Active Directory

How can we improve Active Directory in Windows Server?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Port Active Directory Module to PowerShell Core and Make Cross Platform

    Active Directory is used for more than just Windows Environments. Traditionally, scripting languages, such as python, have been used in the Linux space to perform automation against Active Directory. Now that PowerShell Core 6.0.X is GA, it would be great if the Active Directory module could be ported to be compatible with PowerShell Core and made cross-platform compatible. This would enable PowerShell based Active Directory management and automation possibilities from Linux, Mac, and IoT in addition to Windows.

    Currently, PSSnapin dependencies in the AD module make it impossible to use in PowerShell Core. This leaves AD as one of the…

    152 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      2 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
    • Specify primary authentication method per relying party

      Not being able to specify primary authentication method per relying party is something I run into all the time. Can you please fix this? More and more vendors support SAML-based authentication and ADFS but none of them have a way of requesting Certificate Authentication as a primary authentication method. I do not want to change this on a global level, because we have other relying parties which use WIA. I'm guessing you have everything you need for this already, please fix!

      16 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
      • Replace gpresult with a PowerShell cmdlet

        GPResult served us well when support was done manually on each client from the keyboard. What we need now is a cmdlet that we can use when remoting into a PC and get results that are applied to the PC, including polices that are not applied.

        5 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
        • Add Alert before Token Signing and Token Decryption auto renewed

          My customer experienced several outage during ADFS Toke Signing and Token Decryption certificates automatically renewing. Thus , they really hope that Microsoft PG can add alert functionality , if AutoCertificateRollover is true , when those two certificates are issued automatically by system and before promoted to Primary Certificates , will send alerts

          3 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
          • Have ADFS display 'last login' information when users log in using FBA

            When logging in through ADFS forms-based authentication, the user is only prompted to enter their credentials, they aren't given any way to know when the last time they did so was was. Many web sites offer this feature to allow a user to know when, from where, and from which device they last logged in to they can report any anomalies to the powers that be. ADFS should have such a feature.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
            • LAPS - Add Cmdlets to remove permissions

              Add a CMDLET to Remove LAPS Password reset and read permissions. Currently there is only a cmdlet to add permission, but not to clean up.

              7 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
              • Append option in Group Policy

                In Group Policy today we have "Import Settings" and "Restore From Backup" kind of options. Where in both make the GPO settings with complete Replace.
                It would be good to provide "Append/Replace" option when we select "Import Settings". So that when there is a requirement of clubbing GPOs it would be very useful to make one GPO from many GPOs if we have Append option.
                Else it would be difficult for administration if we go on adding one by one setting.

                2 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • ADFS + Azure SQL Managed Instances Supportability

                  ADFS + Azure SQL Managed Instances Supportability

                  Add supportability for extend AD FS in Azure using Azure SQL Managed Instance to host the database.

                  3 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
                  • Publish activedirectory module to PSGallery

                    The active directory module is really useful, but a pain to install on a server/computer.
                    Current install instructions are these: https://blogs.technet.microsoft.com/ashleymcglone/2016/02/26/install-the-active-directory-powershell-module-on-windows-10/

                    I would love the possibility to just do:
                    Install-Module "ActiveDirectory" and have everything good to go.

                    15 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      2 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
                    • Allow AD FS to fall back to Forms-based authentication if Windows Integrated Authentication fails

                      Currently, if a browser-based user comes to the AD FS sign-in page, AD FS can only decide whether to use integrated authentication by looking at the browser's user agent string. However, t

                      There are cases where not all users arriving at the AD FS sign-in page can perform a Kerberos login - they might be within the IP range of the "internal" part of AD FS (in a split-brain DNS configuration) but the client may not be domain joined for various reasons, for example wireless users using BYOD. For these users Kerberos fails and it falls back to NTLM/Basic auth…

                      51 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        3 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
                      • GPO: turn off microsoft consumer features all sku

                        Please make the GPO object for "Turn off Microsoft consumer features" work on all skus not just Enterprise and Education. I am in education but we have been buying Pro skus as we did not know about this garbage limitation which makes no sense. Removing the XBOX app and other preloaded nonsense is necessary no matter the sku. If it can join a domain this should just work. Yes there are scripts to do this but given its supported in "some" skus this should not be necessary.

