Direct Inward Dialing: +1 408 916 9892
Active Directory Federation Services(ADFS) makes authentication a seamless experience for users. ADFS helps at workplaces where employees need to access multiple third-party applications. ADFS helps integrate the authentication process between the Active Directory network and the third-party applications. With ADFS, users only have to sign in once into their network and that authenticates them for all the applications as well, for a period of time. However, this makes life difficult for network administrators who have to keep these passwords from getting into the wrong hands. If these passwords are compromised, it puts a whole host of application data at risk. Therefore, it becomes imperative to constantly monitor ADFS.
ADAudit Plus is an Active Directory auditing and reporting tool that keeps a close eye on all the events in the network. It has an exclusive set of ADFS reports, which is only a part of the over 200+ pre-packaged reports that are available in the console.
Here is a comparison on auditing ADFS using Windows PowerShell and ADAudit Plus.
In this case, the script needs no input. Simply execute Get-AdfsProperties to get PowerShell to list all the associated properties of the ADFS service in that domain.
To set the relevant properties, use Set-AdfsProperties cmdlet.
This report gives a list of successful logons with the relevant domain controller, IP address of the client machine and most importantly the third-party application they logged in to. This helps administrators trace any user who has logged in to any of the applications.
Failed logon attempts should be viewed as potential security threats as it could have been attempted by persons trying to break into a network. This report gives the identity of the user, the IP address of the client machine and the reason for the failed logon.
The disadvantages of using Windows PowerShell to audit ADFS:
ADAudit Plus has a user-friendly interface and generates audit reports with no scripting involved. It does not just list data, but processes data from multiple sources in Active Directory to deliver comprehensive reports in no time.