Active Directory
-
pay pal 25BSKLIM TOW KADDOURI CHOUAIB
COMPTE N0005859947 63 TOUGGOURT 30002 ALGERIA
1 vote -
Self Service Password Reset portal using whr to give a meaningful user ID example
When passing something like "?whr=customdomain.com" to the password reset page it picks up my company branding, great stuff.
However, the User ID section still carries an example text of "Example: user@contoso.onmicrosoft.com or user@contoso.com".
Could the passwordreset.microsoftonline.com pages be updated so that the domain passed by whr gets used in the example, so that the example would read (in this case): "Example: user@customdomain.com".
3 votes -
LAPS - Add Cmdlets to remove permissions
Add a CMDLET to Remove LAPS Password reset and read permissions. Currently there is only a cmdlet to add permission, but not to clean up.
8 votes -
More granual account expiration and new account activation option
The standard expiry date for an account only allows you to specify a date, the account is expired at the end of that date. How about adding in a time field as well - so that an account can be set to expire at 5pm on *** date. This can already be be done via Powershell "Set-ADUser username -AccountExpirationDate "12/25/2012 5:00:00 PM" but it would be great to have it as a GUI option.
The use case is that most companies offboard staff at COB on a given date and want to restrict access at that specific time, rather than…
3 votes -
Update Active Directory Password policies to align with new NIST guidelines
Now that the new NIST 800-63B guidelines are coming together, can Active Directory be updated to follow some of the guidance in here? Specifically allowing for blacklists of breached or otherwise bad passwords, potentially allowing for a salt to be added to AD password hashes, and rate throttling instead of just account lockout?
49 votes -
Allow group managed service Accounts (gMSA) to have a dummy password
It's 2017 and there's still Server Software (even microsoft's own - like TFS), which is not able to handle gMSAs, because the password field is mandatory.
Since that software probably uses windows function to sign-in as such a user, it would be nice to have a mechanism, which allowed us to just use a dummy password for such an account - like "groupManaged" or "-" whatever else.So perhaps this is possible, that Windows Server introduces a mechanism allowing to type a password in the mandatory password fields, which signalizes the same as an empty password for gMSAs.
1 vote -
Native Biometric Support in Active Directory On-Premise (Like Windows Hello)
Built in way to have fingerprint or iris, or facial recognition and integrated into Active Directory Authentication.
30 votes -
Self service password reset for users
Create a password reset self service portal function for users which can be published externally.
14 votes -
Enhance Password Policies in Group Policy
I would like to see improved password policies to enable administrators to restrict some of the most common abuses of password policy. The main things I would like to see are:
- Specifiy minimum number of changed characters vs previous password (eg to prevent just incrementing a number)
- Ability to blacklist common bad passwords including wildcard support
- Ability to control which complexity requirements are required rather than only having a single complexity option defined by Microsoft.53 votes -
Remember Domain Logins
Most of us log into servers with domain credentials. The ability of Windows to remember previous domain logins appears to be gone in TPv2, and now requires us to type in our user name every time. Quite annoying.
26 votes
- Don't see your idea?