Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Automate Seamless SSO Kerberos decryption key rollover AZUREADSSOACC
Currently to automate the Kerberos SSO decryption key rollover for AZUREADSSOACC , we would need to store domain admin and tenant global admin credentials in a script or scheduled task.
This is obviously not ideal. We currently having to perform the rollover task manually each month.
Please look at how this process could be improved for automation.
780 votesHi everyone,
Thanks for your interest on this feature. This capability is still in the pipeline. The initial estimate was obviously off and we are looking at a new timeline. We are aware of the benefit of having this rollover made automatic and the interest you have on the feature, and that’s how we are looking at it while prioritizing it against other capabilities requests.
Thanks for your patience!Jairo Cadena
Principal Program Manager
Microsoft Identity -
Remove requirement for onprem Exchange when using DirSync
as per : http://tinyurl.com/kqgjvqx
Currently for a small business who want password sync, but make the move to 365. they have to keep Exchange running on premise simply to be able to edit user attributes related to Exchange. - an active directory DLL, standalone app or simply support in the 365 portal would solve this for so many customers.
681 votesWe’re working on a solution and will update you when we know more.
-
Add support for Kerberos AES and drop RC4_HMAC_MD5
Per "https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sso#manual-reset-of-the-feature" the "Seamless SSO uses the RC4HMACMD5 encryption type for Kerberos."
Please add support for modern ciphers and drop that obsolete RC4_MD5!112 votesWe are currently working on this
-
Azure AD Connect has limitation to sync 50k members in any group as per Microsoft article. But it does not sync 50k members if count is more
Azure AD Connect has limitation to sync 50k members in any group as per Microsoft article. But it does not sync 50k members if count is more. We Synced 65K members out of which it only synced 29K. When it reached 29K it recognized the member count is more than 50 and it stopped syncing members. It should atleast sync 50K members and then stop.
63 votese cannot share any timelines right now. Our first iteration is to deploy and use a new service end point that would eventually be able to handle larger groups. It will likely take several months to get this deployed and tested before we can take a next step, which would be to increase the group size limit – probably to 250K members.
If you want to be part of the private preview program, please reach out to me: rodejo@microsoft.com -
Enable change a password when is set with the flag ForceChangePasswordNextSignin on Active Directory on premises
We will like to change a password from AAD when the account have the flag ForceChangePasswordNextSignin ON in Active Directory on premises.
60 votesWe are currently testing a solution for this and will likely be able to provide this in the coming months.
-
High availability support for AAD Connect
Please provide HA support for AAD Connect with automatic failover! The staging server process is hopeless, and it doesn't support a shared SQL DB. At the moment, the fastest way to do AAD Connect recovery in case the AAD Connect server is destroyed, is to have an default installed Win2016 server with the AAD Connect install files downloaded (and not installed). Due to the fact that both the production and staging server must have same version (or higher), there's a risk that some stuff will not work when you do a recovery to a second server and there's a version…
38 votes -
AAD Connect - Sync a single object
AAD Connect - Allow sync of a selected object. This is useful in troubleshooting one object versus parsing through everything else.
17 votes -
AAD connect as a service
I would love to see Microsoft offering AAD Connect as a Service. Either with an agent on a DC or member server much like the pass-through auth server works. But having the sync and metaverse running in a service in the cloud.
14 votes -
Azure AD Connect Tool - Add option to export all inbound and outbound rules in one click
As the subject line says it.
12 votes -
AADConnect - Generate Preview
When viewing an object in AADConnect and generating a preview based on full or delta imports... it should actually go and perform the full or dela import of that specific object when you perform that action. If i'm troubleshooting an issue in a large directory environment, I dont want to have to wait 6 to 12 hours for a full import, full sync to run after making each change... It seems logical that i could update a directory object or an AADConnect rule and go preview the impact of those changes on a single object without having to import the…
7 votes -
Azure AD Connect "PasswordNeverExpires" Attribute not synced correctly
Last tests done with version 1.1.443.0 of AAD Connect
The User Attribute "PasswordNeverExpires" is not synced correctly from OnPremise to AAD (when doing an inital sync of an user account). Furthermore later changes of this Attribute are not synced correctly to the AAD.
I had different/random results when testing with this. Sometimes the initial value was transfered correctly to the Cloud accounts but the a change was not synced. Sometimes directly the initial value was wrong (when syncing a user the first time).
Kind Regards
Robin K.7 votes -
AAD Connect - View Current Configuration
AAD Connect - View Current Configuration needs an option to export the configuration. This should be to text file and CSV format for viewing. Also to XML format for backup and later importing of the configuration if ever needed.
6 votes -
Force object based AD sync for automation
From a sourcing perspective we often have to deal with hybrid cloud environments. For the User Workspace (webbased) we make use of both Active Directory systems (LocalAD and AzureAD) for access control to multiple applications.
To optimize End User Experience it is neccessary to sync both Active Directory systems as fast as possible (realtime is preferred).
Antoher possible workaround is object based (specific user or group) synchronization from command line to integrate with automation tools.
5 votes -
synchronisation triggered from website
Allow an AD sync to be performed from the Azure AD website.
3 votes
- Don't see your idea?