System Center Management Pack for Active Directory Federation Services

 

This Management Pack is used to monitor Active Directory Federation Services running on Windows Server 2016

Note: There are multiple files available for this download.Once you click on the "Download" button, you will be prompted to select the files you need.

image

  • The Active Directory Federation Services (AD FS) Management Pack provides both proactive and reactive monitoring of your AD FS deployment for both the federation server and the federation server proxy roles. The management pack monitors events that the AD FS Windows service records in the AD FS event logs, and it monitors the performance data that the AD FS performance counters collect. It also monitors the overall health of the AD FS system and the federation passive application, and it provides alerts for critical issues and warning issues. This management pack includes monitoring of the following core components: token issuance, token acceptance, artifact service, Web sites, trust management, certificate rollover, and Windows Internal Database synchronization. For example, the AD FS Management Pack monitors the following: • Events that indicate service outages and operational errors or warnings • Alerts that indicate configuration issues and background tasks failures or warnings • Whether auditing is occurring successfully • Communication between the federation server and the federation server proxy • Notification of malformed access requests • Web site availability • The health of the Secure Sockets Layer (SSL) certificate of the federation passive Web site in Internet Information Services (IIS) (located at <ComputerName>\Sites\Default Web Site\adfs\ls).
  • System Requirements

    Supported Operating System

    Windows Server 2016

    • This Management Pack requires System Center Operations Manager 2012 or newer.
  • Install Instructions

    • See the MP Guide for detailed instructions.

image

Some things in the Management Pack Guide

 

Introduction to the AD FS Management Pack

The Active Directory Federation Services (AD FS) Management Pack provides both proactive and reactive monitoring of your AD FS deployment for both the federation server and the federation server proxy roles. The management pack monitors events that the AD FS Windows service records in the AD FS event logs, and it monitors the performance data that the AD FS performance counters collect. It also monitors the overall health of the AD FS system and the federation passive application, and it provides alerts for critical issues and warning issues.

This management pack includes monitoring of the following core components: token issuance, token acceptance, artifact service, Web sites, trust management, certificate rollover, and Windows Internal Database synchronization. For example, the AD FS Management Pack monitors the following:

· Events that indicate service outages and operational errors or warnings

· Alerts that indicate configuration issues and background tasks failures or warnings

· Whether auditing is occurring successfully

· Communication between the federation server and the federation server proxy

· Notification of malformed access requests

· Web site availability

· The health of the Secure Sockets Layer (SSL) certificate of the federation passive Web site in Internet Information Services (IIS) (located at <ComputerName>\Sites\Default Web Site\adfs\ls).

 

Getting the Latest Management Pack and Documentation

You can find the AD FS Management Pack in the Microsoft Management Packs Catalog (https://go.microsoft.com/fwlink/?LinkId=82105).

 

Supported Configurations

The Active Directory Federation Services (AD FS) Management Pack is supported on the operating system configurations in the following table.

Configuration

Support

Windows Server 2008

32-bit and 64-bit

Windows Server 2008 R2

64-bit

Windows Server 2012

64-bit

Windows Server 2012R2

 

Windows Server 2016

 

All support is subject to the Microsoft overall Help and Support (https://go.microsoft.com/fwlink/?Linkid=26134) and the System Center Operations Manager 2012 (https://technet.microsoft.com/en-us/library/hh205990.aspx) TechNet article.

Initial Configuration

After the Active Directory Federation Services (AD FS) Management Pack is imported, follow these procedures to finish your initial configuration:

1. Create a new management pack in which to store overrides and other customizations.

2. Perform discoveries for monitored components.

 

Security Considerations

You may need to customize your Active Directory Federation Services (AD FS) Management Pack. Certain accounts cannot be run in a low-privilege environment, or they must have minimum permissions.

Low-Privilege Environments

So that each of the client-side monitoring scripts can run successfully, the Action Account must be a member of the Administrators group or a Local System account on the Agent computer on which Active Directory Federation Services (AD FS) is running.

Comments

  • Anonymous
    February 24, 2017
    You write that this MP provides both proactive and reactive monitoring of your AD FS deployment for both the federation server and the federation server proxy roles. We have imported the MP but the ADFS Proxy servers are not being discovered. I've looked into the MP and cannot even find a class for the Proxy role. How is the Proxy role supposed to be monitored?
    • Anonymous
      February 26, 2017
      In the Management Pack Guide, check out pages starting at 7, also pages 31 & 32, General Federation Server Proxy Failures Scenario. Page 32 thru 37 describes all the scripts that are included in the Active Directory Federation Services (AD FS) Management Pack.
      • Anonymous
        March 09, 2017
        Yes, you are writing about the classes and scripts related to Federation Server Proxy in the MP Guide but the classes and scripts are missing in the MP file.
        • Anonymous
          March 31, 2017
          There is a new release of this management pack out now. I don't have the capabilities to test this, however, keep me posted if there are still issues so that I may address them.
  • Anonymous
    November 30, 2017
    The comment has been removed
    • Anonymous
      December 07, 2017
      Hi Werner, I noticed the date was off as well and it looks like it was corrected after I captured the content for this article. But you could remove the management packs you have and then redeploy back into OpsMgr.Please keep in mind that when I posted & captured the content it may have changed since I posted the article.
  • Anonymous
    September 06, 2018
    can we use this MP for windows server 2012r2 ?
    • Anonymous
      September 07, 2018
      i installed the MP but its not discovering the ADFS server, then i installed "System Center Management Pack for Active Directory Federation Services 2012 R2", it works fine and discovering the ADFS servers..... https://www.microsoft.com/en-us/download/details.aspx?id=41184
    • Anonymous
      September 14, 2018
      Per the Management Pack guide, yes Operations Manager 2012 or newer is supported