System Center Management Pack for Active Directory Federation Services


 

This Management Pack is used to monitor Active Directory Federation Services running on Windows Server 2016

Note:There are multiple files available for this download.Once you click on the “Download” button, you will be prompted to select the files you need.

image

    The Active Directory Federation Services (AD FS) Management Pack provides both proactive and reactive monitoring of your AD FS deployment for both the federation server and the federation server proxy roles. The management pack monitors events that the AD FS Windows service records in the AD FS event logs, and it monitors the performance data that the AD FS performance counters collect. It also monitors the overall health of the AD FS system and the federation passive application, and it provides alerts for critical issues and warning issues. This management pack includes monitoring of the following core components: token issuance, token acceptance, artifact service, Web sites, trust management, certificate rollover, and Windows Internal Database synchronization. For example, the AD FS Management Pack monitors the following: • Events that indicate service outages and operational errors or warnings • Alerts that indicate configuration issues and background tasks failures or warnings • Whether auditing is occurring successfully • Communication between the federation server and the federation server proxy • Notification of malformed access requests • Web site availability • The health of the Secure Sockets Layer (SSL) certificate of the federation passive Web site in Internet Information Services (IIS) (located at <ComputerName>\Sites\Default Web Site\adfs\ls).

  • System Requirements

    Supported Operating System

    Windows Server 2016

      This Management Pack requires System Center Operations Manager 2012 or newer.
  • Install Instructions
      See the MP Guide for detailed instructions.

      image

      Some things in the Management Pack Guide

       

      Introduction to the AD FS Management Pack

      The Active Directory Federation Services (AD FS) Management Pack provides both proactive and reactive monitoring of your AD FS deployment for both the federation server and the federation server proxy roles. The management pack monitors events that the AD FS Windows service records in the AD FS event logs, and it monitors the performance data that the AD FS performance counters collect. It also monitors the overall health of the AD FS system and the federation passive application, and it provides alerts for critical issues and warning issues.

      This management pack includes monitoring of the following core components: token issuance, token acceptance, artifact service, Web sites, trust management, certificate rollover, and Windows Internal Database synchronization. For example, the AD FS Management Pack monitors the following:

      · Events that indicate service outages and operational errors or warnings

      · Alerts that indicate configuration issues and background tasks failures or warnings

      · Whether auditing is occurring successfully

      · Communication between the federation server and the federation server proxy

      · Notification of malformed access requests

      · Web site availability

      · The health of the Secure Sockets Layer (SSL) certificate of the federation passive Web site in Internet Information Services (IIS) (located at <ComputerName>\Sites\Default Web Site\adfs\ls).

       

      Getting the Latest Management Pack and Documentation

      You can find the AD FS Management Pack in the Microsoft Management Packs Catalog (http://go.microsoft.com/fwlink/?LinkId=82105).

       

      Supported Configurations

      The Active Directory Federation Services (AD FS) Management Pack is supported on the operating system configurations in the following table.

      Configuration

      Support

      Windows Server 2008

      32-bit and 64-bit

      Windows Server 2008 R2

      64-bit

      Windows Server 2012

      64-bit

      Windows Server 2012R2

       

      Windows Server 2016

       

      All support is subject to the Microsoft overall Help and Support (http://go.microsoft.com/fwlink/?Linkid=26134) and the System Center Operations Manager 2012 (https://technet.microsoft.com/en-us/library/hh205990.aspx) TechNet article.

      Initial Configuration

      After the Active Directory Federation Services (AD FS) Management Pack is imported, follow these procedures to finish your initial configuration:

      1. Create a new management pack in which to store overrides and other customizations.

      2. Perform discoveries for monitored components.

       

      Security Considerations

      You may need to customize your Active Directory Federation Services (AD FS) Management Pack. Certain accounts cannot be run in a low-privilege environment, or they must have minimum permissions.

      Low-Privilege Environments

      So that each of the client-side monitoring scripts can run successfully, the Action Account must be a member of the Administrators group or a Local System account on the Agent computer on which Active Directory Federation Services (AD FS) is running.

      Comments (4)

      1. Svante Gradén says:

        You write that this MP provides both proactive and reactive monitoring of your AD FS deployment for both the federation server and the federation server proxy roles. We have imported the MP but the ADFS Proxy servers are not being discovered. I’ve looked into the MP and cannot even find a class for the Proxy role. How is the Proxy role supposed to be monitored?

        1. In the Management Pack Guide, check out pages starting at 7, also pages 31 & 32, General Federation Server Proxy Failures Scenario. Page 32 thru 37 describes all the scripts that are included in the Active Directory Federation Services (AD FS) Management Pack.

          1. Yes, you are writing about the classes and scripts related to Federation Server Proxy in the MP Guide but the classes and scripts are missing in the MP file.

          2. There is a new release of this management pack out now. I don’t have the capabilities to test this, however, keep me posted if there are still issues so that I may address them.

      Skip to main content