AD FS Tracing

448 events across 2 channels

Event	Title	Channel	Sample
1	task_0	Debug	N
1	Event ID 1	Unknown	N
2	task_02	Debug	N
2	Event ID 2	Unknown	N
3	task_03	Debug	N
3	Event ID 3	Unknown	N
4	task_04	Debug	N
4	Event ID 4	Unknown	N
5	task_05	Debug	N
5	Event ID 5	Unknown	N
11	task_011	Debug	N
11	Event ID 11	Unknown	N
12	task_012	Debug	N
12	Event ID 12	Unknown	N
13	task_013	Debug	N
13	Event ID 13	Unknown	N
14	task_014	Debug	N
14	Event ID 14	Unknown	N
15	task_015	Debug	N
15	Event ID 15	Unknown	N
16	task_016	Debug	N
16	Event ID 16	Unknown	N
17	task_017	Debug	N
17	Event ID 17	Unknown	N
18	task_018	Debug	N
18	Event ID 18	Unknown	N
19	task_019	Debug	N
19	Event ID 19	Unknown	N
20	task_020	Debug	N
20	Event ID 20	Unknown	N
21	task_021	Debug	N
21	Event ID 21	Unknown	N
22	task_022	Debug	N
22	Event ID 22	Unknown	N
23	task_023	Debug	N
23	Event ID 23	Unknown	N
24	task_024	Debug	N
24	Event ID 24	Unknown	N
25	task_025	Debug	N
25	Event ID 25	Unknown	N
26	task_026	Debug	N
26	Event ID 26	Unknown	N
27	task_027	Debug	N
27	Event ID 27	Unknown	N
28	task_028	Debug	N
28	Event ID 28	Unknown	N
29	task_029	Debug	N
29	Event ID 29	Unknown	N
30	task_030	Debug	N
30	Event ID 30	Unknown	N
31	task_031	Debug	N
31	Event ID 31	Unknown	N
32	task_032	Debug	N
32	Event ID 32	Unknown	N
33	task_033	Debug	N
33	Event ID 33	Unknown	N
34	task_034	Debug	N
34	Event ID 34	Unknown	N
35	task_035	Debug	N
35	Event ID 35	Unknown	N
36	task_036	Debug	N
36	Event ID 36	Unknown	N
37	task_037	Debug	N
37	Event ID 37	Unknown	N
38	task_038	Debug	N
38	Event ID 38	Unknown	N
39	task_039	Debug	Y
39	Event ID 39	Unknown	N
40	task_040	Debug	Y
40	Event ID 40	Unknown	N
41	task_041	Debug	N
41	Event ID 41	Unknown	N
42	task_042	Debug	N
42	Event ID 42	Unknown	N
43	task_043	Debug	N
43	Event ID 43	Unknown	N
44	task_044	Debug	N
44	Event ID 44	Unknown	N
45	task_045	Debug	N
45	Event ID 45	Unknown	N
46	task_046	Debug	N
46	Event ID 46	Unknown	N
47	task_047	Debug	N
47	Event ID 47	Unknown	N
48	task_048	Debug	N
48	Event ID 48	Unknown	N
49	task_049	Debug	N
49	Event ID 49	Unknown	N
50	task_050	Debug	N
50	Event ID 50	Unknown	N
51	task_051	Debug	N
51	Event ID 51	Unknown	N
52	task_052	Debug	N
52	Event ID 52	Unknown	N
53	task_053	Debug	N
53	Event ID 53	Unknown	N
54	task_054	Debug	N
54	Event ID 54	Unknown	N
55	task_055	Debug	N
55	Event ID 55	Unknown	N
56	task_056	Debug	N
56	Event ID 56	Unknown	N
57	task_057	Debug	N
57	Event ID 57	Unknown	N
58	task_058	Debug	N
58	Event ID 58	Unknown	N
59	task_059	Debug	N
59	Event ID 59	Unknown	N
60	task_060	Debug	N
60	Event ID 60	Unknown	N
61	task_061	Debug	N
61	Event ID 61	Unknown	N
62	task_062	Debug	N
62	Event ID 62	Unknown	N
63	task_063	Debug	N
63	Event ID 63	Unknown	N
64	task_064	Debug	N
64	Event ID 64	Unknown	N
65	task_065	Debug	N
65	Event ID 65	Unknown	N
66	task_066	Debug	N
66	Event ID 66	Unknown	N
67	task_067	Debug	N
67	Event ID 67	Unknown	N
68	task_068	Debug	N
68	Event ID 68	Unknown	N
69	task_069	Debug	N
69	Event ID 69	Unknown	N
70	task_070	Debug	N
70	Event ID 70	Unknown	N
71	task_071	Debug	N
71	Event ID 71	Unknown	N
72	task_072	Debug	N
72	Event ID 72	Unknown	N
73	task_073	Debug	N
73	Event ID 73	Unknown	N
74	task_074	Debug	N
74	Event ID 74	Unknown	N
75	task_075	Debug	N
75	Event ID 75	Unknown	N
76	task_076	Debug	N
76	Event ID 76	Unknown	N
77	task_077	Debug	N
77	Event ID 77	Unknown	N
78	task_078	Debug	N
78	Event ID 78	Unknown	N
79	task_079	Debug	N
79	Event ID 79	Unknown	N
80	task_080	Debug	N
80	Event ID 80	Unknown	N
81	task_081	Debug	N
81	Event ID 81	Unknown	N
82	task_082	Debug	N
82	Event ID 82	Unknown	N
83	task_083	Debug	N
83	Event ID 83	Unknown	N
84	task_084	Debug	N
84	Event ID 84	Unknown	N
85	task_085	Debug	N
85	Event ID 85	Unknown	N
86	task_086	Debug	N
86	Event ID 86	Unknown	N
87	task_087	Debug	N
87	Event ID 87	Unknown	N
88	task_088	Debug	N
88	Event ID 88	Unknown	N
89	task_089	Debug	N
89	Event ID 89	Unknown	N
90	task_090	Debug	N
90	Event ID 90	Unknown	N
91	task_091	Debug	N
91	Event ID 91	Unknown	N
92	task_092	Debug	N
92	Event ID 92	Unknown	N
93	task_093	Debug	N
93	Event ID 93	Unknown	N
94	task_094	Debug	N
94	Event ID 94	Unknown	N
95	task_095	Debug	N
95	Event ID 95	Unknown	N
96	task_096	Debug	N
96	Event ID 96	Unknown	N
97	task_097	Debug	N
97	Event ID 97	Unknown	N
98	task_098	Debug	N
98	Event ID 98	Unknown	N
99	task_099	Debug	N
99	Event ID 99	Unknown	N
100	task_0100	Debug	N
100	Event ID 100	Unknown	N
101	task_0101	Debug	N
101	Event ID 101	Unknown	N
102	task_0102	Debug	N
102	Event ID 102	Unknown	N
103	task_0103	Debug	N
103	Event ID 103	Unknown	N
104	task_0104	Debug	N
104	Event ID 104	Unknown	N
105	task_0105	Debug	N
105	Event ID 105	Unknown	N
106	task_0106	Debug	N
106	Event ID 106	Unknown	N
107	task_0107	Debug	N
107	Event ID 107	Unknown	N
108	task_0108	Debug	N
108	Event ID 108	Unknown	N
109	task_0109	Debug	N
109	Event ID 109	Unknown	N
110	task_0110	Debug	N
110	Event ID 110	Unknown	N
111	Began processing Rule.	Debug	Y
111	Began processing Rule:	Unknown	N
112	Finished processing rule	Debug	Y
112	Finished processing rule	Unknown	N
113	task_0113	Debug	N
113	Event ID 113	Unknown	N
114	task_0114	Debug	N
114	Event ID 114	Unknown	N
115	task_0115	Debug	N
115	Event ID 115	Unknown	N
116	task_0116	Debug	N
116	Event ID 116	Unknown	N
117	task_0117	Debug	N
117	Event ID 117	Unknown	N
118	task_0118	Debug	N
118	Event ID 118	Unknown	N
119	task_0119	Debug	N
119	Event ID 119	Unknown	N
120	task_0120	Debug	N
120	Event ID 120	Unknown	N
121	task_0121	Debug	N
121	Event ID 121	Unknown	N
122	task_0122	Debug	N
122	Event ID 122	Unknown	N
123	task_0123	Debug	N
123	Event ID 123	Unknown	N
124	task_0124	Debug	N
124	Event ID 124	Unknown	N
125	task_0125	Debug	N
125	Event ID 125	Unknown	N
126	task_0126	Debug	Y
126	Event ID 126	Unknown	N
127	task_0127	Debug	Y
127	Event ID 127	Unknown	N
128	Output claims included in details	Debug	Y
128	Output claims included in details	Unknown	N
129	Began processing policy for target: target.	Debug	N
129	Began processing policy for target:	Unknown	N
130	Finished processing policy	Debug	N
130	Finished processing policy	Unknown	N
131	Began processing authorization policy.	Debug	N
131	Began processing authorization policy	Unknown	N
132	Input claims included in details	Debug	N
132	Input claims included in details	Unknown	N
133	Authorization policy access check returned: checkAccessResult.	Debug	N
133	Authorization policy access check returned:	Unknown	N
134	Finished processing authorization policy	Debug	N
134	Finished processing authorization policy	Unknown	N
135	Begin processing ActAs authorization policy.	Debug	N
135	Begin processing ActAs authorization policy	Unknown	N
136	Finished processing ActAs authorization policy	Debug	N
136	Finished processing ActAs authorization policy	Unknown	N
137	Began processing OnBehalfOf authorization policy.	Debug	N
