Title: Enhancement: Report Detailed AD Sync Errors (Entra Connect) from Local Server Category: Inspector Enhancement (Active Directory or Windows Server) What is your feedback? Why is it important to you? Currently, Liongard reports on the service status of the AD Sync (Microsoft Entra Connect) service (i.e., is the service "Running" or "Stopped"), but it does not capture the content of synchronization errors. We frequently encounter scenarios where the sync service is technically "Running" (so no alert is triggered), but objects are failing to sync due to specific errors like AttributeValueMustBeUnique, InvalidSoftMatch, or LargeObject. These errors are critical because they result in users not being created in M365, password changes failing to sync, or group membership discrepancies. Without this data in Liongard, our team has to manually remote into the AD Connect server to check the "Synchronization Service Manager" UI or Event Viewer for every ticket, which defeats the purpose of centralized visibility. What is your ideal solution? I would like the Active Directory Inspector (or the Windows Inspector) to have the ability to query the local AD Connect instance (typically leveraging the MIIS_Server WMI class or parsing the Application Event Log for Source ADSync) to report: Error Count: The number of objects with sync errors. Error Details: A table listing the specific error type (e.g., sync-generic-failure) and the DN (Distinguished Name) of the impacted object. Last Successful Sync Time: The timestamp of the last fully successful export to Azure AD, not just the last time the scheduler ran. Business Impact: This would allow us to create Actionable Alerts for "AD Sync contains Errors," enabling proactive remediation of identity issues before end-users report login failures or missing account data.
