Active Directory

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Port Active Directory Module to PowerShell Core and Make Cross Platform

    Active Directory is used for more than just Windows Environments. Traditionally, scripting languages, such as python, have been used in the Linux space to perform automation against Active Directory. Now that PowerShell Core 6.0.X is GA, it would be great if the Active Directory module could be ported to be compatible with PowerShell Core and made cross-platform compatible. This would enable PowerShell based Active Directory management and automation possibilities from Linux, Mac, and IoT in addition to Windows.

    Currently, PSSnapin dependencies in the AD module make it impossible to use in PowerShell Core. This leaves AD as one of the…

    169 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  2. Open Source the ActiveDirectory PowerShell Module

    Please consider open sourcing the ActiveDirectory PowerShell Module. While regarded as feature complete internally at MSFT, there is still much work that can be done to offer PowerShell users of all skill levels a more consistent experience by ensuring all Cmdlets in the ActiveDirectory Module accept pipeline input and parameter binding by property name and value. There is also tremendous value in providing PowerShell users with Cmdlets to determine which attributes in the Active Directory schema have been indexed as well as Cmdlets to extend the schema with the addition of other attributes.

    146 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow AD FS to fall back to Forms-based authentication if Windows Integrated Authentication fails

    Currently, if a browser-based user comes to the AD FS sign-in page, AD FS can only decide whether to use integrated authentication by looking at the browser's user agent string. However, t

    There are cases where not all users arriving at the AD FS sign-in page can perform a Kerberos login - they might be within the IP range of the "internal" part of AD FS (in a split-brain DNS configuration) but the client may not be domain joined for various reasons, for example wireless users using BYOD. For these users Kerberos fails and it falls back to NTLM/Basic auth…

    60 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  4. Enhance Password Policies in Group Policy

    I would like to see improved password policies to enable administrators to restrict some of the most common abuses of password policy. The main things I would like to see are:
    - Specifiy minimum number of changed characters vs previous password (eg to prevent just incrementing a number)
    - Ability to blacklist common bad passwords including wildcard support
    - Ability to control which complexity requirements are required rather than only having a single complexity option defined by Microsoft.

    53 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  5. Update Active Directory Password policies to align with new NIST guidelines

    Now that the new NIST 800-63B guidelines are coming together, can Active Directory be updated to follow some of the guidance in here? Specifically allowing for blacklists of breached or otherwise bad passwords, potentially allowing for a salt to be added to AD password hashes, and rate throttling instead of just account lockout?

    https://pages.nist.gov/800-63-3/sp800-63b.html

    49 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  6. Check the computers option by default in the object types dialog

    When adding objects to an Active Directory group, the Computers option is not checked by default. This will save a lot of clicks if that was checked by default.

    44 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. ADUC enhancements

    ADUC could use some enhancements
    - context menu item "copy DN"
    - stop clearing my search term when I switch between object types
    - for the LOVE of all that is holy, fix the Advanced/Add permission dialogue. What a MESS, and a giant step backward instead of forward. I could write an article on this one. It's a study in bad interface design. It has two columns, with a random split in the middle - yuck. Make it all one column. There are so many attributes - put a filter box at the top so we can easily find what…

    33 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  8. Remove 'This will clear your current search result' in Find ...

    When we type in a computer in the search field, in ‘Active Directory Users and Computers’ Find ..., and forget to change to 'computer'. Then when we change it to computer it will clear the name box. with the message 'This will clear your current search result' Why? this have been bugging me for many, many years... so this is my user-voice :-)

    I would like this behavior to change. Maybe just not to clear the box, and say nothing, and just change to computer.

    Or there could be an option, to have the search filed be custom and remember…

    32 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  9. Bug - Active Directory Administrative Center Global Search

    When double-clicking on a search result in "Global Search", the item that opens is the previously selected item, not the one that is double-clicked.

    Steps to reproduce: Open ADAC, enter a value in global search that will get more than one result, for example "domain". This will give a list of results, the top one will be selected. Double-click on any result that is not the selected one.