                        Tom

                        7 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
                        • Update Active Directory Password policies to align with new NIST guidelines

                          Now that the new NIST 800-63B guidelines are coming together, can Active Directory be updated to follow some of the guidance in here? Specifically allowing for blacklists of breached or otherwise bad passwords, potentially allowing for a salt to be added to AD password hashes, and rate throttling instead of just account lockout?

                          https://pages.nist.gov/800-63-3/sp800-63b.html

                          42 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            3 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
                          • Replace ADCS NDES Role Service and Intune NDES Connector with ADCS Issuing CA Intune Connector software

                            Replace ADCS NDES Role Service and Intune NDES Connector with ADCS Issuing CA Intune Connector software. Seems easier solution than having seperate server for NDES and needing to publish NDES endpoint to the web, just to issue Certs to the devices managed by Intune.

                            2 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • Open Source the ActiveDirectory PowerShell Module

                              Please consider open sourcing the ActiveDirectory PowerShell Module. While regarded as feature complete internally at MSFT, there is still much work that can be done to offer PowerShell users of all skill levels a more consistent experience by ensuring all Cmdlets in the ActiveDirectory Module accept pipeline input and parameter binding by property name and value. There is also tremendous value in providing PowerShell users with Cmdlets to determine which attributes in the Active Directory schema have been indexed as well as Cmdlets to extend the schema with the addition of other attributes.

                              134 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                7 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • BUG: 2016 server allows you to create machines with same name

                                I added a 2016DC to my 2012 and 2012r2 DCs a couple weeks ago.

                                Today I added a new PC into the network.

                                The problem is I used the same name as a PC already on the network (shouldn't be an issue Windows always catches this and doesn't allow it).

                                AD didn't catch this and actually updated the original PC in AD and did not add a second PC or warn that the name was already in use. If I look at the modified date of the original pc in AD it shows it was modified at the same time…

                                3 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  4 comments  ·  Domain join  ·  Flag idea as inappropriate…  ·  Admin →
                                • Bug - Active Directory Administrative Center Global Search

                                  When double-clicking on a search result in "Global Search", the item that opens is the previously selected item, not the one that is double-clicked.

                                  Steps to reproduce: Open ADAC, enter a value in global search that will get more than one result, for example "domain". This will give a list of results, the top one will be selected. Double-click on any result that is not the selected one.

                                  Result: The previously selected item opens
                                  Expected result: The double-clicked item opens

                                  25 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    12 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
                                  • AD FS should not require Domain Admin privileges

                                    Right now in Windows Server 2012 R2 you are required to run present Domain Admin credentials while installing. This is not an option when AD FS and AD DS are supported by separate teams - it exposes domain admin credentials to persons which are not allowed to know them.
                                    This was not a case for AD FS 2.0 - please remove the need of DA privileges to be entered at AD FS server.

                                    14 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Improve Members and Member Of view in Active Directory Administrative Center

                                      When opening a user or group and looking at “Member of” or “Members” in ADAC only three items is visible in the view. I would like the ability to resize the view to include more than three items.

                                      24 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
                                      • ADFS should support SQL Azure

                                        Please add support to use SQL Azure as DB. Would open up some easy HA scenario deployments for ADFS.

                                        3 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Native Biometric Support in Active Directory On-Premise (Like Windows Hello)

                                          Built in way to have fingerprint or iris, or facial recognition and integrated into Active Directory Authentication.

                                          29 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5
                                          • Don't see your idea?

                                          Feedback and Knowledge Base