The best way to protect this is to use Microsoft Defender. For Microsoft support for Microsoft Active Directory, I would rate it as eight. If I give it 10, it would be too perfect. Eight is fair. Microsoft should work on the support and ability to solve problems more efficiently. You cannot contact Microsoft directly. Microsoft has partners related to support that can help customers solve issues. When partners are unable to resolve the issue, they will raise the issue to Microsoft headquarters. This process sometimes takes time while waiting for a solution from them.
I think Microsoft Active Directory could be more intuitive. My impression of the integration of Microsoft Active Directory with third-party applications is that it can be made better. It's not the tendency of Microsoft to use a standard, but to modify it to their needs. This is catastrophic if you have to integrate other applications that use the same standard. This creates a major problem, so you have to be very careful and implement step by step, knowing that the partner is Microsoft. I would leave Microsoft Active Directory as it is and build possibly interfaces. For example, there is a provisioning protocol standard named SCIM. It seems that Microsoft Active Directory does not yet have a SCIM interface, which is a problem.
I haven't explored all the features of Microsoft Active Directory yet, as I'm still learning and exploring all the options within the platform. There is one minor improvement I can suggest. Sometimes when we create email groups in Microsoft Active Directory and add someone to that group, it takes around 24 to 48 hours for their email account to be synchronized with their Microsoft Office 365 shared mailbox, distribution list, or group. If that time could be reduced, it would be really beneficial for us and the end user. When adding an account through Microsoft Exchange, it syncs within 10 to 15 minutes, but when using Microsoft Active Directory, it takes around 24 to 48 hours. Reducing this synchronization time would be beneficial.
Network Security Administrator at a retailer with 51-200 employees
Real User
Top 5
Jun 17, 2025
There are a few areas that could be improved with Microsoft Active Directory, along similar lines as Intune. Not too much on the support side, but on the Group Policy side, it doesn't always function as intended. Sometimes, it can be overly complicated, and when you apply Group Policy in an Active Directory environment, sometimes those settings apply and sometimes they don't.
Information Technology Specialist at stelios@biolandenergy.com
Real User
Top 5
Jan 14, 2025
Perhaps the synchronization could be simpler and more controllable. There are some features that need improvements in terms of ease of use and frequency of updates.
Even better group management would be beneficial. Creating and searching through groups can be challenging, especially if I need to export data. Exporting and verifying group memberships require command line scripts, which isn't simple. The current Active Directory UI is limited in report generation, necessitating script knowledge to generate various reports.
Regional IT Infrastructure Manager at a retailer with 5,001-10,000 employees
Real User
Top 20
Sep 19, 2024
The challenges everyone now has in mind is how to really migrate fully to the cloud. Many companies face both technical and cost-related challenges when moving from on-premise Active Directory to Microsoft Intra. Additionally, not all features available on-premises, such as the RADIUS server, are available in the cloud, necessitating alternative solutions. Moreover, the cost of migrating to the cloud is a significant hurdle due to the yearly subscription fees.
Senior Technical Project Lead at a computer software company with 51-200 employees
Real User
Top 20
Jun 12, 2024
I expect additional features like maximizing user flow, improving the branding of the UI, and enabling non-interactive login. Customizing the login page is limited to changing the background and logo, and adding terms and conditions during registration requires JavaScript.
Most of the features of the product are not implemented in our company because every employee is involved in their own research and development activities. Microsoft Active Directory restricts most of the features our company's employees want to use since they are involved in research and development activities. The tool should not restrict functions or features for users, and it can be considered as an area for improvement.
I feel that Microsoft Active Directory is a superior solution to the other products available in the market. Microsoft Active Directory fails to provide MFA. MFA, which is also known as multi-factor authentication on top of the password and username, is what I would like to see in the product's future releases.
Senior System Administrator at Mongolian Mining Corporation
Real User
Aug 14, 2023
The cloud service of Microsoft Active Directory is an area with certain shortcomings that need improvement. Microsoft Active Directory's stability can be improved.
Typically, it depends on the customer's situation. If the customer operates in smaller locations where most PCs are in a common location, we usually aim to consolidate the directory infrastructure for easier maintenance. However, for distributed setups spanning multiple countries, configuring multiple sites becomes necessary and more intricate to handle. Our objective is to minimize the number of sites, simplifying operations for IT administrators and reducing errors. Mistakes in Active Directory can be costly for organizations, as disruptions can occur rapidly. Moreover, when it comes to hybrid single sign-on across various applications, Microsoft hasn't put forth significant effort. Single sign-on has become a challenge for many customers who utilize diverse solutions beyond Microsoft products. While implementing single sign-on is relatively straightforward in the Azure cloud, it's considerably more complex when dealing with the local Active Directory. This presents a big challenge for many of our customers.
