AD Connect Event Troubleshooting | Microsoft 365 Security Administration Exam

Inspecting AD Connect Events

Prev Question Next Question

Question

You have installed AD Connect on a Domain controller and need to perform troubleshooting by inspecting the generated AD Connect events.

Where should you look?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: B

All directory synchronization logging is viewable in Event Viewer in the Application event logs:

Open Event Viewer.

Expand Windows Logs, and then expand Application.

In the Actions pane, select Filter Current Log.

In the Event sources box, select the Directory Synchronization check box.

Feature ‘Azure AD Free - Security defaults Protect Azure AD tenant admin . accounts with MFA, Azure AD Free - Azure AD Global Microsoft Administralrs 365 apps # (Azure AD Global Administrator . accounts only) Azure AD Premium P1 or P2 Mobile app as a second factor . . . . Phone call as a second factor . . . SMS as a second factor . . . Admin control over verification . . . methods Fraud alert . MFA Reports . Custom greetings for phone calls . Custom caller ID for phone calls . Trusted IPs . Remember MFA for trusted . . . devices MFA for on-premises applications

Option A is incorrect.

System event logs displays system events.

Option C is incorrect.

The security event logs display events involving server security.

Option D is incorrect.

These logs are generated for Log analytic agents installed on the server.

To know more about troubleshooting Azure Directory sync, please refer to the link below:

AD Connect is a tool used to synchronize on-premises Active Directory (AD) with Azure AD, and it generates events that can help troubleshoot various issues related to synchronization.

To find the AD Connect events, you need to look in the event logs of the domain controller where AD Connect is installed. Specifically, you should look in the Application event logs, as this is where AD Connect logs its events. The other event logs listed in the answers (System, Security, and Windows Azure) are not typically used by AD Connect for logging events.

Here are the details of each answer option:

A. The System event logs - While some system-level events may be logged in the System event logs, AD Connect events are not typically found here.

B. Application event logs - This is the correct answer. AD Connect logs its events in the Application event logs of the domain controller where it is installed.

C. The Security event logs - The Security event logs are used to track security-related events, such as logon attempts, resource access, and system configuration changes. AD Connect events are not typically found here.

D. The Windows Azure event logs - This answer option is incorrect because AD Connect does not log events to the Windows Azure event logs. The Azure AD Connect Health tool, which is a separate component that can be installed alongside AD Connect, may log events to the Windows Azure event logs, but this is not related to AD Connect itself.

In summary, if you have installed AD Connect on a Domain Controller and need to perform troubleshooting by inspecting the generated AD Connect events, you should look in the Application event logs of the domain controller.

Prev Question Next Question