137	Began processing OnBehalfOf authorization policy	Unknown	N
138	Finished processing OnBehalfOf authorization policy	Debug	N
138	Finished processing OnBehalfOf authorization policy	Unknown	N
139	Input claims included in details	Debug	N
139	Input claims included in details	Unknown	N
140	Output claims included in details	Debug	N
140	Output claims included in details	Unknown	N
141	Began processing IdP issuance policy for caller identity.	Debug	N
141	Began processing IdP issuance policy for caller identity	Unknown	N
142	Finished processing IdP issuance policy for caller identity	Debug	N
142	Finished processing IdP issuance policy for caller identity	Unknown	N
143	Began processing RP issuance policy for effective caller identity.	Debug	N
143	Began processing RP issuance policy for effective caller identity	Unknown	N
144	Finished processing RP issuance policy for effective caller identity	Debug	N
144	Finished processing RP issuance policy for effective caller identity	Unknown	N
145	Began processing IdP issuance policy for ActAs identity.	Debug	N
145	Began processing IdP issuance policy for ActAs identity	Unknown	N
146	Finished processing IdP issuance policy for ActAs identity	Debug	N
146	Finished processing IdP issuance policy for ActAs identity	Unknown	N
147	Began processing RP issuance policy for ActAs identity.	Debug	N
147	Began processing RP issuance policy for ActAs identity	Unknown	N
148	Finished processing RP issuance policy for ActAs identity	Debug	N
148	Finished processing RP issuance policy for ActAs identity	Unknown	N
149	Began processing IdP issuance policy for OnBehalfOf identity.	Debug	N
149	Began processing IdP issuance policy for OnBehalfOf identity	Unknown	N
150	Finished processing IdP issuance policy for OnBehalfOf identity	Debug	N
150	Finished processing IdP issuance policy for OnBehalfOf identity	Unknown	N
151	Evaluation context claims included in details	Debug	Y
151	Evaluation context claims included in details	Unknown	N
152	task_0152	Debug	N
152	Event ID 152	Unknown	N
153	task_0153	Debug	N
153	Event ID 153	Unknown	N
154	task_0154	Debug	N
154	Event ID 154	Unknown	N
155	task_0155	Debug	N
155	Event ID 155	Unknown	N
156	task_0156	Debug	N
156	Event ID 156	Unknown	N
157	task_0157	Debug	N
157	Event ID 157	Unknown	N
158	task_0158	Debug	N
158	Event ID 158	Unknown	N
159	task_0159	Debug	N
159	Event ID 159	Unknown	N
160	task_0160	Debug	N
160	Event ID 160	Unknown	N
161	task_0161	Debug	N
161	Event ID 161	Unknown	N
162	task_0162	Debug	N
162	Event ID 162	Unknown	N
163	task_0163	Debug	N
163	Event ID 163	Unknown	N
164	task_0164	Debug	N
164	Event ID 164	Unknown	N
165	task_0165	Debug	N
165	Event ID 165	Unknown	N
166	task_0166	Debug	N
166	Event ID 166	Unknown	N
167	task_0167	Debug	N
167	Event ID 167	Unknown	N
168	task_0168	Debug	N
168	Event ID 168	Unknown	N
169	task_0169	Debug	N
169	Event ID 169	Unknown	N
170	task_0170	Debug	N
170	Event ID 170	Unknown	N
171	task_0171	Debug	N
171	Event ID 171	Unknown	N
172	task_0172	Debug	N
172	Event ID 172	Unknown	N
173	task_0173	Debug	N
173	Event ID 173	Unknown	N
174	task_0174	Debug	N
174	Event ID 174	Unknown	N
175	task_0175	Debug	N
175	Event ID 175	Unknown	N
176	task_0176	Debug	N
176	Event ID 176	Unknown	N
177	task_0177	Debug	N
177	Event ID 177	Unknown	N
178	task_0178	Debug	N
178	Event ID 178	Unknown	N
179	task_0179	Debug	N
179	Event ID 179	Unknown	N
180	task_0180	Debug	N
180	Event ID 180	Unknown	N
181	task_0181	Debug	N
181	Event ID 181	Unknown	N
182	task_0182	Debug	N
182	Event ID 182	Unknown	N
183	task_0183	Debug	N
183	Event ID 183	Unknown	N
184	task_0184	Debug	N
184	Event ID 184	Unknown	N
185	task_0185	Debug	N
185	Event ID 185	Unknown	N
186	task_0186	Debug	N
186	Event ID 186	Unknown	N
187	task_0187	Debug	N
187	Event ID 187	Unknown	N
188	task_0188	Debug	N
188	Event ID 188	Unknown	N
189	task_0189	Debug	N
189	Event ID 189	Unknown	N
190	task_0190	Debug	N
190	Event ID 190	Unknown	N
191	task_0191	Debug	N
191	Event ID 191	Unknown	N
192	task_0192	Debug	N
192	Event ID 192	Unknown	N
193	task_0193	Debug	N
193	Event ID 193	Unknown	N
194	task_0194	Debug	N
194	Event ID 194	Unknown	N
195	task_0195	Debug	N
195	Event ID 195	Unknown	N
196	task_0196	Debug	N
196	Event ID 196	Unknown	N
197	task_0197	Debug	N
197	Event ID 197	Unknown	N
198	task_0198	Debug	N
198	Event ID 198	Unknown	N
199	task_0199	Debug	N
199	Event ID 199	Unknown	N
200	task_0200	Debug	N
200	Event ID 200	Unknown	N
201	task_0201	Debug	N
201	Event ID 201	Unknown	N
202	task_0202	Debug	N
202	Event ID 202	Unknown	N
203	task_0203	Debug	N
203	Event ID 203	Unknown	N
204	task_0204	Debug	N
204	Event ID 204	Unknown	N
205	task_0205	Debug	Y
205	Event ID 205	Unknown	N
206	task_0206	Debug	N
206	Event ID 206	Unknown	N
207	task_0207	Debug	N
207	Event ID 207	Unknown	N
208	task_0208	Debug	N
208	Event ID 208	Unknown	N
209	task_0209	Debug	N
209	Event ID 209	Unknown	N
210	task_0210	Debug	N
210	Event ID 210	Unknown	N
211	task_0211	Debug	N
211	Event ID 211	Unknown	N
212	task_0212	Debug	N
212	Event ID 212	Unknown	N
213	task_0213	Debug	N
213	Event ID 213	Unknown	N
214	task_0214	Debug	N
214	Event ID 214	Unknown	N
215	task_0215	Debug	N
215	Event ID 215	Unknown	N
216	task_0216	Debug	N
216	Event ID 216	Unknown	N
217	task_0217	Debug	N
217	Event ID 217	Unknown	N
218	task_0218	Debug	N
218	Event ID 218	Unknown	N
219	task_0219	Debug	N
219	Event ID 219	Unknown	N
220	task_0220	Debug	N
220	Event ID 220	Unknown	N
221	task_0221	Debug	N
221	Event ID 221	Unknown	N
995	Data in the original trace event 'originalEvent' is logged individually in this …	Debug	N
995	Data in the original trace event 'originalEvent' is logged individually in this …	Unknown	N
996	Data in the original trace event 'originalEvent' is logged individually in this …	Debug	N
996	Data in the original trace event 'originalEvent' is logged individually in this …	Unknown	N
997	Data in the original trace event 'originalEvent' is logged individually in this …	Debug	N
997	Data in the original trace event 'originalEvent' is logged individually in this …	Unknown	N
998	Data in the original trace event 'originalEvent' is logged individually in this …	Debug	N
998	Data in the original trace event 'originalEvent' is logged individually in this …	Unknown	N
999	Data in the original trace event 'originalEvent' is logged individually in this …	Debug	N
999	Data in the original trace event 'originalEvent' is logged individually in this …	Unknown	N
1000	Input claims of calling principal included in details	Debug	N
1000	Input claims of calling principal included in details	Unknown	N
1001	Input claims of OBO principal included in details	Debug	N
1001	Input claims of OBO principal included in details	Unknown	N
1002	Input claims of ActAs principal included in details	Debug	N
1002	Input claims of ActAs principal included in details	Unknown	N

