Recently installed Windows Defender for Identity and got the Alert “Auditing on the ADFS container is not enabled as required on domain.com”
ADFS was not being used and had not been cleared properly fro the domain
- In the ADSIEdit tool, connect to the Default naming context by following these steps:
- Right-click ADSI Edit, and then click Connect to.
- Under Connection Point, click Select a well-known Naming Context, and then select Default naming context.
- Click OK.
- Expand the following node:
Default naming context, {your domain partition}, CN=Program Data, CN=Microsoft, CN=ADFS NoteUnder CN=ADFS, you see a container named CN={GUID} for each AD FS 2.0 farm that you have deployed, where {GUID} matches the CertificateSharingContainer property that you captured by using theGet-AdfsProperties
PowerShell command in step 1. - Right-click the appropriate {GUID} container, and then select Delete.