Azure AD Connect Event Log Test

Windows Event Logs are a reliable source of problem information with respect to the Azure AD Connect Sync service. To periodically scan these event logs and promptly capture problem events related to the Sync service, administrators can run the Azure AD Connect Event Log test at regular intervals.

This test scans the Windows event logs for error messages and warning messages related to the Azure AD Connect Sync service, and reports the count of such messages (if found). Detailed diagnostics of the test displays the complete description of these messages, thereby enabling administrators to quickly troubleshoot the problem conditions.

This test is disabled by default. To enable the tests, go to the enable / disable tests page using the menu sequence : Agents -> Tests -> Enable/Disable, pick Microsoft Azure AD Connect as the Component type, set Performance as the Test type, choose this test from the disabled tests list, and click on the >> button to move the test to the ENABLED TESTS list. Finally, click the Update button.

Target of the Test: A Microsoft Azure Active Directory Connect

Agent deploying the test: An internal agent

Output of the test: One set of results for the pre-configured FILTER

Configurable parameters for the test
Parameters Description

Test Period

How often should the test be executed.

Host

The host for which the test is to be configured.

Port

The port at which the specified Host listens

Use WMI

The eG agent can either use WMI to extract event log statistics or directly parse the event logs using event log APIs. If this flag is set to Yes, then WMI is used. If not, the event log APIs are used. By default, this flag is set to Yes.

Log Type

This is set to microsoft azure ad sync/operational by default. It is recommended that you do not change this default setting.

Policy Filter

By default, this test monitors only those event sources, event IDs, and event descriptions that have been pre-bundled into a Policy Filter named Azure_AAD. This is why, the Policy Filter flag is set to Yes by default. For best results, you are advised not to change this default setting.

Filter

By default, this test monitors only those event sources, event IDs, and event descriptions that have been pre-bundled into a Policy Filter named Azure_AAD. Accordingly, Azure_AAD is displayed here by default. For best results, you are advised not to change this default setting.

DD For Information

eG Enterprise also provides you with options to restrict the amount of storage required for event log tests. Towards this end, this flag has been made available in this page. By default, this flag is set to No, indicating that by default, the test does not generate detailed diagnostic measures for information events. This default setting helps conserve storage space, where storage resources are a constraint. If you want the test to generate and store detailed measures for information events, set this flag to Yes. You are advised to turn this flag on only if your eG database is well-sized and well-tuned.

DD Frequency

Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD Frequency. 

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measures made by the test:
Measurement Description Measurement Unit Interpretation

Information messages

This refers to the number of information events generated when the test was last executed.

Number

A change in the value of this measure may indicate infrequent but successful operations performed by the Azure AD Connect Sync service.

Please check the detailed diagnosis of this test (if enabled) for more details about the information events.

Warnings

This refers to the number of warning events that were generated when the test was last executed.

Number

A high value of this measure indicates problems that may not have an immediate impact, but may cause future problems.

Please check the detailed diagnosis of this measure for more details about the warning events.

Errors

This refers to the number of error events that were generated.

Number

A very low value (zero) indicates that the AD Connect Sync service is in a healthy state and there are no potential problems.

An increasing trend or high value indicates the existence of problems like loss of functionality or data.

Please check the detailed diagnosis of this measure for more details about the error events.

Critical errors

Indicates the number of critical events that were generated when the test was last executed.

Number

A critical event is one that Azure AD Connect cannot automatically recover from.

A very low value (zero) indicates that the Sync service is in a healthy state without any potential problems.

An increasing trend or high value indicates the existence of fatal / irreparable problems.

Please check the detailed diagnosis of this measure for more details about the critical events.

Verbose count

Indicates the number of verbose events that were generated when the test was last executed.

Number

Verbose logging provides more details in the log entry, which will enable you to troubleshoot issues better.

The detailed diagnosis of this measure describes all the verbose events that were generated during the last measurement period.