Event ID 1: task_0

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 1

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 2: task_02

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 2

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 3: task_03

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 3

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 4: task_04

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 4

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 5: task_05

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 5

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 11: task_011

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 11

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 12: task_012

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 12

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 13: task_013

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 13

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 14: task_014

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 14

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 15: task_015

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 15

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 16: task_016

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 16

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 17: task_017

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 17

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 18: task_018

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 18

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 19: task_019

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 19

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 20: task_020

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 20

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 21: task_021

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 21

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 22: task_022

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 22

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 23: task_023

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 23

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 24: task_024

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 24

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 25: task_025

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 25

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 26: task_026

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 26

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 27: task_027

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 27

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 28: task_028

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 28

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 29: task_029

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 29

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 30: task_030

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 30

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 31: task_031

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 31

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 32: task_032

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 32

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 33: task_033

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 33

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 34: task_034

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 34

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 35: task_035

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 35

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 36: task_036

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 36

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 37: task_037

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 37

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 38: task_038

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 38

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 39: task_039

Provider: AD FS Tracing
Channel: Debug
Also via: realtime ETW trace
Level: Informational

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Example Event #

{
  "system": {
    "provider": "AD FS Tracing",
    "guid": "{0457A490-4D4D-4A5B-B639-35382F1B6709}",
    "event_source_name": "",
    "event_id": 39,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": "0x0000000000000080",
    "time_created": "2026-06-02T05:04:51.525+00:00",
    "event_record_id": 0,
    "correlation": {},
    "execution": {
      "process_id": 3316,
      "thread_id": 11880
    },
    "channel": "ETW Trace",
    "computer": "JD-DC01-2022",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "genericString": "Adding the following certificates to the AdfsTrustedDevices certificate store:\n"
  },
  "message": ""
}

Event ID 39

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 40: task_040

Provider: AD FS Tracing
Channel: Debug
Also via: realtime ETW trace
Level: Verbose

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Example Event #

{
  "system": {
    "provider": "AD FS Tracing",
    "guid": "{0457A490-4D4D-4A5B-B639-35382F1B6709}",
    "event_source_name": "",
    "event_id": 40,
    "version": 0,
    "level": 5,
    "task": 0,
    "opcode": 0,
    "keywords": "0x0000000000000080",
    "time_created": "2026-06-02T05:04:51.261+00:00",
    "event_record_id": 0,
    "correlation": {},
    "execution": {
      "process_id": 3316,
      "thread_id": 11880
    },
    "channel": "ETW Trace",
    "computer": "JD-DC01-2022",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "genericString": "DeviceRegistrationCertificateUpdateBackgroundTask started."
  },
  "message": ""
}

