Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Remove requirement for onprem Exchange when using DirSync

    as per : http://tinyurl.com/kqgjvqx

    Currently for a small business who want password sync, but make the move to 365. they have to keep Exchange running on premise simply to be able to edit user attributes related to Exchange. - an active directory DLL, standalone app or simply support in the 365 portal would solve this for so many customers.

    612 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    67 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  Azure AD Team responded

    We’re working on a solution and will update you when we know more.

  2. Automate Seamless SSO Kerberos decryption key rollover AZUREADSSOACC

    Currently to automate the Kerberos SSO decryption key rollover for AZUREADSSOACC , we would need to store domain admin and tenant global admin credentials in a script or scheduled task.

    This is obviously not ideal. We currently having to perform the rollover task manually each month.

    Please look at how this process could be improved for automation.

    585 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    86 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  Azure AD Team responded

    Hi everyone,
    Thanks for your interest on this feature. This capability is still in the pipeline. The initial estimate was obviously off and we are looking at a new timeline. We are aware of the benefit of having this rollover made automatic and the interest you have on the feature, and that’s how we are looking at it while prioritizing it against other capabilities requests.
    Thanks for your patience!

    Jairo Cadena
    Principal Program Manager
    Microsoft Identity

  3. Add support for Kerberos AES and drop RC4_HMAC_MD5

    Per "https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sso#manual-reset-of-the-feature" the "Seamless SSO uses the RC4HMACMD5 encryption type for Kerberos."
    Please add support for modern ciphers and drop that obsolete RC4_MD5!

    92 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure AD Connect has limitation to sync 50k members in any group as per Microsoft article. But it does not sync 50k members if count is more

    Azure AD Connect has limitation to sync 50k members in any group as per Microsoft article. But it does not sync 50k members if count is more. We Synced 65K members out of which it only synced 29K. When it reached 29K it recognized the member count is more than 50 and it stopped syncing members. It should atleast sync 50K members and then stop.

    60 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →

    e cannot share any timelines right now. Our first iteration is to deploy and use a new service end point that would eventually be able to handle larger groups. It will likely take several months to get this deployed and tested before we can take a next step, which would be to increase the group size limit – probably to 250K members.
    If you want to be part of the private preview program, please reach out to me: rodejo@microsoft.com

  5. Enable change a password when is set with the flag ForceChangePasswordNextSignin on Active Directory on premises

    We will like to change a password from AAD when the account have the flag ForceChangePasswordNextSignin ON in Active Directory on premises.

    54 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  6. High availability support for AAD Connect

    Please provide HA support for AAD Connect with automatic failover! The staging server process is hopeless, and it doesn't support a shared SQL DB. At the moment, the fastest way to do AAD Connect recovery in case the AAD Connect server is destroyed, is to have an default installed Win2016 server with the AAD Connect install files downloaded (and not installed). Due to the fact that both the production and staging server must have same version (or higher), there's a risk that some stuff will not work when you do a recovery to a second server and there's a version…

    33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  5 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  7. AAD Connect - Sync a single object

    AAD Connect - Allow sync of a selected object. This is useful in troubleshooting one object versus parsing through everything else.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  8. AAD connect as a service

    I would love to see Microsoft offering AAD Connect as a Service. Either with an agent on a DC or member server much like the pass-through auth server works. But having the sync and metaverse running in a service in the cloud.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  3 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  9. 12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  3 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  10. AADConnect - Generate Preview

    When viewing an object in AADConnect and generating a preview based on full or delta imports... it should actually go and perform the full or dela import of that specific object when you perform that action. If i'm troubleshooting an issue in a large directory environment, I dont want to have to wait 6 to 12 hours for a full import, full sync to run after making each change... It seems logical that i could update a directory object or an AADConnect rule and go preview the impact of those changes on a single object without having to import the…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure AD Connect "PasswordNeverExpires" Attribute not synced correctly

    Last tests done with version 1.1.443.0 of AAD Connect

    The User Attribute "PasswordNeverExpires" is not synced correctly from OnPremise to AAD (when doing an inital sync of an user account). Furthermore later changes of this Attribute are not synced correctly to the AAD.

    I had different/random results when testing with this. Sometimes the initial value was transfered correctly to the Cloud accounts but the a change was not synced. Sometimes directly the initial value was wrong (when syncing a user the first time).

    Kind Regards
    Robin K.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  12. Force object based AD sync for automation

    From a sourcing perspective we often have to deal with hybrid cloud environments. For the User Workspace (webbased) we make use of both Active Directory systems (LocalAD and AzureAD) for access control to multiple applications.

    To optimize End User Experience it is neccessary to sync both Active Directory systems as fast as possible (realtime is preferred).

    Antoher possible workaround is object based (specific user or group) synchronization from command line to integrate with automation tools.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  13. AAD Connect - View Current Configuration

    AAD Connect - View Current Configuration needs an option to export the configuration. This should be to text file and CSV format for viewing. Also to XML format for backup and later importing of the configuration if ever needed.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  14. synchronisation triggered from website

    Allow an AD sync to be performed from the Azure AD website.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base