Phone Get Quote
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

How to audit Active Directory Federation Services

Active Directory Federation Services(ADFS) makes authentication a seamless experience for users. ADFS helps at workplaces where employees need to access multiple third-party applications. ADFS helps integrate the authentication process between the Active Directory network and the third-party applications. With ADFS, users only have to sign in once into their network and that authenticates them for all the applications as well, for a period of time. However, this makes life difficult for network administrators who have to keep these passwords from getting into the wrong hands. If these passwords are compromised, it puts a whole host of application data at risk. Therefore, it becomes imperative to constantly monitor ADFS.

ADAudit Plus is an Active Directory auditing and reporting tool that keeps a close eye on all the events in the network. It has an exclusive set of ADFS reports, which is only a part of the over 200+ pre-packaged reports that are available in the console.

Here is a comparison on auditing ADFS using Windows PowerShell and ADAudit Plus.

Using Windows PowerShell

  • Identify the domain you want the information from.
  • Write the code. The sample cmdlet below lists all the associated ADFS properties. Add parameters to the script if needed. For example, the ExpandProperty parameter gives more detail about a particular property that is listed.
  • Compile the script.
  • Execute it in PowerShell.
  • The script will have to be modified accordingly if it needs to be exported in a different format.

In this case, the script needs no input. Simply execute Get-AdfsProperties to get PowerShell to list all the associated properties of the ADFS service in that domain.

To set the relevant properties, use Set-AdfsProperties cmdlet.

Using ADAudit Plus

  • In the ADAudit Plus console, find the Reports tab and click on ADFS Auditing. Under ADFS Auditing, there are reports on logon success, logon failures, extranet lockouts and so on.
  • Find the relevant domain and OU.
  • Click Export to export the report in the various formats listed in the console (CSV, PDF, HTML, CSVDE, XLSX)

Here is a sample report on Logon Success:


This report gives a list of successful logons with the relevant domain controller, IP address of the client machine and most importantly the third-party application they logged in to. This helps administrators trace any user who has logged in to any of the applications.

Here is another report on login failures:


Failed logon attempts should be viewed as potential security threats as it could have been attempted by persons trying to break into a network. This report gives the identity of the user, the IP address of the client machine and the reason for the failed logon.

The disadvantages of using Windows PowerShell to audit ADFS:

  • It will require multiple PowerShell scripts to do a complete audit.
  • Exporting the report in a different format would require re-writing parts of the script.
  • It is difficult to filter through all the data that PowerShell lists, while ADAudit Plus has clearly labeled reports, that make it easy for administrators to locate what they need.

ADAudit Plus has a user-friendly interface and generates audit reports with no scripting involved. It does not just list data, but processes data from multiple sources in Active Directory to deliver comprehensive reports in no time.

  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  • By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.
  • Thanks!
  • Your download is in progress and it will be completed in just a few seconds! If you face any issues, download manually here.

Related Resources

ADAudit Plus Trusted By