Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. I changed the attribute to "not set" in Azure AD but the attribute doesn't sync to Azure ADDS.

    When I update the attributes, I can see the updated values on the Azure ADDS.
    However, if he delete the value of an attribute (= update with not set), the value is not changed.

    Please correct this behavior.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  2. group policy ad domain services

    As part of Azure AD Domain Services -> all new group policies to be made

    Allow files to be uploaded to NETLOGON folder.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    need-feedback  ·  1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow using SHA-2 & AES encrypted wildcard SSL certificate for secure LDAP (LDAPS)

    As I understand, we can only use SHA-1 Triple-DES encrypted wildcard SSL certificate with secure LDAP (Azure LDAPS).
    Almost all of the public CAs don't issue SHA1 encrypted certificates anymore and therefore, we need Azure LDAPS accept SHA256 - AES encrypted wildcard SSL certificates so that we can utilize public certificate authorities to issue these certificates for us.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  4. Powershell support to update LDAPS certificate

    Hi, we're using Azure AD Domain Services and would like to use Let's Encrypt certificates for LDAPS. Unfortunately, It doesn't seem possible to use Powershell or some other API to programmatically update the certificate. As Let's encrypt certificates are meant to be renewed often (between 30 and 90 days depending on type of cert), we need an API to automate the certificate renewal process.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  5. General Availability for Azure Locations based in Switzerland

    Since Microsoft has launched Azure in Switzerland, general availability of Azure AD Domain Services would be much appreciated in order VMs can be joined thus On Premise infrastructure be migrated to the Cloud.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support for Kerberos authentication security events

    The idea behind is to enable Kerberos Authentication Service event from Azure AD Domain controller to get Network Information and Account Information from the computers connected to Azure AD Domain Services https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4768

    In a Microsoft Active Directory, we could easily get event ID 4768 when a computer in the domain needs to authenticate to the DC typically when a workstation boots up or a server restarts. But in Azure AD DS we could not get this event, even after if you enabled the security audits https://docs.microsoft.com/en-us/azure/active-directory-domain-services/security-audit-events

    The Event Id 4768 is not listed under the Account Logon security event lists …

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  7. add GC port 3269 to AD-DS created LB

    Hi,

    right now we can't access port 3269 (Global Catalog) of our AD-DS service.
    After open it in NSG and modify the LB it only stay open for hours. The LB get's overwritten every now and then.

    Request: Add LB rule for 3269 to the auto-create script of AD-DS. Customer still can control access this via NSG.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  5 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  8. Extend on prem AD to domain services

    Is there a way to extend my current on prem AD using Domain Services

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    triaged  ·  0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  9. Azure Active Directory Domain Services Status

    I've been having problems with the Domain Services correctly syncing passwords via LDAP. Today none of the LDAP services could connect. Thinking that something might have happened to my configuration I disabled the Domain Services, reconfigured it, then re-enabled. The re-enable has been going for several hours now. The Domain Services section is set to OFF but when I try to configure it again it throws an error. No details, just says that it can't save the configuration.

    It would be nice if there was some sort of status page where I could see what's going on regarding provisioning and…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure AD Domain Services - DFS Namespace support

    I'm suggesting that this needs to be revisited by Microsoft. There are many use cases where this is necessary, paricularly as WVD has picked up much needed enhancements with the Spring update. AADS is a must in these WVD environments due to the requirement of Group Policy application and management.

    We have a desperate need for a DFS Namespace currently. We are using Azure Premium File Shares but have the need in some of our WVD pools for very high IO storage. (Without even mentioning the performance issues that even Premium Azure Files Shares encounter) We are currently using Azure…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  11. Will there be a possibility to extend the Azure schema, but with a "confidentiality bit" as exist in an AD on prem directory?

    Will there be a possibility to extend the Azure schema, but with a "confidentiality bit" as exist in an AD on prem directory?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  12. Azure Audit logs do not show the events related to listing of AD users and groups.

    I am interested in viewing the events when someone tried to list Azure AD users, groups, or apps. Currently, this is not being captured in Audit logs.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  13. Switzerland North-South

    It's not available yet in Switzerland. Why not make available everything already? At least when to expect this?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  14. Increase regional support of AD DS

    Currently, we are limited to a single UK region for AD DS. Support of AD DS in UK West would be advantageous.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  15. DNS record set synch from local to AADDS

    There is no direct way to synch Local/On Prem DNS record set to Azure AD Domain Services.

    We are using the same domain name for local and global DNS. So it's very important for us to make every entry in local DNS as well.
    With AADDS now we have to make a same entry in Global DNS ( which is Azure DNS) and then to Local DNS and AADDS.

    There should be a way to synch Local To AADDS

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  16. I need to cancel this account as I am charged for two separate accounts and I can not seem to locate where to contact you to do this

    I can not locate where to contact you regarding my accounts - I need to close one of them as I seem to have two

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  17. Integration of Azure AD DS with Azure Private DNS

    Today, it is very painful for automation when in the same network you are mixing Linux and Windows VMs, or you need to create a custom internal domains for internal services

    There are a great product Azure Private DNS which can resolve many problems with DNS management, but it is disintegrated from Domain Services

    I think it could be the option also to resolve https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/34733890-make-azure-active-directory-dns-records-editable-t

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  18. AADDS domain to build trust with an on-prem domain

    have the ability to to have domain trusts so we can have our current on-prem services Domain trust user accounts in our AAD-DS Domain.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  19. AADDS allow multiple managed domain scoped views

    It would be nice to have for the following reason.
    One single Azure AD. Each branch could have it's own domain via a AADDS Managed Domain with Scoped view.

    This would be for the same tenant, same subscription. or same tenant different subscription.

    This way each branch office could manage there own users in their own scoped domain, but the AAD would maintain the identity

    Think of it like views in MS SQL..

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  20. Acquire access token in AADDS

    We have several legacy desktop apps we remote host through an AADDS joined VM. These apps need to login to an Azure SQL server. Currently we are using Active Directory - Password authentication and the user has to key their password in each time.

    Since the user is logged into the VM using their Azure AD account, it would be nice if there was a way to retrieve their access token and then we could login to SQL using that instead.

    I've looked and I don't see anyway to do this at this time.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    triaged  ·  2 comments  ·  Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base