy business with 1 user and enabling AADDS will cost in excess of £90 a month, even though I won't have anything like the 25000 objects minimum tier cap. However AADDS is useful for demonstrating to SME clients how they can go cloud only so it would make sense to provide an entry level price point, for example max 2500 objects to suit the smaller scenarios.

Span the same AADDS domain to multi regions - currently only possible with vnet pairing and VPN gateways. Would also add redundancy to the domain if say a region were to go down or the AADDS service were to stop within a region.

I'm using Azure Active Directory Domain services and would like to have ability to create DFS namespace in AD.

Add support for Microsoft NPS/RADIUS in Azure AD Domain Services

We are deploying IaaS and PaaS solutions which span multiple regions and geographies. We wish to leverage Azure AD Domain Services as the directory service for these solutions but are currently constrained by the single region requirement. Please provide the ability to enable AAD-DS in all subscriptions, Regions and VNet's associated with an Azure AD tenant.

Geo-dispersed limitation:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-comparison#geo-dispersed-deployments

With domain services now providing Kerberos authentication, etc etc, it would be great to be able to deploy DirectAccess in Azure as a service. This would allow for removal of all on prem/iaas components currently required to take advantage of AD based windows management (gpos, etc).

On a demo or MSDN subscription I would like to pause Domain Services like I can pause an AD VM. That will save me costs on a demo or development focused Azure subscription. Otherwise, AAD Domain Services uses a significant portion of the $100/month MSDN credit.

If you have joe@mydomainusa.com and a different user that's joe@mydomaincanada.com all in the same AAD, when you enable Domain Services, only one user will function since only one user gets MYDOMAIN\joe as its username. Please remove this limitation

Allow for creating Enterprise CA

Right now AADDS is only available for one virtual network. In our organization we have split applications up with each application having its own VNET.

Some of these don't support SAML or OAuth2 as an authentication mechanism and only LDAP. It really sucks to have a virtual network gateway set up just for LDAP authentication.

Please allow multiple VNETs to use AADDS.

There doesn't appear to be a way to link aad domain services to a vnet created in the preview portal /azure RM; why not?? All our vnets are ARM based!