Add support for Microsoft NPS/RADIUS in Azure AD Domain Services

Span the same AADDS domain to multi regions - currently only possible with vnet pairing and VPN gateways. Would also add redundancy to the domain if say a region were to go down or the AADDS service were to stop within a region.

Can we have more pricing tiers? I run a small consultancy business with 1 user and enabling AADDS will cost in excess of £90 a month, even though I won't have anything like the 25000 objects minimum tier cap. However AADDS is useful for demonstrating to SME clients how they can go cloud only so it would make sense to provide an entry level price point, for example max 2500 objects to suit the smaller scenarios.

Currently B2B users cannot login to a Azure AD Domain Services joined virtual machine. In this scenario we do not have AAD Connect, only Azure AD directory with domain services running. We can join the VMs to the AAD DS domain and sign on with member accounts but cannot sign in with B2B guest accounts.

Upgrade the Azure AD Domain Services Domain Controllers to be Windows Server 2016 instead of Windows Server 2012 R2.

We've switched to having our domain be AAD Domain Services and connected to our Office 365 domain and we'd like to enable Windows Hello for Business, but until those domain controllers are upgraded we can't utilize it. This makes the nice fingerprint scanners on our new machines useless.

On a demo or MSDN subscription I would like to pause Domain Services like I can pause an AD VM. That will save me costs on a demo or development focused Azure subscription. Otherwise, AAD Domain Services uses a significant portion of the $100/month MSDN credit.

A major security shortcoming of AADDS is that you don't have access to the security logs on domain controllers.

This is critical for the security posture of many organizations.

It would be ideal to be able to feed the security logs of AADDS domain controllers in to Azure Log Analytics.

Hi There,

We are currently evaluating the use of Domain Services. For GDPR we'd need to have all our Infrastructure in the UK.

Do you have a timeline for introduction of Domain Services in the UK region.

Allow for creating Enterprise CA

Make the ProxyAddresses attribute available through LDAPS when using Managed Domain

Many Anti-Spam applications (ex: Zero Spam) need to connect via LDAPS to list users, and get their email address(es) but only the mail attribute is available...

Since LDAPS managed domain is using our Azure AD , and AzureAD already has this attributes ( synched from our onPremise AD) I don't understand why it is not available through LDAPS

Is there a way yet to migrate AADDS from Classic to RM? We need to get off of Classic.

If you have joe@mydomainusa.com and a different user that's joe@mydomaincanada.com all in the same AAD, when you enable Domain Services, only one user will function since only one user gets MYDOMAIN\joe as its username. Please remove this limitation

There doesn't appear to be a way to link aad domain services to a vnet created in the preview portal /azure RM; why not?? All our vnets are ARM based!

Expand the attributes that are syncd with AADDS and available via LDAPS. The one I'm specifically interested in at the moment is the Manager attribute, but others are important too.

I would like have the option to bring in B2B users in Azure Active Directory Domain Services. It could be an important replacement for ADFS since ADDS doesn't do federation. It could be very useful to bring B2B users as selected federation style users to an internal Azure IaaS environment.

Azure AD Domain Services was not working because of an networking issue on our side. But you won't notice until you start looking in ADDS. It would be nice if you could have insight in the replication process or at least get alerted when synchronization is not working between Azure AD and Azure AD Domain Services.

Could you grant AAD DC Administrators DHCP Authorization rights so we can setup a DHCP server on a non-domain server and still have it register with DNS / AD records?

Currently this is blocked.

New users and groups don't appear in AADDS immediately, but there is no mention in documentation of delays. I assume there is a sync schedule. Publishing this or showing when the next run is for a tenant would be extremely useful.