System Center Management Pack for Active Directory Federation Services

This Management Pack is used to monitor Active Directory Federation Services running on Windows Server 2016

Note: There are multiple files available for this download.Once you click on the "Download" button, you will be prompted to select the files you need.

• The Active Directory Federation Services (AD FS) Management Pack provides both proactive and reactive monitoring of your AD FS deployment for both the federation server and the federation server proxy roles. The management pack monitors events that the AD FS Windows service records in the AD FS event logs, and it monitors the performance data that the AD FS performance counters collect. It also monitors the overall health of the AD FS system and the federation passive application, and it provides alerts for critical issues and warning issues. This management pack includes monitoring of the following core components: token issuance, token acceptance, artifact service, Web sites, trust management, certificate rollover, and Windows Internal Database synchronization. For example, the AD FS Management Pack monitors the following: • Events that indicate service outages and operational errors or warnings • Alerts that indicate configuration issues and background tasks failures or warnings • Whether auditing is occurring successfully • Communication between the federation server and the federation server proxy • Notification of malformed access requests • Web site availability • The health of the Secure Sockets Layer (SSL) certificate of the federation passive Web site in Internet Information Services (IIS) (located at <ComputerName>\Sites\Default Web Site\adfs\ls).

• System Requirements

  Supported Operating System

  Windows Server 2016

  • This Management Pack requires System Center Operations Manager 2012 or newer.

• Install Instructions

  • See the MP Guide for detailed instructions.

Some things in the Management Pack Guide

Introduction to the AD FS Management Pack

The Active Directory Federation Services (AD FS) Management Pack provides both proactive and reactive monitoring of your AD FS deployment for both the federation server and the federation server proxy roles. The management pack monitors events that the AD FS Windows service records in the AD FS event logs, and it monitors the performance data that the AD FS performance counters collect. It also monitors the overall health of the AD FS system and the federation passive application, and it provides alerts for critical issues and warning issues.

This management pack includes monitoring of the following core components: token issuance, token acceptance, artifact service, Web sites, trust management, certificate rollover, and Windows Internal Database synchronization. For example, the AD FS Management Pack monitors the following:

· Events that indicate service outages and operational errors or warnings

· Alerts that indicate configuration issues and background tasks failures or warnings

· Whether auditing is occurring successfully

· Communication between the federation server and the federation server proxy

· Notification of malformed access requests

· Web site availability

· The health of the Secure Sockets Layer (SSL) certificate of the federation passive Web site in Internet Information Services (IIS) (located at <ComputerName>\Sites\Default Web Site\adfs\ls).

Getting the Latest Management Pack and Documentation

You can find the AD FS Management Pack in the Microsoft Management Packs Catalog (https://go.microsoft.com/fwlink/?LinkId=82105).

Supported Configurations

The Active Directory Federation Services (AD FS) Management Pack is supported on the operating system configurations in the following table.

All support is subject to the Microsoft overall Help and Support (https://go.microsoft.com/fwlink/?Linkid=26134) and the System Center Operations Manager 2012 (https://technet.microsoft.com/en-us/library/hh205990.aspx) TechNet article.

Initial Configuration

After the Active Directory Federation Services (AD FS) Management Pack is imported, follow these procedures to finish your initial configuration:

1. Create a new management pack in which to store overrides and other customizations.

2. Perform discoveries for monitored components.

Security Considerations

You may need to customize your Active Directory Federation Services (AD FS) Management Pack. Certain accounts cannot be run in a low-privilege environment, or they must have minimum permissions.

Low-Privilege Environments

So that each of the client-side monitoring scripts can run successfully, the Action Account must be a member of the Administrators group or a Local System account on the Agent computer on which Active Directory Federation Services (AD FS) is running.