The product must provide remote password reset features. Users would want to reset their passwords wherever they are. We've never really had a simple solution where resets could be done remotely other than using third-party applications. We've had to create a third-party application for password resets. The cloud-based solution was not so easy to deploy. The product should improve Active Directory replication into the cloud. The setup is not seamless. If we set up an AD on-prem and want to deploy it in the cloud, the synchronization setup is not very easy. The product should improve the synchronization between on-prem and cloud servers. The setup is quite complex. It would be helpful to set up a cloud server and link it to the same domain. The active directory synchronization must be instant. It would be a great improvement if the process were automated. If I go into the cloud and set up a new Active Directory server, and link it to a specific domain, the synchronization should be the way it is on-prem. When I set up a new server on-prem and connect it to the domain, all the users move immediately.
Most of the features which are required for the active directory are already introduced into the Azure Active Directory. If you are using the Active Directory, the main concern is that the policy is restricted to the specific local area network. The users may not be in that specific local area network, like the office network, and won't get the updates and new policies. However, upgrading is not easy because it has to come in a hierarchy from top to bottom. If you are a global administrator and have limited rights, it might be difficult as you are responsible for the whole entity.
The user interface is not friendly for a regular user. Configuration is more complicated than it needs to be. It normally requires an expert technician and deployment takes two to three weeks.
Lead Desktop Support Technician at a healthcare company with 10,001+ employees
Real User
Top 10
Jan 19, 2023
There has been a change in the layout of the user information. Previously, I had to go to properties to view the information, but now it is displayed directly below the search results. It takes some time to get used to.
I would like to see the integration with Mac and IOS products improved. I would also like to have some similar functionalities in the on-premise solution that they have on the cloud solution.
The product could be improved in the area of security. For example, they can release a patch every week or every month and release the security patches.
Senior Systems Engineer at Virtual IT Group - Australia
Real User
Sep 29, 2022
The interface for logs should be user-friendly and allow for enhanced filtering to drill down to incidents. It is time consuming to get a clear picture and review deviations in conditional policies because you have to check each and every log to find information on malicious attacks, a compromised end-user's account, or phishing emails. The logs for sign-ins and auditing should be available for more than a 30-90 day window. Most logs are displayed in UTC but it would be helpful to include time conversions for tenant regions. Currently, we must do time conversions manually before we contact users to share information and troubleshoot issues.
Active Directory stores information about objects on the network and makes this information easy for administrators and users to find and use. Active Directory uses a structured data store as the basis for a logical, hierarchical organization of directory information.
This data store, also known as the directory, contains information about Active Directory objects. These objects typically include shared resources such as servers, volumes, printers, and the network user and computer...
The best way to protect this is to use Microsoft Defender. For Microsoft support for Microsoft Active Directory, I would rate it as eight. If I give it 10, it would be too perfect. Eight is fair. Microsoft should work on the support and ability to solve problems more efficiently. You cannot contact Microsoft directly. Microsoft has partners related to support that can help customers solve issues. When partners are unable to resolve the issue, they will raise the issue to Microsoft headquarters. This process sometimes takes time while waiting for a solution from them.
I think Microsoft Active Directory could be more intuitive. My impression of the integration of Microsoft Active Directory with third-party applications is that it can be made better. It's not the tendency of Microsoft to use a standard, but to modify it to their needs. This is catastrophic if you have to integrate other applications that use the same standard. This creates a major problem, so you have to be very careful and implement step by step, knowing that the partner is Microsoft. I would leave Microsoft Active Directory as it is and build possibly interfaces. For example, there is a provisioning protocol standard named SCIM. It seems that Microsoft Active Directory does not yet have a SCIM interface, which is a problem.
I haven't explored all the features of Microsoft Active Directory yet, as I'm still learning and exploring all the options within the platform. There is one minor improvement I can suggest. Sometimes when we create email groups in Microsoft Active Directory and add someone to that group, it takes around 24 to 48 hours for their email account to be synchronized with their Microsoft Office 365 shared mailbox, distribution list, or group. If that time could be reduced, it would be really beneficial for us and the end user. When adding an account through Microsoft Exchange, it syncs within 10 to 15 minutes, but when using Microsoft Active Directory, it takes around 24 to 48 hours. Reducing this synchronization time would be beneficial.
There are a few areas that could be improved with Microsoft Active Directory, along similar lines as Intune. Not too much on the support side, but on the Group Policy side, it doesn't always function as intended. Sometimes, it can be overly complicated, and when you apply Group Policy in an Active Directory environment, sometimes those settings apply and sometimes they don't.
Technology is evolving. AI is offering solutions. However, short-term fixes are like band-aids.
Perhaps the synchronization could be simpler and more controllable. There are some features that need improvements in terms of ease of use and frequency of updates.
Even better group management would be beneficial. Creating and searching through groups can be challenging, especially if I need to export data. Exporting and verifying group memberships require command line scripts, which isn't simple. The current Active Directory UI is limited in report generation, necessitating script knowledge to generate various reports.