Event ID 40

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 41: task_041

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 41

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 42: task_042

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 42

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 43: task_043

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 43

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 44: task_044

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 44

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 45: task_045

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 45

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 46: task_046

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 46

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 47: task_047

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 47

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 48: task_048

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 48

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 49: task_049

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 49

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 50: task_050

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 50

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 51: task_051

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 51

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 52: task_052

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 52

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 53: task_053

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 53

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 54: task_054

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 54

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 55: task_055

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 55

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 56: task_056

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 56

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 57: task_057

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 57

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 58: task_058

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 58

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 59: task_059

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 59

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 60: task_060

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 60

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 61: task_061

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 61

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 62: task_062

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 62

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 63: task_063

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 63

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 64: task_064

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 64

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 65: task_065

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 65

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 66: task_066

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 66

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 67: task_067

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 67

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 68: task_068

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 68

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 69: task_069

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 69

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 70: task_070

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 70

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 71: task_071

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 71

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 72: task_072

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 72

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 73: task_073

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 73

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 74: task_074

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 74

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 75: task_075

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 75

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 76: task_076

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 76

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 77: task_077

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 77

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 78: task_078

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 78

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 79: task_079

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 79

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 80: task_080

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 80

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 81: task_081

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 81

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 82: task_082

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 82

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 83: task_083

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 83

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 84: task_084

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 84

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 85: task_085

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 85

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 86: task_086

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 86

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 87: task_087

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 87

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 88: task_088

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 88

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 89: task_089

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 89

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 90: task_090

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 90

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 91: task_091

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 91

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 92: task_092

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 92

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 93: task_093

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 93

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 94: task_094

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 94

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 95: task_095

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 95

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 96: task_096

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 96

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 97: task_097

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 97

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 98: task_098

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 98

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 99: task_099

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 99

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 100: task_0100

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 100

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 101: task_0101

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 101

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 102: task_0102

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 102

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 103: task_0103

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 103

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 104: task_0104

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 104

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 105: task_0105

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 105

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 106: task_0106

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 106

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 107: task_0107

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 107

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 108: task_0108

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 108

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 109: task_0109

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 109

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 110: task_0110

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 110

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 111: Began processing Rule.

Provider: AD FS Tracing
Channel: Debug
Also via: realtime ETW trace
Level: Verbose

Description

Began processing Rule.

Message #

Began processing Rule:
%1

Fields #

Name	Description
`rule` UnicodeString

Example Event #

{
  "system": {
    "provider": "AD FS Tracing",
    "guid": "{0457A490-4D4D-4A5B-B639-35382F1B6709}",
    "event_source_name": "",
    "event_id": 111,
    "version": 0,
    "level": 5,
    "task": 0,
    "opcode": 0,
    "keywords": "0x0000000000000008",
    "time_created": "2026-06-02T05:04:51.267+00:00",
    "event_record_id": 0,
    "correlation": {},
    "execution": {
      "process_id": 3316,
      "thread_id": 17332
    },
    "channel": "ETW Trace",
    "computer": "JD-DC01-2022",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "rule": "@RuleName = \"Permit Service Account\"\r\nexists([Type == \"http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid\", Value == \"S-1-5-21-1006758700-2167138679-1475694448-1309\"])\r\n => issue(Type = \"http://schemas.microsoft.com/authorization/claims/permit\", Value = \"true\");\r\n"
  },
  "message": ""
}

Event ID 111: Began processing Rule:

Provider: AD FS Tracing
Channel: Unknown

Description

Began processing Rule.

Fields #

Name	Description
`rule` UnicodeString

Event ID 112: Finished processing rule

Provider: AD FS Tracing
Channel: Debug
Level: Verbose

Description

Finished processing rule.

Message #

Finished processing rule

Example Event #

{
  "system": {
    "provider": "AD FS Tracing",
    "guid": "{0457A490-4D4D-4A5B-B639-35382F1B6709}",
    "event_source_name": "",
    "event_id": 112,
    "version": 0,
    "level": 5,
    "task": 0,
    "opcode": 0,
    "keywords": "0x0000000000000008",
    "time_created": "2026-06-02T05:04:51.267+00:00",
    "event_record_id": 0,
    "correlation": {},
    "execution": {
      "process_id": 3316,
      "thread_id": 17332
    },
    "channel": "ETW Trace",
    "computer": "JD-DC01-2022",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {},
  "message": ""
}

Event ID 112: Finished processing rule

Provider: AD FS Tracing
Channel: Unknown

Description

Finished processing rule.

Event ID 113: task_0113

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 113

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 114: task_0114

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 114

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 115: task_0115

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 115

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 116: task_0116

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 116

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 117: task_0117

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 117

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 118: task_0118

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 118

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 119: task_0119

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 119

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 120: task_0120

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 120

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 121: task_0121

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 121

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 122: task_0122

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 122

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 123: task_0123

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 123

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 124: task_0124

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 124

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 125: task_0125

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 125

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 126: task_0126

Provider: AD FS Tracing
Channel: Debug
Also via: realtime ETW trace
Level: Informational

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Example Event #

{
  "system": {
    "provider": "AD FS Tracing",
    "guid": "{0457A490-4D4D-4A5B-B639-35382F1B6709}",
    "event_source_name": "",
    "event_id": 126,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": "0x0000000001000000",
    "time_created": "2026-06-02T05:04:51.299+00:00",
    "event_record_id": 0,
    "correlation": {},
    "execution": {
      "process_id": 3316,
      "thread_id": 1140
    },
    "channel": "ETW Trace",
    "computer": "JD-DC01-2022",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "genericString": "Synchronization machine Role : PrimaryComputer"
  },
  "message": ""
}

Event ID 126

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 127: task_0127

Provider: AD FS Tracing
Channel: Debug
Also via: realtime ETW trace
Level: Verbose

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Example Event #

{
  "system": {
    "provider": "AD FS Tracing",
    "guid": "{0457A490-4D4D-4A5B-B639-35382F1B6709}",
    "event_source_name": "",
    "event_id": 127,
    "version": 0,
    "level": 5,
    "task": 0,
    "opcode": 0,
    "keywords": "0x0000000001000000",
    "time_created": "2026-06-02T05:04:51.261+00:00",
    "event_record_id": 0,
    "correlation": {},
    "execution": {
      "process_id": 3316,
      "thread_id": 1140
    },
    "channel": "ETW Trace",
    "computer": "JD-DC01-2022",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "genericString": "calling sync on sync admin manager"
  },
  "message": ""
}

Event ID 127

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 128: Output claims included in details

Provider: AD FS Tracing
Channel: Debug
Also via: realtime ETW trace
Level: Verbose

Description

Output claims included in details.

