Udostępnij za pośrednictwem


How to view SOAP XML messages to and from AD Webservices and Powershell

I am sure many of us are curious to see the XML messages communicated between the AD Powershell webservices client and a Windows server hosting AD Webservices whenever a powershell cmdlet gets executed. In this blog, I am providing information to view those messages by enabling Windows Communication Foundation (WCF) logging through ADWS configuration. For more in general on WCF configuring message logging, please see: https://msdn.microsoft.com/en-us/library/ms730064.aspx

1) Stop Active Directory Web services by typing “net stop adws” on a command prompt.

2) Save a copy of the original %systemroot%\windows\adws\Microsoft.ActiveDirectory.WebServices.exe.config file.

3) Now open the file %systemroot%\windows\adws\Microsoft.ActiveDirectory.WebServices.exe.config for editing.

4) Copy and paste the following lines after </appSettings> tag in the file above:

 

    <system.diagnostics>
      <sources>
        <source name="System.ServiceModel.MessageLogging">
          <listeners>
                   <add name="messages"
                   type="System.Diagnostics.XmlWriterTraceListener"
                   initializeData="c:\messages.svclog" />   <!-- Provide your desired path for log file here -->   
          </listeners>
       </source>
     </sources>
  </system.diagnostics> 

And the following lines just under <system.serviceModel> tag:

 

    <diagnostics>
     <messageLogging 
          logEntireMessage="true" 
          logMalformedMessages="true"
          logMessagesAtServiceLevel="true" 
          logMessagesAtTransportLevel="true"/>
    </diagnostics>

5)  Save and close the config file.

6)  Start the service using “net start adws” and make sure configuration file got loaded successfully by checking the ADWS event log ID 1100  “The configuration file for Active Directory Web Services has been loaded without errors.”

7) Open Active Directory Module for Windows Powershell and run any AD cmdlet.

8) Note that a file called c:\message.svclog got created which contains all the XML messages!

Message.svclog contains a sequence of XML fragments and is not a valid XML file. It is recommended that you use the Service Trace Viewer Tool (SvcTraceViewer.exe) to view the message log files in a more formatted manner. For more information on how to use this tool, see Using Service Trace Viewer for Viewing Correlated Traces and Troubleshooting.

For e.g. below is a Get-Transfer root dse request from AD powershell to ADWS:

clip_image002

And the Get-transfer response to the above request from ADWS:

clip_image002[4]

This mechanism of logging messages comes very handy while debugging errors and exceptions. It is also useful to see the exact message sent to/from the ADWS in raw form, for ex: by looking at the request XML sent by Get-ADObject one can find out how Advanced Filters are converted to ldap filters. By setting appropriate message logging options it is possible to view malformed messages and faults. One can also view XML messages communication between Active Directory Administrative Center and ADWS through such logging. 

Enjoy!

Swasti Mishra

Developer – Active Directory Web Services team

Comments

  • Anonymous
    June 23, 2014
    Dear Swasti,It was mind blowing information you have shared. its realy great .But i would like to know is there any tool available to test this ADWS. i have downloaded this WSDL in my client machine . now i would like to know which methods to be call for retrieving employee details and phone number ..etc. So i am looking for a tool or code which will help me to post request to ADWS and provide me the responses from ADWS.Kindly suggest and advice.Regards,Anish Krishnan