Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sync Azure Active Directory Down to On-Premises AD

    It would be great to be able to sync Azure AD down to On-premise AD. I want to centrally manage my users, passwords, and groups from Azure AD. That way the on-premise server just acts as a medium for the local environment.

    Here: http://msdn.microsoft.com/en-us/library/azure/dn798669.aspx

    It says "coming soon" for cloud to on premise sync. It was last updated on September 5th 2014. I cant find any new information on if this is out.

    210 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  71 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  2. Unattended installation Azure AD Connect

    Provide The ability to perform unattended/silent installation of Azure AD Connect using either/ or both commandline or answer file for the installation parameters.

    This is highly needed for re-Deployment of test/Dev environments and especially for hosting/service providers with many customers

    106 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    20 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  3. Multi-tenant capabilities in Azure AD Sync

    Problem scenario: single on-premise domain, multiple O365 / Azure subscriptions. As it stands today it looks like you still need FIM and the Azure AD Connector to accomplish this (or DirSync on a seperate server for each tenant).

    I was hoping to be able to use the AADsync tool for this and consolidate the current DirSync servers to a single VM for it.

    54 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    26 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  4. AAD Sync; make mobile attribute authoritative again after AAD/tenant/portal update

    AAD Sync; make mobile attribute authoritative again after AAD/tenant/portal update.

    If you update the mobile attribute as a user or admin in the tenant, this no longer flows from on premises AAD Sync. If the user has made a mistake and you wish this to flow again from on premises, there is no way to make it authoritative again.

    36 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    26 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  5. Make Azure AD Connect compatible to SBS 2011

    The Azure AD Connect tool does not install on a SBS 2011. I think, that AADConnect should work on an SBS 2011 as well. All in all it's just a W2K8.

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  5 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable DirSync two-way password sync for Azure AD Standard

    This is a basic feature that many small and mid-size organizations need without the other bells and whistles included in Azure AD Premium.

    Case in point: the non-profit organization I support has a mix of Office 365 offsite users and traditional onsite users. With DirSync enabled, off-site users without domain-connected clients are restricted from changing their password in OWA. Since they're a non-profit, investing in Azure AD Premium is not cost-effective as most of the features included are overkill for their requirements.

    Thanks for your consideration!

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback but currently we see this as a capability that stays in Premium. For off-site or what we call cloud only users you can use Azure AD Basic to enable self service password reset but to enable writeback to on premises Windows Server AD users would need to have Premium license.

  7. Reinstate Joiner and other MIM Sync features

    In various scenarios, but especially when in Staging Mode, it is a hindrance that the ways to address data issues invariably presented in the sync service that were once possible in DirSync/FIM/MIM are no longer possible in AADConnect. In particular I am referring to such functions as:
    * changing a disconnector type (via the MIM Joiner tab), and
    * disconnecting a connected object (via the MV object details dialog).

    While I understand architecturally there was a move to remove the Joiner entirely, in a production support scenario I imagine that such features would be of just as much assistance to…

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  8. AAD Connect Version Update RSS feed

    We would like to subscribe to a RSS feed to be informed once a new AAD Connect version is released. Is there such a feed function already existing or could you add it to the AAD Connect release web page?

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  9. multiple AADConnect services in single domain to support SSO

    AADConnect topology - https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-topologies#each-object-only-once-in-an-azure-ad-tenant

    I have a customer that single forest single domain but multiple AADConnect services running to multiple different Azure AD.

    The customer want to implement the SSO and the limitation says "The single sign-on (SSO) option for password hash synchronization and pass-through authentication can be used with only one Azure AD tenant."
    This is because the AADConnect only create AZUREADSSOACC computer object and it only can created once in forest level so it will be hard for other multiple AADConnect.
    Did anyone know any chance to talk to the AADConnect team and to allow create an alternative…

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  6 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure AD Connect GUI Setup: Support "Browse" button for service accounts

    Please add a "Browse" button in th Azure AD Connect setup guide for finding service accounts in Active Directory. You should also validate the entry for gMSA / MSA accounts that they end with "$".

    Remove/disable the "Password" textbox when using a managed service account. It seems confusing to the users.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add Server core support

    Add support for Server core installations.

    This is mainly a bakground service syncing users and therefor much more sutible for a core version then a bloted version of windows.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  12. Azure Active Directory Seamless Single Sign-On - howto idea Multiple-tenants to a single domain or forests,

    Azure Active Directory Seamless Single Sign-On - howto Multiple-tenants to a single domain or forests,

    hey all i believe i've kinda worked out how one could simply have Seamless Sign-on for one domain to multi-tennants,

    theres a way via some web redirects, computer account renames and creating internal cnames for the Spn's however for it to be universal and be supported in the best way,

    we need Microsoft to host additional Cname redirects or just additional addresses for the SPN's attached to the kerberos accounts aka

    autologon2.microsoftazuread-sso.com
    autologon3.microsoftazuread-sso.com ........ect.ect..

    then during the setup of the Ad connector a check should…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  13. Enhanced AAD Connect/SaaS Provisioning Options

    If MS wants organizations to start leveraging AAD similarly to On-Premise they need to grant more control over the provisioning schedule. We have break/fix user account additions that need to replicate from On-Premise to AAD and then to G Suite.

    With the 30 minute minimum sync option and 45-60min G Suite provisioning cycle we could be looking at 1:15 minutes before a user can access the app.

    We should have the ability to adjust these options as our organization sees fit.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    declined  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base