Share via

How do I view Azure Cloud DS LDAPS logs

Bob Calder 20 Reputation points
2023-07-18T19:23:08.0633333+00:00

I'm decommissioning our IPA on-prem LDAP server with the intention of using an Azure Cloud DS for LDAPS authentication. So far I have LDAPS enabled on my DS and can successfully connect and browse with LDP.exe. I can also successfully perform ldap searches from one of my servers using a query similar to:

ldapsearch -x -H ldaps://ldaps.my.domain:636  -D "<obfuscated>" -W  -b ""dc=my,dc=domain" "(&(sAMAccountName=test55)(memberof=cn=myapp,ou=AADDC Users,"dc=my,dc=domain))"

However after replacing the legacy LDAP configuration in one of our applications with the Azure DS LDAPS configuration, authentication requests fail.

I would normally monitor the IPA Access Logs real-time to troubleshoot this type of scenario. An example of what I would see is shown below.

fd=136 slot=136 connection from 10.x.x.x. to 10.x.x.x
op=0 BIND dn="" method=128 version=3
op=0 RESULT err=0 tag=97 nentries=0 wtime=0.000294072 optime=0.000145388 etime=0.000437370 dn=""
op=1 SRCH base="dc=ipa,dc=mydomain,dc=biz" scope=2 filter="(uid=test55)" attrs="memberOf uid distinguishedName"
op=1 RESULT err=0 tag=101 nentries=1 wtime=0.000087550 optime=0.001704841 etime=0.001789814
op=-1 fd=136 closed - B1

Is there a means for viewing similar logs from my Azure Cloud DS to examine LDAP activity?

Microsoft Security | Microsoft Entra | Other
Accepted answer
  1. Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator
    2023-07-19T10:38:36.07+00:00

    @Bob Calder Discussed your issue with my team, AADDS logs exposed are the ones in our documentation: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/security-audit-events

    Any further logs if you need, you can open a support ticket with our team where they can provide you logs related to your Azure ADDS instance based on the correlation id/time stamp details.

    Also you can share your feedback on https://feedback.azure.com/d365community which is closely monitored by our product team.

    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.