For the log tools:
"AdfsEventsModule Overview
This module provides tools for gathering related ADFS events from the security, admin, and debug logs, across multiple servers. This tool also allows the user to reconstruct the HTTP request/response headers from the logs.
Cmdlets in AdfsEventsModule
This module exposes two cmdlets:
Get-ADFSEvents
and
Write-ADFSEventsSummary
The detailed parameters for each are provided below.
The Get-ADFSEvents cmdlet is used to aggregate events by correlation ID, while the Write-ADFSEventsSummary cmdlet is used to generate a PowerShell Table of only the most relevant logging information from the events that are piped in."
For the Diagnostics, this downloads a PowerShell module that you need to import:
import-module -name .\ADFSDiagnostics.psm1 -verbose
VERBOSE: Loading module from path 'C:\junk\ADFSDiagnostics.psm1'.
VERBOSE: Importing function 'Get-AdfsServerConfiguration'.
VERBOSE: Importing function 'Get-AdfsServerTrace'.
VERBOSE: Importing function 'Get-AdfsSystemInformation'.
VERBOSE: Importing function 'Get-AdfsVersionEx'.
VERBOSE: Importing function 'Receive-AdfsServerTrace'.
VERBOSE: Importing function 'Set-ADFSDiagTestMode'.
VERBOSE: Importing function 'Start-AdfsServerTrace'.
VERBOSE: Importing function 'Test-AdfsServerHealth'.
VERBOSE: Importing function 'Test-AdfsServerHealthSingleCheck'.
VERBOSE: Importing function 'Test-AdfsServerToken'.
Some examples:
Get-AdfsSystemInformation
OSVersion : 10.0.14393.0
OSName : Microsoft Windows Server 2016 Datacenter
MachineDomain : dev.local
IPAddress : 100.75.64.15
TimeZone : Coordinated Universal Time
LastRebootTime : 10/24/2017 6:49:22 PM
MachineType : Virtual Machine
NumberOfLogicalProcessors : 1
MaxClockSpeed : 2394
PhsicalMemory : 1792
Hosts : {}
Hotfixes : {KB4023834, KB3199986, KB4013418, KB4035631...}
AdfsWmiProperties : {ConfigurationDatabaseConnectionString, ConfigurationServiceAddress,
ConfigurationChannelMaxMessageSizeInBytes}
SslBindings : {System.Collections.Hashtable, System.Collections.Hashtable, System.Collections.Hashtable,
System.Collections.Hashtable...}
AdfssrvServiceAccount : DEV\xxx
AdfsVersion : 3.0
Role : STS
Top10ProcessesByMemory : {@{Name=Microsoft.Sirona.OMS.Security.BaselineAssessment; MemoryInMB=80.625;
MemoryPercentOfTotal=4.49916294642857},
@{Name=Microsoft.Identity.AadConnect.Health.AadSync.Host; MemoryInMB=76.25390625;
MemoryPercentOfTotal=4.25524030412946}, @{Name=miiserver; MemoryInMB=57.1640625;
MemoryPercentOfTotal=3.18995884486607}, @{Name=MsMpEng; MemoryInMB=47.8046875;
MemoryPercentOfTotal=2.66767229352679}...}
AdHealthAgentInformation : AdHealthAgentInformation
Get-AdfsServerConfiguration
ADFSSyncProperties : Microsoft.IdentityServer.Management.Resources.SyncPropertiesBase
ADFSAttributeStore : {Microsoft.IdentityServer.Management.Resources.AttributeStore,
Microsoft.IdentityServer.Management.Resources.AttributeStore}
ADFSCertificate : {@{Certificate=[Subject]
CN=xxx
[Issuer]
CN=xxx
[Serial Number]
62...D7
[Not Before]
8/21/2017 12:00:00 PM
[Not After]
8/28/2027 12:00:00 PM
[Thumbprint]
24...35
; CertificateType=Service-Communications; IsPrimary=True; StoreName=My;
StoreLocation=LocalMachine;
Thumbprint=24...35},
@{Certificate=[Subject]
CN=ADFS Encryption - xxx
[Issuer]
CN=ADFS Encryption - xxx
[Serial Number]
70...6B
[Not Before]
11/2/2017 8:31:02 PM
[Not After]
11/2/2018 8:31:02 PM
[Thumbprint]
ED...13
; CertificateType=Token-Decrypting; IsPrimary=True; StoreName=My;
StoreLocation=CurrentUser;
Thumbprint=ED...13},
@{Certificate=[Subject]
CN=ADFS Signing - xxx
[Issuer]
CN=ADFS Signing - xxx
[Serial Number]
6B...00
[Not Before]
11/2/2017 8:31:14 PM
[Not After]
11/2/2018 8:31:14 PM
[Thumbprint]
D1...F3
; CertificateType=Token-Signing; IsPrimary=True; StoreName=My;
StoreLocation=CurrentUser;
Thumbprint=D1...F3},
@{Certificate=[Subject]
CN=ADFS Encryption - xxx
[Issuer]
CN=ADFS Encryption - xxx
[Serial Number]
4C...95
[Not Before]
11/22/2016 7:34:42 PM
[Not After]
11/22/2017 7:34:42 PM
[Thumbprint]
94...35
; CertificateType=Token-Decrypting; IsPrimary=False; StoreName=My;
StoreLocation=CurrentUser;
Thumbprint=94...35}...}
ADFSClaimDescription : {Microsoft.IdentityServer.Management.Resources.ClaimDescription,
Microsoft.IdentityServer.Management.Resources.ClaimDescription,
