adfsLogTools
adfsLogTools copied to clipboard
microsoft
Tools for parsing AD FS logs (admin events, audits, and debug logs)
Initial try to bring script to PS 2.0 compatible version - as our ADFS 2.0 are also PS2.0 :cry: Analytics part still does not work - `ConvertFrom-Json` not in ps2...
related #16 Well I've ended up on this "solution". Basically we need to evaluate available logs on the remote machines themselves, then replace `"AD FS"` with `"AD FS 2.0"` in...
As we still have some older servers with adfs 2.0, the log for those is not `"AD FS/Admin"` and `"AD FS Tracing/Debug"` but `"AD FS 2.0/Admin"` and `"AD FS 2.0...
The following TODO item exists in the code: function: Get-AdfsEvents TODO: Add warning if environment is not Win2016 If the * was used for the -Server flag, but the environment...
There is a TODO item in the code: function: Process-EventsForAnalysis TODO: Use for error We should include the 411 audit data in the timeline analysis to show that token validation...
The following TODO item exists in the code: function: Process-EventsForAnalysis TODO: Validate that all events have the same correlation ID, or no correlation ID When we do the first pass...
Fiddler captures HTTP requests and saves a set of files that can be parsed. [Details on Fiddler serialization](http://fiddler.wikidot.com/saz-files) The EventLog script can do the following steps to get the logs...