Message #

Output claims included in details

Fields #

Name	Description
`claims` UnicodeString

Example Event #

{
  "system": {
    "provider": "AD FS Tracing",
    "guid": "{0457A490-4D4D-4A5B-B639-35382F1B6709}",
    "event_source_name": "",
    "event_id": 128,
    "version": 0,
    "level": 5,
    "task": 0,
    "opcode": 0,
    "keywords": "0x0000000000000008",
    "time_created": "2026-06-02T05:04:51.267+00:00",
    "event_record_id": 0,
    "correlation": {},
    "execution": {
      "process_id": 3316,
      "thread_id": 17332
    },
    "channel": "ETW Trace",
    "computer": "JD-DC01-2022",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "claims": "ClaimType\thttp://schemas.microsoft.com/authorization/claims/permit\tValue\ttrue\tValueType\thttp://www.w3.org/2001/XMLSchema#string\tIssuer\tLOCAL AUTHORITY\tOriginalIssuer\tLOCAL AUTHORITY\r\n\r\n"
  },
  "message": ""
}

Event ID 128: Output claims included in details

Provider: AD FS Tracing
Channel: Unknown

Description

Output claims included in details.

Fields #

Name	Description
`claims` UnicodeString

Event ID 129: Began processing policy for target: target.

Provider: AD FS Tracing
Channel: Debug

Description

Began processing policy for target: target.

Message #

Began processing policy for target: %2
Request AppliesTo: %1
Using ActAs: %3
Using OnBehalfOf: %4

Fields #

Name	Description
`appliesTo` UnicodeString
`target` UnicodeString
`actAs` Boolean
`obo` Boolean

Event ID 129: Began processing policy for target:

Provider: AD FS Tracing
Channel: Unknown

Description

Began processing policy for target.

Fields #

Name	Description
`appliesTo` UnicodeString
`target` UnicodeString
`actAs` Boolean
`obo` Boolean

Event ID 130: Finished processing policy

Provider: AD FS Tracing
Channel: Debug

Description

Finished processing policy.

Message #

Finished processing policy

Event ID 130: Finished processing policy

Provider: AD FS Tracing
Channel: Unknown

Description

Finished processing policy.

Event ID 131: Began processing authorization policy.

Provider: AD FS Tracing
Channel: Debug

Description

Began processing authorization policy.

Message #

Began processing authorization policy
PolicyType: %1
PolicyData:
%2

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString

Event ID 131: Began processing authorization policy

Provider: AD FS Tracing
Channel: Unknown

Description

Began processing authorization policy.

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString

Event ID 132: Input claims included in details

Provider: AD FS Tracing
Channel: Debug

Description

Input claims included in details.

Message #

Input claims included in details

Fields #

Name	Description
`claims` UnicodeString

Event ID 132: Input claims included in details

Provider: AD FS Tracing
Channel: Unknown

Description

Input claims included in details.

Fields #

Name	Description
`claims` UnicodeString

Event ID 133: Authorization policy access check returned: checkAccessResult.

Provider: AD FS Tracing
Channel: Debug

Description

Authorization policy access check returned: checkAccessResult.

Message #

Authorization policy access check returned: %1

Fields #

Name	Description
`checkAccessResult` Boolean

Event ID 133: Authorization policy access check returned:

Provider: AD FS Tracing
Channel: Unknown

Description

Authorization policy access check returned.

Fields #

Name	Description
`checkAccessResult` Boolean

Event ID 134: Finished processing authorization policy

Provider: AD FS Tracing
Channel: Debug

Description

Finished processing authorization policy.

Message #

Finished processing authorization policy

Event ID 134: Finished processing authorization policy

Provider: AD FS Tracing
Channel: Unknown

Description

Finished processing authorization policy.

Event ID 135: Begin processing ActAs authorization policy.

Provider: AD FS Tracing
Channel: Debug

Description

Begin processing ActAs authorization policy.

Message #

Begin processing ActAs authorization policy
PolicyType: %1
PolicyData:
%2

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString

Event ID 135: Begin processing ActAs authorization policy

Provider: AD FS Tracing
Channel: Unknown

Description

Begin processing ActAs authorization policy.

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString

Event ID 136: Finished processing ActAs authorization policy

Provider: AD FS Tracing
Channel: Debug

Description

Finished processing ActAs authorization policy.

Message #

Finished processing ActAs authorization policy

Event ID 136: Finished processing ActAs authorization policy

Provider: AD FS Tracing
Channel: Unknown

Description

Finished processing ActAs authorization policy.

Event ID 137: Began processing OnBehalfOf authorization policy.

Provider: AD FS Tracing
Channel: Debug

Description

Began processing OnBehalfOf authorization policy.

Message #

Began processing OnBehalfOf authorization policy
PolicyType: %1
PolicyData:
%2

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString

Event ID 137: Began processing OnBehalfOf authorization policy

Provider: AD FS Tracing
Channel: Unknown

Description

Began processing OnBehalfOf authorization policy.

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString

Event ID 138: Finished processing OnBehalfOf authorization policy

Provider: AD FS Tracing
Channel: Debug

Description

Finished processing OnBehalfOf authorization policy.

Message #

Finished processing OnBehalfOf authorization policy

Event ID 138: Finished processing OnBehalfOf authorization policy

Provider: AD FS Tracing
Channel: Unknown

Description

Finished processing OnBehalfOf authorization policy.

Event ID 139: Input claims included in details

Provider: AD FS Tracing
Channel: Debug

Description

Input claims included in details.

Message #

Input claims included in details

Fields #

Name	Description
`claims` UnicodeString

Event ID 139: Input claims included in details

Provider: AD FS Tracing
Channel: Unknown

Description

Input claims included in details.

Fields #

Name	Description
`claims` UnicodeString

Event ID 140: Output claims included in details

Provider: AD FS Tracing
Channel: Debug

Description

Output claims included in details.

Message #

Output claims included in details

Fields #

Name	Description
`claims` UnicodeString

Event ID 140: Output claims included in details

Provider: AD FS Tracing
Channel: Unknown

Description

Output claims included in details.

Fields #

Name	Description
`claims` UnicodeString

Event ID 141: Began processing IdP issuance policy for caller identity.

Provider: AD FS Tracing
Channel: Debug

Description

Began processing IdP issuance policy for caller identity.

Message #

Began processing IdP issuance policy for caller identity
PolicySelector: %3
PolicyType: %1
PolicyData:
%2

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString
`policySelector` UnicodeString

Event ID 141: Began processing IdP issuance policy for caller identity

Provider: AD FS Tracing
Channel: Unknown

Description

Began processing IdP issuance policy for caller identity.

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString
`policySelector` UnicodeString

Event ID 142: Finished processing IdP issuance policy for caller identity

Provider: AD FS Tracing
Channel: Debug

Description

Finished processing IdP issuance policy for caller identity.

Message #

Finished processing IdP issuance policy for caller identity

Event ID 142: Finished processing IdP issuance policy for caller identity

Provider: AD FS Tracing
Channel: Unknown

Description

Finished processing IdP issuance policy for caller identity.

