Share via

Need to find object logs from Azure AD Connect

ShashankSaxena-2458 131 Reputation points
2022-08-03T12:57:11.607+00:00

Hello All,

I hope you all are doing well.

I have a Security group that has been synchronised from Local AD. But that group was deleted from Azure yesterday (not sure when) and it is definitely a Local AD issue. It was automatically synced in Azure around 7.30PM EST, and now I need to check the exact date and time of deletion of that group because our Local AD team is not finding any logs regarding that group and group is created in Local AD since 2020. So, is there a method through Azure AD Connect to check when the group was removed from Azure?

Regards,
Shashank Saxena

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Other
Accepted answer
  1. Sandeep G-MSFT 20,906 Reputation points Microsoft Employee Moderator
    2022-08-04T09:51:24.497+00:00

    @Anonymous

    As discussed offline regarding this issue, the only option is to check export cycles on AAD connector in AD connect operations tab and identify if delete was triggered on this group.

    As per Azure AD audit logs, we can see logs for group add, but we are not able to see this group in delete audit logs. This indicates that this group was deleted more than a month back. Azure AD stores only 30 days audit logs by default.

    This only option to check when this group was deleted in on-prem or moved to non-sync OU in on-prem is to check the audit logs against the group in on-premises. or you can also try to check audit logs on the OU where this group is part off.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.