Auditing in ADFS 2016

By default, AD FS in Windows Server 2016 has a basic level of auditing enabled. With basic auditing, administrators will only be able to see up to five events for a single request. But we can  raise the auditing level using the PowerShell cmdlet Set-AdfsProperties -AuditLevel.

The following table identifies the available auditing levels.

Audit Level PowerShell syntax Description
None Set-AdfsProperties – AuditLevel None Auditing is disabled and no events will be logged.
Basic (Default) Set-AdfsProperties – AuditLevel Basic No more than 5 events will be logged for a single request
Verbose Set-AdfsProperties – AuditLevel Verbose All events will be logged. This will log a significant amount of information per request.

If you need to check the current auditing level, you can use the PowerShell cmdlet Get-dfsProperties.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s