Event ID 143: Began processing RP issuance policy for effective caller identity.

Provider: AD FS Tracing
Channel: Debug

Description

Began processing RP issuance policy for effective caller identity.

Message #

Began processing RP issuance policy for effective caller identity
PolicySelector: %3
PolicyType: %1
PolicyData:
%2

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString
`policySelector` UnicodeString

Event ID 143: Began processing RP issuance policy for effective caller identity

Provider: AD FS Tracing
Channel: Unknown

Description

Began processing RP issuance policy for effective caller identity.

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString
`policySelector` UnicodeString

Event ID 144: Finished processing RP issuance policy for effective caller identity

Provider: AD FS Tracing
Channel: Debug

Description

Finished processing RP issuance policy for effective caller identity.

Message #

Finished processing RP issuance policy for effective caller identity

Event ID 144: Finished processing RP issuance policy for effective caller identity

Provider: AD FS Tracing
Channel: Unknown

Description

Finished processing RP issuance policy for effective caller identity.

Event ID 145: Began processing IdP issuance policy for ActAs identity.

Provider: AD FS Tracing
Channel: Debug

Description

Began processing IdP issuance policy for ActAs identity.

Message #

Began processing IdP issuance policy for ActAs identity
PolicySelector: %3
PolicyType: %1
PolicyData:
%2

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString
`policySelector` UnicodeString

Event ID 145: Began processing IdP issuance policy for ActAs identity

Provider: AD FS Tracing
Channel: Unknown

Description

Began processing IdP issuance policy for ActAs identity.

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString
`policySelector` UnicodeString

Event ID 146: Finished processing IdP issuance policy for ActAs identity

Provider: AD FS Tracing
Channel: Debug

Description

Finished processing IdP issuance policy for ActAs identity.

Message #

Finished processing IdP issuance policy for ActAs identity

Event ID 146: Finished processing IdP issuance policy for ActAs identity

Provider: AD FS Tracing
Channel: Unknown

Description

Finished processing IdP issuance policy for ActAs identity.

Event ID 147: Began processing RP issuance policy for ActAs identity.

Provider: AD FS Tracing
Channel: Debug

Description

Began processing RP issuance policy for ActAs identity.

Message #

Began processing RP issuance policy for ActAs identity
PolicySelector: %3
PolicyType: %1
PolicyData:
%2

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString
`policySelector` UnicodeString

Event ID 147: Began processing RP issuance policy for ActAs identity

Provider: AD FS Tracing
Channel: Unknown

Description

Began processing RP issuance policy for ActAs identity.

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString
`policySelector` UnicodeString

Event ID 148: Finished processing RP issuance policy for ActAs identity

Provider: AD FS Tracing
Channel: Debug

Description

Finished processing RP issuance policy for ActAs identity.

Message #

Finished processing RP issuance policy for ActAs identity

Event ID 148: Finished processing RP issuance policy for ActAs identity

Provider: AD FS Tracing
Channel: Unknown

Description

Finished processing RP issuance policy for ActAs identity.

Event ID 149: Began processing IdP issuance policy for OnBehalfOf identity.

Provider: AD FS Tracing
Channel: Debug

Description

Began processing IdP issuance policy for OnBehalfOf identity.

Message #

Began processing IdP issuance policy for OnBehalfOf identity
PolicySelector: %3
PolicyType: %1
PolicyData:
%2

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString
`policySelector` UnicodeString

Event ID 149: Began processing IdP issuance policy for OnBehalfOf identity

Provider: AD FS Tracing
Channel: Unknown

Description

Began processing IdP issuance policy for OnBehalfOf identity.

Fields #

Name	Description
`policyType` UnicodeString
`policyData` UnicodeString
`policySelector` UnicodeString

Event ID 150: Finished processing IdP issuance policy for OnBehalfOf identity

Provider: AD FS Tracing
Channel: Debug

Description

Finished processing IdP issuance policy for OnBehalfOf identity.

Message #

Finished processing IdP issuance policy for OnBehalfOf identity

Event ID 150: Finished processing IdP issuance policy for OnBehalfOf identity

Provider: AD FS Tracing
Channel: Unknown

Description

Finished processing IdP issuance policy for OnBehalfOf identity.

Event ID 151: Evaluation context claims included in details

Provider: AD FS Tracing
Channel: Debug
Also via: realtime ETW trace
Level: Verbose

Description

Evaluation context claims included in details.

Message #

Evaluation context claims included in details

Fields #

Name	Description
`claims` UnicodeString

Example Event #

{
  "system": {
    "provider": "AD FS Tracing",
    "guid": "{0457A490-4D4D-4A5B-B639-35382F1B6709}",
    "event_source_name": "",
    "event_id": 151,
    "version": 0,
    "level": 5,
    "task": 0,
    "opcode": 0,
    "keywords": "0x0000000000000008",
    "time_created": "2026-06-02T05:04:51.267+00:00",
    "event_record_id": 0,
    "correlation": {},
    "execution": {
      "process_id": 3316,
      "thread_id": 17332
    },
    "channel": "ETW Trace",
    "computer": "JD-DC01-2022",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "claims": "ClaimType\thttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\tValue\tludus\\svc_adfs\tValueType\thttp://www.w3.org/2001/XMLSchema#string\tIssuer\tAD AUTHORITY\tOriginalIssuer\tAD AUTHORITY\r\n\r\nClaimType\thttp://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid\tValue\tS-1-5-21-1006758700-2167138679-1475694448-1309\tValueType\thttp://www.w3.org/2001/XMLSchema#string\tIssuer\tAD AUTHORITY\tOriginalIssuer\tAD AUTHORITY\r\n\r\nClaimType\thttp://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid\tValue\tS-1-5-21-1006758700-2167138679-1475694448-513\tValueType\thttp://www.w3.org/2001/XMLSchema#string\tIssuer\tAD AUTHORITY\tOriginalIssuer\tAD AUTHORITY\r\n\r\nClaimType\thttp://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid\tValue\tS-1-5-21-1006758700-2167138679-1475694448-513\tValueType\thttp://www.w3.org/2001/XMLSchema#string\tIssuer\tAD AUTHORITY\tOriginalIssuer\tAD AUTHORITY\r\n\r\n\tValue\tS-1-1-0\r\n\r\n\tValue\tS-1-5-32-545\r\n\r\n\tValue\tS-1-5-32-554\r\n\r\n\tValue\tS-1-5-32-574\r\n\r\n\tValue\tS-1-5-6\r\n\r\n\tValue\tS-1-2-1\r\n\r\n\tValue\tS-1-5-11\r\n\r\n\tValue\tS-1-5-15\r\n\r\n\tValue\tS-1-5-80-2246541699-21809830-3603976364-117610243-975697593\r\n\r\n\tValue\tS-1-2-0\r\n\r\n\tValue\tS-1-18-1\r\n\r\nClaimType\thttp://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod\tValue\thttp://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/windows\tValueType\thttp://www.w3.org/2001/XMLSchema#string\tIssuer\tLOCAL AUTHORITY\tOriginalIssuer\tLOCAL AUTHORITY\r\n\r\nClaimType\thttp://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant\tValue\t2026-06-02T05:04:51.262Z\tValueType\thttp://www.w3.org/2001/XMLSchema#dateTime\tIssuer\tAD AUTHORITY\tOriginalIssuer\tAD AUTHORITY\r\n\r\nClaimType\thttp://schemas.microsoft.com/authorization/claims/permit\tValue\ttrue\tValueType\thttp://www.w3.org/2001/XMLSchema#string\tIssuer\tLOCAL AUTHORITY\tOriginalIssuer\tLOCAL AUTHORITY\r\n\r\n"
  },
  "message": ""
}

