Home

AADConnect - Accidental Delete Prevention

Raghuram P
Occasional Contributor

Any idea how to track changes done by the following cmdlets, nothing shows up in Azure Audit logs or in Sec and Compliance log.

Enable-ADSyncExportDeletionThreshold
Disable-ADSyncExportDeletionThreshold

 

Thanks In Advance

4 Replies

Those cmdlets can be audited on the local server running the AAD Connect instance, not in O365.

Thanks for your reply.

Does this mean that "settings" are stored on the server and not in Azure AD? When these cmdlets are run, they prompt for account with GA rights, so was expecting that these values are stored in Azure AD ( tracked/audited for changes). 

"cmdlets can be audited on the local server", refer to PowerShell module logging / process creation?

 

 

I think you might actually be right and I've spoken too soon. Just did a quick test in my lab and changed the value of AccidentalDeletionThreshold. I do see an entry in the AAD Audit logs (https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Audit), however it's of type "Set Company Information" and doesn't any details on the values I've changed. So I'm afraid it's not of much use.

Thanks for your time and effort. 

Have raised a MS support case and the initial response was we (MS) don't audit/track changes done to these settings. After explaining the reasons, support engineer says will check with peers/next level and provide an answer. If I hear something, will update this post. 

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies