Question 1 of 130 from exam MS-500: Microsoft 365 Security Administration

Question 1 of 130 from exam MS-500: Microsoft 365 Security Administration


You have installed AD Connect on a Domain controller and need to perform troubleshooting by inspecting the generated AD Connect events.

Where should you look?



Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: B

All directory synchronization logging is viewable in Event Viewer in the Application event logs:

Open Event Viewer.

Expand Windows Logs, and then expand Application.

In the Actions pane, select Filter Current Log.

In the Event sources box, select the Directory Synchronization check box.

Feature ‘Azure AD Free -
Security defaults

Protect Azure AD tenant admin .
accounts with MFA,

Azure AD Free - Azure AD Global Microsoft
Administralrs 365 apps
# (Azure AD Global Administrator .

accounts only)

Azure AD
Premium P1 or P2

Mobile app as a second factor . . . .
Phone call as a second factor . . .
SMS as a second factor . . .
Admin control over verification . . .

Fraud alert .
MFA Reports .
Custom greetings for phone calls .
Custom caller ID for phone calls .
Trusted IPs .
Remember MFA for trusted . . .


MFA for on-premises applications

Option A is incorrect.

System event logs displays system events.

Option C is incorrect.

The security event logs display events involving server security.

Option D is incorrect.

These logs are generated for Log analytic agents installed on the server.

To know more about troubleshooting Azure Directory sync, please refer to the link below:

When you install Azure AD Connect on a domain controller, it generates events that are written to the Event Viewer. These events are crucial for troubleshooting purposes.

The events that are generated by Azure AD Connect are recorded in the Application event log. The Application event log is a Windows log that contains events generated by applications or programs. You can access the Application event log by opening the Event Viewer on the server where Azure AD Connect is installed, and then expanding the Windows Logs node.

To view the events generated by Azure AD Connect, you can filter the Application event log for events that have a Source of "Directory Synchronization". This source is used for all events generated by Azure AD Connect.

Therefore, the correct answer to the question is B. Application event logs.