Microsoft.IdentityServer.Management.Resources.ClaimDescription,
Microsoft.IdentityServer.Management.Resources.ClaimDescription...}
ADFSEndpoint : {Microsoft.IdentityServer.Management.Resources.Endpoint,
Microsoft.IdentityServer.Management.Resources.Endpoint,
Microsoft.IdentityServer.Management.Resources.Endpoint,
Microsoft.IdentityServer.Management.Resources.Endpoint...}
ADFSProperties : Microsoft.IdentityServer.Management.Resources.ServiceProperties
ADFSRelyingPartyTrustCount : 4
ADFSClaimsProviderTrustCount : 6
ADFSConfigurationDatabaseConnectionString : Data Source=np:\\.\pipe\microsoft##wid\tsql\query;Initial
Catalog=AdfsConfigurationV3;Integrated Security=True
AdfssrvServiceAccount : DEV\xxx
AdfsVersion : 3.0
AadTrustStatus : Not Configured
ADFSAdditionalAuthenticationRule :
ADFSClient : {Microsoft.IdentityServer.Management.Resources.AdfsClient,
Microsoft.IdentityServer.Management.Resources.AdfsClient,
Microsoft.IdentityServer.Management.Resources.AdfsClient,
Microsoft.IdentityServer.Management.Resources.AdfsClient...}
ADFSGlobalAuthenticationPolicy : Microsoft.IdentityServer.Management.Resources.AdfsGlobalAuthenticationPolic
y
ADFSDeviceRegistration : Microsoft.IdentityServer.Management.Resources.DeviceRegistrationServiceObject
Test-AdfsServerHealth | ft Name,Result -AutoSize
Name Result
---- ------
IsAdfsRunning Pass
IsWidRunning Pass
PingFederationMetadata Pass
CheckAdfsSslBindings Pass
Test-Certificate-Token-Decrypting-Primary-NotFoundInStore NotRun
Test-Certificate-Token-Decrypting-Primary-IsSelfSigned NotRun
Test-Certificate-Token-Decrypting-Primary-PrivateKeyAbsent NotRun
Test-Certificate-Token-Decrypting-Primary-Expired Pass
Test-Certificate-Token-Decrypting-Primary-Revoked Pass
Test-Certificate-Token-Decrypting-Primary-AboutToExpire NotRun
Test-Certificate-Token-Signing-Primary-NotFoundInStore NotRun
Test-Certificate-Token-Signing-Primary-IsSelfSigned NotRun
Test-Certificate-Token-Signing-Primary-PrivateKeyAbsent NotRun
Test-Certificate-Token-Signing-Primary-Expired Pass
Test-Certificate-Token-Signing-Primary-Revoked Pass
Test-Certificate-Token-Signing-Primary-AboutToExpire NotRun
Test-Certificate-SSL-Primary-NotFoundInStore Pass
Test-Certificate-SSL-Primary-IsSelfSigned Fail
Test-Certificate-SSL-Primary-PrivateKeyAbsent Pass
Test-Certificate-SSL-Primary-Expired Pass
Test-Certificate-SSL-Primary-Revoked Pass
Test-Certificate-SSL-Primary-AboutToExpire Pass
Test-Certificate-Token-Decrypting-Secondary-NotFoundInStore NotRun
Test-Certificate-Token-Decrypting-Secondary-IsSelfSigned NotRun
Test-Certificate-Token-Decrypting-Secondary-PrivateKeyAbsent NotRun
Test-Certificate-Token-Decrypting-Secondary-Expired Pass
Test-Certificate-Token-Decrypting-Secondary-Revoked Pass
Test-Certificate-Token-Decrypting-Secondary-AboutToExpire NotRun
Test-Certificate-Token-Signing-Secondary-NotFoundInStore NotRun
Test-Certificate-Token-Signing-Secondary-IsSelfSigned NotRun
Test-Certificate-Token-Signing-Secondary-PrivateKeyAbsent NotRun
Test-Certificate-Token-Signing-Secondary-Expired Pass
Test-Certificate-Token-Signing-Secondary-Revoked Pass
Test-Certificate-Token-Signing-Secondary-AboutToExpire NotRun
CheckFarmDNSHostResolution Pass
CheckDuplicateSPN Pass
TestServiceAccountProperties Pass
TestAppPoolIDMatchesServiceID NotRun
TestComputerNameEqFarmName Pass
TestSSLUsingADFSPort NotRun
TestSSLCertSubjectContainsADFSFarmName Pass
TestAdfsAuditPolicyEnabled Fail
TestAdfsRequestToken Pass
CheckOffice365Endpoints Pass
TestADFSO365RelyingParty NotRun
TestNtlmOnlySupportedClientAtProxyEnabled Fail
Test-AdfsServerHealth | where {$_.Result -eq "Fail"} | fl
Name : Test-Certificate-SSL-Primary-IsSelfSigned
Result : Fail
Detail : SSL certificate with thumbprint 24...35 is self-signed.
Output : {Thumbprint}
ExceptionMessage :
Name : TestAdfsAuditPolicyEnabled
Result : Fail
Detail : Audits are not configured for Usage data collection : Expected 'Success and Failure', Actual='No
Auditing'
Output : {StsAuditConfig, MachineAuditPolicy}
ExceptionMessage :
Name : TestNtlmOnlySupportedClientAtProxyEnabled
Result : Fail
Detail : NtlmOnlySupportedClientAtProxy is disabled; extranet users can experience authentication failure.
Output : {NtlmOnlySupportedClientAtProxy}
ExceptionMessage :
More examples here.
Enjoy!
No comments:
Post a Comment