Discovery Does Not Work in ADFS 2012 R2 MP

UPDATE

Version 7.1.10100.1 of the management pack, published on June 16, 2014 has addressed the specific issue I called out in the post below.  I have tested this version and confirmed that (at least for my systems) discovery now works without my work-around.

I know there are other concerns raised for the MP, but in this blog post I'm only addressing the bug where discovery simply did not work at all.


This post refers to Microsoft.ActiveDirectoryFederationServices.2012.R2 (English Display String: Active Directory Federation Services 2012 R2)

Version:
7.1.10100.0

Date Published:
11/8/2013

The issue may be resolved in future versions.


The System Center Management Pack for Active Directory Federation Services 2012 R2 has two discoveries.  One is a simple, filtered registry discovery for the "seed" class, which works.  The other is a monolithic PowerShell script that targets the seed class.  It is intended to discover everything else, but it does not work.

The reason is a misunderstanding of how class instantiation of hosted classes works.

When you create an instance of a hosted class you:

  1. MUST add all key properties (if any) of the class.
  2. MAY add any non-key properties (if any) of the class.
  3. MUST add all key properties of any classes in the entire hosting chain.
  4. MAY add any non-key properties in the inheritance chain.

You DO need to explicitly create relationship instances for containment relationships.  You DO NOT need to explicitly create relationship instances for hosting relationships.

When a script returns a Data Item of type System.DiscoveryData, the entire data item is accepted or rejected.  If there are any mistakes in the Data Item, the whole thing is quietly disregarded.

The bug in the discovery is this line:

$artifactServiceInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices2012R2.Authentication']/STSIdentifier$", $hostName )

The ArtifactService class is hosted by the Authentication class.  But the STSIdentifier property of the Authentication is NOT a key property, and therefore may not be discovered by the hosted class.

There are also eight cases where a hosting relationship instance is explicitly created by the script.

I am uploading a management pack with a work-around.  I disabled the original discovery script.  I then made an exact copy of the original discovery script.  I commented out the offending line, and I also commented out the needless hosting relationship instance creations.

This MP was written in the SCOM 2007 R2 Authoring console, so it is friendly to SCOM 2007 R2, SCOM 2012, and SCOM 2012 R2.

The original MP is found here: https://www.microsoft.com/en-us/download/details.aspx?id=41184

Microsoft.ADFS.2012.R2.FixDiscovery.xml