Active Directory

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. DNS Conditional Forwarder and Delegation.

    Hi,

    To put it in a LAB scenario.



    Conditional forwarder site2.location1.country1.company.org cannot be created if the Forward zones has location1.country1.company.org -> "A problem occurred while trying to add the conditional forwarder. A zone configuration problem occurred."



    I delegate site2 under location1.country1.company.org pointing to external IPs - Successful.



    Now if i create a Conditional forwarder site2.location1.country1.company.org it gets created and works even if i delete the delegation done in step 2.

    I am not sure if this supported model, but would like to know this approach is documented anywhere? or i am wrong in understanding it.

    Thank you.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  2. Build ADFS 2019 Plug-in to allow user authentication requiring Azure MFA to be bypassed when internet access is down

    My company uses O365, AD FS 2016 and Azure AD, recently our internet provider had repeated outages where the AD FS servers access to the internet was compromised. This was a unavoidable outage for users on our internal network but since O365 leveraged Azure MFA in a CA policy external users could not get to O365 resources because they could not do MFA at ADFS. I want to create a plugin that checks for access to Azure MFA if it fails it places a default hardcoded claim in the token package validating MFA but raising a RIsk factor whtich will…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  3. Change the default UPN for a domain

    With companies changing UPN's on user accounts due to things like O365 migrations, make it possible to change and set the default UPN used for new user creation in a domain.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  4. Check the computers option by default in the object types dialog

    When adding objects to an Active Directory group, the Computers option is not checked by default. This will save a lot of clicks if that was checked by default.

    42 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Set-GpPermission - Add a "Force" parameter

    The Set-GpPermission PowerShell cmdlet generates a prompt when attempting to remove the "Authenticated Users" permission from a GPO. There is no way to avoid this, which makes programmatic GPO creation very difficult. Please add a "-Force" parameter to avoid this prompt, or make the "-Confirm:$False" parameter also apply to this prompt.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  6. Make DCPromo GUI available for demoting a DC

    Before removing the ADDS role the DC needs to be demoted to a regular server. The only way to get the link to the GUI is to create an error by trying to remove the ADDS role when you KNOW you cannot do so. Trying to do so will produce the error and the error message will give you the link.
    Isn't that kind of stupid? Why first make me do something wrong to get the link to do it right?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support User preferences for using MFA as primary authentication method

    Support other methods using MFA for Primary Authentication, based on what the user's preferences are (as setup in aka.ms/mfasetup)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  8. 000

    000

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  9. 000

    000

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  10. Change Get-ADFSAccountActivity to return all users in ADFS Activity database

    Change Get-ADFSAccountActivity to return all users in ADFS Activity database, like supporting a -All parameter. Then users can be searched using powershell of users that have triggered lockout or failed given amount of times. Currently users have to be retrieved one by one which is tedious at best

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  11. Active Directory Dark Theme

    When set the Windows 10 to Dark Theme, change the color of Active Directory from the Server and from the Administrative Tools from Windows 10 to a Dark Theme also!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  12. GPO search and list all policies with a specific setting pending on the OU you have selected.

    Add a feature to search and list all policies with a specific setting pending on the OU you have selected. pending on the OU you have selected.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add-ADPrincipalGroupMembership fails with $PSDefaultParameterValues

    Add-ADPrincipalGroupMembership gives an error if used in conjunction with $PSDefaultParameterValues to choose the Domain Controller.

    Using this CMDLET with this variable produces an error that the user does not have permission to perform the specified operation.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  14. pay pal 25BSKLIM TOW KADDOURI CHOUAIB

    compte 0005859947 63 touggourt30002 algeria ccp

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  15. pay pal 25BSKLIM TOW KADDOURI CHOUAIB

    COMPTE N0005859947 63 TOUGGOURT 30002 ALGERIA

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  16. AGPM and Powershell scripting

    AGPM is a great tool to delegate and keep control on our GPO infrastructure. But the scripting possibilities are very poor.
    I suggest you to extend the powershell module for AGPM, and adding, at least, an Import-AGPMFromProduction Cmd-let that will allow us to automate updates into AGPM.

    My use case is that people can still make some changes outside AGPM system (especially the link change, which cannot be controled directly by AGPM). This change are important to keep track, in my opinion. So I regularly manually import the GPO from production into AGPM.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  17. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. 4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  19. Self Service Password Reset portal using whr to give a meaningful user ID example

    When passing something like "?whr=customdomain.com" to the password reset page it picks up my company branding, great stuff.

    However, the User ID section still carries an example text of "Example: user@contoso.onmicrosoft.com or user@contoso.com".

    Could the passwordreset.microsoftonline.com pages be updated so that the domain passed by whr gets used in the example, so that the example would read (in this case): "Example: user@customdomain.com".

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  20. Get-ADUser PasswordExpirationDate

    The Get-ADUser cmdlet should optionally return a "PasswordExpirationDate" attribute that is derived from "msDS-UserPasswordExpiryTimeComputed" and shown in a friendly format.

    This is already done for PasswordLastSet from pwdLastSet and perhaps other attributes.

    Without this enhancement, we must parse and convert the time such as:
    $user = Get-ADUser -Properties msDS-UserPasswordExpiryTimeComputed sAMAccountName
    ([datetime]::fromfiletime([int64]::parse(($user)."msDS-UserPasswordExpiryTimeComputed"))).tostring()

    Or we resort to non-PowerShell tools:
    net user sAMAccountName /domain

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base