The challenges everyone now has in mind is how to really migrate fully to the cloud. Many companies face both technical and cost-related challenges when moving from on-premise Active Directory to Microsoft Intra. Additionally, not all features available on-premises, such as the RADIUS server, are available in the cloud, necessitating alternative solutions. Moreover, the cost of migrating to the cloud is a significant hurdle due to the yearly subscription fees.
The solution should maintain the infrastructure according to the period you are in and the security changes.
I expect additional features like maximizing user flow, improving the branding of the UI, and enabling non-interactive login. Customizing the login page is limited to changing the background and logo, and adding terms and conditions during registration requires JavaScript.
The solution could be made more safe by using authentication mechanisms. We often have to deal with security issues.
Most of the features of the product are not implemented in our company because every employee is involved in their own research and development activities. Microsoft Active Directory restricts most of the features our company's employees want to use since they are involved in research and development activities. The tool should not restrict functions or features for users, and it can be considered as an area for improvement.
I feel that Microsoft Active Directory is a superior solution to the other products available in the market. Microsoft Active Directory fails to provide MFA. MFA, which is also known as multi-factor authentication on top of the password and username, is what I would like to see in the product's future releases.
The cloud service of Microsoft Active Directory is an area with certain shortcomings that need improvement. Microsoft Active Directory's stability can be improved.
I would like to see more integration with cloud-based applications. This would make it easier to manage users and devices across multiple platforms.
Typically, it depends on the customer's situation. If the customer operates in smaller locations where most PCs are in a common location, we usually aim to consolidate the directory infrastructure for easier maintenance. However, for distributed setups spanning multiple countries, configuring multiple sites becomes necessary and more intricate to handle. Our objective is to minimize the number of sites, simplifying operations for IT administrators and reducing errors. Mistakes in Active Directory can be costly for organizations, as disruptions can occur rapidly. Moreover, when it comes to hybrid single sign-on across various applications, Microsoft hasn't put forth significant effort. Single sign-on has become a challenge for many customers who utilize diverse solutions beyond Microsoft products. While implementing single sign-on is relatively straightforward in the Azure cloud, it's considerably more complex when dealing with the local Active Directory. This presents a big challenge for many of our customers.
There is room for improvement in the support. For many use cases, we get good support; for some, we don't.
The product must provide remote password reset features. Users would want to reset their passwords wherever they are. We've never really had a simple solution where resets could be done remotely other than using third-party applications. We've had to create a third-party application for password resets. The cloud-based solution was not so easy to deploy. The product should improve Active Directory replication into the cloud. The setup is not seamless. If we set up an AD on-prem and want to deploy it in the cloud, the synchronization setup is not very easy. The product should improve the synchronization between on-prem and cloud servers. The setup is quite complex. It would be helpful to set up a cloud server and link it to the same domain. The active directory synchronization must be instant. It would be a great improvement if the process were automated. If I go into the cloud and set up a new Active Directory server, and link it to a specific domain, the synchronization should be the way it is on-prem. When I set up a new server on-prem and connect it to the domain, all the users move immediately.
Most of the features which are required for the active directory are already introduced into the Azure Active Directory. If you are using the Active Directory, the main concern is that the policy is restricted to the specific local area network. The users may not be in that specific local area network, like the office network, and won't get the updates and new policies. However, upgrading is not easy because it has to come in a hierarchy from top to bottom. If you are a global administrator and have limited rights, it might be difficult as you are responsible for the whole entity.
The product's premium support services are expensive. It could be better.
The scalability of the solution needs improvement.
The solution is complicated to navigate. We encounter issues while changing the settings. They should improve these particular features.
It could be more stable.
We've found Active Directory difficult to restore. I'd also like to see more structure in the cloud version.
They should improve the solution's old computer cleanup tool.
The DNS services could improve in Microsoft Active Directory.
The user interface is not friendly for a regular user. Configuration is more complicated than it needs to be. It normally requires an expert technician and deployment takes two to three weeks.
There has been a change in the layout of the user information. Previously, I had to go to properties to view the information, but now it is displayed directly below the search results. It takes some time to get used to.
There is room for improvement. Microsoft is always working to improve their solutions and features.
Microsoft Active Directory could improve by having better integration with other solutions.
I would like to see the integration with Mac and IOS products improved. I would also like to have some similar functionalities in the on-premise solution that they have on the cloud solution.
The product could be improved in the area of security. For example, they can release a patch every week or every month and release the security patches.
The interface for logs should be user-friendly and allow for enhanced filtering to drill down to incidents. It is time consuming to get a clear picture and review deviations in conditional policies because you have to check each and every log to find information on malicious attacks, a compromised end-user's account, or phishing emails. The logs for sign-ins and auditing should be available for more than a 30-90 day window. Most logs are displayed in UTC but it would be helpful to include time conversions for tenant regions. Currently, we must do time conversions manually before we contact users to share information and troubleshoot issues.
The interface hasn't changed much over the years. It's suitable for my tastes, but that doesn't mean everybody likes it.