Jan 25 2017 03:19 AM
Jan 25 2017 03:19 AM
Does anyone know if there is an Admin audit log for AADConnect?
i'm looking for something that logs when an admin has, for example, made a change to the sync, such as adding or removing an OU from the sync scope, manually triggering an initial or delta sync, opening the admin tools or opening the connectors in edit mode?
i am seeing a lot of clients systems whereby AAD Connect spends a lot of its time complaining about the need for an initial sync, I suspect a lot of these cases are where an admin has opened the sync and OK'd, or even cancelled out, but it seems to have marked the connector as changed.
it seems odd that there is no evident admin audit log for something as critical, and security sensitive, as AAD Connect, if there isnt.
if it relies on logging to event viewer only, then is there any guidance or documentation (i haven't managed to find any) to identify which event IDs would correlate to the above activities, trawling the logs so far i havent found anything identifying when a connector has been changed or, frankly, when an admin has opened or used the tools (MIISClient or Azure AD Connect app/tool)
Thanks in advance for your input.
Feb 07 2017 02:00 AM
having done some testing, and some further googling the view i have come to is:
I'm really hoping i'm wrong about this!
in my lab, i performed a number of tasks:
All of these could result in sync failure, intentionally or accidentally, and nothing is logged anywhere. surely this is quite a big void in security, auditing, and oversight?
if anyone could chime in and point me towards conflicting information i would be very happy.
Jun 18 2020 09:09 AM
@Peter Holland For version 188.8.131.52 onwards, every time a user makes a change to the AADConnect configuration using the Wizard, a time-stamped snapshot of the changed configuration is saved. Comparing these snapshots will show the exact changes that were made, including who made the changes.
Soon, customers will be able to use these snapshots to restore a server or build a copy of a server by specifying the snapshot file in the installer process.
Jun 18 2020 09:21 AM
@Peter Holland Yeah, right? I'm super hyped about this! We're aiming for public preview of the "import" side of this feature in a couple of weeks - where we will also release a feature to make a configuration snapshot of an older (pre 1.5) version which can be used to create an upgraded copy of the older server.
Jus think about all the possibilities once we have this in place...
Nov 09 2020 02:04 PM
@Rob de Jonghi there, is this currently available already? where can I access information like this?
We had a recent issue with sync for something that should have been enabled and I found out that it wasn't, essentially re-running the config and manually configuring our sync items again.
Nov 25 2020 08:56 AM
@notaproadmin Yes, this is available - documentation is here: How to import and export Azure AD Connect configuration settings | Microsoft Docs
Aug 17 2021 03:38 PM
Aug 18 2021 07:36 AM
Oct 06 2021 09:56 PM
Thanks @Rob de Jong!
I will have to filter out these events every time I want a quick assessment, and I archive all logs, so I am archiving a lot of useless entries... no, not being able to configure the level of logging is bad for me.
But thanks for your attention and help!
Jan 20 2022 10:35 AM