Back
Featured image of post Azure AD Connect Log Maintenance

Azure AD Connect Log Maintenance

The Azure AD Connect Log is saved into an SQL database.

It is a good idea to keep this database small to get the best performance and to prevent the Azure AD Connect Log 10GB limit.

Microsoft published a great documentation how to recover from LocalDB 10-GB limit.

Here is my approach to keep the Logs clean (as many know, I hate all the GUI’s):

function Clear-AADCSyncRuns
{
    <#
           .SYNOPSIS
           Cleanup the Azure Active Directory Connect Sync

           .DESCRIPTION
           Cleanup the Azure Active Directory Connect Sync

           .PARAMETER DaysToKeep
           Clear runs older than given value. 0 means only today.

           .EXAMPLE
           PS C:\> Clear-AADCSyncRuns

           # Clear runs older then 2 days

           .EXAMPLE
           PS C:\> Clear-AADCSyncRuns -DaysToKeep 0

           # Clear runs older then today.

           .NOTES
           Works with DirSync, or newer.
   #>

	[CmdletBinding()]
	[OutputType([string])]
	param
	(
		[Parameter(ValueFromPipeline = $true,
					  ValueFromPipelineByPropertyName = $true,
					  Position = 1)]
		[ValidateNotNullOrEmpty()]
		[Alias('Days')]
		[int]
		$DaysToKeep = 2
	)

	process
	{
		# Get the local DirSync (FIM) server object
		$DirSync = (Get-WmiObject -Class 'MIIS_SERVER' -Namespace 'root\MicrosoftIdentityIntegrationServer')
	}

	end
	{
		# Clear runs older than X days
		$ResultTMP = ($DirSync.ClearRuns([DateTime]::Today.AddDays(- $DaysToKeep)))

		# Transform the result
		if ($ResultTMP)
		{
			[string]$Result = $ResultTMP.ReturnValue
		}
		else
		{
			[string]$Result = 'Unknown'
		}

		# Return
		return $Result
	}
}

You will find the complete function on GIST.

As an addition, I set the days to keep in the history to three (3) days:

# Run this on the Host where Azure AD connect is installed, or via Remote PowerShell
Set-ADSyncScheduler -PurgeRunHistoryInterval 3.00:00:00

You can check your settings with the following command:

# Run this on the Host where Azure AD connect is installed, or via Remote PowerShell
Get-ADSyncScheduler
# or just the Purge Info
(Get-ADSyncScheduler).PurgeRunHistoryInterval

The Script should work with DirSync, Azure AD Sync, and Azure AD Connect.