Need to find object logs from Azure AD Connect

ShashankSaxena-2458 131 Reputation points
2022-08-03T12:57:11.607+00:00

Hello All,

I hope you all are doing well.

I have a Security group that has been synchronised from Local AD. But that group was deleted from Azure yesterday (not sure when) and it is definitely a Local AD issue. It was automatically synced in Azure around 7.30PM EST, and now I need to check the exact date and time of deletion of that group because our Local AD team is not finding any logs regarding that group and group is created in Local AD since 2020. So, is there a method through Azure AD Connect to check when the group was removed from Azure?

Regards,
Shashank Saxena

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,666 questions
Accepted answer
  1. Sandeep G-MSFT 14,806 Reputation points Microsoft Employee
    2022-08-04T09:51:24.497+00:00

    @Anonymous

    As discussed offline regarding this issue, the only option is to check export cycles on AAD connector in AD connect operations tab and identify if delete was triggered on this group.

    As per Azure AD audit logs, we can see logs for group add, but we are not able to see this group in delete audit logs. This indicates that this group was deleted more than a month back. Azure AD stores only 30 days audit logs by default.

    This only option to check when this group was deleted in on-prem or moved to non-sync OU in on-prem is to check the audit logs against the group in on-premises. or you can also try to check audit logs on the OU where this group is part off.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest