Active Directory

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Self Service Password Reset portal using whr to give a meaningful user ID example

    When passing something like "?whr=customdomain.com" to the password reset page it picks up my company branding, great stuff.

    However, the User ID section still carries an example text of "Example: user@contoso.onmicrosoft.com or user@contoso.com".

    Could the passwordreset.microsoftonline.com pages be updated so that the domain passed by whr gets used in the example, so that the example would read (in this case): "Example: user@customdomain.com".

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  2. pay pal 25BSKLIM TOW KADDOURI CHOUAIB

    COMPTE N0005859947 63 TOUGGOURT 30002 ALGERIA

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  3. LAPS - Add Cmdlets to remove permissions

    Add a CMDLET to Remove LAPS Password reset and read permissions. Currently there is only a cmdlet to add permission, but not to clean up.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  4. Update Active Directory Password policies to align with new NIST guidelines

    Now that the new NIST 800-63B guidelines are coming together, can Active Directory be updated to follow some of the guidance in here? Specifically allowing for blacklists of breached or otherwise bad passwords, potentially allowing for a salt to be added to AD password hashes, and rate throttling instead of just account lockout?

    https://pages.nist.gov/800-63-3/sp800-63b.html

    49 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  5. Native Biometric Support in Active Directory On-Premise (Like Windows Hello)

    Built in way to have fingerprint or iris, or facial recognition and integrated into Active Directory Authentication.

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enhance Password Policies in Group Policy

    I would like to see improved password policies to enable administrators to restrict some of the most common abuses of password policy. The main things I would like to see are:
    - Specifiy minimum number of changed characters vs previous password (eg to prevent just incrementing a number)
    - Ability to blacklist common bad passwords including wildcard support
    - Ability to control which complexity requirements are required rather than only having a single complexity option defined by Microsoft.

    53 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  7. Self service password reset for users

    Create a password reset self service portal function for users which can be published externally.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  8. More granual account expiration and new account activation option

    The standard expiry date for an account only allows you to specify a date, the account is expired at the end of that date. How about adding in a time field as well - so that an account can be set to expire at 5pm on *** date. This can already be be done via Powershell "Set-ADUser username -AccountExpirationDate "12/25/2012 5:00:00 PM" but it would be great to have it as a GUI option.

    The use case is that most companies offboard staff at COB on a given date and want to restrict access at that specific time, rather than…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow group managed service Accounts (gMSA) to have a dummy password

    It's 2017 and there's still Server Software (even microsoft's own - like TFS), which is not able to handle gMSAs, because the password field is mandatory.
    Since that software probably uses windows function to sign-in as such a user, it would be nice to have a mechanism, which allowed us to just use a dummy password for such an account - like "groupManaged" or "-" whatever else.

    So perhaps this is possible, that Windows Server introduces a mechanism allowing to type a password in the mandatory password fields, which signalizes the same as an empty password for gMSAs.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  10. Remember Domain Logins

    Most of us log into servers with domain credentials. The ability of Windows to remember previous domain logins appears to be gone in TPv2, and now requires us to type in our user name every time. Quite annoying.

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    investigating  ·  5 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base