cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Incomplete data from Search-UnifiedAuditLog cmdlet for AzureAD record type

bala official
Copper Contributor

‎Aug 31 2018 06:28 AM

‎Aug 31 2018 06:28 AM

Incomplete data from Search-UnifiedAuditLog cmdlet for AzureAD record type

Hi,

 

From the below cmdlet I got AuditData parameter as an incomplete JSON string.

Search-UnifiedAuditLog -Operations 'Update User.' -RecordType azureactivedirectory -StartDate (Get-Date).AddDays(-30) -EndDate (Get-Date)

I attached the output which i got.

 

AuditData.PNG

Please help me with this case !!! 

 

Labels:
Preview file
54 KB
10.9K Views
0 Likes
22 Replies
Reply
22 Replies
Mozzz

‎Feb 21 2019 09:19 PM

‎Feb 21 2019 09:19 PM

Re: Incomplete data from Search-UnifiedAuditLog cmdlet for AzureAD record type

Hi Ryan

 

I am executing the Search-UnifiedAuditLog power shell command and getting error below.


Which module i need to install in Power Shell for  ‘Search-UnifiedAuditLog ‘  command ?

 

Search-UnifiedAuditLog : The term ‘Search-UnifiedAuditLog’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of
the name, or if a path was included, verify that the path is correct and try again.
At line:11 char:1
+ Search-UnifiedAuditLog -StartDate 19/02/2019 -EndDate 20/02/2019 -Rec …
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Search-UnifiedAuditLog:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

 

Thanks

Moz

0 Likes
Reply
Dahai Fang

‎Jun 10 2019 06:42 PM

‎Jun 10 2019 06:42 PM

Re: Incomplete data from Search-UnifiedAuditLog cmdlet for AzureAD record type

7 months passed. The problem still exists.

 

Now, I think, maybe, this is not a bug, but a feature.  :)

0 Likes
Reply
CSP77

‎Nov 17 2021 07:31 PM

‎Nov 17 2021 07:31 PM

Re: Incomplete data from Search-UnifiedAuditLog cmdlet for AzureAD record type

Hi guys

2021 and this is still an issue for the AuditData field!

Not acceptable. I have had one of my techs inadvertently remove a fairly large list of sharepoint site exclusions from retention policy. Hoping I could use search-unifiedauditlog to get the sites to add back, but no, truncated!

0 Likes
Reply