Event ID 151: Evaluation context claims included in details

Provider: AD FS Tracing
Channel: Unknown

Description

Evaluation context claims included in details.

Fields #

Name	Description
`claims` UnicodeString

Event ID 152: task_0152

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 152

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 153: task_0153

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 153

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 154: task_0154

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 154

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 155: task_0155

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 155

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 156: task_0156

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 156

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 157: task_0157

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 157

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 158: task_0158

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 158

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 159: task_0159

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 159

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 160: task_0160

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 160

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 161: task_0161

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 161

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 162: task_0162

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 162

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 163: task_0163

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 163

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 164: task_0164

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 164

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 165: task_0165

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 165

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 166: task_0166

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 166

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 167: task_0167

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 167

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 168: task_0168

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 168

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 169: task_0169

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 169

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 170: task_0170

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 170

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 171: task_0171

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 171

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 172: task_0172

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 172

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 173: task_0173

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 173

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 174: task_0174

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 174

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 175: task_0175

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 175

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 176: task_0176

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 176

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 177: task_0177

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 177

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 178: task_0178

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 178

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 179: task_0179

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 179

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 180: task_0180

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 180

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 181: task_0181

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 181

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 182: task_0182

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 182

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 183: task_0183

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 183

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 184: task_0184

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 184

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 185: task_0185

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 185

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 186: task_0186

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 186

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 187: task_0187

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 187

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 188: task_0188

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 188

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 189: task_0189

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 189

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 190: task_0190

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 190

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 191: task_0191

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 191

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 192: task_0192

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 192

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 193: task_0193

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 193

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 194: task_0194

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 194

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 195: task_0195

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 195

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 196: task_0196

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 196

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 197: task_0197

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 197

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 198: task_0198

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 198

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 199: task_0199

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 199

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 200: task_0200

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 200

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 201: task_0201

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 201

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 202: task_0202

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 202

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 203: task_0203

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 203

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 204: task_0204

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 204

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 205: task_0205

Provider: AD FS Tracing
Channel: Debug
Also via: realtime ETW trace
Level: Informational

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Example Event #

{
  "system": {
    "provider": "AD FS Tracing",
    "guid": "{0457A490-4D4D-4A5B-B639-35382F1B6709}",
    "event_source_name": "",
    "event_id": 205,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": "0x0000000400000000",
    "time_created": "2026-06-02T05:04:51.411+00:00",
    "event_record_id": 0,
    "correlation": {},
    "execution": {
      "process_id": 3316,
      "thread_id": 12844
    },
    "channel": "ETW Trace",
    "computer": "JD-DC01-2022",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "genericString": "Heard heartbeat for JD-DC01-2022.ludus.domain, MaxBehaviorLevel = Max, nodeType = PrimaryComputer, "
  },
  "message": ""
}

Event ID 205

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 206: task_0206

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 206

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 207: task_0207

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 207

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 208: task_0208

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 208

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 209: task_0209

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 209

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 210: task_0210

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 210

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 211: task_0211

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 211

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 212: task_0212

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 212

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 213: task_0213

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 213

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 214: task_0214

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 214

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 215: task_0215

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 215

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 216: task_0216

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 216

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 217: task_0217

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 217

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 218: task_0218

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 218

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 219: task_0219

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 219

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 220: task_0220

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 220

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 221: task_0221

Provider: AD FS Tracing
Channel: Debug

Message #

%1

Fields #

Name	Description
`genericString` UnicodeString

Event ID 221

Provider: AD FS Tracing
Channel: Unknown

Fields #

Name	Description
`genericString` UnicodeString

Event ID 995: Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data.

Provider: AD FS Tracing
Channel: Debug

Description

Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data.

Message #

Data in the original trace event '%1' is logged individually in this event to prevent potential loss of data.
Original Event : %1
 Original data index: %2
 Original data page index: %3
 See details for data value

Fields #

Name	Description
`originalEvent` UnicodeString
`originalDataIndex` UInt32
`originalDataPageIndex` UInt32
`originalData` UnicodeString

Event ID 995: Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data

Provider: AD FS Tracing
Channel: Unknown

Description

Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data.

Fields #

Name	Description
`originalEvent` UnicodeString
`originalDataIndex` UInt32
`originalDataPageIndex` UInt32
`originalData` UnicodeString

Event ID 996: Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data.

Provider: AD FS Tracing
Channel: Debug

Description

Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data.

Message #

Data in the original trace event '%1' is logged individually in this event to prevent potential loss of data.
Original Event : %1
 Original data index: %2
 Original data page index: %3
 See details for data value

Fields #

Name	Description
`originalEvent` UnicodeString
`originalDataIndex` UInt32
`originalDataPageIndex` UInt32
`originalData` UnicodeString

Event ID 996: Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data

Provider: AD FS Tracing
Channel: Unknown

Description

Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data.

Fields #

Name	Description
`originalEvent` UnicodeString
`originalDataIndex` UInt32
`originalDataPageIndex` UInt32
`originalData` UnicodeString

Event ID 997: Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data.

Provider: AD FS Tracing
Channel: Debug

Description

Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data.

Message #

Data in the original trace event '%1' is logged individually in this event to prevent potential loss of data.
Original Event : %1
 Original data index: %2
 Original data page index: %3
 See details for data value

Fields #

Name	Description
`originalEvent` UnicodeString
`originalDataIndex` UInt32
`originalDataPageIndex` UInt32
`originalData` UnicodeString

Event ID 997: Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data

Provider: AD FS Tracing
Channel: Unknown

Description

Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data.

Fields #

Name	Description
`originalEvent` UnicodeString
`originalDataIndex` UInt32
`originalDataPageIndex` UInt32
`originalData` UnicodeString

Event ID 998: Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data.

Provider: AD FS Tracing
Channel: Debug

Description

Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data.

