This is by no means a complete list, but it should get you started monitoring your AAD Connect Server…
Informational Events
AAD Connect Engine
904 – Scheduler related informational events
There are a good number of 904 Informational events related to Scheduler starting, Scheduler settings changing, Purging AAD Connect Operations Run history, scheduler stopping etc…
2001 – AAD Connect Windows Service (Microsoft Azure AD Sync) Started Successfully
2002 – AAD Connect Windows Service (Microsoft Azure AD Sync) Stopped Successfully
Directory Synchronization
104 – Export iteration # has completed
105 – Import iteration # has completed
107 – Azure AD has redirected the provisioning endpoint service call to https://provisioningapi.microsoftonline.com/provisioningwebservice.svc to an alternate endpoint
114 – Export Cycle has competed
115 – Access to Azure Active Directory has been denied
This particular event is flagged as Informational despite indicating that Azure Active Directory access has been blocked. This Informational event is frequently found in conjunction with a 106 Error.
116 – Informational logging which returns directory synchronization settings related to export threshold and machine name etc..
117 – Import prefetch starting – Import steps during synchronization cycle will read from each connector as they start
Password Synchronization
601 – Password synchronization manager has started – this event will be displayed for every source Active Directory forest synchronized as a source for the Password Hash Synchronization feature
605 – Password synchronization changes have failed for one or more users – this Informational event refers to an error condition, but is not classified as an error.
609 – Password Synchronization manager has stopped
611 – Password Synchronization Full sync has started
This event will be displayed upon completion of the AAD Connect installation wizard, either during initial setup, or when reconfiguring AAD Connect, where the Password Hash Synchronization feature has been enabled.
This action will pause any other Password Synchronization until it has completed. Changes that occur while it is running will be queued and occur once this full sync has completed.
650 – A batch of Password updates to Azure AD has started.
651 – A batch of Password updates to Azure AD has completed.
Informational events 650 and 651 occur as part of the Full Password Sync process.
656 – A password change request for one or more users has been received from the server and is being transmitted to Azure AD
657 – A password change request for one or more users was successfully transmitted to Azure AD.
Informational events 656 and 657 can contain password change request for up to 50 users per batch. If the number of password change requests from Active Directory exceeds 50 users, multiple 656 and 657 events will be generated.
658 – Windows Credentials Sync Config details
659 – Informational logging which returns the state of the IsPasswordChangeOnLogon feature
6201 – Server encryption keys have been successfully created – this event is returned during the installation of AAD Connect
6943 – Password Sync started for Management Agent (Connector) – ConnectorName
6945 – Informational logging with returns the Management Agent Run Profile settings –details about Connector Name, AD Forest partition, Service Account name and Domain
Warning Events
Directory Synchronization
6012 – Full import failed – no objects were returned from the operation
6100 – Run profile step completed with Errors
This event is logged as a warning, additional information will be returned, along with this warning, in the form of Error events.
6105 – The “Exported Changed Not Reimported” error was returned during an Import run profile operation.
6110 – The configuration has changed since the last run profile of this type (Import or Sync), however a Full Import or Sync was not performed. The sync engine will continue to report this warning until a Full Import or Sync resolves the issue.
6126 – Identical to Warning 6110 above
6127 – Identical to Warning 6110 above
Error Events
Directory Synchronization
106 – Failed to connect to Azure AD during Export step
109 – Failed to connect to Azure AD during Import step
Both error 106 and 109 are connectivity errors when communicating with Azure AD, most commonly a credential issue, however it’s possible that network communication or proxy issues are also the cause.
6801 – Error occurred communicating with Azure AD
6803 – Generic – the Export step encountered one or more errors
6941 – Export encountered one of the following errors:
DataValidationFailed
InvalidSoftMatch
AttributeValueMustBeUnique
The 6941 error will be logged for each error that occurs during the run step. If you have a large number of export errors visible in the AAD Connect Synchronization Manager console, there will be a large number of associated error entries. When monitoring for Export failures, it’s best to use the 6803 error to indicate a failure, as monitoring for 6941 will return a large number of results.