Active Directory

How can we improve Active Directory in Windows Server?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Port Active Directory Module to PowerShell Core and Make Cross Platform

    Active Directory is used for more than just Windows Environments. Traditionally, scripting languages, such as python, have been used in the Linux space to perform automation against Active Directory. Now that PowerShell Core 6.0.X is GA, it would be great if the Active Directory module could be ported to be compatible with PowerShell Core and made cross-platform compatible. This would enable PowerShell based Active Directory management and automation possibilities from Linux, Mac, and IoT in addition to Windows.

    Currently, PSSnapin dependencies in the AD module make it impossible to use in PowerShell Core. This leaves AD as one of the…

    161 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  2. Get-ADUser PasswordExpirationDate

    The Get-ADUser cmdlet should optionally return a "PasswordExpirationDate" attribute that is derived from "msDS-UserPasswordExpiryTimeComputed" and shown in a friendly format.

    This is already done for PasswordLastSet from pwdLastSet and perhaps other attributes.

    Without this enhancement, we must parse and convert the time such as:
    $user = Get-ADUser -Properties msDS-UserPasswordExpiryTimeComputed sAMAccountName
    ([datetime]::fromfiletime([int64]::parse(($user)."msDS-UserPasswordExpiryTimeComputed"))).tostring()

    Or we resort to non-PowerShell tools:
    net user sAMAccountName /domain

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  3. Specify primary authentication method per relying party

    Not being able to specify primary authentication method per relying party is something I run into all the time. Can you please fix this? More and more vendors support SAML-based authentication and ADFS but none of them have a way of requesting Certificate Authentication as a primary authentication method. I do not want to change this on a global level, because we have other relying parties which use WIA. I'm guessing you have everything you need for this already, please fix!

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  4. Replace gpresult with a PowerShell cmdlet

    GPResult served us well when support was done manually on each client from the keyboard. What we need now is a cmdlet that we can use when remoting into a PC and get results that are applied to the PC, including polices that are not applied.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  5. AGPM and Powershell scripting

    AGPM is a great tool to delegate and keep control on our GPO infrastructure. But the scripting possibilities are very poor.
    I suggest you to extend the powershell module for AGPM, and adding, at least, an Import-AGPMFromProduction Cmd-let that will allow us to automate updates into AGPM.

    My use case is that people can still make some changes outside AGPM system (especially the link change, which cannot be controled directly by AGPM). This change are important to keep track, in my opinion. So I regularly manually import the GPO from production into AGPM.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add-ADPrincipalGroupMembership fails with $PSDefaultParameterValues

    Add-ADPrincipalGroupMembership gives an error if used in conjunction with $PSDefaultParameterValues to choose the Domain Controller.

    Using this CMDLET with this variable produces an error that the user does not have permission to perform the specified operation.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  7. Self Service Password Reset portal using whr to give a meaningful user ID example

    When passing something like "?whr=customdomain.com" to the password reset page it picks up my company branding, great stuff.

    However, the User ID section still carries an example text of "Example: user@contoso.onmicrosoft.com or user@contoso.com".

    Could the passwordreset.microsoftonline.com pages be updated so that the domain passed by whr gets used in the example, so that the example would read (in this case): "Example: user@customdomain.com".

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  8. pay pal 25BSKLIM TOW KADDOURI CHOUAIB

    compte 0005859947 63 touggourt30002 algeria ccp

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  9. pay pal 25BSKLIM TOW KADDOURI CHOUAIB

    COMPTE N0005859947 63 TOUGGOURT 30002 ALGERIA

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  10. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add Alert before Token Signing and Token Decryption auto renewed

    My customer experienced several outage during ADFS Toke Signing and Token Decryption certificates automatically renewing. Thus , they really hope that Microsoft PG can add alert functionality , if AutoCertificateRollover is true , when those two certificates are issued automatically by system and before promoted to Primary Certificates , will send alerts

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  13. Have ADFS display 'last login' information when users log in using FBA

    When logging in through ADFS forms-based authentication, the user is only prompted to enter their credentials, they aren't given any way to know when the last time they did so was was. Many web sites offer this feature to allow a user to know when, from where, and from which device they last logged in to they can report any anomalies to the powers that be. ADFS should have such a feature.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  14. LAPS - Add Cmdlets to remove permissions

    Add a CMDLET to Remove LAPS Password reset and read permissions. Currently there is only a cmdlet to add permission, but not to clean up.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  15. ADFS + Azure SQL Managed Instances Supportability

    ADFS + Azure SQL Managed Instances Supportability

    Add supportability for extend AD FS in Azure using Azure SQL Managed Instance to host the database.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  16. Append option in Group Policy

    In Group Policy today we have "Import Settings" and "Restore From Backup" kind of options. Where in both make the GPO settings with complete Replace.
    It would be good to provide "Append/Replace" option when we select "Import Settings". So that when there is a requirement of clubbing GPOs it would be very useful to make one GPO from many GPOs if we have Append option.
    Else it would be difficult for administration if we go on adding one by one setting.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow AD FS to fall back to Forms-based authentication if Windows Integrated Authentication fails

    Currently, if a browser-based user comes to the AD FS sign-in page, AD FS can only decide whether to use integrated authentication by looking at the browser's user agent string. However, t

    There are cases where not all users arriving at the AD FS sign-in page can perform a Kerberos login - they might be within the IP range of the "internal" part of AD FS (in a split-brain DNS configuration) but the client may not be domain joined for various reasons, for example wireless users using BYOD. For these users Kerberos fails and it falls back to NTLM/Basic auth…

    57 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  18. Publish activedirectory module to PSGallery

    The active directory module is really useful, but a pain to install on a server/computer.
    Current install instructions are these: https://blogs.technet.microsoft.com/ashleymcglone/2016/02/26/install-the-active-directory-powershell-module-on-windows-10/

    I would love the possibility to just do:
    Install-Module "ActiveDirectory" and have everything good to go.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  19. Replace ADCS NDES Role Service and Intune NDES Connector with ADCS Issuing CA Intune Connector software

    Replace ADCS NDES Role Service and Intune NDES Connector with ADCS Issuing CA Intune Connector software. Seems easier solution than having seperate server for NDES and needing to publish NDES endpoint to the web, just to issue Certs to the devices managed by Intune.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. GPO: turn off microsoft consumer features all sku

    Please make the GPO object for "Turn off Microsoft consumer features" work on all skus not just Enterprise and Education. I am in education but we have been buying Pro skus as we did not know about this garbage limitation which makes no sense. Removing the XBOX app and other preloaded nonsense is necessary no matter the sku. If it can join a domain this should just work. Yes there are scripts to do this but given its supported in "some" skus this should not be necessary.

    Tom

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base