Active Directory

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. ADFS and Claims Rule Language Reference

    we need a comprehensive syntax and semantics reference for Claims Rule Language. I know there are operators besides == ~= EXIST and such, which are not covered here. and this link is by far the most comprehensive which is available:
    http://social.technet.microsoft.com/wiki/contents/articles/4792.understanding-claim-rule-language-in-ad-fs-2-0-higher.aspx

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  2. Open Source the ActiveDirectory PowerShell Module

    Please consider open sourcing the ActiveDirectory PowerShell Module. While regarded as feature complete internally at MSFT, there is still much work that can be done to offer PowerShell users of all skill levels a more consistent experience by ensuring all Cmdlets in the ActiveDirectory Module accept pipeline input and parameter binding by property name and value. There is also tremendous value in providing PowerShell users with Cmdlets to determine which attributes in the Active Directory schema have been indexed as well as Cmdlets to extend the schema with the addition of other attributes.

    146 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. BUG: 2016 server allows you to create machines with same name

    I added a 2016DC to my 2012 and 2012r2 DCs a couple weeks ago.

    Today I added a new PC into the network.

    The problem is I used the same name as a PC already on the network (shouldn't be an issue Windows always catches this and doesn't allow it).

    AD didn't catch this and actually updated the original PC in AD and did not add a second PC or warn that the name was already in use. If I look at the modified date of the original pc in AD it shows it was modified at the same time…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Domain join  ·  Flag idea as inappropriate…  ·  Admin →
  4. Bug - Active Directory Administrative Center Global Search

    When double-clicking on a search result in "Global Search", the item that opens is the previously selected item, not the one that is double-clicked.

    Steps to reproduce: Open ADAC, enter a value in global search that will get more than one result, for example "domain". This will give a list of results, the top one will be selected. Double-click on any result that is not the selected one.

    Result: The previously selected item opens
    Expected result: The double-clicked item opens

    31 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  5. Active Directory Administrative Center (ADAC) search feature is incomplete

    well, WTH?! ADUC lets you find users, computers, group, printers, shares, etc.

    why on earth the new ADAC is lacking this feature? why don't you have the option to choose primitive object types in ADAC search as you can in ADUC? I know you have LDAP query builder and all that (which is awesome by the way); but shouldn't simple stuff be available and intuitive stuff be as easy as they have always been with newer tools?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  6. Improve Members and Member Of view in Active Directory Administrative Center

    When opening a user or group and looking at “Member of” or “Members” in ADAC only three items is visible in the view. I would like the ability to resize the view to include more than three items.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  7. AD FS should not require Domain Admin privileges

    Right now in Windows Server 2012 R2 you are required to run present Domain Admin credentials while installing. This is not an option when AD FS and AD DS are supported by separate teams - it exposes domain admin credentials to persons which are not allowed to know them.
    This was not a case for AD FS 2.0 - please remove the need of DA privileges to be entered at AD FS server.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  8. Managed Service Accounts in Active Directory Administrative Center

    I would like to create, view and edit Managed Service Accounts from Active Directory Administrative Center.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  9. ADFS should support SQL Azure

    Please add support to use SQL Azure as DB. Would open up some easy HA scenario deployments for ADFS.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  10. AGPM status icons and requester feedback

    AGPM is a great tool for GPO management but I think it's missing some functionality.
    When working in the controlled GPO section you have icon showing if a GPO it's checked out. Would be good to see more status icons showing these states: deployed, checked out, modified after deployment.
    Also it would be nice if the requester of a GPO action can get mail notification back when it's done or rejected.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  11. The -PasswordExpired parameter of the Search-ADAccount cmdlet does not work

    The help for the Search-ADAccount cmdlet includes the following example:

    Search-ADAccount -PasswordExpired

    This is supposed to retrieve all accounts with expired passwords, but it retrieves nothing. In a similar manner, the following also retrieves nothing:

    Get-ADUser -Filter {PasswordExpired -eq $True}

    The cmdlets will display the value of the PasswordExpired property, either True or False, when we filter on other properties. For example, both of the following examples will indicate if passwords are expired:

    Get-ADUser -Identity "jsmith" -Properties PasswordExpired
    Search-ADAccount -AccountDisabled

    I believe the PowerShell property PasswordExpired and the -PasswordExpired parameter are both based on the msDS-User-Account-Control-Computed attribute. This attribute is…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  12. Set-ADAccountPassword Raises Error if DN of Account has "*" Character

    The Set-ADAccountPassword cmdlet raises an error if the distinguished name of the account includes the asterick character, "". The error is raised even if you identify the user by sAMAccountName (astericks are not allowed in sAMAccountName values). It does not help to identify the user by distinguished name, even if you escape the "" character, whether you escape with the backtick "`", the backslash "", or using the 2 character ASCII hexadecimal equilvalent "\2A". The only workaround found is to bind to the account using the [ADSI] accelerator and invoke the SetPassword method.

    Assuming the user "cn=Will *…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  13. version control for Group Policy

    It would be nice if there was a supported way to use version control tools (i.e. GIT, SVN, etc.) to manage various versions of Active Directory Group Policies.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  14. ActiveDirectory PowerShell Module has scalability/performance issues.

    The ActiveDirectory PowerShell Module has scalability/performance issues when querying hundreds of thousands of objects for more than a dozen properties and exporting that data to a Csv file.

    When executing 'Get-ADUser -Filter * -Properties $Properties | Export-Csv' where $Properties contains ~20 properties and the $Object.Count is ~500,000, the report often takes ~180 minutes, even when querying a domain controller local to the source. Using JoeWare.net's ADFind, a lightweight and high performance C++ executable wrapped and invoked via PowerShell, the report takes less than 10 minutes.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Native Biometric Support in Active Directory On-Premise (Like Windows Hello)

    Built in way to have fingerprint or iris, or facial recognition and integrated into Active Directory Authentication.

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  16. Get-ADGroupMember -Recursive does not return members of Primary Groups

    If I have:
    * A group "ParentGroup"
    * A group, "NestedGroup", that is a member of "ParentGroup" group
    * A user "UserA" who is a member of "NestedGroup"
    * A user "UserB" whose primary group is "NestedGroup"

    And I run from PowerShell version 4 with the ActiveDirectory module on Windows 8.1:
    Get-ADGroupMember -Identity "ParentGroup" -Recursive

    Only "UserA" will be returned. "UserB" and any user who is a member of "NestedGroup" by virtue of it being their primary group will not be returned.

    dseget.exe behaves as expected.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enhance Password Policies in Group Policy

    I would like to see improved password policies to enable administrators to restrict some of the most common abuses of password policy. The main things I would like to see are:
    - Specifiy minimum number of changed characters vs previous password (eg to prevent just incrementing a number)
    - Ability to blacklist common bad passwords including wildcard support
    - Ability to control which complexity requirements are required rather than only having a single complexity option defined by Microsoft.

    53 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  18. Self service password reset for users

    Create a password reset self service portal function for users which can be published externally.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  19. ADUC enhancements

    ADUC could use some enhancements
    - context menu item "copy DN"
    - stop clearing my search term when I switch between object types
    - for the LOVE of all that is holy, fix the Advanced/Add permission dialogue. What a MESS, and a giant step backward instead of forward. I could write an article on this one. It's a study in bad interface design. It has two columns, with a random split in the middle - yuck. Make it all one column. There are so many attributes - put a filter box at the top so we can easily find what…

    33 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  20. Existing the miracle of creations as user request for

    I would like to share about something miracle,that i had seen before. The existing of the miracle object in as i wish for without using technology or any devices.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base