    Result: The previously selected item opens
    Expected result: The double-clicked item opens

    31 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  10. Native Biometric Support in Active Directory On-Premise (Like Windows Hello)

    Built in way to have fingerprint or iris, or facial recognition and integrated into Active Directory Authentication.

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  11. Fix Active Directory Users and Computers - remove it's long running shortcomings.

    When I search for an object and open it, the attribute editor tab isn't available. It should be exactly the same whether I navigate to it or search for it.

    When I change my search object type, quit clearing the search field. I'm smart enough to know what I'm looking for.

    Give me a "copy dn to clipboard" option as a context menu.
    Give me a "navigate to" option on the context menu in my search results.
    Your "export list" context item should have some options, such as to export dn's. It's really not very useful as-is. This is the…

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  12. Improve Members and Member Of view in Active Directory Administrative Center

    When opening a user or group and looking at “Member of” or “Members” in ADAC only three items is visible in the view. I would like the ability to resize the view to include more than three items.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  13. Managed Service Accounts in Active Directory Administrative Center

    I would like to create, view and edit Managed Service Accounts from Active Directory Administrative Center.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  14. Remember Domain Logins

    Most of us log into servers with domain credentials. The ability of Windows to remember previous domain logins appears to be gone in TPv2, and now requires us to type in our user name every time. Quite annoying.

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    investigating  ·  5 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  15. AD FS should support user consent options

    AD FS should support a user consent option besides the now provided admin consent only.
    We'd like to use AD FS as a Federation Service with external parties, which is possible for single external targets, but not for bigger federations like InCommon, SWITCH or similar, since an admin cannot decide, which attributes a user wants to release to an service provider. Especially not, when the users (as in our case) are students and employees.
    Other implementations of federatet authentication such as Shibboleth 3 or Thinktecture Identity Server 3 do support user consent. Online Authentication providers (Facebook, Live, Google, etc.) also…

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  16. BUG: Active Directory Users and Computers - using the search will not open the full properties

    Active Directory Users and Computers - using the search will not open the full properties.

    How to reproduce:
    if you search for an object in ADUC and select properties of the object (e.g User account) some tabs will be missing, e.g. the tab where you see all AD properties. This can only be reached by using navigating to the object in the OU and right click > properties.

    It's an unneccessary shortcoming for long imho. I am aware that MS would like to dump ADUC for the sake of the new PS based console but still in some cases both…

    21 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  17. Specify primary authentication method per relying party

    Not being able to specify primary authentication method per relying party is something I run into all the time. Can you please fix this? More and more vendors support SAML-based authentication and ADFS but none of them have a way of requesting Certificate Authentication as a primary authentication method. I do not want to change this on a global level, because we have other relying parties which use WIA. I'm guessing you have everything you need for this already, please fix!

    20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  18. Integrate ARR features in WAP or WAP features in ARR

    Application Request Routing (ARR) provides a good proxy experience and load balancing features.
    Web Application Proxy (WAP) provides the possibility of authenticating users and map the authentication to Kerberos. It also provides the AD FS Proxy functionality.
    WAPs proxy features are very limited in comparison to the proxy features of ARR. So ARR features should be available in WAP or since ARR is hosted on IIS WAP features should be available in ARR and thus in IIS.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  WAP  ·  Flag idea as inappropriate…  ·  Admin →
  19. AD FS should support EntityDescriptor_s Metadata

    AD FS currently only supports single Entity Metadata files, which works well for local applications, but works not for federation with InCommon, SWITCH, DFN, etc.
    It would be good to see support for multi Entity Metadata files, to get a real interoperable product.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  20. Publish activedirectory module to PSGallery

    The active directory module is really useful, but a pain to install on a server/computer.
    Current install instructions are these: https://blogs.technet.microsoft.com/ashleymcglone/2016/02/26/install-the-active-directory-powershell-module-on-windows-10/

    I would love the possibility to just do:
    Install-Module "ActiveDirectory" and have everything good to go.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base