locked
ADFS 3.0 log user access (success or failed) RRS feed

  • Question

  • Hi,

    on our infrastructure there is a WAP proxy and an AD FS server, both Win 2012 R2.

    For legal reasons we need to trace all the user logins (success or failed) with their samaccountname in clear, so we enabled the audit on the AD FS server as described on this paragraph: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/troubleshooting/ad-fs-tshoot-logging#security-auditing

    Unfortunately in security logs we find only events regarding the periodic communications with the proxy, but nothing correlated with the user login.

    Can you kinldy help us achieving that?

    Thanks!

    Chris

    Wednesday, November 21, 2018 9:58 AM

All replies

  • Please share your configuration:

    Get-ADFSProperties

    auditpol /get /category:*


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, November 22, 2018 10:29 PM