Active Directory

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Login hint for Saml based application

    Provide login_hint fordwarding for ws-saml protocol and from ws-saml to ws-fed protocal

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  2. Certificate Services User Certificate Template custom Subject Name options from Active Directory Information.

    This request is Add a custom field option for Subject Name format for "Build from this Active Directory information" on a user certificate template.

    Build from this Active Directory information is an important feature for many companies using Active Directory Certificate services as it ensures the user account can't create their own values on a certificate , which could mis-represent the identity and create security concerns. This is also an important option used for auto enrollment of user certificates.

    Currently the only options for this section are Common Name or Fully Distinguished name or None.

    This Feature request is to…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. gpupdate to specific target dc

    run the gpupdate tool versus specific dc
    like: gpupdate /targetdc:dc-name

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow ADDS communication over QUIC

    Allow ADDS communication over QUIC, so that you can allow kerberos over the internet without a kdc proxy due to the built in encryption. This would also allow consolidation of ADDS communication to fewer ports also because of the reduced latency of the protocol over TCP.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Check the computers option by default in the object types dialog

    When adding objects to an Active Directory group, the Computers option is not checked by default. This will save a lot of clicks if that was checked by default.

    50 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add support for OAuth3/GNAP in ADDS

    Add support for OAuth3/GNAP authentication protocol as a replacement for NTLM or in addition to NTLM/Keberos authentication. This is a IETF draft standard protocol for Authentication. https://oauth.xyz/

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  7. Less default permissions for Authenticated Users & Domain Users

    As a defense-in-depth measure, it would be great to apply POLA to Authenticated Users & domain users group, so that no single user can enumerate more than they require. It would help in the Reconnaissance phase of an attack.

    It seems like these are enough for an Authenticated User (1):
    * Read gPLink
    * Read gPOptions
    * List Contents
    * Read permissions
     Read distinguishedName
    
    Read cn

    (1) https://community.spiceworks.com/topic/1457668-securing-our-ad-by-removing-authenticated-users-from-an-ou-breaks-group-policy

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  8. Active Directory Administrative Center (ADAC) - Bulk Change Clears Manager Attribute

    When performing a bulk change on users (select all > properties) the manager field is cleared for nearly all users. I was able to reproduce this effect multiple times enabling/disabling "Protect from accidental deletion." Since the values are variable among multiple users the bug seems to apply a $null value to the manager attribute clearing all managers and direct reports. This has greatly impacted visibility of team calendars and organization charts in Office 365.

    Reviewing the PowerShell History window in ADAC the following PowerShell commands are executed when only enabling/disabling deletion protection.

    Set-ADObject -Identity:"<userDN>" -ProtectedFromAccidentalDeletion:<bool> -Server:"<DC>"

    Set-ADUser -Identity:"<userDN>" -Manager:$null -Server:"<DC>"

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  9. Preferred language value issue

    AD default preferred language attribute for Taiwan is zh-tw

    Teams admin center will display as Simplified Chinese with preferred language code of zh-tw

    To display Traditional Chinese will need to change the preferred language code to zh-TW which is case sensitive.

    Suggest to change the default value of Preferred language to zh-TW in AD

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. How to create a Azure Active Directory Account using work group email address

    I have a team of engineers working towards PowerShell Modules that we need to upload to PowerShell. We have a work group email address for our team. We would like to use this group email address to upload our modules. I spent quite some time on Azure Active Directory but it only allows me to login using my work email address. I do not see any option to create an account with group email address or add it anywhere. We have done the same using "Manage Organization" feature in nuget.org for our nuget packages. Please help since we do not…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure  ·  Flag idea as inappropriate…  ·  Admin →
  11. Temporary Password

    Be able to type a temporary password. As it is now, the system generates one. We would like to use an easy to dictate one and the user then changes it.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  12. Get-GPO does not return UserVersion, ComputerVersion or WMI Filters

    Get-GPO does not return UserVersion, ComputerVersion or WMI Filters

    Windows PowerShell 5.1 returns these values.

    Tested from both Windows 10 1909 and a non-Domain Controller Windows Server 2019 1809.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  13. Download ADMX Templates no MSI but ZIP

    It would be great to have ADMX Templates not as MSI files but ZIP files, so you don't need to install it. Only extraction. Saves lot of time for me.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  14. Force select groups to forms authentication in ADFS

    Their exists a scenario with ADFS and SSO based apps (to include 365) where there is a common user logged into their PC but need to access their webmail. However it detect the user logged and and wants to leverage WIA. Current work around is to do a REGEX and push user agent string to those impacted PCs to not perform WIA and results in Forms Auth. However with Microsoft pushing Edge and Chromium going towards client hints, this bandaid is slowly loosing its adhesive.

    Ideally it would be nice to specify a group and force them to forms based…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  15. elimine por error Microsoff egel

    elimine Microsoff Egel es Windows 8.1

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Import-Module -Name ActiveDirectory ; Get-Help -Name about_ActiveDirectory returns a list of cmdlets, not help info

    When I try to use Get-Help with any of the aboutActiveDirectory* topics, it just gives me a list of cmdlets. Other topics, like aboutFor or about_Break work as expected. I had originally thought it was perhaps an interop issue with PowerShell 7 being installed as well, but it happens when I try it on my Domain Controller that has only the PS built in to the server. An example is below:

    PS C:\Windows\system32> Get-Help -Name about_ActiveDirectory

    Name Category Module Synopsis


    Get-ADAuthenticationPolicy Cmdlet ActiveDirectory Gets one or more Active Directory Domain Services authentication policies.
    Get-ADAuthenticationPolicySilo Cmdlet ActiveDirectory Gets one…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  17. Windows Domain Server incorrect-password delay

    One change to security for incorrect password entry that would make it friendlier for the users and more secure against brute force password attacks would be to use a geometrically increasing delay when a specific number of wrong passwords are entered. The first delay could be one minute, the second 5 minutes, the third 25 minutes, the fourth 125 minutes, etc. Of course this would also involve a time setting for resetting the wrong passwords progression after a previous delay. This would make the initial delay for wrong passwords very short for the user, but would increase the time for…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  18. DCPromo را برای تخریب DC تنظیم کنید

    DCPromo را برای تخریب DC تنظیم کنید

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Active Directory Dark Theme

    When set the Windows 10 to Dark Theme, change the color of Active Directory from the Server and from the Administrative Tools from Windows 10 to a Dark Theme also!

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add -IncludeContainers Parameter to Get-ADOrganizationalUnit cmdlet

    Currently Get-ADOrganizationalUnit does not have the ability to return containers, requiring the use of Get-ADObject with filters to return the appropriate results. Get-ADOrganizationalUnit would be much more useful if it had the ability to retrieve ALL containers that AD objects can be stored in, not just OUs.

    The exchange powershell Get-OrganizationalUnit cmdlet addresses this with an "-IncludeContainers" parameter to have it return both OUs and containers. I think this would be a useful addition to the Get-ADOrganizationalUnit cmdlet as well.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base