Back

Configuring ADFS Servers for Auditing User Logon Events

Below is the information needed for auditing success and failure logon events in an ADFS Server Farm Check out our Identity Cloud Solutionsservi...

2 min read
Published on Mar 5, 2013
Configuring ADFS Servers for Auditing User Logon Events

Below is the information needed for auditing success and failure logon events in an ADFS Server Farm (Check out our Identity Cloud Solutions for additional consulting help)

Configure ADFS Event Logging

You can configure event logging on federation servers, federation server proxies, and Web servers. ADFS events are logged in the Application event log and the Security event log.

Configure ADFS Event Logging - 1

Configure ADFS Event Logging - 2

Configure ADFS Event Logging - 3Important

You must turn on audit object access at each of the federation servers, for ADFS-related audits to appear in the Security log. This will allow the Federation Service to log either success or failure errors. For more information about how to turn on audit object access, see Audit object access (https://go.microsoft.com/fwlink/?LinkId=62686).

Default Events for Claims-aware Applications on a Web Server

You will notice the following event if the ADFS Web server is able to retrieve ADFS trust information successfully from the Federation Service.

Event Type:Information




Event Source:ADFS




Event Category:None




Event ID:621




Date:11/10/2005




Time:4:09:26 PM




User:N/A




Computer:ADFSWEB




Description:




The ADFS Web Agent for claims-aware applications successfully retrieved trust information from the Federation Service.




GUID: d977fee6-175b-4532-bc24-5ac54d137d57




Version: 17




Federation Service Uniform Resource Locator (URL): https://adfsresource.treyresearch.net/adfs/fs/federationserverservice.asmx




Federation Service Uniform Resource Identifier (URI): urn:federation:treyresearch




Federation Service Endpoint URL: https://adfsresource.treyresearch.net/adfs/ls/




Federation Service Domain Account: TREYRESEARCH0ADFSRESOURCE$

You will also see the following event below in the Security log.

Event Type:Success Audit




Event Source:ADFS ASP.NET Module Auditor




Event Category:Object Access




Event ID:560




Date:11/10/2005




Time:4:10:11 PM




User:NT AUTHORITYNETWORK SERVICE




Computer:ADFSWEB




Description:




The client presented a valid inbound token as evidence.




Token ID: _ad5a3694-860d-4063-95a3-3b0163fad3ca




Identity: adamcar@adatum.com

Read more https://technet.microsoft.com/en-us/library/cc738766(v=WS.10).aspx Please check us out for your Managed Service or Cloud Consulting needs.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Azure Migration vs AWS Migration Key Differences

Comparing Azure Migration and AWS Migration Key Differences in Cloud Strategy

Comparing Azure and AWS for cloud migration? Learn the key differences in pricing, security, tools, and performance to choose the right platform for your business.

Jun 18, 2025
8 min read
Benefits and Challenges of Azure Cloud Migration

Key Benefits and Challenges of Migrating to Microsoft Azure

Migrating to Microsoft Azure offers scalability and security, but it comes with challenges. Explore the key benefits and hurdles of Azure cloud migration.

Jun 17, 2025
10 min read
Who Needs to Comply with CMMC Regulations?

Who Needs to Follow DoD Cybersecurity Requirements for CMMC Compliance

CMMC regulations apply to defense contractors, subcontractors, and suppliers handling DoD information. Find out who must comply and what certification level is required.

Jun 17, 2025
6 min read
What’s the Real Cost of CMMC Compliance?

The Real Cost of CMMC: Catching Up on What You Were Already Supposed to Be Doing

CMMC isn’t introducing new rules, it’s enforcing what should already be in place. Learn what’s really driving the cost of CMMC compliance.

Jun 16, 2025
4 min read
How to Meet ITAR Compliance Requirements in Office 365

How to Meet ITAR Compliance Requirements in Office 365

Need to meet ITAR compliance in the Microsoft cloud? Learn why GCC High is required for Office 365, what the regulations demand, and how to secure export-controlled data.

Jun 12, 2025
6 min read
Are You Ready? Understanding CMMC Controls Prohibited from POA&Ms

Are You Ready? Understanding CMMC Controls Prohibited from POA&Ms

CMMC Level 2 requires full implementation of specific controls. Learn which ones cannot be deferred in a POA&M and how to prepare for assessment success.

Jun 11, 2025
7 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122