Message #

Data in the original trace event '%1' is logged individually in this event to prevent potential loss of data.
Original Event : %1
 Original data index: %2
 Original data page index: %3
 See details for data value

Fields #

Name	Description
`originalEvent` UnicodeString
`originalDataIndex` UInt32
`originalDataPageIndex` UInt32
`originalData` UnicodeString

Event ID 998: Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data

Provider: AD FS Tracing
Channel: Unknown

Description

Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data.

Fields #

Name	Description
`originalEvent` UnicodeString
`originalDataIndex` UInt32
`originalDataPageIndex` UInt32
`originalData` UnicodeString

Event ID 999: Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data.

Provider: AD FS Tracing
Channel: Debug

Description

Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data.

Message #

Data in the original trace event '%1' is logged individually in this event to prevent potential loss of data.
Original Event : %1
 Original data index: %2
 Original data page index: %3
 See details for data value

Fields #

Name	Description
`originalEvent` UnicodeString
`originalDataIndex` UInt32
`originalDataPageIndex` UInt32
`originalData` UnicodeString

Event ID 999: Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data

Provider: AD FS Tracing
Channel: Unknown

Description

Data in the original trace event 'originalEvent' is logged individually in this event to prevent potential loss of data.

Fields #

Name	Description
`originalEvent` UnicodeString
`originalDataIndex` UInt32
`originalDataPageIndex` UInt32
`originalData` UnicodeString

Event ID 1000: Input claims of calling principal included in details

Provider: AD FS Tracing
Channel: Debug

Description

Input claims of calling principal included in details.

Message #

Input claims of calling principal included in details

Fields #

Name	Description
`claims` UnicodeString

Event ID 1000: Input claims of calling principal included in details

Provider: AD FS Tracing
Channel: Unknown

Description

Input claims of calling principal included in details.

Fields #

Name	Description
`claims` UnicodeString

Event ID 1001: Input claims of OBO principal included in details

Provider: AD FS Tracing
Channel: Debug

Description

Input claims of OBO principal included in details.

Message #

Input claims of OBO principal included in details

Fields #

Name	Description
`claims` UnicodeString

Event ID 1001: Input claims of OBO principal included in details

Provider: AD FS Tracing
Channel: Unknown

Description

Input claims of OBO principal included in details.

Fields #

Name	Description
`claims` UnicodeString

Event ID 1002: Input claims of ActAs principal included in details

Provider: AD FS Tracing
Channel: Debug

Description

Input claims of ActAs principal included in details.

Message #

Input claims of ActAs principal included in details

Fields #

Name	Description
`claims` UnicodeString

Event ID 1002: Input claims of ActAs principal included in details

Provider: AD FS Tracing
Channel: Unknown

Description

Input claims of ActAs principal included in details.

Fields #

Name	Description
`claims` UnicodeString

Provenance

Where this provider's schema came from, and which Windows build it was observed on. Windows can change a provider's event schema between builds, so use this to judge whether it matches the build you collect from.

ETW provider GUID {0457A490-4D4D-4A5B-B639-35382F1B6709}

Defined in Microsoft.IdentityServer.NativeResources.dll, which carries the event manifest.

Observed on:

WS2022-20348.4893, sample captured from a live trace, binary version 5.00, captured 2026-06-02
WS2022-20348.4893, schema read from the registered manifest, binary version 5.00, captured 2026-06-02

`j` / `k`	Scroll down / up
`d` / `u`	Half-page down / up
`gg` / `G`	Top / bottom
`h` / `l`	History back / forward
`f`	Follow link (`Shift` = new tab)
`/`	Focus search
`?`	Toggle this help
`↑` / `↓`	Navigate search results
`Enter`	Open highlighted result
`Esc`	Close results / dialog

`type:`	`events` / `rules` / `providers`
`vendor:`	`sigma` / `elastic` / `splunk` / `kusto` / `chronicle` (vendor name alone also works: `sigma:`, `kql:`, `secops:`…)
`tactic:`	TA-id, slug, or name: `credential_access`, `TA0006`
`technique:`	technique or sub-technique ID: `T1003`, `T1003.001` (alias `tech:`)
`severity:`	`critical` / `high` / `medium` / `low` / `informational` (alias `sev:`)
`risk_score`	Numeric comparison on the Elastic risk score (0 to 100): `risk_score>50`, `risk_score<=20`, `risk_score=99` (alias `risk`; Elastic rules only)
`stages:`	Rules with exactly N pipeline stages
`correlation:`	`single_event` / `sequence` / `alternatives` / `alternatives_cross_log` / `all_required` / `correlated`
`with:`	Co-occurrence event-id; stacks (`with:4624 with:4769`) to require all, while a comma list in one occurrence (`with:4624,4769`) is an either-or group. Implies multi-event
`like:`	Structural neighbors of a rule slug (equivalents + subsumption stricter / broader): `like:comsvcs_lsass_memory_dump-splunk-sysmon`
`groupby:`	Entity-grouping substring match against `group_by_keys`: `groupby:user`, `groupby:host`
`uses:`	Rules whose predicate tree touches the field (any kind, any value): `uses:CommandLine`
`excludes:`	Rules with top-level `not()` clauses on the field (FP whitelists): `excludes:ParentImage`
`field:` / `value:`	Predicate search; narrows rule cards to those with a matching leaf and drives the indicator tier. Unquoted = substring, wildcards allowed (`value:mimikatz`)
`indicator:`	Shorthand for `field:F value:V`: `indicator:Image=*\powershell.exe`
`kind:`	Filter by predicate kind. Narrows rule cards to those carrying a matching predicate leaf (`vendor:elastic kind:cidr_match`) and drives the indicator tier: `contains` / `starts_with` / `ends_with` / `regex` / `cidr` / `eq` / `in` … (operator aliases `op:`/`match:`)
`has:` / `no:`	`sample`, `field`, `notes`, `refs`, `trace`, `thirdparty`, `rule`, `pattern`, `timewindow`, `threshold`, `newterms`, `sigma`/`elastic`/`splunk`/`kusto`/`chronicle`
`-op:val`	Exclude matches; works on most operators but not `type:`/`like:`/`has:`/`no:` (use `no:<flag>` to exclude a rule flag): `tactic:execution -vendor:splunk`. Standalone `-kind:`/`-field:`/`-value:` drop every rule carrying a matching predicate leaf (`type:rules -kind:is_null`)
`field:"…"` / `value:"…"`	Quoted value = anchored exact match (also allows spaces): `value:"net user"`
`a,b`	Comma = OR inside one operator (`vendor:sigma,elastic`, `severity:high,critical`); repeating a facet merges the same way. `field:`/`value:` never split (literal commas)
`vendors:` / `stage:`	Singular and plural spellings fold to the canonical operator and value: `tactics:` = `tactic:`, `type:event` = `type:events`, `correlation:sequences` = `correlation:sequence`, `has:thresholds` = `has:threshold`
`"quoted phrase"`	Exact-match a multi-word phrase (free text)