Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Support NPS/RADIUS for Azure AD Domain Services
Add support for Microsoft NPS/RADIUS in Azure AD Domain Services
254 votesCONFIRMED that NPS and Azure AD Domain Service can work with the Azure MFA NPS extension to enable MFA for RDP to virtual machines. That said, Azure Bastion Host (https://docs.microsoft.com/en-us/azure/bastion/bastion-overview) provides the same value without the additional infrastructure of NPS. We have a doc bug created to add the nuance to our documentation, which is to 1) Skip registering the NPS server and 2) ensure your network policy has “Ignore user account dial-in properties” selected.
Leaving the topic open as we continue to investigate/validate other NPS use cases (e.g. VPN and 802.x scenarios)Mike Stephens
Senior Program Manager
Azure Identity
IAM Core | Domain Services -
Span AADDS domain across multi regions
Span the same AADDS domain to multi regions - currently only possible with vnet pairing and VPN gateways. Would also add redundancy to the domain if say a region were to go down or the AADDS service were to stop within a region.
61 votesEngineering has begun work on this.
-
Azure Active Directory Domain Services - More Pricing Tiers
Can we have more pricing tiers? I run a small consultancy business with 1 user and enabling AADDS will cost in excess of £90 a month, even though I won't have anything like the 25000 objects minimum tier cap. However AADDS is useful for demonstrating to SME clients how they can go cloud only so it would make sense to provide an entry level price point, for example max 2500 objects to suit the smaller scenarios.
46 votes -
Allow B2B users to logon to VMs using Azure AD domain services
Currently B2B users cannot login to a Azure AD Domain Services joined virtual machine. In this scenario we do not have AAD Connect, only Azure AD directory with domain services running. We can join the VMs to the AAD DS domain and sign on with member accounts but cannot sign in with B2B guest accounts.
45 votes -
Add more attributes to AADDS
Expand the attributes that are syncd with AADDS and available via LDAPS. The one I'm specifically interested in at the moment is the Manager attribute, but others are important too.
32 votes -
migrate Azure Active Directory Domain Services from classic to resource manager
Is there a way yet to migrate AADDS from Classic to RM? We need to get off of Classic.
24 votes -
domain services
Upgrade the Azure AD Domain Services Domain Controllers to be Windows Server 2016 instead of Windows Server 2012 R2.
We've switched to having our domain be AAD Domain Services and connected to our Office 365 domain and we'd like to enable Windows Hello for Business, but until those domain controllers are upgraded we can't utilize it. This makes the nice fingerprint scanners on our new machines useless.
24 votes -
enterprise certificate authority (ca)
Allow for creating Enterprise CA
19 votes -
proxyaddresses
Make the ProxyAddresses attribute available through LDAPS when using Managed Domain
Many Anti-Spam applications (ex: Zero Spam) need to connect via LDAPS to list users, and get their email address(es) but only the mail attribute is available...
Since LDAPS managed domain is using our Azure AD , and AzureAD already has this attributes ( synched from our onPremise AD) I don't understand why it is not available through LDAPS
15 votes -
Azure Active Domain Services Synchronisation Report
Currently, it is not possible to get accurate information from AADDS about what and when attributes are synchronised from Azure AD to Azure ADDS. It would be most helpful if customers could query on a per user or per directory basis to find out what attributes were synced and at what time (including password changes)
13 votes -
AD and German Cloud
Provide Azure AD Domain Services for the German Cloud!!!!!
6 votes -
Azure Domain Services Allow DHCP Authorization
Could you grant AAD DC Administrators DHCP Authorization rights so we can setup a DHCP server on a non-domain server and still have it register with DNS / AD records?
Currently this is blocked.
6 votes -
Latency in sync between Azure ad and Managed domain
There is a delay in sync between Azure ad and domain services.
It will be great if we can reduce this sync delay.
Some times sync will not be up to date so need access to restart the sync between Azure ad and Managed domain.5 votes -
group policy ad domain services
As part of Azure AD Domain Services -> all new group policies to be made
Allow files to be uploaded to NETLOGON folder.
4 votes -
Implement Domains and Trusts from ADDS to on premise AD
After you have deployed ADDS you may want to complete a domain trust to an existing on premise domain, this is currently not possible but would be great if it was released as this is a blocker for organisations.
3 votes -
Use Seamless SSO in AADDS environments.
At the moment, having seamless SSO in Azure Active Directory Domain Services doesn't work. Logically, this feature should be automatic...
At the moment, you can join a machine to AADDS domain, and log in to it with Azure AD credentials. But users still need to sign in manually to Office.com, office apps, etc.
This is extremely important in a AADDS Windows Virtual Desktop scenario (where Microsoft Office is hosted as RemoteApps). To access Office, users will need to log in to WVD, then AGAIN into the remoteapp host itself, and AGAIN into the Microsoft Office apps - all with the…
2 votes -
I changed the attribute to "not set" in Azure AD but the attribute doesn't sync to Azure ADDS.
When I update the attributes, I can see the updated values on the Azure ADDS.
However, if he delete the value of an attribute (= update with not set), the value is not changed.Please correct this behavior.
2 votes -
Azure Active Directory Domain Services Status
I've been having problems with the Domain Services correctly syncing passwords via LDAP. Today none of the LDAP services could connect. Thinking that something might have happened to my configuration I disabled the Domain Services, reconfigured it, then re-enabled. The re-enable has been going for several hours now. The Domain Services section is set to OFF but when I try to configure it again it throws an error. No details, just says that it can't save the configuration.
It would be nice if there was some sort of status page where I could see what's going on regarding provisioning and…
2 votes -
add GC port 3269 to AD-DS created LB
Hi,
right now we can't access port 3269 (Global Catalog) of our AD-DS service.
After open it in NSG and modify the LB it only stay open for hours. The LB get's overwritten every now and then.Request: Add LB rule for 3269 to the auto-create script of AD-DS. Customer still can control access this via NSG.
1 vote -
Acquire access token in AADDS
We have several legacy desktop apps we remote host through an AADDS joined VM. These apps need to login to an Azure SQL server. Currently we are using Active Directory - Password authentication and the user has to key their password in each time.
Since the user is logged into the VM using their Azure AD account, it would be nice if there was a way to retrieve their access token and then we could login to SQL using that instead.
I've looked and I don't see anyway to do this at this time.
1 vote
- Don't see your idea?