locked
ADFS Authentication logs details RRS feed

  • Question

  • Hello

    Can any one tell me how to find if the users has been successfully  or failed authenticated via ADFS. what is the event id?

    Thanks


    NA

    Friday, October 7, 2016 2:09 PM

Answers

  • You can start looking for Events 500,501 and 299, but I'd suggest reading about AD FS auditing here first.

    http://blog.auth360.net

    Friday, October 7, 2016 5:40 PM
  • If the user is coming from the AD claim provider, you can also look at regular 4624 events on the ADFS servers (as long as the successful logon audit is enabled - which I believe is the case by default in Windows Server but I don't know what you've set on your group policies).

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, October 11, 2016 10:43 AM

All replies

  • You can start looking for Events 500,501 and 299, but I'd suggest reading about AD FS auditing here first.

    http://blog.auth360.net

    Friday, October 7, 2016 5:40 PM
  • If the user is coming from the AD claim provider, you can also look at regular 4624 events on the ADFS servers (as long as the successful logon audit is enabled - which I believe is the case by default in Windows Server but I don't know what you've set on your group policies).

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, October 11, 2016 10:43 AM