Azure Synchronization Service - Connector Verbose Logging

paul_manyNumbers 20 Reputation points
2024-02-12T09:34:13.87+00:00

Hi,

Does anyone have the details on enabling verbose logging for the "Azure Synchronization Service". I'm having trouble creating a new generic LDAP Connector and I want to see if I can get more information than the error its currently throwing up.

I have found the "C:\Program Files\Microsoft Azure AD Sync\UIShell*miisclient.exe.config*" file but it does not have details on how to enable logging and any settings i've tried have not worked.

Microsoft Azure AD Connect Synchronization Services, version 2.3.2.0

Thanks.

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments No comments
{count} votes

Accepted answer
  1. Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator
    2024-02-13T08:21:24.64+00:00

    @paul_manyNumbers Thank you for reaching out to us, As I understand you are looking for details on how to enable verbose logging for LDAP synchronization to Entra ID.

    Refer to the steps mentioned here to capture the ldap trace (etl) - https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/troubleshoot/troubleshoot-ldap-using-etw https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/turn-on-debug-logging-ldap-client

    For verbose information use this flag - 0x1bddbf73

    Process name use it as : miiserver.exe & powershell.exe

    Below is the sample script which you can use.

    echo off
    echo "set reg keys for tracing"
    reg ADD HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ldap\Tracing\miiserver.exe /f
    reg ADD HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ldap\Tracing\powershell.exe /f
    logman create trace "ds_aadc" -ow -o c:\temp\ldapClientAADConnect.etl -p "Microsoft-Windows-LDAP-Client" 0x1bddbf73 0xff -nb 16 16 -bs 1024 -mode Circular -f bincirc -max 4096 -ets

    echo "press a key to stop tracing"
    pause
    logman stop "ds_aadc" -ets

    netsh trace convert input=c:\temp\ldapClientAADConnect.etl output=c:\temp\ldapClientAADConnect-formatted.txt

    echo "deleting reg keys" reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ldap\Tracing\miiserver.exe /f
    reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ldap\Tracing\powershell.exe /f

    echo "finished."

    User's image

    Sharing the screenshot for reference of the script. Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.